Merge branch 'master' into patch-106

3 лет назад · 5afb91bf27
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,10 @@
 !/inventory/.gitkeep
 !/inventory/host_vars/.gitkeep
 !/inventory/scripts
 /roles/*/files/scratchpad
 /roles/**/files/scratchpad
 .DS_Store
 .python-version

 # ignore roles pulled by ansible-galaxy
 /roles/galaxy/*
 !/roles/galaxy/.gitkeep
--- a/.yamllint
+++ b/.yamllint
@@ -2,7 +2,7 @@
 extends: default

 ignore: |
  roles/matrix-synapse/vars/workers.yml
  roles/custom/matrix-synapse/vars/workers.yml

 rules:
  line-length: disable
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,24 @@
 # 2022-11-04

 ## The playbook now uses external roles for some things

 **TLDR**: when updating the playbook and before running it, you'll need to run `make roles` to make [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) download dependency roles (see the [`requirements.yml` file](requirements.yml)) to the `roles/galaxy` directory. Without this, the playbook won't work.

 We're in the process of trimming the playbook and making it reuse Ansible roles.

 Starting now, the playbook is composed of 2 types of Ansible roles:

 - those that live within the playbook itself (`roles/custom/*`)

 - those downloaded from other sources (using [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to `roles/galaxy`, based on the [`requirements.yml` file](requirements.yml)). These roles are maintained by us or by other people from the Ansible community.

 We're doing this for greater code-reuse (across Ansible playbooks, including our own related playbooks [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) and [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy)) and decreased maintenance burden. Until now, certain features were copy-pasted across playbooks or were maintained separately in each one, with improvements often falling behind. We've also tended to do too much by ourselves - installing Docker on the server from our `matrix-base` role, etc. - something that we'd rather not do anymore by switching to the [geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) role.

 Some variable names will change during the transition to having more and more external (galaxy) roles. There's a new `custom/matrix_playbook_migration` role added to the playbook which will tell you about these changes each time you run the playbook.

 From now on, every time you update the playbook (well, every time the `requirements.yml` file changes), it's best to run `make roles` to update the roles downloaded from other sources.


 # 2022-10-14

 ## synapse-s3-storage-provider support
@@ -130,7 +151,7 @@ Below we'll discuss **potential backward incompatibilities**.

 - **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though.

 - **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong.
 - **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/custom/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong.


 # 2022-09-09
@@ -412,7 +433,7 @@ matrix_ma1sd_enabled: true

 We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401).

 To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`.
 To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/custom/matrix-synapse/defaults/main.yml`.


 # 2022-02-01
@@ -799,7 +820,7 @@ You have 3 ways to proceed:
  - stop the bridge (`systemctl stop matrix-mautrix-facebook`)
  - create a new `matrix_mautrix_facebook` Postgres database for it
  - run [pgloader](https://pgloader.io/) manually (we import this bridge's data using default settings and it works well)
  - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/matrix-mautrix-facebook/defaults/main.yml`
  - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/custom/matrix-mautrix-facebook/defaults/main.yml`
  - switch the bridge to Postgres (`matrix_mautrix_facebook_database_engine: 'postgres'` in your `vars.yml` file)
  - re-run the playbook (`--tags=setup-all,start`) and ensure the bridge works (`systemctl status matrix-mautrix-facebook` and `journalctl -fu matrix-mautrix-facebook`)
  - send a `login` message to the Facebook bridge bot again
@@ -1677,7 +1698,7 @@ Having Synapse not be a required component potentially opens the door for instal
 ## Bridges are now separate from the Synapse role

 Bridges are no longer part of the `matrix-synapse` role.
 Each bridge now lives in its own separate role (`roles/matrix-bridge-*`).
 Each bridge now lives in its own separate role (`roles/custom/matrix-bridge-*`).

 These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook).

@@ -1971,7 +1992,7 @@ The following variables are no longer supported by this playbook:
 - `matrix_mxisd_template_config`

 You are encouraged to use the `matrix_mxisd_configuration_extension_yaml` variable to define your own mxisd configuration additions and overrides.
 Refer to the [default variables file](roles/matrix-mxisd/defaults/main.yml) for more information.
 Refer to the [default variables file](roles/custom/matrix-mxisd/defaults/main.yml) for more information.

 This new way of configuring mxisd is beneficial because:

@@ -2033,14 +2054,14 @@ Based on feedback from others, running Synapse on Python 3 is supposed to decrea
 ## Riot homepage customization

 You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page).
 See the `matrix_riot_web_homepage_` variables in `roles/matrix-riot-web/defaults/main.yml`.
 See the `matrix_riot_web_homepage_` variables in `roles/custom/matrix-riot-web/defaults/main.yml`.


 # 2018-12-04

 ## mxisd extensibility

 The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/matrix-server/defaults/main.yml`).
 The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/custom/matrix-server/defaults/main.yml`).


 # 2018-11-28
--- a/+ 5
+++ b/+ 5
@@ -1,7 +1,11 @@
 .PHONY: lint
 .PHONY: roles lint

 help: ## Show this help.
 	@grep -F -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -e 's/\\$$//' | sed -e 's/##//'

 roles: ## Pull roles
 	rm -rf roles/galaxy
 	ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force

 lint: ## Runs ansible-lint against all roles in the playbook
 	ansible-lint
--- a/docs/configuring-playbook-backup-borg.md
+++ b/docs/configuring-playbook-backup-borg.md
@@ -64,7 +64,7 @@ To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to you

 `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.

 Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.
 Check the `roles/custom/matrix-backup-borg/defaults/main.yml` file for the full list of available options.

 ## Installing

--- a/docs/configuring-playbook-bot-buscarron.md
+++ b/docs/configuring-playbook-bot-buscarron.md
@@ -5,20 +5,6 @@ The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/bu
 It's a bot you can use to setup **your own helpdesk on matrix**
 It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room

 ## Registering the bot user

 By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`.

 (to use a different username, adjust the `matrix_bot_buscarron_login` variable).

 You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```

 Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.


 ## Adjusting the playbook configuration

@@ -27,7 +13,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 ```yaml
 matrix_bot_buscarron_enabled: true

 # Adjust this to whatever password you chose when registering the bot user
 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_buscarron_login: bot.buscarron

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT

 # Adjust accepted forms
@@ -57,9 +46,15 @@ matrix_server_fqn_buscarron: "form.{{ matrix_domain }}"

 After configuring the playbook, run the [installation](installing.md) command again:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

 **Notes**:

 - the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account

 - if you change the bot password (`matrix_bot_buscarron_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_buscarron_password` to let the bot know its new password


 ## Usage
--- a/docs/configuring-playbook-bot-honoroit.md
+++ b/docs/configuring-playbook-bot-honoroit.md
@@ -7,21 +7,6 @@ It's a bot you can use to setup **your own helpdesk on matrix**
 See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.


 ## Registering the bot user

 By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.

 (to use a different username, adjust the `matrix_bot_honoroit_login` variable).

 You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```

 Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.


 ## Adjusting the playbook configuration

 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 ```yaml
 matrix_bot_honoroit_enabled: true

 # Adjust this to whatever password you chose when registering the bot user
 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_honoroit_login: honoroit

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT

 # Adjust this to your room ID
@@ -41,9 +29,15 @@ matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"

 After configuring the playbook, run the [installation](installing.md) command again:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

 **Notes**:

 - the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account

 - if you change the bot password (`matrix_bot_honoroit_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_honoroit_password` to let the bot know its new password


 ## Usage
--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@@ -16,7 +16,7 @@ By default, the playbook will set use the bot with a username like this: `@bot.m

 (to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).

 You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
 For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
--- a/docs/configuring-playbook-bot-matrix-reminder-bot.md
+++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md
@@ -7,21 +7,6 @@ It's a bot you can use to **schedule one-off & recurring reminders and alarms**.
 See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.


 ## Registering the bot user

 By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`.

 (to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable).

 You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```

 Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.


 ## Adjusting the playbook configuration

 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 ```yaml
 matrix_bot_matrix_reminder_bot_enabled: true

 # Adjust this to whatever password you chose when registering the bot user
 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: bot.matrix-reminder-bot

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT

 # Adjust this to your timezone
@@ -41,9 +29,15 @@ matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London

 After configuring the playbook, run the [installation](installing.md) command again:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

 **Notes**:

 - the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account

 - if you change the bot password (`matrix_bot_matrix_reminder_bot_matrix_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_matrix_reminder_bot_matrix_user_password` to let the bot know its new password


 ## Usage
--- a/docs/configuring-playbook-bot-postmoogle.md
+++ b/docs/configuring-playbook-bot-postmoogle.md
@@ -9,21 +9,6 @@ It's a bot/bridge you can use to forward emails to Matrix rooms
 See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.


 ## Registering the bot user

 By default, the playbook will set up the bot with a username like this: `@postmoogle:DOMAIN`.

 (to use a different username, adjust the `matrix_bot_postmoogle_login` variable).

 You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=postmoogle password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```

 Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.


 ## Adjusting the playbook configuration

 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@@ -31,7 +16,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 ```yaml
 matrix_bot_postmoogle_enabled: true

 # Adjust this to whatever password you chose when registering the bot user
 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_postmoogle_login: postmoogle

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
 ```

@@ -43,9 +31,15 @@ See [Configuring DNS](configuring-dns.md).

 After configuring the playbook, run the [installation](installing.md) command again:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

 **Notes**:

 - the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account

 - if you change the bot password (`matrix_bot_postmoogle_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_postmoogle_password` to let the bot know its new password


 ## Usage
--- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md
+++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md
@@ -28,8 +28,8 @@ There are some additional things you may wish to configure about the bridge.

 Take a look at:

 - `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
 - `roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable


 ### Set up Double Puppeting
--- a/docs/configuring-playbook-bridge-beeper-linkedin.md
+++ b/docs/configuring-playbook-bridge-beeper-linkedin.md
@@ -27,7 +27,7 @@ matrix_beeper_linkedin_configuration_extension_yaml: |
      '@YOUR_USERNAME:YOUR_DOMAIN': admin
 ```

 You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.
 You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.


 ## Set up Double Puppeting
--- a/docs/configuring-playbook-bridge-heisenbridge.md
+++ b/docs/configuring-playbook-bridge-heisenbridge.md
@@ -8,7 +8,7 @@ See the project's [README](https://github.com/hifi/heisenbridge/blob/master/READ

 ## Configuration

 Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/matrix-bridge-heisenbridge/defaults/main.yml).
 Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/custom/matrix-bridge-heisenbridge/defaults/main.yml).

 At a minimum, you only need to enable the bridge to get it up and running (`inventory/host_vars/matrix.DOMAIN/vars.yml`):

--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -13,12 +13,15 @@ Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbo

 Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.

 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
 1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
 2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
 3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.

 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.

 Finally, run the playbook (see [installing](installing.md)).


 ## Usage
@@ -51,14 +54,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
 | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |

 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml).
 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).

 The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
 The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.

 ### Manage GitHub Private Key with matrix-aux role

 The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
 - copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)).
 - copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
 - somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
 - use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server.

@@ -71,7 +74,7 @@ matrix_aux_file_definitions:
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 ```
 For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml).
 For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml).

 ### Provisioning API

--- a/docs/configuring-playbook-bridge-mautrix-discord.md
+++ b/docs/configuring-playbook-bridge-mautrix-discord.md
@@ -1,7 +1,7 @@
 # Setting up Mautrix Discord (optional)

 **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.  
 - For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.  
 **Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
 - For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
 - For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
 The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend.

@@ -12,7 +12,7 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h

 ## Prerequisites

 For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**.
 For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone **or** by using **discord account token**.

 You can delete the Discord app after the authentication process.

@@ -40,8 +40,8 @@ There are some additional things you may wish to configure about the bridge.

 Take a look at:

 - `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable
 - `roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable


 ### Set up Double Puppeting
@@ -70,7 +70,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee
 ## Usage

 1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
 2. Send a `login` command
 2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command.
 3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.
 4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..."
 5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to
--- a/docs/configuring-playbook-bridge-mautrix-facebook.md
+++ b/docs/configuring-playbook-bridge-mautrix-facebook.md
@@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: |
      default: true
 ```

 You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
 You may wish to look at `roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.


 ## Set up Double Puppeting
--- a/docs/configuring-playbook-bridge-mautrix-instagram.md
+++ b/docs/configuring-playbook-bridge-mautrix-instagram.md
@@ -31,7 +31,7 @@ matrix_mautrix_instagram_configuration_extension_yaml: |
      '@YOUR_USERNAME:YOUR_DOMAIN': admin
 ```

 You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
 You may wish to look at `roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.


 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-signal.md
+++ b/docs/configuring-playbook-bridge-mautrix-signal.md
@@ -55,7 +55,7 @@ matrix_mautrix_signal_bridge_permissions: |
  '@USER:YOUR_DOMAIN' : user
 ```

 You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
 You may wish to look at `roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.

 ## Set up Double Puppeting

--- a/docs/configuring-playbook-client-element.md
+++ b/docs/configuring-playbook-client-element.md
@@ -17,7 +17,7 @@ matrix_client_element_enabled: false

 The playbook provides some customization variables you could use to change Element's settings.

 Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
 Their defaults are defined in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-element/templates/config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2) template.

 **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.

@@ -25,9 +25,9 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo

 - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.

 - or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
 - or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml).

 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml).


 ## Themes
--- a/docs/configuring-playbook-conduit.md
+++ b/docs/configuring-playbook-conduit.md
@@ -0,0 +1,58 @@
 # Configuring Conduit (optional)

 By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs).

 **NOTES**:

 - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.

 - **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding


 ## Installation

 To use Conduit, you **generally** need the following additional `vars.yml` configuration:

 ```yaml
 matrix_homeserver_implementation: conduit
 ```

 However, since Conduit is difficult (see [famedly/conduit#276](https://gitlab.com/famedly/conduit/-/issues/276) and [famedly/conduit#354](https://gitlab.com/famedly/conduit/-/merge_requests/354)) when it comes to creating the first user account and does not support [registering users](registering-users.md) (via the command line or via the playbook) like Synapse and Dendrite do, we recommend the following flow:

 1. Add `matrix_conduit_allow_registration: true` to your `vars.yml` the first time around, temporarily
 2. Run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - see [Installing](installing.md))
 3. Create your first user via Element or any other client which supports creating users
 4. Get rid of `matrix_conduit_allow_registration: true` from your `vars.yml`
 5. Run the playbook again (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-conduit,start` would be enough this time)
 6. You can now use your server safely. Additional users can be created by messaging the internal Conduit bot


 ## Configuring bridges / appservices

 Automatic appservice setup is currently unsupported when using conduit. After setting up the service as usual you may notice that it is unable to start.

 You will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command.

 Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`, then pass the content to conduit:


    @conduit:your.server.name: register-appservice
    ```
    as_token: <token>
    de.sorunome.msc2409.push_ephemeral: true
    hs_token: <token>
    id: signal
    namespaces:
      aliases:
      - exclusive: true
        regex: ^#signal_.+:example\.org$
      users:
      - exclusive: true
        regex: ^@signal_.+:example\.org$
      - exclusive: true
        regex: ^@signalbot:example\.org$
    rate_limited: false
    sender_localpart: _bot_signalbot
    url: http://matrix-mautrix-signal:29328
    ```

--- a/docs/configuring-playbook-dimension.md
+++ b/docs/configuring-playbook-dimension.md
@@ -22,7 +22,7 @@ matrix_dimension_enabled: true

 ## Define admin users

 These users can modify the integrations this Dimension supports. 
 These users can modify the integrations this Dimension supports.
 Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):

 ```yaml
@@ -73,6 +73,6 @@ In the interim until the above limitation is resolved, an admin user needs to co
 ## Additional features

 To use a more custom configuration, you can define a `matrix_dimension_configuration_extension_yaml` string variable and put your configuration in it.
 To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/matrix-dimension/defaults/main.yml) of the Dimension component.
 To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-dimension/defaults/main.yml) of the Dimension component.

 You can find all configuration options on [GitHub page of Dimension project](https://github.com/turt2live/matrix-dimension/blob/master/config/default.yaml).
--- a/docs/configuring-playbook-external-postgres.md
+++ b/docs/configuring-playbook-external-postgres.md
@@ -20,7 +20,7 @@ matrix_synapse_database_database: "your-postgres-server-database-name"

 # Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server.
 # Each service expects to have its own dedicated database on the Postgres server
 # and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
 # and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
 ```

 The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials.
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -14,7 +14,7 @@ Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record.
 You may also need to open the following ports to your server:

 - `4443/tcp` - RTP media fallback over TCP
 - `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
 - `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)).


 ## Installation
--- a/docs/configuring-playbook-ma1sd.md
+++ b/docs/configuring-playbook-ma1sd.md
@@ -33,7 +33,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: true
 ## Customizing email templates

 If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables
 (in the `roles/matrix-ma1sd/defaults/main.yml` file.
 (in the `roles/custom/matrix-ma1sd/defaults/main.yml` file.


 ## ma1sd-controlled Registration
@@ -86,7 +86,7 @@ You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more d

 To use a more custom configuration, you can define a `matrix_ma1sd_configuration_extension_yaml` string variable
 and put your configuration in it.
 To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
 To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) of the ma1sd component.

 ## Example: SMS verification

--- a/docs/configuring-playbook-mautrix-bridges.md
+++ b/docs/configuring-playbook-mautrix-bridges.md
@@ -64,7 +64,7 @@ Can be used to set the username for the bridge.

 ## Discovering additional configuration options

 You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.
 You may wish to look at `roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.


 ## Set up Double Puppeting
@@ -97,7 +97,7 @@ If you have issues with a service, and are requesting support, the higher levels

 ## Usage

 You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). 
 You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

 Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html  .

--- a/docs/configuring-playbook-nginx.md
+++ b/docs/configuring-playbook-nginx.md
@@ -42,7 +42,7 @@ Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also dire
 - `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`.
 - `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx.

 For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file.
 For more information about these variables, check the `roles/custom/matrix-nginx-proxy/defaults/main.yml` file.

 ## Synapse + OpenID Connect for Single-Sign-On

@@ -80,5 +80,5 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks:
    # These lines will be included in the nginx configuration.
    # This is at the top level of the file, so you will need to define all of the `server { ... }` blocks.
  - |
    # For advanced use, have a look at the template files in `roles/matrix-nginx-proxy/templates/nginx/conf.d`
    # For advanced use, have a look at the template files in `roles/custom/matrix-nginx-proxy/templates/nginx/conf.d`
 ```
--- a/docs/configuring-playbook-ntfy.md
+++ b/docs/configuring-playbook-ntfy.md
@@ -23,7 +23,7 @@ matrix_ntfy_configuration_extension_yaml: |
  log_level: DEBUG
 ```

 For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`.
 For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`.

 For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).

--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -34,7 +34,7 @@ No matter which external webserver you decide to go with, you'll need to:
        matrix_nginx_proxy_enabled: false
        ```
    - if using an external server on another host, add the `<service>_http_host_bind_port` or `<service>_http_bind_port` variables for the services that will be exposed by the external server on the other host. The actual name of the variable is listed in the `roles/<service>/defaults/vars.yml` file for each service. Most variables follow the `<service>_http_host_bind_port` format.
       

      These variables will make Docker expose the ports on all network interfaces instead of localhost only.
      [Keep in mind that there are some security concerns if you simply proxy everything.](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)

@@ -84,7 +84,7 @@ After following  the [Preparation](#preparation) guide above, you can take a loo

 ### Using another external webserver

 Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/).
 Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/).


 ## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy
--- a/docs/configuring-playbook-sygnal.md
+++ b/docs/configuring-playbook-sygnal.md
@@ -41,14 +41,14 @@ matrix_aux_file_definitions:
    group: "{{ matrix_user_groupname }}"
 ```

 For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
 For a more complete example of available fields and values they can take, see `roles/custom/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).

 Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.

 To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
 To do that, the above example configuration:

 - makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
 - makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/custom/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.

 - references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)

--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -39,7 +39,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-
 matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
 matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.

 # For additional advanced settings, take a look at `roles/matrix-synapse/defaults/main.yml`
 # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml`
 ```

 If you have existing files in Synapse's media repository (`/matrix/synapse/media-store/..`):
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -5,7 +5,7 @@ If that's enough for you, you can skip this document.

 The playbook provides lots of customization variables you could use to change Synapse's settings.

 Their defaults are defined in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2) template.
 Their defaults are defined in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2) template.

 **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.

@@ -13,9 +13,9 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you

 - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Synapse's various settings that rarely get used.

 - or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
 - or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml).

 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml).


 ## Load balancing with workers
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -42,7 +42,10 @@ When you're done with all the configuration you'd like to do, continue with [Ins

 ### Core service adjustments

 - [Configuring Synapse](configuring-playbook-synapse.md) (optional)
 - Homeserver configuration:
  - [Configuring Synapse](configuring-playbook-synapse.md), if you're going with the default/recommended homeserver implementation (optional)

  - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional)

 - [Configuring Element](configuring-playbook-client-element.md) (optional)

--- a/docs/installing.md
+++ b/docs/installing.md
@@ -1,25 +1,67 @@
 # Installing

 ## 1. Installing the Matrix services

 If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.

 Run this command to install the Matrix services:
 **Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`.

 ```bash
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

 ## Playbook tags introduction

 The Ansible playbook's tasks are tagged, so that certain parts of the Ansible playbook can be run without running all other tasks.

 The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --tags=COMMA_SEPARATED_TAGS_GO_HERE`

 Here are some playbook tags that you should be familiar with:

 - `setup-all` - runs all setup tasks for all components, but does not start/restart services

 - `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).

 - `start` - starts all systemd services and makes them start automatically in the future

 - `stop` - stops all systemd services

 - `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created

 `setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.


 ## 1. Installing Matrix

 If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the all Ansible commands

 If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands

 There 2 ways to start the installation process - depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data).


 ### Installing a brand new server (without importing data)

 If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```

 The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration.
 This will do a full installation and start all Matrix services.

 Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)

 **Notes**:
 - if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
 - if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.

 ### Installing a server into which you'll import old data

 ## 2. Things you might want to do after installing
 If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet.
 Starting its services or messing with its database now will affect your data import later on.

 To do the installation **without** starting services, run only the `setup-all` tag:

 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
 ```

 **Before starting the services**, you may want to do additional things like:
 When this command completes, services won't be running yet.

 You can now:

 - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)

@@ -27,21 +69,26 @@ The above command **doesn't start any services just yet** (another step does thi

 - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)

 .. and then proceed to starting all services:

 ## 3. Starting the services

 When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command:

 ```bash
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=start
 ```

 ## 4. Finalize the installation
 Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)


 ## 2. Maintaining your setup in the future

 Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.


 ## 3. Finalize the installation

 Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md).


 ## 5. Things to do next
 ## 4. Things to do next

 After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:

--- a/docs/maintenance-upgrading-services.md
+++ b/docs/maintenance-upgrading-services.md
@@ -10,8 +10,8 @@ To upgrade services:

 - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of

 - re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
 - download the upstream Ansible roles used by the playbook by running `make roles`

 - restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
 - re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`

 **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -12,7 +12,9 @@
 matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE

 # The Matrix homeserver software to install.
 # See `roles/matrix-base/defaults/main.yml` for valid options.
 # See:
 #  - `roles/custom/matrix-base/defaults/main.yml` for valid options
 # - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
 matrix_homeserver_implementation: synapse

 # A secret used as a base, for generating various other secrets.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -9,6 +9,46 @@
 # You can also override ANY variable (seen here or in any given role),
 # by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).


 ########################################################################
 #                                                                      #
 # com.devture.ansible.role.timesync                                    #
 #                                                                      #
 ########################################################################

 # To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.

 ########################################################################
 #                                                                      #
 # /com.devture.ansible.role.timesync                                   #
 #                                                                      #
 ########################################################################



 ######################################################################
 #
 # com.devture.ansible.role.playbook_state_preserver
 #
 ######################################################################

 # To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.

 devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}"
 devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}"

 devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml"

 devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml"

 ######################################################################
 #
 # /com.devture.ansible.role.playbook_state_preserver
 #
 ######################################################################



 ######################################################################
 #
 # matrix-base
@@ -695,6 +735,10 @@ matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"

 # Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
 # This will be fixed in the upcoming `0.5.0` release of conduit.
 matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"

 ######################################################################
 #
 # /matrix-bridge-mautrix-discord
@@ -765,7 +809,7 @@ matrix_heisenbridge_systemd_wanted_services_list: |
 # We don't enable bridges by default.
 matrix_hookshot_enabled: false

 matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
 matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

 matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"

@@ -2112,6 +2156,11 @@ matrix_postgres_additional_databases: |

   }}

 matrix_postgres_systemd_services_to_stop_for_maintenance_list: |
  {{
    ['matrix-' + matrix_homeserver_implementation + '.service']
  }}

 ######################################################################
 #
 # /matrix-postgres
@@ -2672,3 +2721,43 @@ matrix_conduit_systemd_required_services_list: |
 # /matrix-conduit
 #
 ######################################################################


 ######################################################################
 #
 # matrix-user-creator
 #
 ######################################################################

 matrix_user_creator_users_auto: |
  {{
    [{
      'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
      'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
      'initial_type': 'bot',
    }] if matrix_bot_matrix_reminder_bot_enabled else []
    +
    [{
      'username': matrix_bot_honoroit_login,
      'initial_password': matrix_bot_honoroit_password,
      'initial_type': 'bot',
    }] if matrix_bot_honoroit_enabled else []
    +
    [{
      'username': matrix_bot_postmoogle_login,
      'initial_password': matrix_bot_postmoogle_password,
      'initial_type': 'bot',
    }] if matrix_bot_postmoogle_enabled else []
    +
    [{
      'username': matrix_bot_buscarron_login,
      'initial_password': matrix_bot_buscarron_password,
      'initial_type': 'bot',
    }] if matrix_bot_buscarron_enabled else []
  }}

 ######################################################################
 #
 # /matrix-user-creator
 #
 ######################################################################
--- a/requirements.yml
+++ b/requirements.yml
@@ -0,0 +1,16 @@
 ---

 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f

 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: 327d2e17f5189ac2480d6012f58cf64a2b46efba

 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: 461ace97fcf0e36c76747b36fcad8587d9b072f5

 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
  version: 0857450721d525238ca230c9e6f8f8ad3a248564

 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
  version: f1c78d4e85e875129790c58335d0e44385683f6b
--- a/roles/custom/matrix-aux/defaults/main.yml
+++ b/roles/custom/matrix-aux/defaults/main.yml
--- a/roles/custom/matrix-aux/tasks/main.yml
+++ b/roles/custom/matrix-aux/tasks/main.yml
--- a/roles/custom/matrix-aux/tasks/setup.yml
+++ b/roles/custom/matrix-aux/tasks/setup.yml
--- a/roles/custom/matrix-backup-borg/defaults/main.yml
+++ b/roles/custom/matrix-backup-borg/defaults/main.yml
--- a/roles/custom/matrix-backup-borg/tasks/init.yml
+++ b/roles/custom/matrix-backup-borg/tasks/init.yml
--- a/roles/custom/matrix-backup-borg/tasks/main.yml
+++ b/roles/custom/matrix-backup-borg/tasks/main.yml
--- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
@@ -10,7 +10,7 @@
    when: not matrix_postgres_enabled

  - ansible.builtin.import_role:
      name: matrix-postgres
      name: custom/matrix-postgres
      tasks_from: detect_existing_postgres_version

  - name: Fail if detected Postgres version is unsupported
@@ -59,15 +59,15 @@
    mode: 0600

 - name: Ensure borg image is pulled
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_backup_borg_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
  when: "not matrix_backup_borg_container_image_self_build | bool"
  register: result
  retries: "{{ matrix_container_retries_count }}"
  delay: "{{ matrix_container_retries_delay }}"
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure borg repository is present on self-build
@@ -82,7 +82,7 @@
  when: "matrix_backup_borg_container_image_self_build | bool"

 - name: Ensure borg image is built
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_backup_borg_docker_image }}"
    source: build
    force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@@ -96,14 +96,14 @@
 - name: Ensure matrix-backup-borg.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
    mode: 0644
  register: matrix_backup_borg_systemd_service_result

 - name: Ensure matrix-backup-borg.timer installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
    dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
    mode: 0644
  register: matrix_backup_borg_systemd_timer_result

--- a/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
@@ -1,7 +1,7 @@
 ---
 - name: Check existence of matrix-backup-borg service
  ansible.builtin.stat:
    path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
  register: matrix_backup_borg_service_stat

 - name: Ensure matrix-backup-borg is stopped
@@ -15,13 +15,13 @@

 - name: Ensure matrix-backup-borg.service doesn't exist
  ansible.builtin.file:
    path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
    state: absent
  when: "matrix_backup_borg_service_stat.stat.exists | bool"

 - name: Ensure matrix-backup-borg.timer doesn't exist
  ansible.builtin.file:
    path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
    state: absent
  when: "matrix_backup_borg_service_stat.stat.exists | bool"

@@ -36,6 +36,6 @@
    state: absent

 - name: Ensure borg Docker image doesn't exist
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_backup_borg_docker_image }}"
    state: absent
--- a/roles/custom/matrix-backup-borg/tasks/validate_config.yml
+++ b/roles/custom/matrix-backup-borg/tasks/validate_config.yml
--- a/roles/custom/matrix-backup-borg/templates/config.yaml.j2
+++ b/roles/custom/matrix-backup-borg/templates/config.yaml.j2
--- a/roles/custom/matrix-backup-borg/templates/passwd.j2
+++ b/roles/custom/matrix-backup-borg/templates/passwd.j2
--- a/roles/custom/matrix-backup-borg/templates/sshkey.j2
+++ b/roles/custom/matrix-backup-borg/templates/sshkey.j2
--- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
+++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
@@ -12,10 +12,10 @@ DefaultDependencies=no

 [Service]
 Type=oneshot
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
 			--log-driver=none \
 			--cap-drop=ALL \
 			--read-only \
@@ -33,7 +33,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor
 			{{ matrix_backup_borg_docker_image }} \
 			sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
 			--log-driver=none \
 			--cap-drop=ALL \
 			--read-only \
@@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
 			{% endfor %}
 			{{ matrix_backup_borg_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
 SyslogIdentifier=matrix-backup-borg

 [Install]
--- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2
+++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -92,14 +92,6 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar

 matrix_container_global_registry_prefix: "docker.io/"

 # Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
 matrix_container_retries_count: 10
 matrix_container_retries_delay: 10

 # Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
 matrix_geturl_retries_count: 10
 matrix_geturl_retries_delay: 10

 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"

@@ -113,12 +105,6 @@ matrix_base_data_path: "/matrix"
 matrix_base_data_path_mode: "750"

 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
 matrix_systemd_path: "/etc/systemd/system"

 # Specifies the path to use for the `HOME` environment variable for systemd unit files.
 # Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined`
 # if `$HOME` is not defined, so we define something to make it happy.
 matrix_systemd_unit_home_path: /root

 # This is now unused. We keep it so that cleanup tasks can use it.
 # To be removed in the future.
@@ -126,16 +112,10 @@ matrix_cron_path: "/etc/cron.d"

 matrix_local_bin_path: "/usr/local/bin"

 matrix_host_command_docker: "/usr/bin/env docker"
 matrix_host_command_sleep: "/usr/bin/env sleep"
 matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
 matrix_host_command_openssl: "/usr/bin/env openssl"
 matrix_host_command_systemctl: "/usr/bin/env systemctl"
 matrix_host_command_sh: "/usr/bin/env sh"

 matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ('systemd' if ansible_os_family == 'Suse' else 'ntp') }}"
 matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"

 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

@@ -255,12 +235,6 @@ matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_sup
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"

 # Controls whether we'll preserve the vars.yml file on the Matrix server.
 # If you have a differently organized inventory, you may wish to disable this feature,
 # or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve.
 matrix_vars_yml_snapshotting_enabled: true
 matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml"

 # Controls whether a `/.well-known/matrix/server` file is generated and used at all.
 #
 # If you wish to rely on DNS SRV records only, you can disable this.
--- a/roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo
+++ b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo
--- a/roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
+++ b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
--- a/roles/custom/matrix-base/tasks/clean_up_old_files.yml
+++ b/roles/custom/matrix-base/tasks/clean_up_old_files.yml
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
--- a/roles/custom/matrix-base/tasks/sanity_check.yml
+++ b/roles/custom/matrix-base/tasks/sanity_check.yml
--- a/roles/custom/matrix-base/tasks/server_base/setup.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup.yml
@@ -39,9 +39,3 @@
    name: docker
    state: started
    enabled: true

 - name: "Ensure ntpd is started and autoruns"
  ansible.builtin.service:
    name: "{{ matrix_ntpd_service }}"
    state: started
    enabled: true
--- a/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml
@@ -1,7 +1,7 @@
 ---

 - name: Install host dependencies
  pacman:
  community.general.pacman:
    name:
      - python-docker
      - python-dnspython
@@ -9,7 +9,7 @@
    update_cache: true

 - name: Ensure Docker is installed
  pacman:
  community.general.pacman:
    name:
      - docker
    state: present
--- a/roles/custom/matrix-base/tasks/server_base/setup_debian.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml
@@ -25,13 +25,6 @@
    update_cache: true
  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'

 - name: Ensure APT packages are installed
  ansible.builtin.apt:
    name:
      - "{{ matrix_ntpd_package }}"
    state: present
    update_cache: true

 - name: Ensure Docker is installed
  ansible.builtin.apt:
    name:
--- a/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml
@@ -17,13 +17,6 @@
    key: https://download.docker.com/linux/fedora/gpg
  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'

 - name: Ensure yum packages are installed
  ansible.builtin.yum:
    name:
      - "{{ matrix_ntpd_package }}"
    state: present
    update_cache: true

 - name: Ensure Docker is installed
  ansible.builtin.yum:
    name:
--- a/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml
@@ -25,13 +25,6 @@
    update_cache: true
  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'

 - name: Ensure APT packages are installed
  ansible.builtin.apt:
    name:
      - "{{ matrix_ntpd_package }}"
    state: present
    update_cache: true

 - name: Ensure Docker is installed
  ansible.builtin.apt:
    name:
--- a/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml
@@ -15,13 +15,6 @@
    key: https://download.docker.com/linux/centos/gpg
  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'

 - name: Ensure yum packages are installed
  ansible.builtin.yum:
    name:
      - "{{ matrix_ntpd_package }}"
    state: present
    update_cache: true

 - name: Ensure Docker is installed
  ansible.builtin.yum:
    name:
--- a/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml
+++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml
@@ -22,13 +22,6 @@
    state: present
    update_cache: true

 - name: Ensure yum packages are installed
  ansible.builtin.yum:
    name:
      - "{{ matrix_ntpd_package }}"
    state: present
    update_cache: true

 - name: Ensure Docker is installed
  ansible.builtin.yum:
    name:
--- a/roles/custom/matrix-base/tasks/setup_matrix_base.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml
@@ -10,17 +10,8 @@
  with_items:
    - "{{ matrix_base_data_path }}"

 - name: Preserve vars.yml on the server for easily restoring if it gets lost later on
  ansible.builtin.copy:
    src: "{{ matrix_vars_yml_snapshotting_src }}"
    dest: "{{ matrix_base_data_path }}/vars.yml"
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
    mode: '0660'
  when: "matrix_vars_yml_snapshotting_enabled | bool"

 - name: Ensure Matrix network is created in Docker
  docker_network:
  community.docker.docker_network:
    name: "{{ matrix_docker_network }}"
    driver: bridge

--- a/roles/custom/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_user.yml
--- a/roles/custom/matrix-base/tasks/setup_well_known.yml
+++ b/roles/custom/matrix-base/tasks/setup_well_known.yml
--- a/roles/custom/matrix-base/tasks/util/ensure_fuse_installed.yml
+++ b/roles/custom/matrix-base/tasks/util/ensure_fuse_installed.yml
@@ -16,7 +16,7 @@
  when: ansible_os_family == 'Debian'

 - name: Ensure fuse installed (Archlinux)
  pacman:
  community.general.pacman:
    name:
      - fuse3
    state: present
--- a/roles/custom/matrix-base/tasks/util/ensure_openssl_installed.yml
+++ b/roles/custom/matrix-base/tasks/util/ensure_openssl_installed.yml
@@ -16,7 +16,7 @@
  when: ansible_os_family == 'Debian'

 - name: Ensure openssl installed (Archlinux)
  pacman:
  community.general.pacman:
    name:
      - openssl
    state: present
--- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
--- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2
+++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2
--- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2
+++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2
--- a/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
+++ b/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
@@ -16,9 +16,9 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then
 else
 	echo "Stop and remove matrix services"

 	for s in $(find {{ matrix_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do
 	for s in $(find {{ devture_systemd_docker_base_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do
 		systemctl disable --now $s
 		rm -f {{ matrix_systemd_path }}/$s
 		rm -f {{ devture_systemd_docker_base_systemd_path }}/$s
 	done

 	systemctl daemon-reload
--- a/roles/custom/matrix-base/vars/main.yml
+++ b/roles/custom/matrix-base/vars/main.yml
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
--- a/roles/custom/matrix-bot-buscarron/tasks/init.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/init.yml
--- a/roles/custom/matrix-bot-buscarron/tasks/main.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/main.yml
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -21,7 +21,7 @@
              systemd_services_to_stop: ['matrix-bot-buscarron.service']

        - ansible.builtin.import_role:
            name: matrix-postgres
            name: custom/matrix-postgres
            tasks_from: migrate_db_to_postgres

        - ansible.builtin.set_fact:
@@ -50,15 +50,15 @@
    mode: 0640

 - name: Ensure buscarron image is pulled
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_buscarron_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
  when: "not matrix_bot_buscarron_container_image_self_build | bool"
  register: result
  retries: "{{ matrix_container_retries_count }}"
  delay: "{{ matrix_container_retries_delay }}"
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure buscarron repository is present on self-build
@@ -73,7 +73,7 @@
  when: "matrix_bot_buscarron_container_image_self_build | bool"

 - name: Ensure buscarron image is built
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_buscarron_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@@ -87,7 +87,7 @@
 - name: Ensure matrix-bot-buscarron.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
    mode: 0644
  register: matrix_bot_buscarron_systemd_service_result

--- a/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
@@ -2,7 +2,7 @@

 - name: Check existence of matrix-buscarron service
  ansible.builtin.stat:
    path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
  register: matrix_bot_buscarron_service_stat

 - name: Ensure matrix-buscarron is stopped
@@ -16,7 +16,7 @@

 - name: Ensure matrix-bot-buscarron.service doesn't exist
  ansible.builtin.file:
    path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
    state: absent
  when: "matrix_bot_buscarron_service_stat.stat.exists | bool"

@@ -31,6 +31,6 @@
    state: absent

 - name: Ensure buscarron Docker image doesn't exist
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_buscarron_docker_image }}"
    state: absent
--- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
--- a/roles/custom/matrix-bot-buscarron/templates/env.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/env.j2
@@ -10,7 +10,7 @@ BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list }}
 BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }}
 BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
 BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
 BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
--- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
@@ -12,11 +12,11 @@ DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-buscarron \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
@@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron
 			{% endfor %}
 			{{ matrix_bot_buscarron_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-buscarron
--- a/roles/custom/matrix-bot-go-neb/defaults/main.yml
+++ b/roles/custom/matrix-bot-go-neb/defaults/main.yml
--- a/roles/custom/matrix-bot-go-neb/tasks/init.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/init.yml
--- a/roles/custom/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml
--- a/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml
@@ -17,14 +17,14 @@
  when: "item.when | bool"

 - name: Ensure go-neb image is pulled
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_go_neb_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"
  register: result
  retries: "{{ matrix_container_retries_count }}"
  delay: "{{ matrix_container_retries_delay }}"
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure go-neb config installed
@@ -38,7 +38,7 @@
 - name: Ensure matrix-bot-go-neb.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
    mode: 0644
  register: matrix_bot_go_neb_systemd_service_result

--- a/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
@@ -2,7 +2,7 @@

 - name: Check existence of matrix-go-neb service
  ansible.builtin.stat:
    path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
  register: matrix_bot_go_neb_service_stat

 - name: Ensure matrix-go-neb is stopped
@@ -16,7 +16,7 @@

 - name: Ensure matrix-bot-go-neb.service doesn't exist
  ansible.builtin.file:
    path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
    state: absent
  when: "matrix_bot_go_neb_service_stat.stat.exists | bool"

@@ -31,6 +31,6 @@
    state: absent

 - name: Ensure go-neb Docker image doesn't exist
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_go_neb_docker_image }}"
    state: absent
--- a/roles/custom/matrix-bot-go-neb/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/validate_config.yml
--- a/roles/custom/matrix-bot-go-neb/templates/config.yaml.j2
+++ b/roles/custom/matrix-bot-go-neb/templates/config.yaml.j2
--- a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
+++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
@@ -12,11 +12,11 @@ DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
@@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			{{ matrix_bot_go_neb_docker_image }} \
 			-c "go-neb /config/config.yaml"

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
--- a/roles/custom/matrix-bot-honoroit/tasks/init.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/init.yml
--- a/roles/custom/matrix-bot-honoroit/tasks/main.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/main.yml
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -21,7 +21,7 @@
              systemd_services_to_stop: ['matrix-bot-honoroit.service']

        - ansible.builtin.import_role:
            name: matrix-postgres
            name: custom/matrix-postgres
            tasks_from: migrate_db_to_postgres

        - ansible.builtin.set_fact:
@@ -50,15 +50,15 @@
    mode: 0640

 - name: Ensure honoroit image is pulled
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_honoroit_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
  when: "not matrix_bot_honoroit_container_image_self_build | bool"
  register: result
  retries: "{{ matrix_container_retries_count }}"
  delay: "{{ matrix_container_retries_delay }}"
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure honoroit repository is present on self-build
@@ -73,7 +73,7 @@
  when: "matrix_bot_honoroit_container_image_self_build | bool"

 - name: Ensure honoroit image is built
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_honoroit_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@@ -87,7 +87,7 @@
 - name: Ensure matrix-bot-honoroit.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
    mode: 0644
  register: matrix_bot_honoroit_systemd_service_result

--- a/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
@@ -2,7 +2,7 @@

 - name: Check existence of matrix-honoroit service
  ansible.builtin.stat:
    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
  register: matrix_bot_honoroit_service_stat

 - name: Ensure matrix-honoroit is stopped
@@ -16,7 +16,7 @@

 - name: Ensure matrix-bot-honoroit.service doesn't exist
  ansible.builtin.file:
    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
    state: absent
  when: "matrix_bot_honoroit_service_stat.stat.exists | bool"

@@ -31,6 +31,6 @@
    state: absent

 - name: Ensure honoroit Docker image doesn't exist
  docker_image:
  community.docker.docker_image:
    name: "{{ matrix_bot_honoroit_docker_image }}"
    state: absent
--- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
--- a/roles/custom/matrix-bot-honoroit/templates/env.j2
+++ b/roles/custom/matrix-bot-honoroit/templates/env.j2
--- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
+++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
@@ -12,11 +12,11 @@ DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-honoroit \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
@@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \
 			{% endfor %}
 			{{ matrix_bot_honoroit_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-honoroit
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml