Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption

2 лет назад · 03a7bb6e77
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -10,5 +10,15 @@
 				"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
 			]
 		}
 	],
 	"packageRules": [
 		{
 			"matchSourceUrlPrefixes": [
 				"https://github.com/devture/com.devture.ansible.role",
 				"https://gitlab.com/etke.cc/roles",
 				"https://github.com/mother-of-all-self-hosting"
 			],
 			"ignoreUnstable": false
 		}
 	]
 }
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -13,7 +13,7 @@ jobs:
      - name: Check out
        uses: actions/checkout@v4
      - name: Run yamllint
        uses: frenck/action-yamllint@v1.4.1
        uses: frenck/action-yamllint@v1.4.2
  ansible-lint:
    name: ansible-lint
    runs-on: ubuntu-latest
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co
 This Ansible playbook tries to make self-hosting and maintaining a Matrix server fairly easy. Still, running any service smoothly requires knowledge, time and effort.
 If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc/) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease.
 If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc?utm_source=github&utm_medium=readme&utm_campaign=mdad) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease.
 If you like learning and experimentation, but would rather reduce future maintenance effort, you can even go for a hybrid approach - self-hosting manually using this Ansible playbook at first and then transferring server maintenance to etke.cc at a later time.
@@ -197,14 +197,6 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w
 ## Related
 You may also be interested in these other Ansible playbooks:
 You may also be interested in [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - another Ansible playbook for self-hosting non-Matrix services (see its [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md)).
 - [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) - for deploying a [Gitea](https://gitea.io/) git version-control server
 - [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy) - for deploying a [Nextcloud](https://nextcloud.com/) server
 - [peertube-docker-ansible-deploy](https://github.com/spantaleev/peertube-docker-ansible-deploy) - for deploying a [PeerTube](https://joinpeertube.org/) video-platform server
 - [vaultwarden-docker-ansible-deploy](https://github.com/spantaleev/vaultwarden-docker-ansible-deploy) - for deploying a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password manager server (unofficial [Bitwarden](https://bitwarden.com/) compatible server)
 They're all making use of Traefik as their reverse-proxy, so it should be easy to host all these services on the same server. Follow the `docs/configuring-playbook-interoperability.md` documentation in each playbook.
 mash-playbook also makes use of [Traefik](./docs/configuring-playbook-traefik.md) as its reverse-proxy, so with minor [interoperability adjustments](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md), you can make matrix-docker-ansible-deploy and mash-playbook co-exist and host Matrix and non-Matrix services on the same server.
--- a/docs/configuring-playbook-bridge-beeper-linkedin.md
+++ b/docs/configuring-playbook-bridge-beeper-linkedin.md
@@ -32,14 +32,10 @@ You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/co
 ## Set up Double Puppeting
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 ### Method 1: automatically, by enabling Shared Secret Auth
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have to enable Shared Secred Auth.
 The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md
+++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md
@@ -21,8 +21,8 @@ By default, only admins are allowed to set themselves as relay users. To allow a
 matrix_mautrix_whatsapp_bridge_relay_admin_only: false
 ```
 If you want to activate the relay bot in a room, use `!whatsapp set-relay`.
 Use `!whatsapp unset-relay` to deactivate.
 If you want to activate the relay bot in a room, use `!wa set-relay`.
 Use `!wa unset-relay` to deactivate.
 ## Enable backfilling history
 This requires a server with MSC2716 support, which is currently an experimental feature in synapse.
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -1,14 +1,20 @@
 # Setting up matrix-media-repo (optional)
 [matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification.
 [matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) (often abbreviated "MMR") is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification.
 Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption. Please do your research before deploying this as this project may not be useful for your environment.
 For a simpler alternative (which allows you to offload your media repository storage to S3, etc.), you can [configure S3 storage](configuring-playbook-s3.md) instead of setting up matrix-media-repo.
 | **Table of Contents**                                                                       |
 | :------------------------------------------------------------------------------------------ |
 | [Quickstart](#quickstart)                                                                   |
 | [Additional configuration options](#configuring-the-media-repo)                             |
 | [Importing data from an existing media store](#importing-data-from-an-existing-media-store) |
 ## Quickstart
 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file and [re-run the installation process](./installing.md) for the playbook:
 ```yaml
 matrix_media_repo_enabled: true
@@ -37,8 +43,9 @@ matrix_media_repo_database_max_connections: 25
 matrix_media_repo_database_max_idle_connections: 5
 # These users have full access to the administrative functions of the media repository.
 # See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for information on what these people can do. They must belong to one of the
 # configured homeservers above.
 # See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for 
 # information on what these people can do. They must belong to one of the configured 
 # homeservers above.
 matrix_media_repo_admins:
  admins: []
 # admins:
@@ -102,5 +109,56 @@ matrix_media_repo_datastores:
 ```
 Full list of configuration options with documentation can be found in `roles/custom/matrix-media-repo/templates/defaults/main.yml`
 Full list of configuration options with documentation can be found in [`roles/custom/matrix-media-repo/defaults/main.yml`](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-media-repo/defaults/main.yml)
 ## Importing data from an existing media store
 If you want to add this repo to an existing homeserver managed by the playbook, you will need to import existing media into MMR's database or you will lose access to older media while it is active. MMR versions up to `v1.3.3` only support importing from Synapse, but newer versions (at time of writing: only `latest`) also support importing from Dendrite.
 **Before importing**: ensure you have an initial matrix-media-repo deployment by following the [quickstart](#quickstart) guide above
 Depending on the homeserver implementation yu're using (Synapse, Dendrite), you'll need to use a different import tool (part of matrix-media-repo) and point it to the homeserver's database.
 ### Importing data from the Synapse media store
 To import the Synapse media store, you're supposed to invoke the `import_synapse` tool which is part of the matrix-media-repo container image. Your Synapse database is called `synapse` by default, unless you've changed it by modifying `matrix_synapse_database_database`.
 This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse).
 Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
 ```sh
 docker exec -it matrix-media-repo \
    /usr/local/bin/import_synapse \
        -dbName synapse \
        -dbHost matrix-postgres \
        -dbPort 5432 \
        -dbUsername matrix \
        -dbPassword devture_postgres_connection_password
 ```
 Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.
 This should output a `msg="Import completed"` when finished successfully!
 ### Importing data from the Dendrite media store
 If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver instead of the default for this playbook (Synapse), follow this importing guide here.
 To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`.
 Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
 ```sh
 docker exec -it matrix-media-repo \
    /usr/local/bin/import_dendrite \
        -dbName dendrite_mediaapi \
        -dbHost matrix-postgres \
        -dbPort 5432 \
        -dbUsername matrix \
        -dbPassword devture_postgres_connection_password
 ```
 Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.
 This should output a `msg="Import completed"` when finished successfully!
--- a/docs/configuring-playbook-sliding-sync-proxy.md
+++ b/docs/configuring-playbook-sliding-sync-proxy.md
@@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to
 Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi).
 Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version.
 Element X Android is [available on the Github Releases page](https://github.com/vector-im/element-x-android/releases).
 **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync.
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@@ -68,21 +68,21 @@ aux_file_definitions:
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
    src: /path/on/your/Ansible/computer/to/privkey.pem
 	# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
 	# Note the indentation level.
 	# content: |
 	#   FILE CONTENT
 	#   HERE
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
    # Note the indentation level.
    # content: |
    #   FILE CONTENT
    #   HERE
  # Create the cert.pem file on the server
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
    src: /path/on/your/Ansible/computer/to/cert.pem
 	# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
 	# Note the indentation level.
 	# content: |
 	#   FILE CONTENT
 	#   HERE
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
    # Note the indentation level.
    # content: |
    #   FILE CONTENT
    #   HERE
  # Create the custom Traefik configuration.
  # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2101,7 +2101,7 @@ backup_borg_gid: "{{ matrix_user_gid }}"
 backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}"
 backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/com.devture.ansible.role.postgres' if devture_postgres_enabled else '' }}"
 backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}"
 backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
@@ -3272,6 +3272,7 @@ devture_postgres_backup_connection_username: "{{ devture_postgres_connection_use
 devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
 devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
 devture_postgres_backup_postgres_role_include_name: galaxy/postgres
 devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
@@ -4303,9 +4304,6 @@ matrix_user_creator_users_auto: |
 #
 ######################################################################
 ## FIXME: Needs to be updated when there is a proper release by upstream.
 matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service@sha256:d2aabc984dd69d258c91900c36928972d7aaef19d776caa3cd6a0fbc0e307270"
 matrix_user_verification_service_enabled: false
 matrix_user_verification_service_systemd_required_services_list: |
  {{
@@ -4399,7 +4397,7 @@ devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_ad
 devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
 devture_traefik_container_additional_networks: |
 devture_traefik_container_additional_networks_auto: |
  {{
    ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
  }}
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,54 +1,71 @@
 ---
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
  version: v1.0.0-1
  version: v1.0.0-3
  name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
  version: v1.2.6-1.8.4-0
  version: v1.2.7-1.8.5-2
  name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
  version: v0.1.1-2
  version: v0.1.1-3
  name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
  version: 7.0.2
  name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
  version: 129c8590e106b83e6f4c259649a613c6279e937a
  name: docker_sdk_for_python
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
  version: v1.9.5-1
  name: etherpad
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
  version: v10.2.2-1
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
  version: v9111-1
  name: jitsi
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
  version: v2.8.0-1
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
  name: playbook_help
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
  version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
  name: playbook_runtime_messages
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
  version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
  name: playbook_state_preserver
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
  version: v16.0-8
  version: v16.1-3
  name: postgres
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
  version: a0cc7c1c696872ba8880d9c5e5a54098de825030
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: v1.0.0-0
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
  version: v1.0.0-1
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: v1.0.0-0
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
  version: v2.10.5-0
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
  version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
  version: v1.9.3-0
 - src: git+https://github.com/geerlingguy/ansible-role-docker
  version: 7.0.1
  name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
  version: v10.2.0-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
  version: v8960-3
  name: jitsi
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
  version: v2.7.0-2
  version: b29a9c551dd09079f5ef26d494973a499088b9e8
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
  version: v2.47.2-0
  version: v2.48.1-0
  name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
  version: v1.6.1-0
  version: v1.7.0-1
  name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
  version: v0.14.0-0
  version: v0.14.0-1
  name: prometheus_postgres_exporter
 - src: git+https://gitlab.com/etke.cc/roles/redis.git
  version: v7.2.0-0
  version: v7.2.3-2
  name: redis
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: v1.0.0-2
  name: systemd_docker_base
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
  version: v1.0.0-3
  name: systemd_service_manager
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: v1.0.0-0
  name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
  version: v2.10.7-0
  name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
  version: v2.8.3-1
  name: traefik_certs_dumper
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
@@ -41,14 +41,13 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_bot_buscarron_container_additional_networks: []
 # enable basic auth for metrics
 matrix_bot_buscarron_basicauth_enabled: false
 # temporary file name on the host that runs ansible
 matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd"
 # username
 matrix_bot_buscarron_basicauth_user: ''
 # password
 matrix_bot_buscarron_basicauth_password: ''
 # /metrics login
 matrix_bot_buscarron_metrics_login: ''
 # /metrics password
 matrix_bot_buscarron_metrics_password: ''
 # /metrics allowed ips
 matrix_bot_buscarron_metrics_ips: []
 # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -40,21 +40,6 @@
    - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
  when: "item.when | bool"
 - name: Determine basicauth filename
  ansible.builtin.set_fact:
    matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}"
  when: matrix_bot_buscarron_basicauth_enabled | bool
 - name: Generate basic auth file
  community.general.htpasswd:
    path: "{{ matrix_bot_buscarron_basicauth_file }}"
    name: "{{ matrix_bot_buscarron_basicauth_user }}"
    password: "{{ matrix_bot_buscarron_basicauth_password }}"
    mode: 0640
  become: false
  delegate_to: 127.0.0.1
  when: matrix_bot_buscarron_basicauth_enabled | bool
 - name: Ensure buscarron support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
@@ -66,14 +51,6 @@
    - env
    - labels
 - name: Ensure temporary basic auth file is removed
  ansible.builtin.file:
    path: "{{ matrix_bot_buscarron_basicauth_file }}"
    state: absent
  become: false
  delegate_to: 127.0.0.1
  when: matrix_bot_buscarron_basicauth_enabled | bool
 - name: Ensure buscarron image is pulled
  community.docker.docker_image:
    name: "{{ matrix_bot_buscarron_docker_image }}"
--- a/roles/custom/matrix-bot-buscarron/templates/env.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/env.j2
@@ -17,6 +17,9 @@ BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
 BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }}
 BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }}
 BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }}
 BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }}
 BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }}
 BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
--- a/roles/custom/matrix-bot-buscarron/templates/labels.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2
@@ -19,11 +19,6 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes=
 {% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %}
 {% endif %}
 {% if matrix_bot_buscarron_basicauth_enabled %}
 traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }}
 {% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %}
 {% endif %}
 {% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
 {% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %}
 traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
@@ -46,21 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarr
 {% endif %}
 traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080
 {% if middlewares_metrics | length > 0 %}
 traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }}
 {% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron
 traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }}
 traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }}
 traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }}
 {% if matrix_bot_buscarron_container_labels_traefik_tls %}
 traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }}
 {% endif %}
 traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080
 {% endif %}
 {% endif %}
 {{ matrix_bot_buscarron_container_labels_additional_labels }}
--- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-buscarron
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml
+++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml
@@ -22,6 +22,10 @@ matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"
 matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data"
 matrix_bot_chatgpt_container_src_path: "{{ matrix_bot_chatgpt_base_path }}/container-src"
 # Controls how long to wait for the container to stop gracefully before killing it.
 # We use a small value here, because this container does not seem to handle the SIGTERM signal.
 matrix_bot_chatgpt_container_stop_grace_time_seconds: 1
 # A list of extra arguments to pass to the container
 matrix_bot_chatgpt_container_extra_arguments: []
--- a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2
+++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
 			{% endfor %}
 			{{ matrix_bot_chatgpt_container_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_bot_draupnir_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
+++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -44,7 +44,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-go-neb
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
+++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-honoroit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-honoroit
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-honoroit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-registration-bot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \
@@ -27,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--network={{ matrix_docker_network }} \
 			{{ matrix_bot_matrix_registration_bot_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-registration-bot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
+++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-maubot \
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_bot_maubot_docker_image }} \
 			python3 -m maubot -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
@@ -5,7 +5,7 @@
 matrix_bot_mjolnir_enabled: true
 # renovate: datasource=docker depName=matrixdotorg/mjolnir
 matrix_bot_mjolnir_version: "v1.6.4"
 matrix_bot_mjolnir_version: "v1.6.5"
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
--- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
+++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-mjolnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_bot_mjolnir_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-mjolnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2
+++ b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-postmoogle 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-postmoogle \
@@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_bot_postmoogle_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-postmoogle 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
+++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_discord_docker_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-irc 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_irc_docker_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-irc 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk-node 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \
@@ -28,7 +28,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_kakaotalk_node_docker_image }} \
 			node src/main.js --config /config.json
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk-node 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_kakaotalk_docker_image }} \
 			python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-kakaotalk 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_slack_docker_image }} \
 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
+++ b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-webhooks 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_appservice_webhooks_docker_image }} \
 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-webhooks 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
+++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-beeper-linkedin 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_beeper_linkedin_docker_image }} \
                        python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-beeper-linkedin 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2
+++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_go_skype_bridge_docker_image }} \
 			/usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@@ -17,6 +17,10 @@ matrix_heisenbridge_identd_enabled: false
 matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge"
 # Controls how long to wait for the container to stop gracefully before killing it.
 # We use a small value here, because this container does not seem to handle the SIGTERM signal.
 matrix_heisenbridge_container_stop_grace_time_seconds: 1
 # A list of extra arguments to pass to the container
 matrix_heisenbridge_container_extra_arguments: []
--- a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
+++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-heisenbridge \
@@ -41,7 +41,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
          --listen-port 9898 \
          {{ matrix_heisenbridge_homeserver_url }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
 matrix_hookshot_version: 4.5.1
 matrix_hookshot_version: 4.7.0
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
@@ -107,12 +107,12 @@ metrics:
  # (Optional) Prometheus metrics support
  #
  enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
 {% if matrix_hookshot_queue_host is defined and matrix_hookshot_queue_host|d('')|length > 0 %} %}
 {% if matrix_hookshot_queue_host != '' %}
 queue:
  monolithic: true
  port: {{ matrix_hookshot_queue_port | default('6379') }}
  host: {{ matrix_hookshot_queue_host }}
 {& endif %}
  port: {{ matrix_hookshot_queue_port }}
  host: {{ matrix_hookshot_queue_host | to_json }}
 {% endif %}
 {% if matrix_hookshot_experimental_encryption_enabled %}
 experimentalEncryption:
  storagePath: /data/encryption
--- a/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2
@@ -13,9 +13,8 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_ident }}
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_hookshot_container_ident }}
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_ident }}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create --rm --name {{ matrix_hookshot_container_ident }} \
          --log-driver=none \
          --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -35,8 +34,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create --rm -
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_hookshot_container_ident }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_ident }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_hookshot_container_ident }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_ident }}
 Restart=always
 RestartSec=30
 SyslogIdentifier={{ matrix_hookshot_container_ident }}
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
 matrix_mautrix_discord_version: v0.6.3
 matrix_mautrix_discord_version: v0.6.4
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@@ -29,7 +29,7 @@ matrix_mautrix_discord_command_prefix: "!discord"
 matrix_mautrix_discord_bridge_permissions: |
  {{
    {matrix_mautrix_discord_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_discord_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_discord_docker_image }} \
 			/usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -59,7 +59,7 @@ matrix_mautrix_facebook_metrics_proxying_enabled: false
 matrix_mautrix_facebook_bridge_permissions: |
  {{
    {matrix_mautrix_facebook_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_facebook_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-facebook 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_facebook_docker_image }} \
 			python3 -m mautrix_facebook -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-facebook 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
 matrix_mautrix_gmessages_version: v0.2.1
 matrix_mautrix_gmessages_version: v0.2.2
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -109,7 +109,7 @@ matrix_mautrix_gmessages_bridge_mute_bridging: true
 matrix_mautrix_gmessages_bridge_permissions: |
  {{
    {matrix_mautrix_gmessages_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_gmessages_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-gmessages 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_gmessages_docker_image }} \
 			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-gmessages 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_googlechat_docker_image }} \
 			python3 -m mautrix_googlechat -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-googlechat 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
 			--log-driver=none \
@@ -44,7 +44,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_hangouts_docker_image }} \
 			python3 -m mautrix_hangouts -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-hangouts 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
@@ -28,7 +28,7 @@ matrix_mautrix_instagram_command_prefix: "!ig"
 matrix_mautrix_instagram_bridge_permissions: |
  {{
    {matrix_mautrix_instagram_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_instagram_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-instagram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_instagram_docker_image }} \
 			python3 -m mautrix_instagram -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-instagram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -121,8 +121,7 @@ matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}"
 # This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary.
 matrix_mautrix_signal_bridge_permissions: |
  {{
    {'*': 'relay'}
    | combine({matrix_mautrix_signal_homeserver_domain: 'user'})
    {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
@@ -15,7 +15,7 @@ Wants={{ service }}
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -41,7 +41,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
 			{{ matrix_mautrix_signal_daemon_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2
@@ -14,7 +14,7 @@ Wants={{ service }}
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -38,7 +38,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_signal_docker_image }} \
 			python3 -m mautrix_signal -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
@@ -28,7 +28,7 @@ matrix_mautrix_slack_command_prefix: "!slack"
 matrix_mautrix_slack_bridge_permissions: |
  {{
    {matrix_mautrix_slack_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_slack_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_slack_docker_image }} \
 			/usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -18,7 +18,7 @@ matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_tele
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
 matrix_mautrix_telegram_version: v0.14.2
 matrix_mautrix_telegram_version: v0.15.0
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
@@ -32,7 +32,7 @@ matrix_mautrix_telegram_command_prefix: "!tg"
 matrix_mautrix_telegram_bridge_permissions: |
  {{
    {matrix_mautrix_telegram_homeserver_domain: 'full'}
    {'*': 'relaybot', matrix_mautrix_telegram_homeserver_domain: 'full'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-telegram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_telegram_docker_image }} \
 			python3 -m mautrix_telegram -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-telegram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-twitter 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_twitter_docker_image }} \
 			python3 -m mautrix_twitter -c /config/config.yaml --no-update
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-twitter 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
 matrix_mautrix_whatsapp_version: v0.10.3
 matrix_mautrix_whatsapp_version: v0.10.4
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -111,7 +111,7 @@ matrix_mautrix_whatsapp_bridge_allow_user_invite: true
 matrix_mautrix_whatsapp_bridge_permissions: |
  {{
    {matrix_mautrix_whatsapp_homeserver_domain: 'user'}
    {'*': 'relay', matrix_mautrix_whatsapp_homeserver_domain: 'user'}
    | combine({matrix_admin: 'admin'} if matrix_admin else {})
  }}
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_mautrix_whatsapp_docker_image }} \
 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mautrix_wsproxy_syncproxy_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy 2>/dev/null'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -41,7 +41,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-mautrix-wsproxy
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-wsproxy 2>/dev/null'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-discord 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_discord_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-discord 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-groupme 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_groupme_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-groupme 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-instagram 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_instagram_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-instagram 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-slack 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_slack_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-slack 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-steam 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_steam_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-steam 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-twitter 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mx_puppet_twitter_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mx-puppet-twitter 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2
+++ b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-cactus-comments \
@@ -26,7 +26,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--network={{ matrix_docker_network }} \
 			{{ matrix_cactus_comments_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2
+++ b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-cinny 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-cinny
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-cinny 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 # renovate: datasource=docker depName=vectorim/element-web
 matrix_client_element_version: v1.11.47
 matrix_client_element_version: v1.11.51
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
--- a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
+++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -47,7 +47,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-element
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-hydrogen 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-hydrogen
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-hydrogen 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2
+++ b/roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-schildichat 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -46,7 +46,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-schildichat
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-schildichat 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
+++ b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
@@ -9,7 +9,7 @@ After={{ service }}
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -35,7 +35,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduit
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
 ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1'
 Restart=always
--- a/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2
+++ b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-corporal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-corporal \
@@ -34,7 +34,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_corporal_docker_image }} \
 			/matrix-corporal -config=/etc/matrix-corporal/config.json
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-corporal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2
+++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2
@@ -10,7 +10,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-coturn 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-coturn \
@@ -43,7 +43,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_coturn_docker_image }} \
 			-c /turnserver.conf
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-coturn 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true'
 # This only reloads certificates (not other configuration).
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
 # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith
 matrix_dendrite_docker_image_tag: "v0.13.4"
 matrix_dendrite_docker_image_tag: "v0.13.5"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
--- a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'
 {% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %}
@@ -62,7 +62,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dendrite
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'
 ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1'
 Restart=always
--- a/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2
+++ b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dimension 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true'
 # Fixup database ownership if it got changed somehow (during a server migration, etc.)
@@ -47,7 +47,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dimension
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dimension 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true
 matrix_dynamic_dns_daemon_interval: '300'
 # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver
 matrix_dynamic_dns_version: 3.11.1
 matrix_dynamic_dns_version: 3.11.2
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
+++ b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dynamic-dns 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dynamic-dns \
 			--log-driver=none \
@@ -26,7 +26,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_dynamic_dns_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dynamic-dns 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
+++ b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
@@ -8,7 +8,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-email2matrix 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-email2matrix \
@@ -24,7 +24,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_email2matrix_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-email2matrix 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2
+++ b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true'
 # matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
@@ -33,7 +33,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_ldap_registration_proxy_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
+++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true'
 # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
@@ -46,7 +46,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ma1sd
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2
+++ b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2
@@ -8,7 +8,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true'
 # --hostname gives us a friendlier hostname than the default.
@@ -27,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_mailer_docker_image }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-media-repo/defaults/main.yml
+++ b/roles/custom/matrix-media-repo/defaults/main.yml
@@ -19,7 +19,7 @@ matrix_media_repo_docker_image_path: "turt2live/matrix-media-repo"
 matrix_media_repo_docker_image: "{{ matrix_media_repo_docker_image_name_prefix }}{{ matrix_media_repo_docker_image_path }}:{{ matrix_media_repo_docker_image_tag }}"
 matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else matrix_container_global_registry_prefix }}"
 # renovate: datasource=docker depName=turt2live/matrix-media-repo
 matrix_media_repo_docker_image_tag: "v1.2.13"
 matrix_media_repo_docker_image_tag: "v1.3.3"
 matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}"
 matrix_media_repo_base_path: "{{ matrix_base_data_path }}/{{ matrix_media_repo_identifier }}"
@@ -105,6 +105,21 @@ matrix_media_repo_use_forwarded_host: true
 # the remote server do not count towards this.
 matrix_media_repo_federation_backoff_at: 20
 # The domains the media repo should never serve media for. Existing media already stored from
 # these domains will remain, however will not be downloadable without a data export. Media
 # repo administrators will bypass this check. Admin APIs will still work for media on these
 # domains.
 #
 # This will not prevent the listed domains from accessing media on this media repo - it only
 # stops users on *this* media repo from accessing media originally uploaded to the listed domains.
 #
 # Note: Adding domains controlled by the media repo itself to this list is not advisable.
 # matrix_media_repo_federation_ignored_hosts: [
 #   "example.org"
 # ]
 matrix_media_repo_federation_ignored_hosts: []
 # The database configuration for the media repository
 # Do NOT put your homeserver's existing database credentials here. Create a new database and
 # user instead. Using the same server is fine, just not the same username and database.
@@ -130,25 +145,31 @@ matrix_media_repo_database_max_idle_connections: 5
 # The configuration for the homeservers this media repository is known to control. Servers
 # not listed here will not be able to upload media.
 matrix_media_repo_homeservers:
  homeservers:
 matrix_media_repo_homeservers: "{{ matrix_media_repo_homeservers_auto + matrix_media_repo_homeservers_additional }}"
 # Auto configured server setup by the playbook
 matrix_media_repo_homeservers_auto:
  -  # Keep the dash from this line.
    # This should match the server_name of your homeserver, and the Host header
    # provided to the media repo.
    - name: "{{ matrix_server_fqn_matrix }}"
    name: "{{ matrix_server_fqn_matrix }}"
    # The base URL to where the homeserver can actually be reached by MMR.
    csApi: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"
      # The base URL to where the homeserver can actually be reached
      csApi: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"
    # The number of consecutive failures in calling this homeserver before the
    # media repository will start backing off. This defaults to 10 if not given.
    backoffAt: 10
      # The number of consecutive failures in calling this homeserver before the
      # media repository will start backing off. This defaults to 10 if not given.
      backoffAt: 10
    # The admin API interface supported by the homeserver. MMR uses a subset of the admin API
    # during certain operations, like attempting to purge media from a room or validating server
    # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set
    # to "matrix", most functionality requiring the admin API will not work.
    adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"
      # The kind of admin API the homeserver supports. If set to "matrix",
      # the media repo will use the Synapse-defined endpoints under the
      # unstable client-server API. When this is "synapse", the new /_synapse
      # endpoints will be used instead. Unknown values are treated as the
      # default, "matrix".
      adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else 'matrix' }}"
 # Additional servers to be managed by MMR
 matrix_media_repo_homeservers_additional: []
 # Options for controlling how access tokens work with the media repo. It is recommended that if
 # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints
@@ -166,45 +187,51 @@ matrix_media_repo_homeservers:
 # ***************************************************************************
 # *  IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE.  *
 # ***************************************************************************
 matrix_media_repo_access_tokens:
  accessTokens:
    # The maximum time a cached access token will be considered valid. Set to zero (the default)
    # to disable the cache and constantly hit the homeserver. This is recommended to be set to
    # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and
    # zero for servers who do not proxy the endpoints through.
    maxCacheTimeSeconds: 43200
    # Whether or not to use the `appservices` config option below. If disabled (the default),
    # the regular access token cache will be used for each user, potentially leading to high
    # memory usage.
    useLocalAppserviceConfig: false
    # The application services (and their namespaces) registered on the homeserver. Only used
    # if `useLocalAppserviceConfig` is enabled (recommended).
    #
    # Usually the appservice will provide you with these config details - they'll just need
    # translating from the appservice registration to here. Note that this does not require
    # all options from the registration, and only requires the bare minimum required to run
    # the media repo.
    # appservices:
    #   - id: Name_of_appservice_for_your_reference
    #     asToken: Secret_token_for_appservices_to_use
    #     senderUserId: "@_example_bridge:yourdomain.com"
    #     userNamespaces:
    #       - regex: "@_example_bridge_.+:yourdomain.com"
    #         # A note about regexes: it is best to suffix *all* namespaces with the homeserver
    #         # domain users are valid for, as otherwise the appservice can use any user with
    #         # any domain name it feels like, even if that domain is not configured with the
    #         # media repo. This will lead to inaccurate reporting in the case of the media
    #         # repo, and potentially leading to media being considered "remote".
 # The maximum time a cached access token will be considered valid. Set to zero (the default)
 # to disable the cache and constantly hit the homeserver. This is recommended to be set to
 # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and
 # zero for servers who do not proxy the endpoints through.
 matrix_media_repo_access_tokens_max_cache_time_seconds: 43200
 # Whether or not to use the `appservices` config option below. If disabled (the default),
 # the regular access token cache will be used for each user, potentially leading to high
 # memory usage.
 matrix_media_repo_access_tokens_use_local_appservice_config: false
 # The application services (and their namespaces) registered on the homeserver. Only used
 # if `useLocalAppserviceConfig` is enabled (recommended).
 #
 # Usually the appservice will provide you with these config details - they'll just need
 # translating from the appservice registration to here. Note that this does not require
 # all options from the registration, and only requires the bare minimum required to run
 # the media repo.
 # matrix_media_repo_access_tokens_appservices: [
 #   {
 #     id: "Name_of_appservice_for_your_reference",
 #     asToken: "Secret_token_for_appservices_to_use",
 #     senderUserId: "@_example_bridge:yourdomain.com",
 #     userNamespaces: [
 #       regex: "@_example_bridge_.+:yourdomain.com"
 #       # A note about regexes: it is best to suffix *all* namespaces with the homeserver
 #       # domain users are valid for, as otherwise the appservice can use any user with
 #       # any domain name it feels like, even if that domain is not configured with the
 #       # media repo. This will lead to inaccurate reporting in the case of the media
 #       # repo, and potentially leading to media being considered "remote".
 #     ]
 #   }
 # ]
 matrix_media_repo_access_tokens_appservices: []
 # These users have full access to the administrative functions of the media repository.
 # See docs/admin.md for information on what these people can do. They must belong to one of the
 # configured homeservers above.
 matrix_media_repo_admins:
  admins: []
 # admins:
 #   - "@your_username:example.org"
 # matrix_media_repo_admins: [
 #   "@your_username:example.org"
 # ]
 matrix_media_repo_admins: []
 # Shared secret auth is useful for applications building on top of the media repository, such
 # as a management interface. The `token` provided here is treated as a repository administrator
@@ -220,58 +247,62 @@ matrix_media_repo_shared_secret_auth_token: "PutSomeRandomSecureValueHere"
 # Datastores are places where media should be persisted. This isn't dedicated for just uploads:
 # thumbnails and other misc data is also stored in these places. The media repo, when looking
 # for a datastore to use, will always use the smallest datastore first.
 matrix_media_repo_datastores:
  datastores:
    - type: file
      enabled: true  # Enable this to set up data storage.
      # Datastores can be split into many areas when handling uploads. Media is still de-duplicated
      # across all datastores (local content which duplicates remote content will re-use the remote
      # content's location). This option is useful if your datastore is becoming very large, or if
      # you want faster storage for a particular kind of media.
      #
      # The kinds available are:
      #   thumbnails    - Used to store thumbnails of media (local and remote).
      #   remote_media  - Original copies of remote media (servers not configured by this repo).
      #   local_media   - Original uploads for local media.
      #   archives      - Archives of content (GDPR and similar requests).
      forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
      opts:
        path: /data/media
    - type: s3
      enabled: false  # Enable this to set up s3 uploads
      forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
      opts:
        # The s3 uploader needs a temporary location to buffer files to reduce memory usage on
        # small file uploads. If the file size is unknown, the file is written to this location
        # before being uploaded to s3 (then the file is deleted). If you aren't concerned about
        # memory usage, set this to an empty string.
        tempPath: "/tmp/mediarepo_s3_upload"
        endpoint: sfo2.digitaloceanspaces.com
        accessKeyId: ""
        accessSecret: ""
        ssl: true
        bucketName: "your-media-bucket"
        # An optional region for where this S3 endpoint is located. Typically not needed, though
        # some providers will need this (like Scaleway). Uncomment to use.
        # region: "sfo2"
        # An optional storage class for tuning how the media is stored at s3.
        # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use.
        # storageClass: STANDARD
    # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If
    # the feature is not enabled, this will not work. Note that IPFS support is experimental at
    # the moment and not recommended for general use.
    #
    # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo
    # puts authentication on the download endpoints. Only use this option for cases where you
    # expect your media to be publicly accessible.
    - type: ipfs
      enabled: false  # Enable this to use IPFS support
      forKinds: ["local_media"]
      # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured
      # in the IPFS section of your main config.
      opts: {}
 # ID for the file datastore (cannot change). Alphanumeric recommended.
 matrix_media_repo_datastore_file_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'filestore.db', rounds=655555) | to_uuid }}"
 # Datastores can be split into many areas when handling uploads. Media is still de-duplicated
 # across all datastores (local content which duplicates remote content will re-use the remote
 # content's location). This option is useful if your datastore is becoming very large, or if
 # you want faster storage for a particular kind of media.
 #
 # To disable this datastore, making it readonly, specify `forKinds: []`.
 #
 # The kinds available are:
 #   thumbnails    - Used to store thumbnails of media (local and remote).
 #   remote_media  - Original copies of remote media (servers not configured by this repo).
 #   local_media   - Original uploads for local media.
 #   archives      - Archives of content (GDPR and similar requests).
 matrix_media_repo_datastore_file_for_kinds: ["thumbnails", "remote_media", "local_media", "archives"]
 # Path to datastore, relative to matrix-media-repo directory root
 matrix_media_repo_datastore_opts_path: "/data/media"
 # ID for the s3 datastore (cannot change). Alphanumeric recommended.
 matrix_media_repo_datastore_s3_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 's3store.db', rounds=655555) | to_uuid }}"
 # Datastores can be split into many areas when handling uploads. Media is still de-duplicated
 # across all datastores (local content which duplicates remote content will re-use the remote
 # content's location). This option is useful if your datastore is becoming very large, or if
 # you want faster storage for a particular kind of media.
 #
 # To disable this datastore, making it readonly, specify `forKinds: []`.
 #
 # The kinds available are:
 #   thumbnails    - Used to store thumbnails of media (local and remote).
 #   remote_media  - Original copies of remote media (servers not configured by this repo).
 #   local_media   - Original uploads for local media.
 #   archives      - Archives of content (GDPR and similar requests).
 matrix_media_repo_datastore_s3_for_kinds: []
 # The s3 uploader needs a temporary location to buffer files to reduce memory usage on
 # small file uploads. If the file size is unknown, the file is written to this location
 # before being uploaded to s3 (then the file is deleted). If you aren't concerned about
 # memory usage, set this to an empty string.
 matrix_media_repo_datastore_s3_opts_temp_path: "/tmp/mediarepo_s3_upload"
 matrix_media_repo_datastore_s3_opts_endpoint: "sfo2.digitaloceanspaces.com"
 matrix_media_repo_datastore_s3_opts_access_key_id: ""
 matrix_media_repo_datastore_s3_opts_access_secret: ""
 matrix_media_repo_datastore_s3_opts_ssl: true
 matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket"
 # An optional region for where this S3 endpoint is located. Typically not needed, though
 # some providers will need this (like Scaleway). Uncomment to use.
 # matrix_media_repo_datastore_s3_opts_region: "sfo2"
 # An optional storage class for tuning how the media is stored at s3.
 # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use.
 # matrix_media_repo_datastore_s3_opts_storage_class: "STANDARD"
 # Options for controlling archives. Archives are exports of a particular user's content for
 # the purpose of GDPR or moving media to a different server.
@@ -291,42 +322,65 @@ matrix_media_repo_archiving_self_service: false
 matrix_media_repo_archiving_target_bytes_per_part: 209715200  # 200mb default
 # The file upload settings for the media repository
 matrix_media_repo_uploads:
  uploads:
    # The maximum individual file size a user can upload.
    maxBytes: 104857600  # 100MB default, 0 to disable
    # The minimum number of bytes to let people upload. This is recommended to be non-zero to
    # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend
    # to waste more CPU and database resources than small files, thus a default of 100 bytes
    # is applied here as an approximate break-even point.
    minBytes: 100  # 100 bytes by default
    # The number of bytes to claim as the maximum size for uploads for the limits API. If this
    # is not provided then the maxBytes setting will be used instead. This is useful to provide
    # if the media repo's settings and the reverse proxy do not match for maximum request size.
    # This is purely for informational reasons and does not actually limit any functionality.
    # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes.
    reportedMaxBytes: 0
    # Options for limiting how much content a user can upload. Quotas are applied to content
    # associated with a user regardless of de-duplication. Quotas which affect remote servers
    # or users will not take effect. When a user exceeds their quota they will be unable to
    # upload any more media.
    quotas:
      # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo
      # will track how much media a user has uploaded. This is disabled by default.
      enabled: false
      # The quota rules that affect users. The first rule to match the uploader will take effect.
      # An implied rule which matches all users and has no quota is always last in this list,
      # meaning that if no rules are supplied then users will be able to upload anything. Similarly,
      # if no rules match a user then the implied rule will match, allowing the user to have no
      # quota. The quota will let the user upload to 1 media past their quota, meaning that from
      # a statistics perspective the user might exceed their quota however only by a small amount.
      users:
        - glob: "@*:*"  # Affect all users. Use asterisks (*) to match any character.
          maxBytes: 53687063712  # 50GB default, 0 to disable
 # The maximum individual file size a user can upload.
 matrix_media_repo_max_bytes: 104857600  # 100MB default, 0 to disable
 # The minimum number of bytes to let people upload. This is recommended to be non-zero to
 # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend
 # to waste more CPU and database resources than small files, thus a default of 100 bytes
 # is applied here as an approximate break-even point.
 matrix_media_repo_min_bytes: 100  # 100 bytes by default
 # The number of bytes to claim as the maximum size for uploads for the limits API. If this
 # is not provided then the maxBytes setting will be used instead. This is useful to provide
 # if the media repo's settings and the reverse proxy do not match for maximum request size.
 # This is purely for informational reasons and does not actually limit any functionality.
 # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes.
 matrix_media_repo_reported_max_bytes: 0
 # The number of pending uploads a user is permitted to have at a given time. They must cancel,
 # complete, or otherwise let pending requests expire before uploading any more media. Set to
 # zero to disable.
 matrix_media_repo_max_pending: 5
 # The duration the server will wait to receive media that was asynchronously uploaded before
 # expiring it entirely. This should be set sufficiently high for a client on poor connectivity
 # to upload something. The Matrix specification recommends 24 hours (86400 seconds), however
 # this project recommends 30 minutes (1800 seconds).
 matrix_media_repo_max_age_seconds: 1800
 # Options for limiting how much content a user can upload. Quotas are applied to content
 # associated with a user regardless of de-duplication. Quotas which affect remote servers
 # or users will not take effect. When a user exceeds their quota they will be unable to
 # upload any more media.
 # Whether quotas are enabled/enforced. Note that even when disabled the media repo will
 # track how much media a user has uploaded. Quotas are disabled by default.
 matrix_media_repo_quotas_enabled: false
 # The upload quota rules which affect users. The first rule to match the user ID will take
 # effect. If a user does not match a rule, the defaults implied by the above config will
 # take effect instead. The user will not be permitted to upload anything above these quota
 # values, but can match them exactly.
 matrix_media_repo_quotas_users: "{{ matrix_media_repo_quotas_users_auto + matrix_media_repo_quotas_users_additional }}"
 matrix_media_repo_quotas_users_auto:
  - glob: "@*:*"  # Affect all users. Use asterisks (*) to match any character.
    # The maximum number of TOTAL bytes a user can upload. Defaults to zero (no limit).
    maxBytes: 53687063712  # 50gb
    # The same as maxPending above - the number of uploads the user can have waiting to
    # complete before starting another one. Defaults to maxPending above. Set to 0 to
    # disable.
    maxPending: 5
    # The maximum number of uploaded files a user can have. Defaults to zero (no limit).
    # If both maxBytes and maxFiles are in use then the first condition a user triggers
    # will prevent upload. Note that a user can still have uploads contributing to maxPending,
    # but will not be able to complete them if they are at maxFiles.
    maxFiles: 0
 # Additional quota glob patterns
 matrix_media_repo_quotas_users_additional: []
 # Settings related to downloading files from the media repository
@@ -344,186 +398,175 @@ matrix_media_repo_downloads_num_workers: 10
 # has passed, the media is able to be re-requested.
 matrix_media_repo_downloads_failure_cache_minutes: 5
 # The cache control settings for downloads. This can help speed up downloads for users by
 # keeping popular media in the cache. This cache is also used for thumbnails.
 matrix_media_repo_downloads_cache_enabled: true
 # How many days after a piece of remote content is downloaded before it expires. It can be
 # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or
 # negative to disable. Defaults to disabled.
 matrix_media_repo_downloads_expire_after_days: 0
 # The maximum size of cache to have. Higher numbers are better.
 matrix_media_repo_downloads_cache_max_size_bytes: 1048576000  # 1GB default
 # The default size, in bytes, to return for range requests on media. Range requests are used
 # by clients when they only need part of a file, such as a video or audio element. Note that
 # the entire file will still be cached (if enabled), but only part of it will be returned.
 # If the client requests a larger or smaller range, that will be honoured.
 matrix_media_repo_downloads_default_range_chunk_size_bytes: 10485760  # 10MB default
 # The maximum file size to cache. This should normally be the same size as your maximum
 # upload size.
 matrix_media_repo_downloads_cache_max_file_size_bytes: 104857600  # 100MB default
 # URL Preview settings
 # The number of minutes to track how many downloads a file gets
 matrix_media_repo_downloads_cache_tracked_minutes: 30
 # If enabled, the preview_url routes will be accessible
 matrix_media_repo_url_previews_enabled: true
 # The number of downloads a file must receive in the window above (trackedMinutes) in
 # order to be cached.
 matrix_media_repo_downloads_cache_min_downloads: 5
 # 10MB default, 0 to disable
 matrix_media_repo_url_previews_max_page_size_bytes: 10485760
 # The minimum amount of time an item should remain in the cache. This prevents the cache
 # from cycling out the file if it needs more room during this time. Note that the media
 # repo regularly cleans out media which is past this point from the cache, so this number
 # may need increasing depending on your use case. If the maxSizeBytes is reached for the
 # media repo, and some cached items are still under this timer, new items will not be able
 # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this
 # timer.
 matrix_media_repo_downloads_cache_min_cache_time_seconds: 300
 # If true, the media repository will try to provide previews for URLs with invalid or unsafe
 # certificates. If false (the default), the media repo will fail requests to said URLs.
 matrix_media_repo_url_previews_preview_unsafe_certificates: false
 # The minimum amount of time an item should remain outside the cache once it is removed.
 matrix_media_repo_downloads_cache_min_evicted_time_seconds: 60
 # Note: URL previews are limited to a given number of words, which are then limited to a number
 # of characters, taking off the last word if it needs to. This also applies for the title.
 # How many days after a piece of remote content is downloaded before it expires. It can be
 # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or
 # negative to disable. Defaults to disabled.
 matrix_media_repo_downloads_expire_after_days: 0
 # The number of words to include in a preview (maximum)
 matrix_media_repo_url_previews_num_words: 50
 # URL Preview settings
 matrix_media_repo_url_previews:
  urlPreviews:
    enabled: true  # If enabled, the preview_url routes will be accessible
    maxPageSizeBytes: 10485760  # 10MB default, 0 to disable
    # If true, the media repository will try to provide previews for URLs with invalid or unsafe
    # certificates. If false (the default), the media repo will fail requests to said URLs.
    previewUnsafeCertificates: false
    # Note: URL previews are limited to a given number of words, which are then limited to a number
    # of characters, taking off the last word if it needs to. This also applies for the title.
    numWords: 50  # The number of words to include in a preview (maximum)
    maxLength: 200  # The maximum number of characters for a description
    numTitleWords: 30  # The maximum number of words to include in a preview's title
    maxTitleLength: 150  # The maximum number of characters for a title
    # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are
    # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be
    # an image and the image's type must be allowed by the thumbnailer.
    filePreviewTypes:
      - "image/*"
    # The number of workers to use when generating url previews. Raise this number if url
    # previews are slow or timing out.
    #
    # Maximum memory usage = numWorkers multiplied by the maximum page size
    # Average memory usage is dependent on how many concurrent urls your users are previewing.
    numWorkers: 10
    # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they
    # will be merged. URL previews will be disabled if neither is supplied. Each entry must be
    # a CIDR range.
    disallowedNetworks:
      - "127.0.0.1/8"
      - "10.0.0.0/8"
      - "172.16.0.0/12"
      - "192.168.0.0/16"
      - "100.64.0.0/10"
      - "169.254.0.0/16"
      - '::1/128'
      - 'fe80::/64'
      - 'fc00::/7'
    allowedNetworks:
      # "Everything". The blacklist will help limit this.
      # This is the default value for this field.
      - "0.0.0.0/0"
    # How many days after a preview is generated before it expires and is deleted. The preview
    # can be regenerated safely - this just helps free up some space in your database. Set to
    # zero or negative to disable. Defaults to disabled.
    expireAfterDays: 0
    # The default Accept-Language header to supply when generating URL previews when one isn't
    # supplied by the client.
    # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
    defaultLanguage: "en-US,en"
    # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for
    # sites that do not support OpenGraph or page scraping, such as Twitter. For information on
    # specifying providers for oEmbed, including your own, see the following documentation:
    # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html
    # Defaults to disabled.
    oEmbed: false
 # The maximum number of characters for a description
 matrix_media_repo_url_previews_max_length: 200
 # The maximum number of words to include in a preview's title
 matrix_media_repo_url_previews_num_title_words: 30
 # The maximum number of characters for a title
 matrix_media_repo_url_previews_max_title_length: 150
 # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are
 # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be
 # an image and the image's type must be allowed by the thumbnailer.
 matrix_media_repo_url_previews_file_preview_types:
  - "image/*"
 # The number of workers to use when generating url previews. Raise this number if url
 # previews are slow or timing out.
 #
 # Maximum memory usage = numWorkers multiplied by the maximum page size
 # Average memory usage is dependent on how many concurrent urls your users are previewing.
 matrix_media_repo_url_previews_num_workers: 10
 # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they
 # will be merged. URL previews will be disabled if neither is supplied. Each entry must be
 # a CIDR range.
 matrix_media_repo_url_previews_disallowed_networks:
  - "127.0.0.1/8"
  - "10.0.0.0/8"
  - "172.16.0.0/12"
  - "192.168.0.0/16"
  - "100.64.0.0/10"
  - "169.254.0.0/16"
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
 matrix_media_repo_url_previews_allowed_networks:
  # "Everything". The blacklist will help limit this.
  # This is the default value for this field.
  - "0.0.0.0/0"
 # How many days after a preview is generated before it expires and is deleted. The preview
 # can be regenerated safely - this just helps free up some space in your database. Set to
 # zero or negative to disable. Defaults to disabled.
 matrix_media_repo_url_previews_expire_after_days: 0
 # The default Accept-Language header to supply when generating URL previews when one isn't
 # supplied by the client.
 # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
 matrix_media_repo_url_previews_default_language: "en-US,en"
 # Set the User-Agent header to supply when generating URL previews
 matrix_media_repo_url_previews_user_agent: "matrix-media-repo"
 # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for
 # sites that do not support OpenGraph or page scraping, such as Twitter. For information on
 # specifying providers for oEmbed, including your own, see the following documentation:
 # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html
 # Defaults to disabled.
 matrix_media_repo_url_previews_o_embed: false
 # The thumbnail configuration for the media repository.
 matrix_media_repo_thumbnails:
  thumbnails:
    # The maximum number of bytes an image can be before the thumbnailer refuses.
    maxSourceBytes: 10485760  # 10MB default, 0 to disable
    # The maximum number of pixels an image can have before the thumbnailer refuses. Note that
    # this only applies to image types: file types like audio and video are affected solely by
    # the maxSourceBytes.
    maxPixels: 32000000  # 32M default
    # The number of workers to use when generating thumbnails. Raise this number if thumbnails
    # are slow to generate or timing out.
    #
    # Maximum memory usage = numWorkers multiplied by the maximum image source size
    # Average memory usage is dependent on how many thumbnails are being generated by your users
    numWorkers: 100
    # All thumbnails are generated into one of the sizes listed here. The first size is used as
    # the default for when no width or height is requested. The media repository will return
    # either an exact match or the next largest size of thumbnail.
    sizes:
      - width: 32
        height: 32
      - width: 96
        height: 96
      - width: 320
        height: 240
      - width: 640
        height: 480
      - width: 768   # This size is primarily used for audio thumbnailing.
        height: 240
      - width: 800
        height: 600
    # To allow for thumbnails to be any size, not just in the sizes specified above, set this to
    # true (default false). When enabled, whatever size requested by the client will be generated
    # up to a maximum of the largest possible dimensions in the `sizes` list. For best results,
    # specify only one size in the `sizes` list when this option is enabled.
    dynamicSizing: false
    # The content types to thumbnail when requested. Types that are not supported by the media repo
    # will not be thumbnailed (adding application/json here won't work). Clients may still not request
    # thumbnails for these types - this won't make clients automatically thumbnail these file types.
    types:
      - "image/jpeg"
      - "image/jpg"
      - "image/png"
      - "image/apng"
      - "image/gif"
      - "image/heif"
      - "image/webp"
      # - "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files
      - "audio/mpeg"
      - "audio/ogg"
      - "audio/wav"
      - "audio/flac"
      # - "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files
    # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated
    # thumbnails, set this to false. If disabled, regular thumbnails will be returned.
    allowAnimated: true
    # Default to animated thumbnails, if available
    defaultAnimated: false
    # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image
    # is larger than this, the thumbnail will be generated as a static image.
    maxAnimateSizeBytes: 10485760  # 10MB default, 0 to disable
    # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try
    # and thumbnail animated content? Defaults to 0.5 (middle of animation).
    stillFrame: 0.5
    # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail
    # can be regenerated safely - this just helps free up some space in your datastores. Set to
    # zero or negative to disable. Defaults to disabled.
    expireAfterDays: 0
 # The maximum number of bytes an image can be before the thumbnailer refuses.
 matrix_media_repo_thumbnails_max_source_bytes: 10485760  # 10MB default, 0 to disable
 # The maximum number of pixels an image can have before the thumbnailer refuses. Note that
 # this only applies to image types: file types like audio and video are affected solely by
 # the maxSourceBytes.
 matrix_media_repo_thumbnails_max_pixels: 32000000  # 32M default
 # The number of workers to use when generating thumbnails. Raise this number if thumbnails
 # are slow to generate or timing out.
 #
 # Maximum memory usage = numWorkers multiplied by the maximum image source size
 # Average memory usage is dependent on how many thumbnails are being generated by your users
 matrix_media_repo_thumbnails_num_workers: 100
 # All thumbnails are generated into one of the sizes listed here. The first size is used as
 # the default for when no width or height is requested. The media repository will return
 # either an exact match or the next largest size of thumbnail.
 matrix_media_repo_thumbnails_sizes:
  - width: 32
    height: 32
  - width: 96
    height: 96
  - width: 320
    height: 240
  - width: 640
    height: 480
  - width: 768   # This size is primarily used for audio thumbnailing.
    height: 240
  - width: 800
    height: 600
 # To allow for thumbnails to be any size, not just in the sizes specified above, set this to
 # true (default false). When enabled, whatever size requested by the client will be generated
 # up to a maximum of the largest possible dimensions in the `sizes` list. For best results,
 # specify only one size in the `sizes` list when this option is enabled.
 matrix_media_repo_thumbnails_dynamic_sizing: false
 # The content types to thumbnail when requested. Types that are not supported by the media repo
 # will not be thumbnailed (adding application/json here won't work). Clients may still not request
 # thumbnails for these types - this won't make clients automatically thumbnail these file types.
 matrix_media_repo_thumbnails_types:
  - "image/jpeg"
  - "image/jpg"
  - "image/png"
  - "image/apng"
  - "image/gif"
  - "image/heif"
  - "image/heic"
  - "image/webp"
  - "image/bmp"
  - "image/tiff"
  # - "image/svg+xml"  # Be sure to have ImageMagick installed to thumbnail SVG files
  - "audio/mpeg"
  - "audio/ogg"
  - "audio/wav"
  - "audio/flac"
  # - "video/mp4"  # Be sure to have ffmpeg installed to thumbnail video files
 # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated
 # thumbnails, set this to false. If disabled, regular thumbnails will be returned.
 matrix_media_repo_thumbnails_allow_animated: true
 # Default to animated thumbnails, if available
 matrix_media_repo_thumbnails_default_animated: false
 # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image
 # is larger than this, the thumbnail will be generated as a static image.
 matrix_media_repo_thumbnails_max_animate_size_bytes: 10485760  # 10MB default, 0 to disable
 # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try
 # and thumbnail animated content? Defaults to 0.5 (middle of animation).
 matrix_media_repo_thumbnails_still_frame: 0.5
 # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail
 # can be regenerated safely - this just helps free up some space in your datastores. Set to
 # zero or negative to disable. Defaults to disabled.
 matrix_media_repo_thumbnails_expire_after_days: 0
 # Controls for the rate limit functionality
@@ -623,67 +666,31 @@ matrix_media_repo_plugins:
 # Options for controlling various MSCs/unstable features of the media repo
 # Sections of this config might disappear or be added over time. By default all
 # features are disabled in here and must be explicitly enabled to be used.
 matrix_media_repo_feature_support:
  featureSupport:
    # MSC2248 - Blurhash
    MSC2448:
      # Whether or not this MSC is enabled for use in the media repo
      enabled: false
      # Maximum dimensions for converting a blurhash to an image. When no width and
      # height options are supplied, the default will be half these values.
      maxWidth: 1024
      maxHeight: 1024
      # Thumbnail size in pixels to use to generate the blurhash string
      thumbWidth: 64
      thumbHeight: 64
      # The X and Y components to use. Higher numbers blur less, lower numbers blur more.
      xComponents: 4
      yComponents: 3
      # The amount of contrast to apply when converting a blurhash to an image. Lower values
      # make the effect more subtle, larger values make it stronger.
      punch: 1
    # IPFS Support
    # This is currently experimental and might not work at all.
    IPFS:
      # Whether or not IPFS support is enabled for use in the media repo.
      enabled: false
      # Options for the built in IPFS daemon
      builtInDaemon:
        # Enable this to spawn an in-process IPFS node to use instead of a localhost
        # HTTP agent. If this is disabled, the media repo will assume you have an HTTP
        # IPFS agent running and accessible. Defaults to using a daemon (true).
        enabled: true
        # If the Daemon is enabled, set this to the location where the IPFS files should
        # be stored. If you're using Docker, this should be something like "/data/ipfs"
        # so it can be mapped to a volume.
        repoPath: "./ipfs"
    # Support for redis as a cache mechanism
    #
    # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing.
    # It can be safely disabled once Redis support is enabled.
    #
    # See docs/redis.md for more information on how this works and how to set it up.
    redis:
      # Whether or not use Redis instead of in-process caching.
      enabled: false
      # The Redis shards that should be used by the media repo in the ring. The names of the
      # shards are for your reference and have no bearing on the connection, but must be unique.
      shards:
        - name: "server1"
          addr: ":7000"
        - name: "server2"
          addr: ":7001"
        - name: "server3"
          addr: ":7002"
 # featureSupport:
 # No unstable features are currently supported.
 # Support for redis as a cache mechanism
 #
 # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing.
 # It can be safely disabled once Redis support is enabled.
 #
 # See docs/redis.md for more information on how this works and how to set it up.
 # Whether or not use Redis instead of in-process caching.
 matrix_media_repo_redis_enabled: false
 # The database number to use. Leave at zero if using a dedicated Redis instance.
 matrix_media_repo_redis_database_number: 0
 # The Redis shards that should be used by the media repo in the ring. The names of the
 # shards are for your reference and have no bearing on the connection, but must be unique.
 matrix_media_repo_redis_shards:
  - name: "server1"
    addr: ":7000"
  - name: "server2"
    addr: ":7001"
  - name: "server3"
    addr: ":7002"
 # Optional sentry (https://sentry.io/) configuration for the media repo
@@ -698,3 +705,27 @@ matrix_media_repo_sentry_environment: ""
 # Whether or not to turn on sentry's built in debugging. This will increase log output.
 matrix_media_repo_sentry_debug: false
 # Configuration for the internal tasks engine in the media repo. Note that this only applies
 # to the media repo process with machine ID zero (the default in single-instance mode).
 #
 # Tasks include things like data imports/exports.
 # The number of workers to have available for tasks. Defaults to 5.
 matrix_media_repo_tasks_num_workers: 5
 # Options for collecting PGO-compatible CPU profiles and submitting them to a hosted pgo-fleet
 # server. See https://github.com/t2bot/pgo-fleet for collection/more detail.
 #
 # If you process more than 1Hz of requests or have more than a dozen media repos deployed, please
 # get in contact with `@travis:t2l.io` to submit profiles directly to MMR. Submitted profiles are
 # used to improve the build speed for everyone.
 # Whether collection is enabled. Defaults to false.
 matrix_media_repo_pgo_enabled: false
 # The pgo-fleet submit URL.
 matrix_media_repo_pgo_submit_url: "https://pgo-mmr.t2host.io/v1/submit"
 # The pgo-fleet submit key.
 matrix_media_repo_pgo_submit_key: "INSERT_VALUE_HERE"
--- a/roles/custom/matrix-media-repo/tasks/main.yml
+++ b/roles/custom/matrix-media-repo/tasks/main.yml
@@ -6,6 +6,9 @@
    - install-all
    - install-matrix-media-repo
  block:
    - when: matrix_media_repo_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
    - when: matrix_media_repo_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
--- a/roles/custom/matrix-media-repo/tasks/validate_config.yml
+++ b/roles/custom/matrix-media-repo/tasks/validate_config.yml
@@ -0,0 +1,22 @@
 ---
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_media_repo_access_tokens', 'new': '<flattened into multiple matrix_media_repo_access_tokens_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml>'}
    - {'old': 'matrix_media_repo_datastores', 'new': '<flattened into matrix_media_repo_datastores_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml>'}
    - {'old': 'matrix_media_repo_uploads', 'new': '<flattened into multiple matrix_media_repo_uploads_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml>'}
    - {'old': 'matrix_media_repo_downloads_cache_enabled', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_max_size_bytes', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_max_file_size_bytes', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_tracked_minutes', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_min_downloads', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_min_cache_time_seconds', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_downloads_cache_min_evicted_time_seconds', 'new': '<removed>'}
    - {'old': 'matrix_media_repo_url_previews', 'new': '<flattened into multiple matrix_media_repo_url_previews_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml>'}
    - {'old': 'matrix_media_repo_thumbnails', 'new': '<flattened into multiple matrix_media_repo_thumbnails_XXX variables - see roles/custom/matrix-media-repo/defaults/main.yml>'}
    - {'old': 'matrix_media_repo_feature_support', 'new': '<removed>'}
--- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2
+++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2
@@ -41,6 +41,24 @@ federation:
  # the remote server do not count towards this.
  backoffAt: {{ matrix_media_repo_federation_backoff_at | to_json }}
  # The domains the media repo should never serve media for. Existing media already stored from
  # these domains will remain, however will not be downloadable without a data export. Media
  # repo administrators will bypass this check. Admin APIs will still work for media on these
  # domains.
  #
  # This will not prevent the listed domains from accessing media on this media repo - it only
  # stops users on *this* media repo from accessing media originally uploaded to the listed domains.
  #
  # Note: Adding domains controlled by the media repo itself to this list is not advisable.
 {% if (matrix_media_repo_federation_ignored_hosts | length) > 0 %}
  ignoredHosts:
 {{ matrix_media_repo_federation_ignored_hosts | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
 {% else %}
  # ignoredHosts:
  #   - example.org
 {% endif %}
 # The database configuration for the media repository
 # Do NOT put your homeserver's existing database credentials here. Create a new database and
 # user instead. Using the same server is fine, just not the same username and database.
@@ -61,17 +79,27 @@ database:
 # The configuration for the homeservers this media repository is known to control. Servers
 # not listed here will not be able to upload media.
 #homeservers:
 #  - name: example.org # This should match the server_name of your homeserver, and the Host header
 #                      # provided to the media repo.
 #    csApi: "https://example.org/" # The base URL to where the homeserver can actually be reached
 #    backoffAt: 10 # The number of consecutive failures in calling this homeserver before the
 #                  # media repository will start backing off. This defaults to 10 if not given.
 #    adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix",
 #                           # the media repo will use the Synapse-defined endpoints under the
 #                           # unstable client-server API. When this is "synapse", the new /_synapse
 #                           # endpoints will be used instead. Unknown values are treated as the
 #                           # default, "matrix".
 {{ matrix_media_repo_homeservers | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 #  - # Keep the dash from this line.
 #
 #    # This should match the server_name of your homeserver, and the Host header
 #    # provided to the media repo.
 #    name: example.org
 #
 #    # The base URL to where the homeserver can actually be reached by MMR.
 #    csApi: "https://example.org/"
 #
 #    # The number of consecutive failures in calling this homeserver before the
 #    # media repository will start backing off. This defaults to 10 if not given.
 #    backoffAt: 10
 #
 #    # The admin API interface supported by the homeserver. MMR uses a subset of the admin API
 #    # during certain operations, like attempting to purge media from a room or validating server
 #    # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set
 #    # to "matrix", most functionality requiring the admin API will not work.
 #    adminApiKind: "synapse"
 homeservers:
 {{ matrix_media_repo_homeservers | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=2, first=true) }}
 # Options for controlling how access tokens work with the media repo. It is recommended that if
 # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints
@@ -89,42 +117,58 @@ database:
 # ***************************************************************************
 # *  IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE.  *
 # ***************************************************************************
 # accessTokens:
 #   # The maximum time a cached access token will be considered valid. Set to zero (the default)
 #   # to disable the cache and constantly hit the homeserver. This is recommended to be set to
 #   # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and
 #   # zero for servers who do not proxy the endpoints through.
 #   maxCacheTimeSeconds: 0
 #
 #   # Whether or not to use the `appservices` config option below. If disabled (the default),
 #   # the regular access token cache will be used for each user, potentially leading to high
 #   # memory usage.
 #   useLocalAppserviceConfig: false
 #
 #   # The application services (and their namespaces) registered on the homeserver. Only used
 #   # if `useLocalAppserviceConfig` is enabled (recommended).
 #   #
 #   # Usually the appservice will provide you with these config details - they'll just need
 #   # translating from the appservice registration to here. Note that this does not require
 #   # all options from the registration, and only requires the bare minimum required to run
 #   # the media repo.
 #   appservices:
 #     - id: Name_of_appservice_for_your_reference
 #       asToken: Secret_token_for_appservices_to_use
 #       senderUserId: "@_example_bridge:yourdomain.com"
 #       userNamespaces:
 #         - regex: "@_example_bridge_.+:yourdomain.com"
 #           # A note about regexes: it is best to suffix *all* namespaces with the homeserver
 #           # domain users are valid for, as otherwise the appservice can use any user with
 #           # any domain name it feels like, even if that domain is not configured with the
 #           # media repo. This will lead to inaccurate reporting in the case of the media
 #           # repo, and potentially leading to media being considered "remote".
 {{ matrix_media_repo_access_tokens | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 accessTokens:
  # The maximum time a cached access token will be considered valid. Set to zero (the default)
  # to disable the cache and constantly hit the homeserver. This is recommended to be set to
  # 43200 (12 hours) on servers with the logout endpoints proxied through the media repo, and
  # zero for servers who do not proxy the endpoints through.
  maxCacheTimeSeconds: {{ matrix_media_repo_access_tokens_max_cache_time_seconds | to_json }}
  # Whether or not to use the `appservices` config option below. If disabled (the default),
  # the regular access token cache will be used for each user, potentially leading to high
  # memory usage.
  useLocalAppserviceConfig: {{ matrix_media_repo_access_tokens_use_local_appservice_config | to_json }}
  # The application services (and their namespaces) registered on the homeserver. Only used
  # if `useLocalAppserviceConfig` is enabled (recommended).
  #
  # Usually the appservice will provide you with these config details - they'll just need
  # translating from the appservice registration to here. Note that this does not require
  # all options from the registration, and only requires the bare minimum required to run
  # the media repo.
 {% if (matrix_media_repo_access_tokens_appservices | length) > 0 %}
 {# `to_nice_yaml` filter unfortunately does not correctly indent arrays. The `indent` filter
   is a workaround fixes top-level arrays, but does not fix nested arrays. Hence the use of
   the `replace` filter. #}
  appservices:
 {{ matrix_media_repo_access_tokens_appservices | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true)
  | replace("      - ", "        - ") }}
 {% else%}
 # appservices:
 #   - id: Name_of_appservice_for_your_reference
 #     asToken: Secret_token_for_appservices_to_use
 #     senderUserId: "@_example_bridge:yourdomain.com"
 #     userNamespaces:
 #       - regex: "@_example_bridge_.+:yourdomain.com"
 #         # A note about regexes: it is best to suffix *all* namespaces with the homeserver
 #         # domain users are valid for, as otherwise the appservice can use any user with
 #         # any domain name it feels like, even if that domain is not configured with the
 #         # media repo. This will lead to inaccurate reporting in the case of the media
 #         # repo, and potentially leading to media being considered "remote".
 {% endif %}
 # These users have full access to the administrative functions of the media repository.
 # See docs/admin.md for information on what these people can do. They must belong to one of the
 # configured homeservers above.
 {{ matrix_media_repo_admins | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 {% if (matrix_media_repo_admins | length) > 0 %}
 admins:
 {{ matrix_media_repo_admins | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=2, first=true) }}
 {% else %}
 #admins:
 #  - "@your_username:example.org"
 {% endif %}
 # Shared secret auth is useful for applications building on top of the media repository, such
 # as a management interface. The `token` provided here is treated as a repository administrator
@@ -141,55 +185,58 @@ sharedSecretAuth:
 # Datastores are places where media should be persisted. This isn't dedicated for just uploads:
 # thumbnails and other misc data is also stored in these places. The media repo, when looking
 # for a datastore to use, will always use the smallest datastore first.
 # datastores:
 #   - type: file
 #     enabled: false # Enable this to set up data storage.
 #     # Datastores can be split into many areas when handling uploads. Media is still de-duplicated
 #     # across all datastores (local content which duplicates remote content will re-use the remote
 #     # content's location). This option is useful if your datastore is becoming very large, or if
 #     # you want faster storage for a particular kind of media.
 #     #
 #     # The kinds available are:
 #     #   thumbnails    - Used to store thumbnails of media (local and remote).
 #     #   remote_media  - Original copies of remote media (servers not configured by this repo).
 #     #   local_media   - Original uploads for local media.
 #     #   archives      - Archives of content (GDPR and similar requests).
 #     forKinds: ["thumbnails"]
 #     opts:
 #       path: /var/matrix/media
 #
 #   - type: s3
 #     enabled: false # Enable this to set up s3 uploads
 #     forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
 #     opts:
 #       # The s3 uploader needs a temporary location to buffer files to reduce memory usage on
 #       # small file uploads. If the file size is unknown, the file is written to this location
 #       # before being uploaded to s3 (then the file is deleted). If you aren't concerned about
 #       # memory usage, set this to an empty string.
 #       tempPath: "/tmp/mediarepo_s3_upload"
 #       endpoint: sfo2.digitaloceanspaces.com
 #       accessKeyId: ""
 #       accessSecret: ""
 #       ssl: true
 #       bucketName: "your-media-bucket"
 #       # An optional region for where this S3 endpoint is located. Typically not needed, though
 #       # some providers will need this (like Scaleway). Uncomment to use.
 #       #region: "sfo2"
 #
 #   # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If
 #   # the feature is not enabled, this will not work. Note that IPFS support is experimental at
 #   # the moment and not recommended for general use.
 #   #
 #   # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo
 #   # puts authentication on the download endpoints. Only use this option for cases where you
 #   # expect your media to be publicly accessible.
 #   - type: ipfs
 #     enabled: false # Enable this to use IPFS support
 #     forKinds: ["local_media"]
 #     # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured
 #     # in the IPFS section of your main config.
 #     opts: {}
 {{ matrix_media_repo_datastores | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 datastores:
 {% if (matrix_media_repo_datastore_file_for_kinds | length) > 0 %}
  - type: file
    # ID for this datastore (cannot change). Alphanumeric recommended.
    id: {{ matrix_media_repo_datastore_file_id | to_json }}
    # Datastores can be split into many areas when handling uploads. Media is still de-duplicated
    # across all datastores (local content which duplicates remote content will re-use the remote
    # content's location). This option is useful if your datastore is becoming very large, or if
    # you want faster storage for a particular kind of media.
    #
    # To disable this datastore, making it readonly, specify `forKinds: []`.
    #
    # The kinds available are:
    #   thumbnails    - Used to store thumbnails of media (local and remote).
    #   remote_media  - Original copies of remote media (servers not configured by this repo).
    #   local_media   - Original uploads for local media.
    #   archives      - Archives of content (GDPR and similar requests).
    forKinds: {{ matrix_media_repo_datastore_file_for_kinds | to_json }}
    opts:
      path: {{ matrix_media_repo_datastore_opts_path | to_json }}
 {% endif %}
 {% if (matrix_media_repo_datastore_s3_for_kinds | length) > 0 %}
  - type: s3
    # ID for this datastore (cannot change). Alphanumeric recommended.
    id: {{ matrix_media_repo_datastore_s3_id | to_json }}
    forKinds: {{ matrix_media_repo_datastore_s3_for_kinds | to_json }}
    opts:
      # The s3 uploader needs a temporary location to buffer files to reduce memory usage on
      # small file uploads. If the file size is unknown, the file is written to this location
      # before being uploaded to s3 (then the file is deleted). If you aren't concerned about
      # memory usage, set this to an empty string.
      tempPath: {{ matrix_media_repo_datastore_s3_opts_temp_path | to_json }}
      endpoint: {{ matrix_media_repo_datastore_s3_opts_endpoint | to_json }}
      accessKeyId: {{ matrix_media_repo_datastore_s3_opts_access_key_id | to_json }}
      accessSecret: {{ matrix_media_repo_datastore_s3_opts_access_secret | to_json }}
      ssl: {{ matrix_media_repo_datastore_s3_opts_ssl | to_json }}
      bucketName: {{ matrix_media_repo_datastore_s3_opts_bucket_name | to_json }}
 {% if matrix_media_repo_datastore_s3_opts_region is defined %}
      region: {{ matrix_media_repo_datastore_s3_opts_region | to_json }}
 {% else %}
      # An optional region for where this S3 endpoint is located. Typically not needed, though
      # some providers will need this (like Scaleway). Uncomment to use.
      #region: "sfo2"
 {% endif %}
 {% if matrix_media_repo_datastore_s3_opts_storage_class is defined %}
      storageClass: {{ matrix_media_repo_datastore_s3_opts_storage_class | to_json }}
 {% else %}
      # An optional storage class for tuning how the media is stored at s3.
      # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use.
      #storageClass: STANDARD
 {% endif %}
 {% endif %}
 # Options for controlling archives. Archives are exports of a particular user's content for
 # the purpose of GDPR or moving media to a different server.
@@ -209,42 +256,50 @@ archiving:
  targetBytesPerPart: {{ matrix_media_repo_archiving_target_bytes_per_part | to_json }} # 200mb default
 # The file upload settings for the media repository
 # uploads:
 #   # The maximum individual file size a user can upload.
 #   maxBytes: 104857600 # 100MB default, 0 to disable
 #
 #   # The minimum number of bytes to let people upload. This is recommended to be non-zero to
 #   # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend
 #   # to waste more CPU and database resources than small files, thus a default of 100 bytes
 #   # is applied here as an approximate break-even point.
 #   minBytes: 100 # 100 bytes by default
 #
 #   # The number of bytes to claim as the maximum size for uploads for the limits API. If this
 #   # is not provided then the maxBytes setting will be used instead. This is useful to provide
 #   # if the media repo's settings and the reverse proxy do not match for maximum request size.
 #   # This is purely for informational reasons and does not actually limit any functionality.
 #   # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes.
 #   #reportedMaxBytes: 104857600
 #
 #   # Options for limiting how much content a user can upload. Quotas are applied to content
 #   # associated with a user regardless of de-duplication. Quotas which affect remote servers
 #   # or users will not take effect. When a user exceeds their quota they will be unable to
 #   # upload any more media.
 #   quotas:
 #     # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo
 #     # will track how much media a user has uploaded. This is disabled by default.
 #     enabled: false
 #
 #     # The quota rules that affect users. The first rule to match the uploader will take effect.
 #     # An implied rule which matches all users and has no quota is always last in this list,
 #     # meaning that if no rules are supplied then users will be able to upload anything. Similarly,
 #     # if no rules match a user then the implied rule will match, allowing the user to have no
 #     # quota. The quota will let the user upload to 1 media past their quota, meaning that from
 #     # a statistics perspective the user might exceed their quota however only by a small amount.
 #     users:
 #       - glob: "@*:*"  # Affect all users. Use asterisks (*) to match any character.
 #         maxBytes: 53687063712 # 50GB default, 0 to disable
 {{ matrix_media_repo_uploads | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 uploads:
  # The maximum individual file size a user can upload.
  maxBytes: {{ matrix_media_repo_max_bytes | to_json }} # 100MB default, 0 to disable
  # The minimum number of bytes to let people upload. This is recommended to be non-zero to
  # ensure that the "cost" of running the media repo is worthwhile - small file uploads tend
  # to waste more CPU and database resources than small files, thus a default of 100 bytes
  # is applied here as an approximate break-even point.
  minBytes: {{ matrix_media_repo_min_bytes | to_json }} # 100 bytes by default
  # The number of bytes to claim as the maximum size for uploads for the limits API. If this
  # is not provided then the maxBytes setting will be used instead. This is useful to provide
  # if the media repo's settings and the reverse proxy do not match for maximum request size.
  # This is purely for informational reasons and does not actually limit any functionality.
  # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes.
  reportedMaxBytes: {{ matrix_media_repo_reported_max_bytes | to_json }}
  # The number of pending uploads a user is permitted to have at a given time. They must cancel,
  # complete, or otherwise let pending requests expire before uploading any more media. Set to
  # zero to disable.
  maxPending: {{ matrix_media_repo_max_pending | to_json }}
  # The duration the server will wait to receive media that was asynchronously uploaded before
  # expiring it entirely. This should be set sufficiently high for a client on poor connectivity
  # to upload something. The Matrix specification recommends 24 hours (86400 seconds), however
  # this project recommends 30 minutes (1800 seconds).
  maxAgeSeconds: {{ matrix_media_repo_max_age_seconds | to_json }}
  # Options for limiting how much content a user can upload. Quotas are applied to content
  # associated with a user regardless of de-duplication. Quotas which affect remote servers
  # or users will not take effect. When a user exceeds their quota they will be unable to
  # upload any more media.
  quotas:
    # Whether quotas are enabled/enforced. Note that even when disabled the media repo will
    # track how much media a user has uploaded. Quotas are disabled by default.
    enabled: {{ matrix_media_repo_quotas_enabled | to_json }}
    # The upload quota rules which affect users. The first rule to match the user ID will take
    # effect. If a user does not match a rule, the defaults implied by the above config will
    # take effect instead. The user will not be permitted to upload anything above these quota
    # values, but can match them exactly.
    users:
 {{ matrix_media_repo_quotas_users | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=6, first=true) }}
 # Settings related to downloading files from the media repository
 downloads:
@@ -262,186 +317,143 @@ downloads:
  # has passed, the media is able to be re-requested.
  failureCacheMinutes: {{ matrix_media_repo_downloads_failure_cache_minutes | to_json }}
  # The cache control settings for downloads. This can help speed up downloads for users by
  # keeping popular media in the cache. This cache is also used for thumbnails.
  cache:
    enabled: {{ matrix_media_repo_downloads_cache_enabled | to_json }}
    # The maximum size of cache to have. Higher numbers are better.
    maxSizeBytes: {{ matrix_media_repo_downloads_cache_max_size_bytes | to_json }} # 1GB default
    # The maximum file size to cache. This should normally be the same size as your maximum
    # upload size.
    maxFileSizeBytes: {{ matrix_media_repo_downloads_cache_max_file_size_bytes | to_json }} # 100MB default
    # The number of minutes to track how many downloads a file gets
    trackedMinutes: {{ matrix_media_repo_downloads_cache_tracked_minutes | to_json }}
    # The number of downloads a file must receive in the window above (trackedMinutes) in
    # order to be cached.
    minDownloads: {{ matrix_media_repo_downloads_cache_min_downloads | to_json }}
    # The minimum amount of time an item should remain in the cache. This prevents the cache
    # from cycling out the file if it needs more room during this time. Note that the media
    # repo regularly cleans out media which is past this point from the cache, so this number
    # may need increasing depending on your use case. If the maxSizeBytes is reached for the
    # media repo, and some cached items are still under this timer, new items will not be able
    # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this
    # timer.
    minCacheTimeSeconds: {{ matrix_media_repo_downloads_cache_min_cache_time_seconds | to_json }}
    # The minimum amount of time an item should remain outside the cache once it is removed.
    minEvictedTimeSeconds: {{ matrix_media_repo_downloads_cache_min_evicted_time_seconds | to_json }}
  # How many days after a piece of remote content is downloaded before it expires. It can be
  # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or
  # negative to disable. Defaults to disabled.
  expireAfterDays: {{ matrix_media_repo_downloads_expire_after_days | to_json }}
  # The default size, in bytes, to return for range requests on media. Range requests are used
  # by clients when they only need part of a file, such as a video or audio element. Note that
  # the entire file will still be cached (if enabled), but only part of it will be returned.
  # If the client requests a larger or smaller range, that will be honoured.
  defaultRangeChunkSizeBytes: {{ matrix_media_repo_downloads_default_range_chunk_size_bytes | to_json }} # 10MB default
 # URL Preview settings
 # urlPreviews:
 #   enabled: true # If enabled, the preview_url routes will be accessible
 #   maxPageSizeBytes: 10485760 # 10MB default, 0 to disable
 #
 #   # If true, the media repository will try to provide previews for URLs with invalid or unsafe
 #   # certificates. If false (the default), the media repo will fail requests to said URLs.
 #   previewUnsafeCertificates: false
 #
 #   # Note: URL previews are limited to a given number of words, which are then limited to a number
 #   # of characters, taking off the last word if it needs to. This also applies for the title.
 #
 #   numWords: 50 # The number of words to include in a preview (maximum)
 #   maxLength: 200 # The maximum number of characters for a description
 #
 #   numTitleWords: 30 # The maximum number of words to include in a preview's title
 #   maxTitleLength: 150 # The maximum number of characters for a title
 #
 #   # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are
 #   # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be
 #   # an image and the image's type must be allowed by the thumbnailer.
 #   filePreviewTypes:
 #     - "image/*"
 #
 #   # The number of workers to use when generating url previews. Raise this number if url
 #   # previews are slow or timing out.
 #   #
 #   # Maximum memory usage = numWorkers multiplied by the maximum page size
 #   # Average memory usage is dependent on how many concurrent urls your users are previewing.
 #   numWorkers: 10
 #
 #   # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they
 #   # will be merged. URL previews will be disabled if neither is supplied. Each entry must be
 #   # a CIDR range.
 #   disallowedNetworks:
 #     - "127.0.0.1/8"
 #     - "10.0.0.0/8"
 #     - "172.16.0.0/12"
 #     - "192.168.0.0/16"
 #     - "100.64.0.0/10"
 #     - "169.254.0.0/16"
 #     - '::1/128'
 #     - 'fe80::/64'
 #     - 'fc00::/7'
 #   allowedNetworks:
 #     - "0.0.0.0/0" # "Everything". The blacklist will help limit this.
 #                   # This is the default value for this field.
 #
 #   # How many days after a preview is generated before it expires and is deleted. The preview
 #   # can be regenerated safely - this just helps free up some space in your database. Set to
 #   # zero or negative to disable. Defaults to disabled.
 #   expireAfterDays: 0
 #
 #   # The default Accept-Language header to supply when generating URL previews when one isn't
 #   # supplied by the client.
 #   # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
 #   defaultLanguage: "en-US,en"
 #
 #   # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for
 #   # sites that do not support OpenGraph or page scraping, such as Twitter. For information on
 #   # specifying providers for oEmbed, including your own, see the following documentation:
 #   # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html
 #   # Defaults to disabled.
 #   oEmbed: false
 {{ matrix_media_repo_url_previews | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false)}}
 urlPreviews:
  # If enabled, the preview_url routes will be accessible
  enabled: {{ matrix_media_repo_url_previews_enabled | to_json }}
  # 10MB default, 0 to disable
  maxPageSizeBytes: {{ matrix_media_repo_url_previews_max_page_size_bytes | to_json }}
  # If true, the media repository will try to provide previews for URLs with invalid or unsafe
  # certificates. If false (the default), the media repo will fail requests to said URLs.
  previewUnsafeCertificates: {{ matrix_media_repo_url_previews_preview_unsafe_certificates | to_json }}
  # Note: URL previews are limited to a given number of words, which are then limited to a number
  # of characters, taking off the last word if it needs to. This also applies for the title.
  # The number of words to include in a preview (maximum)
  numWords: {{ matrix_media_repo_url_previews_num_words | to_json }}
  # The maximum number of characters for a description
  maxLength: {{ matrix_media_repo_url_previews_max_length | to_json }}
  # The maximum number of words to include in a preview's title
  numTitleWords: {{ matrix_media_repo_url_previews_num_title_words | to_json }}
  # The maximum number of characters for a title
  maxTitleLength: {{ matrix_media_repo_url_previews_max_title_length | to_json }}
  # The mime types to preview when OpenGraph previews cannot be rendered. OpenGraph previews are
  # calculated on anything matching "text/*". To have a thumbnail in the preview the URL must be
  # an image and the image's type must be allowed by the thumbnailer.
  filePreviewTypes:
 {{ matrix_media_repo_url_previews_file_preview_types | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
  # The number of workers to use when generating url previews. Raise this number if url
  # previews are slow or timing out.
  #
  # Maximum memory usage = numWorkers multiplied by the maximum page size
  # Average memory usage is dependent on how many concurrent urls your users are previewing.
  numWorkers: {{ matrix_media_repo_url_previews_num_workers | to_json }}
  # Either allowedNetworks or disallowedNetworks must be provided. If both are provided, they
  # will be merged. URL previews will be disabled if neither is supplied. Each entry must be
  # a CIDR range.
  disallowedNetworks:
 {{ matrix_media_repo_url_previews_disallowed_networks | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
  allowedNetworks:
    # "Everything". The deny list will help limit this.
    # This is the default value for this field.
 {{ matrix_media_repo_url_previews_allowed_networks | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
  # How many days after a preview is generated before it expires and is deleted. The preview
  # can be regenerated safely - this just helps free up some space in your database. Set to
  # zero or negative to disable. Defaults to disabled.
  expireAfterDays: {{ matrix_media_repo_url_previews_expire_after_days | to_json }}
  # The default Accept-Language header to supply when generating URL previews when one isn't
  # supplied by the client.
  # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
  defaultLanguage: {{ matrix_media_repo_url_previews_default_language | to_json }}
  # Set the User-Agent header to supply when generating URL previews
  userAgent: {{ matrix_media_repo_url_previews_user_agent | to_json }}
  # When true, oEmbed previews will be enabled. Typically, these kinds of previews are used for
  # sites that do not support OpenGraph or page scraping, such as Twitter. For information on
  # specifying providers for oEmbed, including your own, see the following documentation:
  # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html
  # Defaults to disabled.
  oEmbed: {{ matrix_media_repo_url_previews_o_embed | to_json }}
 # The thumbnail configuration for the media repository.
 # thumbnails:
 #   # The maximum number of bytes an image can be before the thumbnailer refuses.
 #   maxSourceBytes: 10485760 # 10MB default, 0 to disable
 #
 #   # The maximum number of pixels an image can have before the thumbnailer refuses. Note that
 #   # this only applies to image types: file types like audio and video are affected solely by
 #   # the maxSourceBytes.
 #   maxPixels: 32000000 # 32M default
 #
 #   # The number of workers to use when generating thumbnails. Raise this number if thumbnails
 #   # are slow to generate or timing out.
 #   #
 #   # Maximum memory usage = numWorkers multiplied by the maximum image source size
 #   # Average memory usage is dependent on how many thumbnails are being generated by your users
 #   numWorkers: 100
 #
 #   # All thumbnails are generated into one of the sizes listed here. The first size is used as
 #   # the default for when no width or height is requested. The media repository will return
 #   # either an exact match or the next largest size of thumbnail.
 #   sizes:
 #     - width: 32
 #       height: 32
 #     - width: 96
 #       height: 96
 #     - width: 320
 #       height: 240
 #     - width: 640
 #       height: 480
 #     - width: 768   # This size is primarily used for audio thumbnailing.
 #       height: 240
 #     - width: 800
 #       height: 600
 #
 #   # To allow for thumbnails to be any size, not just in the sizes specified above, set this to
 #   # true (default false). When enabled, whatever size requested by the client will be generated
 #   # up to a maximum of the largest possible dimensions in the `sizes` list. For best results,
 #   # specify only one size in the `sizes` list when this option is enabled.
 #   dynamicSizing: false
 #
 #   # The content types to thumbnail when requested. Types that are not supported by the media repo
 #   # will not be thumbnailed (adding application/json here won't work). Clients may still not request
 #   # thumbnails for these types - this won't make clients automatically thumbnail these file types.
 #   types:
 #     - "image/jpeg"
 #     - "image/jpg"
 #     - "image/png"
 #     - "image/apng"
 #     - "image/gif"
 #     - "image/heif"
 #     - "image/webp"
 #     #- "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files
 #     - "audio/mpeg"
 #     - "audio/ogg"
 #     - "audio/wav"
 #     - "audio/flac"
 #     #- "video/mp4" # Be sure to have ffmpeg installed to thumbnail video files
 #
 #   # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated
 #   # thumbnails, set this to false. If disabled, regular thumbnails will be returned.
 #   allowAnimated: true
 #
 #   # Default to animated thumbnails, if available
 #   defaultAnimated: false
 #
 #   # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image
 #   # is larger than this, the thumbnail will be generated as a static image.
 #   maxAnimateSizeBytes: 10485760 # 10MB default, 0 to disable
 #
 #   # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try
 #   # and thumbnail animated content? Defaults to 0.5 (middle of animation).
 #   stillFrame: 0.5
 #
 #   # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail
 #   # can be regenerated safely - this just helps free up some space in your datastores. Set to
 #   # zero or negative to disable. Defaults to disabled.
 #   expireAfterDays: 0
 {{ matrix_media_repo_thumbnails | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 thumbnails:
  # The maximum number of bytes an image can be before the thumbnailer refuses.
  maxSourceBytes: {{ matrix_media_repo_thumbnails_max_source_bytes | to_json }} # 10MB default, 0 to disable
  # The maximum number of pixels an image can have before the thumbnailer refuses. Note that
  # this only applies to image types: file types like audio and video are affected solely by
  # the maxSourceBytes.
  maxPixels: {{ matrix_media_repo_thumbnails_max_pixels | to_json }} # 32M default
  # The number of workers to use when generating thumbnails. Raise this number if thumbnails
  # are slow to generate or timing out.
  #
  # Maximum memory usage = numWorkers multiplied by the maximum image source size
  # Average memory usage is dependent on how many thumbnails are being generated by your users
  numWorkers: {{ matrix_media_repo_thumbnails_num_workers | to_json }}
  # All thumbnails are generated into one of the sizes listed here. The first size is used as
  # the default for when no width or height is requested. The media repository will return
  # either an exact match or the next largest size of thumbnail.
  sizes:
 {{ matrix_media_repo_thumbnails_sizes | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
  # To allow for thumbnails to be any size, not just in the sizes specified above, set this to
  # true (default false). When enabled, whatever size requested by the client will be generated
  # up to a maximum of the largest possible dimensions in the `sizes` list. For best results,
  # specify only one size in the `sizes` list when this option is enabled.
  dynamicSizing: {{ matrix_media_repo_thumbnails_dynamic_sizing | to_json }}
  # The content types to thumbnail when requested. Types that are not supported by the media repo
  # will not be thumbnailed (adding application/json here won't work). Clients may still not request
  # thumbnails for these types - this won't make clients automatically thumbnail these file types.
  types:
 {{ matrix_media_repo_thumbnails_types | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
  # Animated thumbnails can be CPU intensive to generate. To disable the generation of animated
  # thumbnails, set this to false. If disabled, regular thumbnails will be returned.
  allowAnimated: {{ matrix_media_repo_thumbnails_allow_animated | to_json }}
  # Default to animated thumbnails, if available
  defaultAnimated: {{ matrix_media_repo_thumbnails_default_animated | to_json }}
  # The maximum file size to thumbnail when a capable animated thumbnail is requested. If the image
  # is larger than this, the thumbnail will be generated as a static image.
  maxAnimateSizeBytes: {{ matrix_media_repo_thumbnails_max_animate_size_bytes | to_json }} # 10MB default, 0 to disable
  # On a scale of 0 (start of animation) to 1 (end of animation), where should the thumbnailer try
  # and thumbnail animated content? Defaults to 0.5 (middle of animation).
  stillFrame: {{ matrix_media_repo_thumbnails_still_frame | to_json }}
  # How many days after a thumbnail is generated before it expires and is deleted. The thumbnail
  # can be regenerated safely - this just helps free up some space in your datastores. Set to
  # zero or negative to disable. Defaults to disabled.
  expireAfterDays: {{ matrix_media_repo_thumbnails_expire_after_days | to_json }}
 # Controls for the rate limit functionality
 rateLimit:
@@ -543,66 +555,26 @@ metrics:
 # Sections of this config might disappear or be added over time. By default all
 # features are disabled in here and must be explicitly enabled to be used.
 # featureSupport:
 #   # MSC2248 - Blurhash
 #   MSC2448:
 #     # Whether or not this MSC is enabled for use in the media repo
 #     enabled: false
 #
 #     # Maximum dimensions for converting a blurhash to an image. When no width and
 #     # height options are supplied, the default will be half these values.
 #     maxWidth: 1024
 #     maxHeight: 1024
 #
 #     # Thumbnail size in pixels to use to generate the blurhash string
 #     thumbWidth: 64
 #     thumbHeight: 64
 #
 #     # The X and Y components to use. Higher numbers blur less, lower numbers blur more.
 #     xComponents: 4
 #     yComponents: 3
 #
 #     # The amount of contrast to apply when converting a blurhash to an image. Lower values
 #     # make the effect more subtle, larger values make it stronger.
 #     punch: 1
 #
 #   # IPFS Support
 #   # This is currently experimental and might not work at all.
 #   IPFS:
 #     # Whether or not IPFS support is enabled for use in the media repo.
 #     enabled: false
 #
 #     # Options for the built in IPFS daemon
 #     builtInDaemon:
 #       # Enable this to spawn an in-process IPFS node to use instead of a localhost
 #       # HTTP agent. If this is disabled, the media repo will assume you have an HTTP
 #       # IPFS agent running and accessible. Defaults to using a daemon (true).
 #       enabled: true
 #
 #       # If the Daemon is enabled, set this to the location where the IPFS files should
 #       # be stored. If you're using Docker, this should be something like "/data/ipfs"
 #       # so it can be mapped to a volume.
 #       repoPath: "./ipfs"
  # No unstable features are currently supported.
 # Support for redis as a cache mechanism
 #
 #   # Support for redis as a cache mechanism
 #   #
 #   # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing.
 #   # It can be safely disabled once Redis support is enabled.
 #   #
 #   # See docs/redis.md for more information on how this works and how to set it up.
 #   redis:
 #     # Whether or not use Redis instead of in-process caching.
 #     enabled: false
 # Note: Enabling Redis support will mean that the existing cache mechanism will do nothing.
 # It can be safely disabled once Redis support is enabled.
 #
 #     # The Redis shards that should be used by the media repo in the ring. The names of the
 #     # shards are for your reference and have no bearing on the connection, but must be unique.
 #     shards:
 #       - name: "server1"
 #         addr: ":7000"
 #       - name: "server2"
 #         addr: ":7001"
 #       - name: "server3"
 #         addr: ":7002"
 {{ matrix_media_repo_feature_support | to_json | from_json | to_nice_yaml(indent=2, width=999999, sort_keys=false) }}
 # See docs/redis.md for more information on how this works and how to set it up.
 redis:
  # Whether or not use Redis instead of in-process caching.
  enabled: {{ matrix_media_repo_redis_enabled | to_json }}
  # The database number to use. Leave at zero if using a dedicated Redis instance.
  databaseNumber: {{ matrix_media_repo_redis_database_number | to_json }}
  # The Redis shards that should be used by the media repo in the ring. The names of the
  # shards are for your reference and have no bearing on the connection, but must be unique.
  shards:
 {{ matrix_media_repo_redis_shards | to_json | from_json
  | to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=4, first=true) }}
 # Optional sentry (https://sentry.io/) configuration for the media repo
 sentry:
@@ -616,4 +588,28 @@ sentry:
  environment: {{ "" if matrix_media_repo_sentry_environment == "" else matrix_media_repo_sentry_environment | to_json }}
  # Whether or not to turn on sentry's built in debugging. This will increase log output.
  debug: {{ matrix_media_repo_sentry_debug | to_json }}
  debug: {{ matrix_media_repo_sentry_debug | to_json }}
 # Configuration for the internal tasks engine in the media repo. Note that this only applies
 # to the media repo process with machine ID zero (the default in single-instance mode).
 #
 # Tasks include things like data imports/exports.
 tasks:
  # The number of workers to have available for tasks. Defaults to 5.
  numWorkers: {{ matrix_media_repo_tasks_num_workers | to_json }}
 # Options for collecting PGO-compatible CPU profiles and submitting them to a hosted pgo-fleet
 # server. See https://github.com/t2bot/pgo-fleet for collection/more detail.
 #
 # If you process more than 1Hz of requests or have more than a dozen media repos deployed, please
 # get in contact with `@travis:t2l.io` to submit profiles directly to MMR. Submitted profiles are
 # used to improve the build speed for everyone.
 pgo:
  # Whether collection is enabled. Defaults to false.
  enabled: {{ matrix_media_repo_pgo_enabled | to_json }}
  # The pgo-fleet submit URL.
  submitUrl: {{ matrix_media_repo_pgo_submit_url | to_json }}
  # The pgo-fleet submit key.
  submitKey: {{ matrix_media_repo_pgo_submit_key | to_json }}
--- a/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2
+++ b/roles/custom/matrix-media-repo/templates/media-repo/systemd/matrix-media-repo.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -45,7 +45,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_media_repo_identifier }}
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_media_repo_identifier }} 2>/dev/null || true'
 ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_media_repo_identifier }} /bin/sh -c 'kill -HUP 1'
 Restart=always
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -331,6 +331,12 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}"
 # Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/user_directory/search -> /_matrix/client/r0/user_directory/search).
 # This is to assist identity servers which only handle the r0 endpoints.
 # The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides.
 # If this is disabled, API requests will be forwarded as-is, without any URL rewriting.
 matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled: true
 # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
 # This allows another service to control registrations involving 3PIDs.
 # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md
@@ -338,6 +344,12 @@ matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
 matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
 matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}"
 # Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/register/(email|msisdn)/requestToken -> /_matrix/client/r0/register/(email|msisdn)/requestToken).
 # This is to assist identity servers which only handle the r0 endpoints.
 # The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides.
 # If this is disabled, API requests will be forwarded as-is, without any URL rewriting.
 matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled: true
 # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
@@ -114,12 +114,15 @@
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $remote_addr;
 		client_body_buffer_size {{ ((matrix_media_repo_max_bytes | int) / 4) | int }};
 		client_max_body_size {{ matrix_media_repo_max_bytes }};
 	}
 	# Redirect other endpoints registered by the media-repo to its container
 	# /_matrix/client/r0/logout
 	# /_matrix/client/r0/logout/all
 	location ^~ /_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) {
 	location ~ ^/_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
@@ -142,7 +145,7 @@
 	# Redirect other endpoints registered by the media-repo to its container
 	# /_matrix/client/r0/admin/purge_media_cache
 	# /_matrix/client/r0/admin/quarantine_media/{roomId:[^/]+}
 	location ^~ /_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) {
 	location ~ ^/_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
@@ -185,13 +188,19 @@
 	{% endif %}
 	{% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %}
 	location ^~ /_matrix/client/r0/user_directory/search {
 	location ~ ^/_matrix/client/(r0|v3)/user_directory/search {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
 			set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}";
 			{% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %}
 			rewrite ^(.*?)/v3/(.*?)$  $1/r0/$2 break;
 			{% endif %}
 			proxy_pass http://$backend;
 		{% else %}
 			{% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %}
 			rewrite ^(.*?)/v3/(.*?)$  $1/r0/$2 break;
 			{% endif %}
 			{# Generic configuration for use outside of our container setup #}
 			proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }};
 		{% endif %}
@@ -202,13 +211,19 @@
 	{% endif %}
 	{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %}
 	location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ {
 	location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
 			set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}";
 			{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %}
 			rewrite ^(.*?)/v3/(.*?)$  $1/r0/$2 break;
 			{% endif %}
 			proxy_pass http://$backend;
 		{% else %}
 			{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %}
 			rewrite ^(.*?)/v3/(.*?)$  $1/r0/$2 break;
 			{% endif %}
 			{# Generic configuration for use outside of our container setup #}
 			proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }};
 		{% endif %}
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-nginx-proxy 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -56,7 +56,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-nginx-proxy
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-nginx-proxy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true'
 ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
 Restart=always
--- a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
@@ -36,7 +36,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_prometheus_nginxlog_exporter_docker_image }} \
 			-config-file /etc/prometheus-nginxlog-exporter/prometheus-nginxlog-exporter.yaml
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2
+++ b/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rageshake 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -40,7 +40,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-rageshake
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rageshake 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2
+++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-registration \
@@ -32,7 +32,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_registration_docker_image }} \
 			serve
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'
 Restart=always
 RestartSec=30
--- a/roles/custom/matrix-sliding-sync/defaults/main.yml
+++ b/roles/custom/matrix-sliding-sync/defaults/main.yml
@@ -6,7 +6,7 @@
 matrix_sliding_sync_enabled: true
 # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync
 matrix_sliding_sync_version: v0.99.11
 matrix_sliding_sync_version: v0.99.13
 matrix_sliding_sync_scheme: https
--- a/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2
+++ b/roles/custom/matrix-sliding-sync/templates/systemd/matrix-sliding-sync.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sliding-sync 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sliding-sync 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sliding-sync 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-sliding-sync
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sliding-sync 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sliding-sync 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sliding-sync 2>/dev/null || true'
 Restart=always
--- a/roles/custom/matrix-sygnal/defaults/main.yml
+++ b/roles/custom/matrix-sygnal/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_sygnal_hostname: ''
 matrix_sygnal_path_prefix: /
 # renovate: datasource=docker depName=matrixdotorg/sygnal
 matrix_sygnal_version: v0.12.0
 matrix_sygnal_version: v0.13.0
 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
--- a/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2
+++ b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2
@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sygnal 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -41,7 +41,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-sygnal
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-sygnal 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true'
 Restart=always