Merge c5d63918ae into f954df4707

2 tygodni temu · 29cb392c64
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
 # 2026-02-XX

 ## matrix-registration has been removed from the playbook

 The [matrix-registration](./docs/configuring-playbook-matrix-registration.md) service has been removed from the playbook, as it has been unmaintained since November, 2025.

 The playbook will let you know if you're using any `matrix_registration_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-matrix-registration.md#uninstalling-the-component-manually).

 # 2026-02-12

 ## Dimension integration manager has been removed from the playbook
--- a/README.md
+++ b/README.md
@@ -92,7 +92,6 @@ Extend and modify how users are authenticated on your homeserver.
 |[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | ❌ | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
 | [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | ❌ | LDAP Auth password provider module | [Link](docs/configuring-playbook-ldap-auth.md) |
 | [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
 | [matrix-registration](https://github.com/ZerataX/matrix-registration) | ❌ | Simple python application to have a token based Matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) |
 | [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token | [Link](docs/configuring-playbook-user-verification-service.md) |
 | [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | ❌ | Spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |

--- a/docs/configuring-playbook-matrix-registration.md
+++ b/docs/configuring-playbook-matrix-registration.md
@@ -1,115 +1,36 @@
 <!--
 SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 SPDX-FileCopyrightText: 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2019 Edgars Voroboks
 SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
 SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 Chris van Dijk
 SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2020 jens quade
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Kim Brose
 SPDX-FileCopyrightText: 2022 Travis Ralston
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2022 Yan Minagawa
 SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

 # Setting up matrix-registration (optional)
 # Setting up matrix-registration (optional, removed)

 > [!WARNING]
 > - This is a poorly maintained and buggy project. It's better to avoid using it.
 > - This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)
 > [!NOTE]
 > This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md).

 The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. It is a simple python application to have a token based Matrix registration.
 🪦 The playbook used to be able to install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration), but no longer includes this component, as it has been unmaintained since November, 2025.

 Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows certain people (these having a special link) to register a user account, **keeping your server's registration closed (private)**.
 ## Uninstalling the component manually

 **matrix-registration** provides 2 things:
 If you still have matrix-registration installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

 - **an API for creating registration tokens** (unique registration links). This API can be used via `curl` or via the playbook (see [Usage](#usage) below)

 - **a user registration page**, where people can use these registration tokens. By default, exposed at `https://matrix.example.com/matrix-registration`

 ## Adjusting DNS records (optional)

 By default, this playbook installs the matrix-registration on the `matrix.` subdomain, at the `/matrix-registration` path (https://matrix.example.com/matrix-registration). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.

 If you wish to adjust it, see the section [below](#adjusting-the-matrix-registration-url-optional) for details about DNS configuration.

 ## Adjusting the playbook configuration

 To enable matrix-registration, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:

 ```yaml
 matrix_registration_enabled: true

 # Generate a strong secret here. You can create one with a command like `pwgen -s 64 1`.
 matrix_registration_admin_secret: "ENTER_SOME_SECRET_HERE"
 ```

 ### Adjusting the matrix-registration URL (optional)

 By tweaking the `matrix_registration_hostname` and `matrix_registration_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.

 Example additional configuration for your `vars.yml` file:

 ```yaml
 # Change the default hostname and path prefix
 matrix_registration_hostname: registration.example.com
 matrix_registration_path_prefix: /
 ```

 If you've changed the default hostname, you may need to create a CNAME record for the matrix-registration domain (`registration.example.com`), which targets `matrix.example.com`.

 When setting, replace `example.com` with your own.

 ### Extending the configuration

 There are some additional things you may wish to configure about the component.

 Take a look at:

 - `roles/custom/matrix-registration/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-registration/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_registration_configuration_extension_yaml` variable

 ## Installing

 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:

 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`

 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

 ## Usage
 systemctl disable --now matrix-registration.service

 **matrix-registration** gets exposed at `https://matrix.example.com/matrix-registration`
 rm -rf /matrix/matrix-registration

 It provides various [APIs](https://github.com/ZerataX/matrix-registration/wiki/api) — for creating registration tokens, listing tokens, disabling tokens, etc. To make use of all of its capabilities, consider using `curl`.

 We make the most common APIs easy to use via the playbook (see below).

 ### Creating registration tokens

 To **create a new user registration token (link)**, use this command:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=generate-matrix-registration-token \
 --extra-vars="one_time=yes ex_date=2021-12-31"
 /matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_registration;'
 ```

 The above command creates and returns a **one-time use** token, which **expires** on the 31st of December 2021. Adjust the `one_time` and `ex_date` variables as you see fit.

 Share the unique registration link (generated by the command above) with users to let them register on your Matrix server.

 ### Listing registration tokens

 To **list the existing user registration tokens**, use this command:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=list-matrix-registration-tokens
 ```

 The shortcut command with `just` program is also available: `just run-tags list-matrix-registration-tokens`

 ## Troubleshooting

 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-registration`.
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -102,8 +102,6 @@ Extend and modify how users are authenticated on your homeserver.

 - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md)

 - [Setting up matrix-registration](configuring-playbook-matrix-registration.md)

 - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (advanced)

 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (advanced)
@@ -277,6 +275,8 @@ Various services that don't fit any other categories.

 - [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))

 - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)

 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))

 - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-instagram](configuring-playbook-bridge-mautrix-meta-instagram.md))
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -66,7 +66,6 @@ Extend and modify how users are authenticated on your homeserver.
 | [matrix-synapse-shared-secret-auth](configuring-playbook-shared-secret-auth.md) | (N/A) | ❌ | Password provider module |
 | [matrix-synapse-ldap3](configuring-playbook-ldap-auth.md) (advanced) | (N/A) | ❌ | LDAP Auth password provider module |
 | [matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) | [activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP |
 | [matrix-registration](configuring-playbook-matrix-registration.md) | [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) | ❌ | Simple python application to have a token based Matrix registration |
 | [Matrix User Verification Service](configuring-playbook-user-verification-service.md) | [matrixdotorg/matrix-user-verification-service](https://hub.docker.com/r/atrixdotorg/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token |
 | [synapse-simple-antispam](configuring-playbook-synapse-simple-antispam.md) (advanced) | (N/A) | ❌ | Spam checker module |

@@ -178,6 +177,7 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
 | [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
 | [matrix-chatgpt-bot](configuring-playbook-bot-chatgpt.md) | [matrixgpt/matrix-chatgpt-bot](https://ghcr.io/matrixgpt/matrix-chatgpt-bot) | ❌ | Accessing ChatGPT via your favourite Matrix client |
 | [matrix-registration](configuring-playbook-matrix-registration.md) | [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) | ❌ | Simple python application to have a token based Matrix registration |
 | [mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md) | [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) | ❌ | Bridge to [Facebook](https://facebook.com/) |
 | [mautrix-instagram](configuring-playbook-bridge-mautrix-instagram.md) | [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) | ❌ | Bridge to [Instagram](https://instagram.com/) |
 | [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@@ -100,10 +100,6 @@ To manage users more easily (via a web user-interace), you can install [Synapse
 > [!WARNING]
 > If you're using [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), note that user management via synapse-admin is not fully working yet. See the [Expectations](configuring-playbook-matrix-authentication-service.md#expectations) section for more information.

 ## Letting certain users register on your private server

 If you'd rather **keep your server private** (public registration closed, as is the default), and **let certain people create accounts by themselves** (instead of creating user accounts manually like this), consider installing and making use of [matrix-registration](configuring-playbook-matrix-registration.md).

 ## Enabling public user registration

 To **open up user registration publicly** (usually **not recommended**), add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -30,7 +30,6 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-client-element`
 - `hydrogen`
 - `cinny`
 - `matrix-registration`
 - `coturn`
 - `matrix-corporal`
 - `exim-relay`
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -421,8 +421,6 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else [])
    +
    ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
    +
    ([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
    +
    ([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
@@ -3668,12 +3666,6 @@ postgres_managed_databases_auto: |
      'password': matrix_bot_buscarron_database_password,
    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_registration_database_name,
      'username': matrix_registration_database_username,
      'password': matrix_registration_database_password,
    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_discord_database_name,
      'username': matrix_appservice_discord_database_username,
@@ -5066,75 +5058,6 @@ grafana_default_home_dashboard_path: |-
 #
 ######################################################################


 ######################################################################
 #
 # matrix-registration
 #
 ######################################################################

 matrix_registration_enabled: false

 matrix_registration_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_registration_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_registration_path_prefix: /matrix-registration

 matrix_registration_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname) else [])
  }}

 matrix_registration_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_registration_docker_image_registry_prefix_upstream_default }}"

 matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

 matrix_registration_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8767') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

 matrix_registration_container_network: "{{ matrix_addons_container_network }}"

 matrix_registration_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname and matrix_registration_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_registration_container_labels_traefik_enabled) else [])
    ) | unique
  }}

 matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_registration_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_registration_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

 matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"

 matrix_registration_shared_secret: |-
  {{
    {
      'synapse': matrix_synapse_registration_shared_secret | default (''),
      'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
      'conduit': '',
      'continuwuity': '',
    }[matrix_homeserver_implementation]
  }}

 matrix_registration_server_location: "{{ matrix_addons_homeserver_client_api_url }}"

 matrix_registration_api_validate_certs: "{{ matrix_playbook_ssl_enabled }}"

 # Postgres is the default, except if not using internal Postgres server
 matrix_registration_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_registration_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_registration_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mx.registr.db') | hash('sha512') | to_uuid }}"

 ######################################################################
 #
 # /matrix-registration
 #
 ######################################################################

 ######################################################################
 #
 # matrix-dendrite
--- a/roles/custom/matrix-registration/defaults/main.yml
+++ b/roles/custom/matrix-registration/defaults/main.yml
@@ -1,169 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 Aaron Raimist
 # SPDX-FileCopyrightText: 2021 Ahmad Haghighi
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2023 Samuel Meenzen
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---
 # matrix-registration is a simple python application to have a token based Matrix registration
 # See: https://zeratax.github.io/matrix-registration/
 # Project source code URL: https://github.com/ZerataX/matrix-registration

 matrix_registration_enabled: true

 matrix_registration_scheme: https
 matrix_registration_hostname: ''
 matrix_registration_path_prefix: /

 matrix_registration_container_image_self_build: false
 matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration"
 matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}"
 # Controls whether we'll be patching the dependencies in `setup.py` when self-building.
 # Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`).
 # This is an attempt to get matrix-registration in its current (outdated) version to build.
 matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true

 matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
 matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
 matrix_registration_data_path: "{{ matrix_registration_base_path }}/data"
 matrix_registration_docker_src_files_path: "{{ matrix_registration_base_path }}/docker-src"

 # renovate: datasource=docker depName=zeratax/matrix-registration
 matrix_registration_version: "v0.7.2"

 matrix_registration_docker_image: "{{ matrix_registration_docker_image_registry_prefix }}zeratax/matrix-registration:{{ matrix_registration_version }}"
 matrix_registration_docker_image_registry_prefix: "{{ 'localhost/' if matrix_registration_container_image_self_build else matrix_registration_docker_image_registry_prefix_upstream }}"
 matrix_registration_docker_image_registry_prefix_upstream: "{{ matrix_registration_docker_image_registry_prefix_upstream_default }}"
 matrix_registration_docker_image_registry_prefix_upstream_default: "docker.io/"
 matrix_registration_docker_image_force_pull: "{{ matrix_registration_docker_image.endswith(':latest') }}"

 matrix_registration_container_network: ""

 matrix_registration_container_additional_networks: "{{ matrix_registration_container_additional_networks_auto + matrix_registration_container_additional_networks_custom }}"
 matrix_registration_container_additional_networks_auto: []
 matrix_registration_container_additional_networks_custom: []

 # matrix_registration_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
 # To inject your own other container labels, see `matrix_registration_container_labels_additional_labels`.
 matrix_registration_container_labels_traefik_enabled: true
 matrix_registration_container_labels_traefik_docker_network: "{{ matrix_registration_container_network }}"
 matrix_registration_container_labels_traefik_entrypoints: web-secure
 matrix_registration_container_labels_traefik_tls_certResolver: default  # noqa var-naming

 # Controls whether labels will be added that expose matrix-registration's public endpoints
 matrix_registration_container_labels_public_endpoint_enabled: true
 matrix_registration_container_labels_public_endpoint_traefik_rule: "Host(`{{ matrix_registration_hostname }}`){% if matrix_registration_path_prefix != '/' %} && PathPrefix(`{{ matrix_registration_path_prefix }}`){% endif %}"
 matrix_registration_container_labels_public_endpoint_traefik_priority: 0
 matrix_registration_container_labels_public_endpoint_traefik_entrypoints: "{{ matrix_registration_container_labels_traefik_entrypoints }}"
 matrix_registration_container_labels_public_endpoint_traefik_tls: "{{ matrix_registration_container_labels_public_endpoint_traefik_entrypoints != 'web' }}"
 matrix_registration_container_labels_public_endpoint_traefik_tls_certResolver: "{{ matrix_registration_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

 # matrix_registration_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
 # Example:
 # matrix_registration_container_labels_additional_labels: |
 #   my.label=1
 #   another.label="here"
 matrix_registration_container_labels_additional_labels: ''

 # A list of extra arguments to pass to the container
 matrix_registration_container_extra_arguments: []

 # List of systemd services that matrix-registration.service depends on
 matrix_registration_systemd_required_services_list: "{{ matrix_registration_systemd_required_services_list_default + matrix_registration_systemd_required_services_list_auto + matrix_registration_systemd_required_services_list_custom }}"
 matrix_registration_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
 matrix_registration_systemd_required_services_list_auto: []
 matrix_registration_systemd_required_services_list_custom: []

 # List of systemd services that matrix-registration.service wants
 matrix_registration_systemd_wanted_services_list: []

 # Controls whether the matrix-registration container exposes its HTTP port (tcp/5000 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8767"), or empty string to not expose.
 matrix_registration_container_http_host_bind_port: ''

 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.
 #
 # To use Postgres:
 # - change the engine (`matrix_registration_database_engine: 'postgres'`)
 # - adjust your database credentials via the `matrix_registration_database_*` variables
 matrix_registration_database_engine: 'sqlite'

 matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3"
 matrix_registration_sqlite_database_path_in_container: "/data/db.sqlite3"

 matrix_registration_database_username: 'matrix_registration'
 matrix_registration_database_password: 'some-password'
 matrix_registration_database_hostname: ''
 matrix_registration_database_port: 5432
 matrix_registration_database_name: 'matrix_registration'

 matrix_registration_database_connection_string: 'postgresql://{{ matrix_registration_database_username }}:{{ matrix_registration_database_password }}@{{ matrix_registration_database_hostname }}:{{ matrix_registration_database_port }}/{{ matrix_registration_database_name }}'

 # For some reason, matrix-registraiton expects the `db` field to be like this: `sqlite:////data/db.sqlite3`.
 # (seems like one too many slashes, but..)
 matrix_registration_db: "{{
 	{
 		'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
 		'postgres': matrix_registration_database_connection_string,
 	}[matrix_registration_database_engine]
 }}"

 matrix_registration_base_url: "{{ matrix_registration_path_prefix }}"

 matrix_registration_api_register_endpoint: "{{ matrix_registration_scheme }}://{{ matrix_registration_hostname }}{{ matrix_registration_base_url }}{{ '' if matrix_registration_base_url == '/' else '/' }}register"
 matrix_registration_api_token_endpoint: "{{ matrix_registration_scheme }}://{{ matrix_registration_hostname }}{{ matrix_registration_base_url }}{{ '' if matrix_registration_base_url == '/' else '/' }}token"

 matrix_registration_api_validate_certs: true

 # The URL to your homeserver (e.g.: `https://matrix.example.com`).
 # A local (in-container address) is preferable.
 matrix_registration_server_location: ""

 matrix_registration_server_name: "{{ matrix_domain }}"

 # matrix_registration_shared_secret needs to match the homeserver's registration secret.
 # For Synapse, that's the `registration_shared_secret` setting.
 matrix_registration_shared_secret: ""

 # matrix_registration_admin_secret is your own admin secret for using matrix-registration (creating new tokens, etc.)
 matrix_registration_admin_secret: ""

 matrix_registration_riot_instance: "https://element.io/app/"

 # Default matrix-registration configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_registration_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_registration_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_registration_configuration_extension_yaml: |
  # Your custom YAML configuration for registration goes here.
  # This configuration extends the default starting configuration (`matrix_registration_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_registration_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # password:
  #   min_length: 12

 matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml | from_yaml if matrix_registration_configuration_extension_yaml | from_yaml is mapping else {} }}"

 # Holds the final matrix-registration configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`.
 matrix_registration_configuration: "{{ matrix_registration_configuration_yaml | from_yaml | combine(matrix_registration_configuration_extension, recursive=True) }}"
--- a/roles/custom/matrix-registration/tasks/generate_token.yml
+++ b/roles/custom/matrix-registration/tasks/generate_token.yml
@@ -1,57 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - name: Fail if playbook called incorrectly
  ansible.builtin.fail:
    msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars"
  when: "one_time is not defined or one_time not in ['yes', 'no']"

 - name: Fail if playbook called incorrectly
  ansible.builtin.fail:
    msg: "The `ex_date` variable (expiration date) needs to be provided to this playbook, via --extra-vars"
  when: "ex_date is not defined or ex_date == '<date>'"

 - name: Call matrix-registration token creation API
  ansible.builtin.uri:
    url: "{{ matrix_registration_api_token_endpoint }}"
    follow_redirects: none
    validate_certs: "{{ matrix_registration_api_validate_certs }}"
    headers:
      Content-Type: application/json
      Authorization: "SharedSecret {{ matrix_registration_admin_secret }}"
    method: POST
    body_format: json
    body: |
      {
        "one_time": {{ 'true' if one_time == 'yes' else 'false' }},
        "ex_date": {{ ex_date | to_json }}
      }
  check_mode: false
  register: matrix_registration_api_result

 - ansible.builtin.set_fact:
    matrix_registration_api_result_message: >-
      matrix-registration result:

      Direct registration link (with the token prefilled):

      {{ matrix_registration_api_register_endpoint }}?token={{ matrix_registration_api_result.json.name }}

      Full token details are:

      {{ matrix_registration_api_result.json }}
  check_mode: false

 - name: Inject result message into devture_playbook_runtime_messages_list
  ansible.builtin.set_fact:
    devture_playbook_runtime_messages_list: |
      {{
        devture_playbook_runtime_messages_list | default([])
        +
        [matrix_registration_api_result_message]
      }}
  check_mode: false
--- a/roles/custom/matrix-registration/tasks/list_tokens.yml
+++ b/roles/custom/matrix-registration/tasks/list_tokens.yml
@@ -1,37 +0,0 @@
 # SPDX-FileCopyrightText: 2021 MDAD project contributors
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - name: Call matrix-registration list all tokens API
  ansible.builtin.uri:
    url: "{{ matrix_registration_api_token_endpoint }}"
    follow_redirects: none
    validate_certs: "{{ matrix_registration_api_validate_certs }}"
    headers:
      Content-Type: application/json
      Authorization: "SharedSecret {{ matrix_registration_admin_secret }}"
    method: GET
    body_format: json
  check_mode: false
  register: matrix_registration_api_result

 - ansible.builtin.set_fact:
    matrix_registration_api_result_message: >-
      matrix-registration result:

      {{ matrix_registration_api_result.json | to_nice_json }}
  check_mode: false

 - name: Inject result message into devture_playbook_runtime_messages_list
  ansible.builtin.set_fact:
    devture_playbook_runtime_messages_list: |
      {{
        devture_playbook_runtime_messages_list | default([])
        +
        [matrix_registration_api_result_message]
      }}
  check_mode: false
--- a/roles/custom/matrix-registration/tasks/main.yml
+++ b/roles/custom/matrix-registration/tasks/main.yml
@@ -1,38 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 MDAD project contributors
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - tags:
    - setup-all
    - setup-matrix-registration
    - install-all
    - install-matrix-registration
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"

 - tags:
    - setup-all
    - setup-matrix-registration
  block:
    - when: not matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

 - tags:
    - generate-matrix-registration-token
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/generate_token.yml"

 - tags:
    - list-matrix-registration-tokens
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/list_tokens.yml"
--- a/roles/custom/matrix-registration/tasks/setup_install.yml
+++ b/roles/custom/matrix-registration/tasks/setup_install.yml
@@ -1,138 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2020 Stuart Mumford
 # SPDX-FileCopyrightText: 2022 Jim Myhrberg
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 # SPDX-FileCopyrightText: 2024 David Mehren
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - ansible.builtin.set_fact:
    matrix_registration_requires_restart: false

 - when: "matrix_registration_database_engine == 'postgres'"
  block:
    - name: Check if an SQLite database already exists
      ansible.builtin.stat:
        path: "{{ matrix_registration_sqlite_database_path_local }}"
      register: matrix_registration_sqlite_database_path_local_stat_result

    - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
      block:
        - ansible.builtin.include_role:
            name: galaxy/postgres
            tasks_from: migrate_db_to_postgres
          vars:
            postgres_db_migration_request:
              src: "{{ matrix_registration_sqlite_database_path_local }}"
              dst: "{{ matrix_registration_database_connection_string }}"
              caller: "{{ role_path | basename }}"
              engine_variable_name: 'matrix_registration_database_engine'
              engine_old: 'sqlite'
              systemd_services_to_stop: ['matrix-registration.service']
              # pgloader makes `ex_date` of type `TIMESTAMP WITH TIMEZONE`,
              # which makes matrix-registration choke on it later on when comparing dates.
              additional_psql_statements_list:
                - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE;
              additional_psql_statements_db_name: "{{ matrix_registration_database_name }}"

        - ansible.builtin.set_fact:
            matrix_registration_requires_restart: true

 - name: Ensure matrix-registration paths exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_registration_base_path }}", when: true}
    - {path: "{{ matrix_registration_config_path }}", when: true}
    - {path: "{{ matrix_registration_data_path }}", when: true}
    - {path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure matrix-registration image is pulled
  community.docker.docker_image:
    name: "{{ matrix_registration_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}"
  when: "not matrix_registration_container_image_self_build | bool"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure matrix-registration repository is present when self-building
  ansible.builtin.git:
    repo: "{{ matrix_registration_container_image_self_build_repo }}"
    dest: "{{ matrix_registration_docker_src_files_path }}"
    version: "{{ matrix_registration_container_image_self_build_branch }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
  register: matrix_registration_git_pull_results
  when: "matrix_registration_container_image_self_build | bool"

 # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864
 - name: Patch setup.py to allow self-built version to work
  ansible.builtin.lineinfile:
    path: "{{ matrix_registration_docker_src_files_path }}/setup.py"
    regexp: 'flask-limiter'
    line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",'
  when: "matrix_registration_container_image_self_build | bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled | bool"

 - name: Ensure matrix-registration Docker image is built
  community.docker.docker_image:
    name: "{{ matrix_registration_docker_image }}"
    source: build
    force_source: "{{ matrix_registration_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_registration_docker_src_files_path }}"
      pull: true
  when: "matrix_registration_container_image_self_build | bool"

 - name: Ensure matrix-registration config installed
  ansible.builtin.copy:
    content: "{{ matrix_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_registration_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

 - name: Ensure matrix-registration support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_registration_base_path }}/{{ item }}"
    mode: 0640
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - labels

 - name: Ensure matrix-registration container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_registration_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"

 - name: Ensure matrix-registration.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
    mode: 0644

 - name: Ensure matrix-registration.service restarted, if necessary
  ansible.builtin.service:
    name: "matrix-registration.service"
    state: restarted
    daemon_reload: true
  when: "matrix_registration_requires_restart | bool"
--- a/roles/custom/matrix-registration/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-registration/tasks/setup_uninstall.yml
@@ -1,26 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - name: Check existence of matrix-registration service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
  register: matrix_registration_service_stat

 - when: matrix_registration_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-registration is stopped
      ansible.builtin.service:
        name: matrix-registration
        state: stopped
        enabled: false
        daemon_reload: true

    - name: Ensure matrix-registration.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
        state: absent
--- a/roles/custom/matrix-registration/tasks/validate_config.yml
+++ b/roles/custom/matrix-registration/tasks/validate_config.yml
@@ -1,30 +0,0 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2025 Suguru Hirahara
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 ---

 - name: Fail if required matrix-registration settings not defined
  ansible.builtin.fail:
    msg: >
      You need to define a required configuration setting (`{{ item.name }}`).
  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
  with_items:
    - {'name': 'matrix_registration_hostname', when: true}
    - {'name': 'matrix_registration_path_prefix', when: true}
    - {'name': 'matrix_registration_container_network', when: true}
    - {'name': 'matrix_registration_shared_secret', when: true}
    - {'name': 'matrix_registration_admin_secret', when: true}
    - {'name': 'matrix_registration_server_location', when: true}
    - {'name': 'matrix_registration_database_hostname', when: "{{ matrix_registration_database_engine == 'postgres' }}"}

 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_registration_docker_repo', 'new': 'matrix_registration_container_image_self_build_repo'}
    - {'old': 'matrix_registration_public_endpoint', 'new': 'matrix_registration_path_prefix'}
--- a/roles/custom/matrix-registration/templates/config.yaml.j2
+++ b/roles/custom/matrix-registration/templates/config.yaml.j2
@@ -1,37 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev

 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

 server_location: {{ matrix_registration_server_location|to_json }}
 server_name: {{ matrix_registration_server_name|to_json }}
 shared_secret: {{ matrix_registration_shared_secret|to_json }}
 admin_secret: {{ matrix_registration_admin_secret|to_json }}
 riot_instance: {{ matrix_registration_riot_instance|to_json }}
 db: {{ matrix_registration_db|to_json }}
 host: '0.0.0.0'
 port: 5000
 rate_limit: ["100 per day", "10 per minute"]
 allow_cors: false
 logging:
  disable_existing_loggers: False
  version: 1
  root:
    level: DEBUG
    handlers: [console]
  formatters:
    brief:
      format: '%(name)s - %(levelname)s - %(message)s'
    precise:
      format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
  handlers:
    console:
      class: logging.StreamHandler
      level: INFO
      formatter: brief
      stream: ext://sys.stdout
 # password requirements
 password:
  min_length: 8
 base_url: {{ matrix_registration_base_url|to_json }}
--- a/roles/custom/matrix-registration/templates/labels.j2
+++ b/roles/custom/matrix-registration/templates/labels.j2
@@ -1,69 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2024 Slavi Pantaleev

 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

 {% if matrix_registration_container_labels_traefik_enabled %}
 traefik.enable=true

 {% if matrix_registration_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_registration_container_labels_traefik_docker_network }}
 {% endif %}

 traefik.http.services.matrix-registration.loadbalancer.server.port=5000

 {% if matrix_registration_container_labels_public_endpoint_enabled %}
 ############################################################
 #                                                          #
 # Public (e.g. /matrix-registration)                       #
 #                                                          #
 ############################################################

 {% set middlewares = [] %}

 {% if matrix_registration_path_prefix != '/' %}
 traefik.http.middlewares.matrix-registration-slashless-redirect-slashless.redirectregex.regex=({{ matrix_registration_path_prefix | quote }})$
 traefik.http.middlewares.matrix-registration-slashless-redirect-slashless.redirectregex.replacement=${1}/
 {% set middlewares = middlewares + ['matrix-registration-slashless-redirect-slashless'] %}
 {% endif %}

 # matrix-registration serves nothing at the root URL, so we redirect to /register instead.
 traefik.http.middlewares.matrix-registration-slashless-redirect-root.redirectregex.regex=({{ matrix_registration_path_prefix | quote }}{{ '' if matrix_registration_path_prefix == '/' else '/' }})$
 traefik.http.middlewares.matrix-registration-slashless-redirect-root.redirectregex.replacement=${1}register
 {% set middlewares = middlewares + ['matrix-registration-slashless-redirect-root'] %}

 {% if matrix_registration_path_prefix != '/' %}
 traefik.http.middlewares.matrix-registration-strip-prefix.stripprefix.prefixes={{ matrix_registration_path_prefix }}
 {% set middlewares = middlewares + ['matrix-registration-strip-prefix'] %}
 {% endif %}

 traefik.http.routers.matrix-registration-public.rule={{ matrix_registration_container_labels_public_endpoint_traefik_rule }}

 {% if middlewares | length > 0 %}
 traefik.http.routers.matrix-registration-public.middlewares={{ middlewares | join(',') }}
 {% endif %}

 {% if matrix_registration_container_labels_public_endpoint_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-registration-public.priority={{ matrix_registration_container_labels_public_endpoint_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-registration-public.service=matrix-registration
 traefik.http.routers.matrix-registration-public.entrypoints={{ matrix_registration_container_labels_public_endpoint_traefik_entrypoints }}

 traefik.http.routers.matrix-registration-public.tls={{ matrix_registration_container_labels_public_endpoint_traefik_tls | to_json }}
 {% if matrix_registration_container_labels_public_endpoint_traefik_tls %}
 traefik.http.routers.matrix-registration-public.tls.certResolver={{ matrix_registration_container_labels_public_endpoint_traefik_tls_certResolver }}
 {% endif %}

 ############################################################
 #                                                          #
 # /Public (e.g. /matrix-registration)                      #
 #                                                          #
 ############################################################
 {% endif %}


 {% endif %}

 {{ matrix_registration_container_labels_additional_labels }}
--- a/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2
+++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2
@@ -1,51 +0,0 @@
 #jinja2: lstrip_blocks: True
 [Unit]
 Description=matrix-registration
 {% for service in matrix_registration_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_registration_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'

 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-registration \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_registration_container_network }} \
 			{% if matrix_registration_container_http_host_bind_port %}
 			-p {{ matrix_registration_container_http_host_bind_port }}:5000 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_registration_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_registration_data_path }},dst=/data \
 			--label-file={{ matrix_registration_base_path }}/labels \
 			{% for arg in matrix_registration_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_registration_docker_image }} \
 			serve

 {% for network in matrix_registration_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-registration
 {% endfor %}

 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-registration

 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-registration

 [Install]
 WantedBy=multi-user.target
--- a/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2.license
+++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2.license
@@ -1,3 +0,0 @@
 SPDX-FileCopyrightText: 2020 Slavi Pantaleev

 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-user-verification-service/defaults/main.yml
+++ b/roles/custom/matrix-user-verification-service/defaults/main.yml
@@ -18,7 +18,7 @@ matrix_user_verification_service_enabled: true

 matrix_user_verification_service_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 matrix_user_verification_service_container_image_self_build_repo: "https://github.com/matrix-org/matrix-user-verification-service"
 matrix_user_verification_service_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_user_verification_service_version }}"
 matrix_user_verification_service_container_image_self_build_branch: "{{ matrix_user_verification_service_version }}"

 # renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service
 matrix_user_verification_service_version: "v3.0.0"
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -777,6 +777,18 @@
      The following variables in your configuration need to be removed: {{ lookup('ansible.builtin.varnames', '^matrix_go_skype_bridge_.+', wantlist=True) | join(', ') }}
  when: "lookup('ansible.builtin.varnames', '^matrix_go_skype_bridge_.+', wantlist=True) | length > 0"

 - name: (Deprecation) Catch and report matrix-registration variables
  ansible.builtin.fail:
    msg: |-
      The matrix-registration service was completely removed from the playbook in February 2026.

      Please remove all `matrix_registration_*` variables from your configuration file (vars.yml).

      You may also wish to uninstall the component manually. See `docs/configuring-playbook-matrix-registration.md` for more information.

      The following variables in your configuration need to be removed: {{ lookup('ansible.builtin.varnames', '^matrix_registration_.+', wantlist=True) | join(', ') }}
  when: "lookup('ansible.builtin.varnames', '^matrix_registration_.+', wantlist=True) | length > 0"

 - name: (Deprecation) Catch and report the Sliding Sync proxy variables
  ansible.builtin.fail:
    msg: |-
--- a/setup.yml
+++ b/setup.yml
@@ -106,7 +106,6 @@
    - galaxy/prometheus
    - galaxy/grafana
    - custom/matrix-prometheus-services-connect
    - custom/matrix-registration
    - custom/matrix-client-element
    - galaxy/hydrogen
    - galaxy/cinny