Merge remote-tracking branch 'github/master'

5 лет назад · 03f08ba2ba
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,40 @@
 # 2020-07-03
 ## Steam bridging support via mx-puppet-steam
 Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
 # 2020-07-01
 ## Discord bridging support via mx-puppet-discord
 Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge. See our [Setting up MX Puppet Discord bridging](docs/configuring-playbook-bridge-mx-puppet-discord.md) documentation page for getting started.
 **Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md). You're free too use the bridge that serves you better, or even both (for different users and use-cases).
 # 2020-06-30
 ## Instagram and Twitter bridging support
 Thanks to [Johanna Dorothea Reichmann](https://github.com/jdreichmann)'s efforts, the playbook now supports bridging to [Instagram](https://www.instagram.com/) via the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge. See our [Setting up MX Puppet Instagram bridging](docs/configuring-playbook-bridge-mx-puppet-instagram.md) documentation page for getting started.
 Thanks to [Tulir Asokan](https://github.com/tulir)'s efforts, the playbook now supports bridging to [Twitter](https://twitter.com/) via the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge. See our [Setting up MX Puppet Twitter bridging](docs/configuring-playbook-bridge-mx-puppet-twitter.md) documentation page for getting started.
 # 2020-06-28
 ## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server
 User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database.
 ma1sd's [security issue](https://github.com/ma1uta/ma1sd/issues/44) has been fixed in version `2.4.0`, with [this commit](ma1uta/ma1sd@2bb5a734d11662b06471113cf3d6b4cee5e33a85). `ma1sd 2.4.0` is now the default version for this playbook. For more information on what happened, please check the mentioned issue.
 We are re-enabling user directory search with this update. Those who would like to keep it disabled can use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false`
 As always, re-running the playbook is enough to get the updated bits.
 # 2020-06-11
 ## SMS bridging requires db reset
--- a/README.md
+++ b/README.md
@@ -52,6 +52,14 @@ Using this playbook, you can get the following services configured on your serve
 - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
 - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
 - (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
 - (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
 - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
 - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS
 - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
@@ -152,6 +160,14 @@ This playbook sets up your server using the following Docker images:
 - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
 - [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
 - [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
 - [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional)
 - [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
 - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
 - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
--- a/docs/alternative-architectures.md
+++ b/docs/alternative-architectures.md
@@ -1,6 +1,6 @@
 # Alternative architectures
 As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
 As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
 To that end add the following variable to your `vars.yaml` file:
@@ -21,9 +21,6 @@ matrix_architecture: "arm32"
 ## Implementation details
 This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
 For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture).
 On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
 - `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
 - `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
 - `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
 For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.
--- a/docs/configuring-captcha.md
+++ b/docs/configuring-captcha.md
@@ -0,0 +1,23 @@
 (Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md))
 # Overview
 Captcha can be enabled for this home server. This file explains how to do that.
 The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google.
 ## Getting keys
 Requires a site/secret key pair from:
 <http://www.google.com/recaptcha/admin>
 Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option
 ## Setting ReCaptcha Keys
 Once registered as above, set the following values:
 ```yaml
 matrix_synapse_enable_registration_captcha: true
 matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY'
 matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY'
 ```
--- a/docs/configuring-playbook-bridge-appservice-discord.md
+++ b/docs/configuring-playbook-bridge-appservice-discord.md
@@ -1,5 +1,7 @@
 # Setting up Appservice Discord (optional)
 **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook.
 The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you.
 See the project's [documentation](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/README.md) to learn what it does and why it might be useful to you.
--- a/docs/configuring-playbook-bridge-mx-puppet-discord.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md
@@ -0,0 +1,36 @@
 # Setting up MX Puppet Discord (optional)
 **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.
 The playbook can install and configure
 [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you.
 See the project page to learn what it does and why it might be useful to you.
 To enable the [Discord](https://discordapp.com/) bridge just use the following
 playbook configuration:
 ```yaml
 matrix_mx_puppet_discord_enabled: true
 matrix_mx_puppet_discord_client_id: ""
 matrix_mx_puppet_discord_client_secret: ""
 ```
 ## Usage
 Once the bot is enabled you need to start a chat with `Discord Puppet Bridge` with
 the handle `@_discordpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
 domain, not the `matrix.` domain).
 Three authentication methods are available, Legacy Token, OAuth and xoxc token.
 See mx-puppet-discord [documentation](https://github.com/matrix-discord/mx-puppet-discord)
 for more information about how to configure the bridge.
 Once logged in, send `list` to the bot user to list the available rooms.
 Clicking rooms in the list will result in you receiving an invitation to the
 bridged room.
 Also send `help` to the bot to see the commands available.
--- a/docs/configuring-playbook-bridge-mx-puppet-instagram.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md
@@ -0,0 +1,36 @@
 # Setting up mx-puppet-instagram (optional)
 The playbook can install and configure
 [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you.
 This allows you to bridge Instagram DirectMessages into Matrix.
 To enable the [Instagram](https://www.instagram.com/) bridge just use the following
 playbook configuration:
 ```yaml
 matrix_mx_puppet_instagram_enabled: true
 ```
 ## Usage
 Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with
 the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
 domain, not the `matrix.` domain).
 Send `link <username> <password>` to the bridge bot to link your instagram account.
 The `list` commands shows which accounts are linked and which `puppetId` is associated.
 For double-puppeting, you probably want to issue these commands:
 - `settype $puppetId puppet` to enable puppeting for the link (instead of relaying)
 - `setautoinvite $puppetId 1` to automatically invite you to chats
 - `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting)
 If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out.
 The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented.
--- a/docs/configuring-playbook-bridge-mx-puppet-steam.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md
@@ -0,0 +1,34 @@
 # Setting up MX Puppet Steam (optional)
 The playbook can install and configure
 [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.
 See the project page to learn what it does and why it might be useful to you.
 To enable the [Steam](https://steampowered.com/) bridge just use the following
 playbook configuration:
 ```yaml
 matrix_mx_puppet_steam_enabled: true
 matrix_mx_puppet_steam_client_id: ""
 matrix_mx_puppet_steam_client_secret: ""
 ```
 ## Usage
 Once the bot is enabled you need to start a chat with `Steam Puppet Bridge` with
 the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
 domain, not the `matrix.` domain).
 Three authentication methods are available, Legacy Token, OAuth and xoxc token.
 See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam)
 for more information about how to configure the bridge.
 Once logged in, send `list` to the bot user to list the available rooms.
 Clicking rooms in the list will result in you receiving an invitation to the
 bridged room.
 Also send `help` to the bot to see the commands available.
--- a/docs/configuring-playbook-bridge-mx-puppet-twitter.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md
@@ -0,0 +1,34 @@
 # Setting up MX Puppet Twitter (optional)
 The playbook can install and configure
 [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.
 See the project page to learn what it does and why it might be useful to you.
 To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps)
 and fill out the following playbook configuration.
 ```yaml
 matrix_mx_puppet_twitter_enabled: true
 matrix_mx_puppet_twitter_consumer_key: ''
 matrix_mx_puppet_twitter_consumer_secret: ''
 matrix_mx_puppet_twitter_access_token: ''
 matrix_mx_puppet_twitter_access_token_secret: ''
 matrix_mx_puppet_twitter_environment: ''
 ```
 ## Usage
 Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with
 the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
 domain, not the `matrix.` domain).
 To log in, use `link` and click the link.
 Once logged in, send `list` to the bot user to list the available rooms.
 Clicking rooms in the list will result in you receiving an invitation to the
 bridged room.
 Also send `help` to the bot to see the commands available.
--- a/docs/configuring-playbook-federation.md
+++ b/docs/configuring-playbook-federation.md
@@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist:
 If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
 ## Exposing the room directory over federation
 By default, your server's public rooms directory is not exposed to other servers via federation.
 If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 ```yaml
 matrix_synapse_allow_public_rooms_over_federation: true
 ```
 ## Disabling federation
 To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -81,6 +81,47 @@ matrix_jitsi_jvb_container_extra_arguments:
  - '--env "DOCKER_HOST_ADDRESS=<Local IP adress of the host>"'
 ```
 ## (Optional) Fine tune Jitsi
 You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients.
 Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
 For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 ```yaml
 matrix_jitsi_web_config_enableLayerSuspension: true
 ```
 You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
 For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 ```yaml
 matrix_jitsi_web_config_disableAudioLevels: true
 ```
 You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes.
 This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4).
 Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf)
 For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 ```yaml
 matrix_jitsi_web_config_channelLastN: 4
 ```
 To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 ```yaml
 matrix_jitsi_web_config_constraints_enabled: true
 ```
 You may want to limit the maximum video resolution, to save up resources on both server and clients.
 For example, to set resolution to 480.
 For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 ```yaml
 matrix_jitsi_web_config_constraints_video_height_ideal: 480
 matrix_jitsi_web_config_constraints_video_height_max: 480
 ```
 ## Apply changes
 Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
--- a/docs/configuring-playbook-ma1sd.md
+++ b/docs/configuring-playbook-ma1sd.md
@@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu
 - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse
 - `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation.
 - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering
 - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality
@@ -72,6 +74,21 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration
 and put your configuration in it.
 To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
 ## Example: SMS verification
 If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:
 ```yaml
 matrix_ma1sd_configuration_extension_yaml: |
  threepid:
    medium:
      msisdn:
        connectors:
          twilio:
            account_sid: '<secret-SID>'
            auth_token: '<secret-token>'
            number: '+<msisdn-number>'
 ```
 ## Troubleshooting
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
  - '--label "traefik.enable=true"'
  # The Nginx proxy container will receive traffic from these subdomains
  # (Replace DOMAIN with your domain, e.g. example.com)
  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"'
  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'
  # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
  - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments:
  - '--label "traefik.enable=true"'
  # The Synapse container will receive traffic from this subdomain
  # (Replace DOMAIN with your domain, e.g. example.com)
  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"'
  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
  # (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
  - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -101,6 +101,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
 - [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (optional)
 - [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional)
 - [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional)
 - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
 - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
 - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional)
--- a/docs/configuring-well-known.md
+++ b/docs/configuring-well-known.md
@@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se
 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
 You have 2 options when it comes to installing the files on the base domain's server:
 You have 3 options when it comes to installing the files on the base domain's server:
 ### (Option 1): **Copying the files manually** to your base domain's server
 **Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible.
 **Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible.
 All you need to do is:
@@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host
 It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
 ### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
 ### (Option 2): **Serving the base domain** from the Matrix server via the playbook
 If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it.
 This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable.
 See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up.
 ### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
 This option is less fragile and generally better.
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -2,22 +2,23 @@
 **Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
 The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
 The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required.
 To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:
 ```yaml
 matrix_container_images_self_build: true
 ```
 Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well.
 For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
 To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image.
 Note that **not all components support self-building yet**.
 List of roles where self-building the Docker image is currently possible:
 - `matrix-synapse`
 - `matrix-riot-web`
 - `matrix-coturn`
 - `matrix-ma1sd`
 - `matrix-mailer`
 - `matrix-mautrix-facebook`
 - `matrix-mautrix-hangouts`
 - `matrix-mx-puppet-skype`
 - `matrix-bridge-mautrix-facebook`
 - `matrix-bridge-mautrix-hangouts`
 - `matrix-bridge-mx-puppet-skype`
 Adding self-building support to other roles is welcome. Feel free to contribute!
 If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -232,6 +232,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key
 matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
 matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
 matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 ######################################################################
@@ -391,6 +393,128 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-mx-puppet-twitter
 #
 ######################################################################
 # We don't enable bridges by default.
 matrix_mx_puppet_twitter_enabled: false
 matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 matrix_mx_puppet_twitter_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
 matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
 matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}"
 ######################################################################
 #
 # /matrix-bridge-mx-puppet-twitter
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-mx-puppet-instagram
 #
 ######################################################################
 # We don't enable bridges by default.
 matrix_mx_puppet_instagram_enabled: false
 matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 matrix_mx_puppet_instagram_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
 matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
 matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 ######################################################################
 #
 # /matrix-bridge-mx-puppet-instagram
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-mx-puppet-discord
 #
 ######################################################################
 # We don't enable bridges by default.
 matrix_mx_puppet_discord_enabled: false
 matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 matrix_mx_puppet_discord_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
 matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
 matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 ######################################################################
 #
 # /matrix-bridge-mx-puppet-discord
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-mx-puppet-steam
 #
 ######################################################################
 # We don't enable bridges by default.
 matrix_mx_puppet_steam_enabled: false
 matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 matrix_mx_puppet_steam_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
 matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
 matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 ######################################################################
 #
 # /matrix-bridge-mx-puppet-steam
 #
 ######################################################################
 ######################################################################
 #
@@ -562,7 +686,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
 matrix_ma1sd_enabled: true
 matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 # There's no prebuilt ma1sd image for the `arm32` architecture.
 # We're relying on self-building there.
 matrix_ma1sd_architecture: "{{
 	{
 		'amd64': 'amd64',
 		'arm32': 'arm32',
 		'arm64': 'arm64',
 	}[matrix_architecture]
 }}"
 matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@@ -644,10 +778,7 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
 matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
 matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
 # Not proxying the user directory search to the identity server by default anymore,
 # because it currently leaks data.
 # See: https://github.com/ma1uta/ma1sd/issues/44
 matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
 matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@@ -26,6 +26,12 @@ matrix_federation_public_port: 8448
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
 # By default, the playbook creates the user (`matrix_user_username`)
 # and group (`matrix_user_groupname`) with a random id.
 # To use a specific user/group id, override these variables.
 matrix_user_uid: ~
 matrix_user_gid: ~
 matrix_base_data_path: "/matrix"
 matrix_base_data_path_mode: "750"
@@ -56,6 +62,11 @@ matrix_integration_manager_ui_url: ~
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
 matrix_riot_jitsi_preferredDomain: ''
 # Controls whether Riot should use End-to-End Encryption by default.
 # Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
 matrix_riot_e2ee_default: true
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"
@@ -94,7 +105,3 @@ run_setup: true
 run_self_check: true
 run_start: true
 run_stop: true
 # Building every docker image from source on the target host
 # Controlling docker image build is possible on a per unit base
 matrix_container_images_self_build: false
--- a/roles/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/matrix-base/tasks/setup_matrix_user.yml
@@ -3,6 +3,7 @@
 - name: Ensure Matrix group is created
  group:
    name: "{{ matrix_user_groupname }}"
    gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
    state: present
  register: matrix_group
@@ -13,6 +14,7 @@
 - name: Ensure Matrix user is created
  user:
    name: "{{ matrix_user_username }}"
    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
    state: present
    group: "{{ matrix_user_groupname }}"
  register: matrix_user
--- a/roles/matrix-base/tasks/validate_config.yml
+++ b/roles/matrix-base/tasks/validate_config.yml
@@ -1,11 +1 @@
 ---
 - name: (Deprecation) Warn about unused user/group variables
  fail:
    msg: >
      The `{{ item }}` variable defined in your configuration is not used by this playbook anymore.
      User/group creation is now dynamic. You can remove these variables from your configuration, as they have no effect on anything.
  when: "item in vars"
  with_items:
    - 'matrix_user_uid'
    - 'matrix_user_gid'
--- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
@@ -23,4 +23,9 @@
 		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
 	{% if not matrix_riot_e2ee_default %},
 	"im.vector.riot.e2ee": {
 		"default": false
 	}
 	{% endif %}
 }
--- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
@@ -20,6 +20,11 @@ matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
 # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
 matrix_mautrix_hangouts_container_http_host_bind_port: ''
 # A list of extra arguments to pass to the container
 matrix_mautrix_hangouts_container_extra_arguments: []
--- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
+++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
@@ -30,6 +30,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_mautrix_hangouts_container_http_host_bind_port %}
 			-p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \
 			{% endif %}
 			-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
 			-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
 			{% for arg in matrix_mautrix_hangouts_container_extra_arguments %}
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -26,7 +26,7 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
 matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
 # Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container).
 # Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
 matrix_mautrix_telegram_container_http_host_bind_port: ''
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@@ -0,0 +1,95 @@
 # Mx Puppet Discord is a Matrix <-> Discord bridge
 # See: https://github.com/matrix-discord/mx-puppet-discord
 matrix_mx_puppet_discord_enabled: true
 matrix_mx_puppet_discord_container_image_self_build: false
 # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_discord_container_http_host_bind_port: ''
 matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest"
 matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
 matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord"
 matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config"
 matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data"
 matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src"
 matrix_mx_puppet_discord_appservice_port: "8432"
 matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
 matrix_mx_puppet_discord_client_id: ''
 matrix_mx_puppet_discord_client_secret: ''
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
 matrix_mx_puppet_discord_provisioning_whitelist:
  - "@.*:{{ matrix_domain|regex_escape }}"
 # Leave empty to disable blacklist
 # "@user:server.com" disallow a specific user
 # "@.*:yourserver.com" disallow users on a specific homeserver
 matrix_mx_puppet_discord_provisioning_blacklist: []
 # A list of extra arguments to pass to the container
 matrix_mx_puppet_discord_container_extra_arguments: []
 # List of systemd services that matrix-puppet-discord.service depends on.
 matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-puppet-discord.service wants
 matrix_mx_puppet_discord_systemd_wanted_services_list: []
 matrix_mx_puppet_discord_appservice_token: ''
 matrix_mx_puppet_discord_homeserver_token: ''
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mx_puppet_discord_login_shared_secret: ''
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_mx_puppet_discord_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_mx_puppet_discord_configuration_yaml`.
 matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`.
 matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}"
 matrix_mx_puppet_discord_registration_yaml: |
  as_token: "{{ matrix_mx_puppet_discord_appservice_token }}"
  hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}"
  id: discord-puppet
  namespaces:
    users:
      - exclusive: true
        regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
    rooms: []
    aliases:
      - exclusive: true
        regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
  protocols: []
  rate_limited: false
  sender_localpart: _discordpuppet_bot
  url: {{ matrix_mx_puppet_discord_appservice_address }}
 matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
@@ -0,0 +1,23 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}"
  when: matrix_mx_puppet_discord_enabled|bool
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
  when: matrix_mx_puppet_discord_enabled|bool
 # ansible lower than 2.8, does not support docker_image build parameters
 # for self buildig it is explicitly needed, so we rather fail here
 - name: Fail if running on Ansible lower than 2.8 and trying self building
  fail:
    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml
@@ -0,0 +1,21 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-discord
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-discord
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-discord
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -0,0 +1,93 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - name: Ensure MX Puppet Discord image is pulled
  docker_image:
    name: "{{ matrix_mx_puppet_discord_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}"
  when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build
 - name: Ensure MX Puppet Discord paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" }
  when: matrix_mx_puppet_discord_enabled|bool and item.when|bool
 - name: Ensure MX Puppet Discord repository is present on self build
  git:
    repo: https://github.com/matrix-discord/mx-puppet-discord.git
    dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
    force: "yes"
  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
 - name: Ensure MX Puppet Discord Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_discord_docker_image }}"
    source: build
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
      pull: yes
  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
 - name: Check if an old database file already exists
  stat:
    path: "{{ matrix_mx_puppet_discord_base_path }}/database.db"
  register: matrix_mx_puppet_discord_stat_database
 - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped
  service:
    name: matrix-mx-puppet-discord
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_mx_puppet_discord_stat_database.stat.exists"
 - name: (Data relocation) Move mx-puppet-discord database file to ./data directory
  command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db"
  when: "matrix_mx_puppet_discord_stat_database.stat.exists"
 - name: Ensure mx-puppet-discord config.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure mx-puppet-discord discord-registration.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure matrix-mx-puppet-discord.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2"
    dest: "/etc/systemd/system/matrix-mx-puppet-discord.service"
    mode: 0644
  register: matrix_mx_puppet_discord_systemd_service_result
 - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_discord_systemd_service_result.changed"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml
@@ -0,0 +1,24 @@
 ---
 - name: Check existence of matrix-mx-puppet-discord service
  stat:
    path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
  register: matrix_mx_puppet_discord_service_stat
 - name: Ensure matrix-mx-puppet-discord is stopped
  service:
    name: matrix-mx-puppet-discord
    state: stopped
    daemon_reload: yes
  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
 - name: Ensure matrix-mx-puppet-discord.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
    state: absent
  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
 - name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml
@@ -0,0 +1,10 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_mx_puppet_discord_appservice_token"
    - "matrix_mx_puppet_discord_homeserver_token"
--- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
@@ -0,0 +1,138 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Port to host the bridge on
  # Used for communication between the homeserver and the bridge
  port: {{ matrix_mx_puppet_discord_appservice_port }}
  # The host connections to the bridge's webserver are allowed from
  bindAddress: 0.0.0.0
  # Public domain of the homeserver
  domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
  # Reachable URL of the Matrix homeserver
  homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
  {% if matrix_mx_puppet_discord_login_shared_secret != '' %}
  loginSharedSecretMap:
    {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
  {% endif %}
  # Display name of the bridge bot
  displayname: Discord Puppet Bridge
  # Optionally specify a different media URL used for the media store
  #
  # This is where Discord will download user profile pictures and media
  # from
  #mediaUrl: https://external-url.org
 presence:
  # Bridge Discord online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"
  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
 relay:
  # Regex of Matrix IDs who are allowed to use the bridge in relay mode.
  # Relay mode is when a single Discord bot account relays messages of
  # multiple Matrix users
  #
  # Same format as in provisioning
  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
 selfService:
  # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
  #
  # Same format as in provisioning
  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
 # Override the default name patterns for users, rooms and groups
 #
 # Variable names must be prefixed with a ':'
 namePatterns:
  # The default displayname for a bridged user
  #
  # Available variables:
  #
  # name: username of the user
  # discriminator: hashtag of the user (ex. #1234)
  user: :name
  # A user's guild-specific displayname - if they've set a custom nick in
  # a guild
  #
  # Available variables:
  #
  # name: username of the user
  # discriminator: hashtag of the user (ex. #1234)
  # displayname: the user's custom group-specific nick
  # channel: the name of the channel
  # guild: the name of the guild
  userOverride: :name
  # Room names for bridged Discord channels
  #
  # Available variables:
  #
  # name: name of the channel
  # guild: name of the guild
  room: :name
  # Group names for bridged Discord servers
  #
  # Available variables:
  #
  # name: name of the guide
  group: :name
 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db
 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
--- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@@ -0,0 +1,41 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mx Puppet Discord server
 {% for service in matrix_mx_puppet_discord_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 [Service]
 Type=simple
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-e CONFIG_PATH=/config/config.yaml \
 			-e REGISTRATION_PATH=/config/registration.yaml \
 			-v {{ matrix_mx_puppet_discord_config_path }}:/config:z \
 			-v {{ matrix_mx_puppet_discord_data_path }}:/data:z \
 			{% for arg in matrix_mx_puppet_discord_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mx_puppet_discord_docker_image }}
 ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-discord
 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
@@ -0,0 +1,86 @@
 # mx-puppet-instagram bridges instagram DMs
 # See: https://github.com/Sorunome/mx-puppet-instagram
 matrix_mx_puppet_instagram_enabled: true
 matrix_mx_puppet_instagram_container_image_self_build: false
 matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest"
 matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}"
 matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram"
 matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config"
 matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data"
 matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src"
 matrix_mx_puppet_instagram_appservice_port: "8440"
 matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}'
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
 matrix_mx_puppet_instagram_provisioning_whitelist:
  - "@.*:{{ matrix_domain|regex_escape }}"
 # Leave empty to disable blacklist
 # "@user:server.com" disallow a specific user
 # "@.*:yourserver.com" disallow users on a specific homeserver
 matrix_mx_puppet_instagram_provisioning_blacklist: []
 # A list of extra arguments to pass to the container
 matrix_mx_puppet_instagram_container_extra_arguments: []
 # List of systemd services that matrix-puppet-instagram.service depends on.
 matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-puppet-instagram.service wants
 matrix_mx_puppet_instagram_systemd_wanted_services_list: []
 matrix_mx_puppet_instagram_appservice_token: ''
 matrix_mx_puppet_instagram_homeserver_token: ''
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mx_puppet_instagram_login_shared_secret: ''
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_mx_puppet_instagram_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`.
 matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`.
 matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}"
 matrix_mx_puppet_instagram_registration_yaml: |
  as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}"
  hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}"
  id: instagram-puppet
  namespaces:
    users:
      - exclusive: true
        regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
    rooms: []
    aliases:
      - exclusive: true
        regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
  protocols: []
  rate_limited: false
  sender_localpart: _instagrampuppet_bot
  url: {{ matrix_mx_puppet_instagram_appservice_address }}
 matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
@@ -0,0 +1,17 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}"
  when: matrix_mx_puppet_instagram_enabled|bool
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
  when: matrix_mx_puppet_instagram_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml
@@ -0,0 +1,21 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-instagram
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-instagram
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-instagram
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -0,0 +1,78 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - name: Ensure mx-puppet-instagram image is pulled
  docker_image:
    name: "{{ matrix_mx_puppet_instagram_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}"
  when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build
 - name: Ensure mx-puppet-instagram paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" }
  when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool
 - name: Ensure mx-puppet-instagram repository is present on self build
  git:
    repo: https://github.com/Sorunome/mx-puppet-instagram.git
    dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
    force: "yes"
  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
 - name: Ensure mx-puppet-instagram Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_instagram_docker_image }}"
    source: build
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
      pull: yes
  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
 - name: Ensure mx-puppet-instagram config.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure mx-puppet-instagram-registration.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure matrix-mx-puppet-instagram.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2"
    dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
    mode: 0644
  register: matrix_mx_puppet_instagram_systemd_service_result
 - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_instagram_systemd_service_result.changed"
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml
@@ -0,0 +1,24 @@
 ---
 - name: Check existence of matrix-mx-puppet-instagram service
  stat:
    path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
  register: matrix_mx_puppet_instagram_service_stat
 - name: Ensure matrix-mx-puppet-instagram is stopped
  service:
    name: matrix-mx-puppet-instagram
    state: stopped
    daemon_reload: yes
  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
 - name: Ensure matrix-mx-puppet-instagram.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
    state: absent
  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
 - name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml
@@ -0,0 +1,10 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_mx_puppet_instagram_appservice_token"
    - "matrix_mx_puppet_instagram_homeserver_token"
--- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
@@ -0,0 +1,82 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Port to host the bridge on
  # Used for communication between the homeserver and the bridge
  port: {{ matrix_mx_puppet_instagram_appservice_port }}
  # The host connections to the bridge's webserver are allowed from
  bindAddress: 0.0.0.0
  # Public domain of the homeserver
  domain: {{ matrix_mx_puppet_instagram_homeserver_domain }}
  # Reachable URL of the Matrix homeserver
  homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }}
  {% if matrix_mx_puppet_instagram_login_shared_secret != '' %}
  loginSharedSecretMap:
    {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }}
  {% endif %}
 presence:
  # Bridge Instagram online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"
  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }}
  # Shared secret for the provisioning API for use by integration managers.
  # If this is not set, the provisioning API will not be enabled.
  #sharedSecret: random string
  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
  apiPrefix: /_matrix/provision
 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db
 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
--- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
+++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
@@ -0,0 +1,41 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix mx-puppet-instagram bridge
 {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 [Service]
 Type=simple
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-e CONFIG_PATH=/config/config.yaml \
 			-e REGISTRATION_PATH=/config/registration.yaml \
 			-v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \
 			-v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \
 			{% for arg in matrix_mx_puppet_instagram_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mx_puppet_instagram_docker_image }}
 ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-instagram
 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
@@ -0,0 +1,95 @@
 # Mx Puppet Steam is a Matrix <-> Steam bridge
 # See: https://github.com/matrix-steam/mx-puppet-steam
 matrix_mx_puppet_steam_enabled: true
 matrix_mx_puppet_steam_container_image_self_build: false
 # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_steam_container_http_host_bind_port: ''
 matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest"
 matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}"
 matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam"
 matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config"
 matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data"
 matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src"
 matrix_mx_puppet_steam_appservice_port: "8432"
 matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'
 matrix_mx_puppet_steam_client_id: ''
 matrix_mx_puppet_steam_client_secret: ''
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
 matrix_mx_puppet_steam_provisioning_whitelist:
  - "@.*:{{ matrix_domain|regex_escape }}"
 # Leave empty to disable blacklist
 # "@user:server.com" disallow a specific user
 # "@.*:yourserver.com" disallow users on a specific homeserver
 matrix_mx_puppet_steam_provisioning_blacklist: []
 # A list of extra arguments to pass to the container
 matrix_mx_puppet_steam_container_extra_arguments: []
 # List of systemd services that matrix-puppet-steam.service depends on.
 matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-puppet-steam.service wants
 matrix_mx_puppet_steam_systemd_wanted_services_list: []
 matrix_mx_puppet_steam_appservice_token: ''
 matrix_mx_puppet_steam_homeserver_token: ''
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mx_puppet_steam_login_shared_secret: ''
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_mx_puppet_steam_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_mx_puppet_steam_configuration_yaml`.
 matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`.
 matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}"
 matrix_mx_puppet_steam_registration_yaml: |
  as_token: "{{ matrix_mx_puppet_steam_appservice_token }}"
  hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}"
  id: steam-puppet
  namespaces:
    users:
      - exclusive: true
        regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
    rooms: []
    aliases:
      - exclusive: true
        regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
  protocols: []
  rate_limited: false
  sender_localpart: _steampuppet_bot
  url: {{ matrix_mx_puppet_steam_appservice_address }}
 matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
@@ -0,0 +1,23 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}"
  when: matrix_mx_puppet_steam_enabled|bool
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
  when: matrix_mx_puppet_steam_enabled|bool
 # ansible lower than 2.8, does not support docker_image build parameters
 # for self buildig it is explicitly needed, so we rather fail here
 - name: Fail if running on Ansible lower than 2.8 and trying self building
  fail:
    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml
@@ -0,0 +1,21 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-steam
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-steam
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-steam
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -0,0 +1,93 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - name: Ensure MX Puppet Steam image is pulled
  docker_image:
    name: "{{ matrix_mx_puppet_steam_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}"
  when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build
 - name: Ensure MX Puppet Steam paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" }
  when: matrix_mx_puppet_steam_enabled|bool and item.when|bool
 - name: Ensure MX Puppet Steam repository is present on self build
  git:
    repo: https://github.com/icewind1991/mx-puppet-steam.git
    dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
    force: "yes"
  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
 - name: Ensure MX Puppet Steam Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_steam_docker_image }}"
    source: build
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
      pull: yes
  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
 - name: Check if an old database file already exists
  stat:
    path: "{{ matrix_mx_puppet_steam_base_path }}/database.db"
  register: matrix_mx_puppet_steam_stat_database
 - name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped
  service:
    name: matrix-mx-puppet-steam
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_mx_puppet_steam_stat_database.stat.exists"
 - name: (Data relocation) Move mx-puppet-steam database file to ./data directory
  command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db"
  when: "matrix_mx_puppet_steam_stat_database.stat.exists"
 - name: Ensure mx-puppet-steam config.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure mx-puppet-steam steam-registration.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure matrix-mx-puppet-steam.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2"
    dest: "/etc/systemd/system/matrix-mx-puppet-steam.service"
    mode: 0644
  register: matrix_mx_puppet_steam_systemd_service_result
 - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_steam_systemd_service_result.changed"
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml
@@ -0,0 +1,24 @@
 ---
 - name: Check existence of matrix-mx-puppet-steam service
  stat:
    path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
  register: matrix_mx_puppet_steam_service_stat
 - name: Ensure matrix-mx-puppet-steam is stopped
  service:
    name: matrix-mx-puppet-steam
    state: stopped
    daemon_reload: yes
  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
 - name: Ensure matrix-mx-puppet-steam.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
    state: absent
  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
 - name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml
@@ -0,0 +1,10 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_mx_puppet_steam_appservice_token"
    - "matrix_mx_puppet_steam_homeserver_token"
--- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
@@ -0,0 +1,99 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Port to host the bridge on
  # Used for communication between the homeserver and the bridge
  port: {{ matrix_mx_puppet_steam_appservice_port }}
  # The host connections to the bridge's webserver are allowed from
  bindAddress: 0.0.0.0
  # Public domain of the homeserver
  domain: {{ matrix_mx_puppet_steam_homeserver_domain }}
  # Reachable URL of the Matrix homeserver
  homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }}
  {% if matrix_mx_puppet_steam_login_shared_secret != '' %}
  loginSharedSecretMap:
    {{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }}
  {% endif %}
  # Display name of the bridge bot
  displayname: Steam Puppet Bridge
  # Optionally specify a different media URL used for the media store
  #
  # This is where Steam will download user profile pictures and media
  # from
  #mediaUrl: https://external-url.org
 presence:
  # Bridge Steam online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 5000
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"
  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
 relay:
  # Regex of Matrix IDs who are allowed to use the bridge in relay mode.
  # Relay mode is when a single Steam bot account relays messages of
  # multiple Matrix users
  #
  # Same format as in provisioning
  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
 selfService:
  # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
  #
  # Same format as in provisioning
  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db
 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
--- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
+++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
@@ -0,0 +1,41 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mx Puppet Steam server
 {% for service in matrix_mx_puppet_steam_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 [Service]
 Type=simple
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-e CONFIG_PATH=/config/config.yaml \
 			-e REGISTRATION_PATH=/config/registration.yaml \
 			-v {{ matrix_mx_puppet_steam_config_path }}:/config:z \
 			-v {{ matrix_mx_puppet_steam_data_path }}:/data:z \
 			{% for arg in matrix_mx_puppet_steam_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mx_puppet_steam_docker_image }}
 ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-steam
 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
@@ -0,0 +1,104 @@
 # Mx Puppet Twitter is a Matrix <-> Twitter bridge
 # See: https://github.com/Sorunome/mx-puppet-twitter
 matrix_mx_puppet_twitter_enabled: true
 matrix_mx_puppet_twitter_container_image_self_build: false
 # Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_twitter_container_http_host_bind_port: ''
 matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest"
 matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}"
 matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter"
 matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config"
 matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data"
 matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src"
 matrix_mx_puppet_twitter_appservice_port: "8432"
 matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}'
 matrix_mx_puppet_twitter_consumer_key: ''
 matrix_mx_puppet_twitter_consumer_secret: ''
 matrix_mx_puppet_twitter_access_token: ''
 matrix_mx_puppet_twitter_access_token_secret: ''
 matrix_mx_puppet_twitter_environment: ''
 matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook'
 matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}'
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
 matrix_mx_puppet_twitter_provisioning_whitelist:
  - "@.*:{{ matrix_domain|regex_escape }}"
 # Leave empty to disable blacklist
 # "@user:server.com" disallow a specific user
 # "@.*:yourserver.com" disallow users on a specific homeserver
 matrix_mx_puppet_twitter_provisioning_blacklist: []
 # A list of extra arguments to pass to the container
 matrix_mx_puppet_twitter_container_extra_arguments: []
 # List of systemd services that mx-puppet-twitter.service depends on.
 matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service']
 # List of systemd services that mx-puppet-twitter.service wants
 matrix_mx_puppet_twitter_systemd_wanted_services_list: []
 matrix_mx_puppet_twitter_appservice_token: ''
 matrix_mx_puppet_twitter_homeserver_token: ''
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mx_puppet_twitter_login_shared_secret: ''
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_mx_puppet_twitter_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`.
 matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`.
 matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}"
 # The prefix for user IDs and aliases
 matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_
 matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot
 matrix_mx_puppet_twitter_registration_yaml: |
  as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}"
  hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}"
  id: twitter-puppet
  namespaces:
    users:
      - exclusive: true
        regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
    rooms: []
    aliases:
      - exclusive: true
        regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
  protocols: []
  rate_limited: false
  sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}"
  url: {{ matrix_mx_puppet_twitter_appservice_address }}
 matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -0,0 +1,70 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}"
  when: matrix_mx_puppet_twitter_enabled|bool
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
  when: matrix_mx_puppet_twitter_enabled|bool
 - block:
  - name: Fail if matrix-nginx-proxy role already executed
    fail:
      msg: >-
        Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
        but it's pointless since the matrix-nginx-proxy role had already executed.
        To fix this, please change the order of roles in your plabook,
        so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
    when: matrix_nginx_proxy_role_executed|default(False)|bool
  - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
    set_fact:
      matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
        location {{ matrix_mx_puppet_twitter_webhook_path }} {
        {% if matrix_nginx_proxy_enabled|default(False) %}
        	{# Use the embedded DNS resolver in Docker containers to discover the service #}
        	resolver 127.0.0.11 valid=5s;
        	set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
        	proxy_pass $backend;
        {% else %}
        	{# Generic configuration for use outside of our container setup #}
        	proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
        {% endif %}
        }
  - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
    set_fact:
      matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
        {{
          matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
          +
          [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
        }}
  tags:
   - always
  when: matrix_mx_puppet_twitter_enabled|bool
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  debug:
    msg: >-
      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
      URL endpoint to the matrix-mx-puppet-twitter container.
      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
 # ansible lower than 2.8, does not support docker_image build parameters
 # for self buildig it is explicitly needed, so we rather fail here
 - name: Fail if running on Ansible lower than 2.8 and trying self building
  fail:
    msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml
@@ -0,0 +1,21 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-twitter
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-twitter
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool"
  tags:
    - setup-all
    - setup-mx-puppet-twitter
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -0,0 +1,93 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - name: Ensure MX Puppet Twitter image is pulled
  docker_image:
    name: "{{ matrix_mx_puppet_twitter_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}"
  when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build
 - name: Ensure MX Puppet Twitter paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true }
    - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" }
  when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool
 - name: Ensure MX Puppet Twitter repository is present on self build
  git:
    repo: https://github.com/Sorunome/mx-puppet-twitter.git
    dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
    force: "yes"
  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
 - name: Ensure MX Puppet Twitter Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_twitter_docker_image }}"
    source: build
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
      pull: yes
  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
 - name: Check if an old database file already exists
  stat:
    path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db"
  register: matrix_mx_puppet_twitter_stat_database
 - name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped
  service:
    name: matrix-mx-puppet-twitter
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
 - name: (Data relocation) Move mx-puppet-twitter database file to ./data directory
  command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db"
  when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
 - name: Ensure mx-puppet-twitter config.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure mx-puppet-twitter twitter-registration.yaml installed
  copy:
    content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}"
    dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure matrix-mx-puppet-twitter.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2"
    dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
    mode: 0644
  register: matrix_mx_puppet_twitter_systemd_service_result
 - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_twitter_systemd_service_result.changed"
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml
@@ -0,0 +1,24 @@
 ---
 - name: Check existence of matrix-mx-puppet-twitter service
  stat:
    path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
  register: matrix_mx_puppet_twitter_service_stat
 - name: Ensure matrix-mx-puppet-twitter is stopped
  service:
    name: matrix-mx-puppet-twitter
    state: stopped
    daemon_reload: yes
  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
 - name: Ensure matrix-mx-puppet-twitter.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
    state: absent
  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
 - name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal
  service:
    daemon_reload: yes
  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml
@@ -0,0 +1,10 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_mx_puppet_twitter_appservice_token"
    - "matrix_mx_puppet_twitter_homeserver_token"
--- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
@@ -0,0 +1,92 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Port to host the bridge on
  # Used for communication between the homeserver and the bridge
  port: {{ matrix_mx_puppet_twitter_appservice_port }}
  # The host connections to the bridge's webserver are allowed from
  bindAddress: 0.0.0.0
  # Public domain of the homeserver
  domain: {{ matrix_mx_puppet_twitter_homeserver_domain }}
  # Reachable URL of the Matrix homeserver
  homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }}
  {% if matrix_mx_puppet_twitter_login_shared_secret != '' %}
  loginSharedSecretMap:
    {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }}
  {% endif %}
 twitter:
  consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}"
  consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}"
  accessToken: "{{ matrix_mx_puppet_twitter_access_token }}"
  accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}"
  environment: "{{ matrix_mx_puppet_twitter_environment }}"
  server:
    url: "{{ matrix_mx_puppet_twitter_webhook_url }}"
    path: "{{ matrix_mx_puppet_twitter_webhook_path }}"
 presence:
  # Bridge Twitter online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"
  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }}
  # Shared secret for the provisioning API for use by integration managers.
  # If this is not set, the provisioning API will not be enabled.
  #sharedSecret: random string
  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
  apiPrefix: /_matrix/provision
 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db
 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
--- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
+++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
@@ -0,0 +1,44 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mx Puppet Twitter server
 {% for service in matrix_mx_puppet_twitter_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 [Service]
 Type=simple
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_mx_puppet_twitter_container_http_host_bind_port %}
 			-p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \
 			{% endif %}
 			-e CONFIG_PATH=/config/config.yaml \
 			-e REGISTRATION_PATH=/config/registration.yaml \
 			-v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \
 			-v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \
 			{% for arg in matrix_mx_puppet_twitter_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mx_puppet_twitter_docker_image }}
 ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-twitter
 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-corporal/tasks/self_check_corporal.yml
+++ b/roles/matrix-corporal/tasks/self_check_corporal.yml
@@ -8,6 +8,7 @@
    url: "{{ corporal_client_api_url_endpoint_public }}"
    follow_redirects: none
    return_content: true
  check_mode: no
  register: result_corporal_client_api
  ignore_errors: true
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@@ -2,7 +2,7 @@ matrix_coturn_enabled: true
 matrix_coturn_container_image_self_build: false
 matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.2"
 matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
 # The Docker network that Coturn would be put into.
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -49,8 +49,9 @@ matrix_jitsi_jibri_xmpp_password: ''
 matrix_jitsi_jibri_recorder_user: recorder
 matrix_jitsi_jibri_recorder_password: ''
 matrix_jitsi_container_image_tag: "stable-4627-1"
 matrix_jitsi_web_docker_image: "jitsi/web:stable-4548-1"
 matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
 matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
@@ -96,7 +97,22 @@ matrix_jitsi_web_interface_config_show_powered_by: false
 matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
 matrix_jisti_web_interface_config_show_deep_linking_image: false
 matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1"
 # Jitsi_web Fine Tune default values.
 # Useful to manage bandwidth and CPU consumption in server and client side
 matrix_jitsi_web_config_disableAudioLevels: false
 matrix_jitsi_web_config_enableLayerSuspension: false
 matrix_jitsi_web_config_channelLastN: -1
 # If 'matrix_jitsi_web_config_constraints_enabled: false'
 # the video constraints will be disabled and will take the default values of jitsi
 matrix_jitsi_web_config_constraints_enabled: false
 # This settings work if matrix_jitsi_web_config_constraints_enabled: true
 # See their definitions in config.js.j2 (templates / web)
 matrix_jitsi_web_config_constraints_video_aspectRatio: 16 / 9
 matrix_jitsi_web_config_constraints_video_height_ideal: 720
 matrix_jitsi_web_config_constraints_video_height_max: 720
 matrix_jitsi_web_config_constraints_video_height_min: 240
 matrix_jitsi_prosody_docker_image: "jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
 matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
@@ -110,7 +126,7 @@ matrix_jitsi_prosody_container_extra_arguments: []
 matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
 matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4548-1"
 matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
 matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
@@ -127,7 +143,7 @@ matrix_jitsi_jicofo_auth_user: focus
 matrix_jitsi_jicofo_auth_password: ''
 matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4548-1"
 matrix_jitsi_jvb_docker_image: "jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
 matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
--- a/roles/matrix-jitsi/templates/web/config.js.j2
+++ b/roles/matrix-jitsi/templates/web/config.js.j2
@@ -81,7 +81,7 @@ var config = {
    // Audio
    // Disable measuring of audio levels.
    // disableAudioLevels: false,
    disableAudioLevels: {{ matrix_jitsi_web_config_disableAudioLevels|to_json }},
    // Start the conference in audio only mode (no video is being received nor
    // sent).
@@ -109,24 +109,25 @@ var config = {
    // util#browser#usesNewGumFlow. The constraints are independency from
    // this config's resolution value. Defaults to requesting an ideal aspect
    // ratio of 16:9 with an ideal resolution of 720.
    // constraints: {
    //     video: {
    //         aspectRatio: 16 / 9,
    //         height: {
    //             ideal: 720,
    //             max: 720,
    //             min: 240
    //         }
    //     }
    // },
    {% if matrix_jitsi_web_config_constraints_enabled %}
    constraints: {
        video: {
            aspectRatio: {{ matrix_jitsi_web_config_constraints_video_aspectRatio }},
            height: {
                ideal: {{ matrix_jitsi_web_config_constraints_video_height_ideal|to_json }},
                max: {{ matrix_jitsi_web_config_constraints_video_height_max|to_json }},
                min: {{ matrix_jitsi_web_config_constraints_video_height_min|to_json }}
            }
        }
    },
    {% endif %}
    // Enable / disable simulcast support.
    // disableSimulcast: false,
    // Enable / disable layer suspension.  If enabled, endpoints whose HD
    // layers are not in use will be suspended (no longer sent) until they
    // are requested again.
    // enableLayerSuspension: false,
    enableLayerSuspension: {{ matrix_jitsi_web_config_enableLayerSuspension|to_json }},
    // Suspend sending video if bandwidth estimation is too low. This may cause
    // problems with audio playback. Disabled until these are fixed.
@@ -211,7 +212,7 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
    // Misc
    // Default value for the channel "last N" attribute. -1 for unlimited.
    channelLastN: -1,
    channelLastN: {{ matrix_jitsi_web_config_channelLastN|to_json }},
    // Disables or enables RTX (RFC 4588) (defaults to false).
    // disableRtx: false,
--- a/roles/matrix-ma1sd/defaults/main.yml
+++ b/roles/matrix-ma1sd/defaults/main.yml
@@ -5,7 +5,9 @@ matrix_ma1sd_enabled: true
 matrix_ma1sd_container_image_self_build: false
 matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0"
 matrix_ma1sd_architecture: "amd64"
 matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
 matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
 matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
--- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml
+++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml
@@ -8,6 +8,7 @@
    url: "{{ ma1sd_url_endpoint_public }}"
    follow_redirects: none
    validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}"
  check_mode: no
  register: result_ma1sd
  ignore_errors: true
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
@@ -12,6 +12,7 @@
    follow_redirects: none
    return_content: true
    validate_certs: "{{ well_known_file_check.validate_certs }}"
  check_mode: no
  register: result_well_known_matrix
  ignore_errors: true
@@ -39,6 +40,7 @@
    follow_redirects: "{{ well_known_file_check.follow_redirects }}"
    return_content: true
    validate_certs: "{{ well_known_file_check.validate_certs }}"
  check_mode: no
  register: result_well_known_identity
  ignore_errors: true
--- a/roles/matrix-riot-web/defaults/main.yml
+++ b/roles/matrix-riot-web/defaults/main.yml
@@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
 matrix_riot_web_container_image_self_build: false
 matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4"
 matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7"
 matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
--- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml
+++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml
@@ -9,6 +9,7 @@
    follow_redirects: none
    validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
  register: result_riot_web
  check_mode: no
  ignore_errors: true
 - name: Fail if riot-web not working
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_synapse_enabled: true
 matrix_synapse_container_image_self_build: false
 matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0"
 matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.0"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false
 # Controls whether people with access to the homeserver can register by themselves.
 matrix_synapse_enable_registration: false
 # reCAPTCHA API for validating registration attempts
 matrix_synapse_enable_registration_captcha: false
 matrix_synapse_recaptcha_public_key: ''
 matrix_synapse_recaptcha_private_key: ''
 # Allows non-server-admin users to create groups on this server
 matrix_synapse_enable_group_creation: false
--- a/roles/matrix-synapse/tasks/self_check_client_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_client_api.yml
@@ -7,6 +7,7 @@
    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
  register: result_matrix_synapse_client_api
  ignore_errors: true
  check_mode: no
  when: matrix_synapse_enabled|bool
 - name: Fail if Matrix Client API not working
--- a/roles/matrix-synapse/tasks/self_check_federation_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml
@@ -7,6 +7,7 @@
    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
  register: result_matrix_synapse_federation_api
  ignore_errors: true
  check_mode: no
  when: matrix_synapse_enabled|bool
 - name: Fail if Matrix Federation API not working
--- a/roles/matrix-synapse/templates/synapse/env-synapse.j2
+++ b/roles/matrix-synapse/templates/synapse/env-synapse.j2
@@ -1,3 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
 SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }}
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -288,7 +288,7 @@ listeners:
 # number of monthly active users.
 #
 # 'limit_usage_by_mau' disables/enables monthly active user blocking. When
 # anabled and a limit is reached the server returns a 'ResourceLimitError'
 # enabled and a limit is reached the server returns a 'ResourceLimitError'
 # with error type Codes.RESOURCE_LIMIT_EXCEEDED
 #
 # 'max_mau_value' is the hard limit of monthly active users above which
@@ -934,18 +934,18 @@ url_preview_accept_language:
 # This homeserver's ReCAPTCHA public key. Must be specified if
 # enable_registration_captcha is enabled.
 #
 #recaptcha_public_key: "YOUR_PUBLIC_KEY"
 recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }}
 # This homeserver's ReCAPTCHA private key. Must be specified if
 # enable_registration_captcha is enabled.
 #
 #recaptcha_private_key: "YOUR_PRIVATE_KEY"
 recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }}
 # Uncomment to enable ReCaptcha checks when registering, preventing signup
 # unless a captcha is answered. Requires a valid ReCaptcha
 # public/private key. Defaults to 'false'.
 #
 #enable_registration_captcha: true
 enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha|to_json }}
 # The API endpoint to use for verifying m.login.recaptcha responses.
 # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
@@ -1182,7 +1182,11 @@ account_threepid_delegates:
 #enable_3pid_changes: false
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 # to these rooms.
 #
 # By default, any room aliases included in this list will be created
 # as a publicly joinable room when the first user registers for the
 # homeserver. This behaviour can be customised with the settings below.
 #
 #auto_join_rooms:
 #  - "#example:example.com"
@@ -1194,11 +1198,63 @@ auto_join_rooms:
 # Where auto_join_rooms are specified, setting this flag ensures that the
 # the rooms exist by creating them when the first user on the
 # homeserver registers.
 #
 # By default the auto-created rooms are publicly joinable from any federated
 # server. Use the autocreate_auto_join_rooms_federated and
 # autocreate_auto_join_room_preset settings below to customise this behaviour.
 #
 # Setting to false means that if the rooms are not manually created,
 # users cannot be auto-joined since they do not exist.
 #
 # Defaults to true. Uncomment the following line to disable automatically
 # creating auto-join rooms.
 #
 autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
 # Whether the auto_join_rooms that are auto-created are available via
 # federation. Only has an effect if autocreate_auto_join_rooms is true.
 #
 # Note that whether a room is federated cannot be modified after
 # creation.
 #
 # Defaults to true: the room will be joinable from other servers.
 # Uncomment the following to prevent users from other homeservers from
 # joining these rooms.
 #
 #autocreate_auto_join_rooms_federated: false
 # The room preset to use when auto-creating one of auto_join_rooms. Only has an
 # effect if autocreate_auto_join_rooms is true.
 #
 # This can be one of "public_chat", "private_chat", or "trusted_private_chat".
 # If a value of "private_chat" or "trusted_private_chat" is used then
 # auto_join_mxid_localpart must also be configured.
 #
 # Defaults to "public_chat", meaning that the room is joinable by anyone, including
 # federated servers if autocreate_auto_join_rooms_federated is true (the default).
 # Uncomment the following to require an invitation to join these rooms.
 #
 #autocreate_auto_join_room_preset: private_chat
 # The local part of the user id which is used to create auto_join_rooms if
 # autocreate_auto_join_rooms is true. If this is not provided then the
 # initial user account that registers will be used to create the rooms.
 #
 # The user id is also used to invite new users to any auto-join rooms which
 # are set to invite-only.
 #
 # It *must* be configured if autocreate_auto_join_room_preset is set to
 # "private_chat" or "trusted_private_chat".
 #
 # Note that this must be specified in order for new users to be correctly
 # invited to any auto-join rooms which have been set to invite-only (either
 # at the time of creation or subsequently).
 #
 # Note that, if the room already exists, this user must be joined and
 # have the appropriate permissions to invite new members.
 #
 #auto_join_mxid_localpart: system
 # When auto_join_rooms is specified, setting this flag to false prevents
 # guest accounts from being automatically joined to the rooms.
 #
@@ -1431,7 +1487,7 @@ saml2_config:
  # The lifetime of a SAML session. This defines how long a user has to
  # complete the authentication process, if allow_unsolicited is unset.
  # The default is 5 minutes.
  # The default is 15 minutes.
  #
  #saml_session_lifetime: 5m
@@ -1516,7 +1572,7 @@ saml2_config:
 # use an OpenID Connect Provider for authentication, instead of its internal
 # password database.
 #
 # See https://github.com/matrix-org/synapse/blob/master/openid.md.
 # See https://github.com/matrix-org/synapse/blob/master/docs/openid.md.
 #
 oidc_config:
  # Uncomment the following to enable authorization against an OpenID Connect
@@ -1960,6 +2016,27 @@ push:
   #    example_stop_events_from: ['@bad:example.com']
 spam_checker: {{ matrix_synapse_spam_checker|to_json }}
 ## Rooms ##
 # Controls whether locally-created rooms should be end-to-end encrypted by
 # default.
 #
 # Possible options are "all", "invite", and "off". They are defined as:
 #
 # * "all": any locally-created room
 # * "invite": any room created with the "private_chat" or "trusted_private_chat"
 #             room creation presets
 # * "off": this option will take no effect
 #
 # The default value is "off".
 #
 # Note that this option will only affect rooms created after it is set. It
 # will also not affect rooms created by other servers.
 #
 #encryption_enabled_by_default_for_room_type: invite
 # Uncomment to allow non-server-admin users to create groups on this server
 #
 enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }}
--- a/setup.yml
+++ b/setup.yml
@@ -16,8 +16,12 @@
    - matrix-bridge-mautrix-hangouts
    - matrix-bridge-mautrix-telegram
    - matrix-bridge-mautrix-whatsapp
    - matrix-bridge-mx-puppet-discord
    - matrix-bridge-mx-puppet-steam
    - matrix-bridge-mx-puppet-skype
    - matrix-bridge-mx-puppet-slack
    - matrix-bridge-mx-puppet-twitter
    - matrix-bridge-mx-puppet-instagram
    - matrix-bridge-sms
    - matrix-synapse
    - matrix-riot-web