Merge branch 'spantaleev:master' into feature-conduit

3 лет назад · 7498c647d0
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,45 @@
 # 2022-06-09

 ## Running Ansible in a container can now happen on the Matrix server itself

 If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself).


 # 2022-05-31

 ## Synapse v1.60 upgrade may cause trouble and require manual intervention

 Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted.

 We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky.

 **If Synapse fails to start** after your next playbook run, you'll need to:

 - SSH into the Matrix server
 - launch `/usr/local/bin/matrix-postgres-cli`
 - switch to the `synapse` database: `\c synapse`
 - run the following SQL query:

 ```sql
 BEGIN;
 DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN (
  SELECT row_id, state_group, prev_state_group
  FROM (
    SELECT
      ctid AS row_id,
      MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id,
      state_group,
      prev_state_group
    FROM state_group_edges
  ) AS t1
  WHERE row_id <> min_row_id
 );
 COMMIT;
 ```

 You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`


 # 2022-04-25

 ## buscarron bot support
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff

 - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.

 - by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
 - by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`).

 If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path.

@@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting

 ## Using Ansible via Docker

 Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
 Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).

 Here's a sample command to get you started (run this from the playbook's directory):
 This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.

 There are 2 ways to go about it:

 - [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
 - [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)


 ### Running Ansible in a container on the Matrix server itself

 To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
 Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:

 - you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
 - **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around

 Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).

 You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
 Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`

 Run this from the playbook's directory:

 ```bash
 docker run -it --rm \
 --privileged \
 --pid=host \
 -w /work \
 -v `pwd`:/work \
 --entrypoint=/bin/sh \
 docker.io/devture/ansible:2.13.0-r0
 ```

 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
 The `/work` directory contains the playbook's code.

 You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.


 ### Running Ansible in a container on another computer (not the Matrix server)

 Run this from the playbook's directory:

 ```bash
 docker run -it --rm \
@@ -51,7 +92,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
 docker.io/devture/ansible:2.11.6-r1
 docker.io/devture/ansible:2.13.0-r0
 ```

 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
 The `/work` directory contains the playbook's code.

 You can execute `ansible-playbook` commands as per normal now.
 You can execute `ansible-playbook ...` commands as per normal now.

 ### If you don't use SSH keys for authentication
 #### If you don't use SSH keys for authentication

 If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
 To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -4,19 +4,19 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr

 Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.

 See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
 See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you.

 Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.

 ## Setup Instructions

 Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
 Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.

 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.

 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.

@@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri

 | listener | default path | variable | used as |
 |---|---|---|---|
 | webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. |
 | webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
 | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
 | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
--- a/docs/configuring-playbook-matrix-registration.md
+++ b/docs/configuring-playbook-matrix-registration.md
@@ -2,6 +2,8 @@

 The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you.

 **WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.

 > matrix-registration is a simple python application to have a token based matrix registration.

 Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.
--- a/docs/configuring-well-known.md
+++ b/docs/configuring-well-known.md
@@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W

 If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS.

 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them.

 You have 3 options when it comes to installing the files on the base domain's server:

@@ -98,16 +98,15 @@ server {
 }
 ```

 **For Apache**, it would be something like this:
 **For Apache2**, it would be something like this:

 ```apache
 <VirtualHost *:443>
 	ServerName DOMAIN

 	SSLProxyEngine on
 	<Location /.well-known/matrix>
 		ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
 	</Location>
 	ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
 	ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon

 	# other configuration
 </VirtualHost>
@@ -116,8 +115,22 @@ server {
 **For Caddy 2**, it would be something like this:

 ```caddy
 reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN {
 	header_up Host {http.reverse_proxy.upstream.hostport}
 DOMAIN.com {
   @wellknown {
         path /.well-known/matrix/*:x
   }

   handle @wellknown {
      reverse_proxy https://matrix.DOMAIN.com {
          header_up Host {http.reverse_proxy.upstream.hostport}
      }
   }
    # Configration for the base domain goes here
  # handle {
  #    header -Server
  #     encode zstd gzip
  #    reverse_proxy localhost:4020
  # }
 }
 ```

--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you

 - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.

 - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.

 - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

 - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@@ -214,3 +214,21 @@ element.DOMAIN.tld {
 #        }
 #  }
 #}
 #DOMAIN.com {
 # Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
 #    @wellknown {
 #        path /.well-known/matrix/*
 #    }
 #
 #    handle @wellknown {
 #        reverse_proxy https://matrix.DOMAIN.com {
 #            header_up Host {http.reverse_proxy.upstream.hostport}
 #        }
 #    }
 #    # Configration for the base domain goes here
 #   # handle {
 #   #    header -Server
 #   #     encode zstd gzip
 #   #    reverse_proxy localhost:4020
 #   # }
 #}
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1498,7 +1498,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
    }[matrix_homeserver_implementation]|int
  }}

 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}"

 matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"

--- a/roles/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/matrix-bot-buscarron/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false
 matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"

 matrix_bot_buscarron_version: v1.0.0
 matrix_bot_buscarron_version: v1.1.0
 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: []
 # spam email addresses
 matrix_bot_buscarron_spam_emails: []

 # Ban duration in hours
 matrix_bot_buscarron_ban_duration: 24

 # Banlist size
 matrix_bot_buscarron_ban_size: 10000

 # Postmark token (confirmation emails)
 matrix_bot_buscarron_pm_token:

 # Postmark sender signature
 matrix_bot_buscarron_pm_from:

 # Postmark confirmation email's reply-to
 matrix_bot_buscarron_pm_replyto:

 # Additional environment variables to pass to the buscarron container
 #
 # Example:
--- a/roles/matrix-bot-buscarron/templates/env.j2
+++ b/roles/matrix-bot-buscarron/templates/env.j2
@@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
 BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
 BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
 BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
 BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
 BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
 BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
 BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
 BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}
 BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }}
 {% endfor %}
 BUSCARRON_LIST={{ forms|join(" ") }}

--- a/roles/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/matrix-bot-honoroit/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"

 matrix_bot_honoroit_version: v0.9.7
 matrix_bot_honoroit_version: v0.9.9
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: ''
 # Log level
 matrix_bot_honoroit_loglevel: ''

 # Disable encryption
 matrix_bot_honoroit_noencryption: false

 # Max items in cache
 matrix_bot_honoroit_cachesize: ''

--- a/roles/matrix-bot-honoroit/templates/env.j2
+++ b/roles/matrix-bot-honoroit/templates/env.j2
@@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
 HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
 HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
 HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
 HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
 HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
 HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
--- a/roles/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/matrix-bot-mjolnir/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_bot_mjolnir_enabled: true

 matrix_bot_mjolnir_version: "v1.4.1"
 matrix_bot_mjolnir_version: "v1.4.2"

 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
--- a/roles/matrix-bridge-appservice-discord/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml
@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-discord-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-discord-registration.yaml"]
      }}
  when: matrix_appservice_discord_enabled|bool
--- a/roles/matrix-bridge-appservice-irc/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml
@@ -21,12 +21,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-irc-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-irc-registration.yaml"]
      }}
  when: matrix_appservice_irc_enabled|bool
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"

 matrix_appservice_slack_version: release-1.10.0
 matrix_appservice_slack_version: release-1.11.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

--- a/roles/matrix-bridge-appservice-slack/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml
@@ -21,14 +21,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-slack-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-slack-registration.yaml"]
      }}
  when: matrix_appservice_slack_enabled|bool

 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
--- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-webhooks-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-webhooks-registration.yaml"]
      }}
  when: matrix_appservice_webhooks_enabled|bool

 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
--- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
+++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-beeper-linkedin-registration.yaml"]
      }}
  when: matrix_beeper_linkedin_enabled|bool
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_heisenbridge_enabled: true

 matrix_heisenbridge_version: 1.12.0
 matrix_heisenbridge_version: 1.13.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

--- a/roles/matrix-bridge-heisenbridge/tasks/init.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml
@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/heisenbridge-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/heisenbridge-registration.yaml"]
      }}
  when: matrix_heisenbridge_enabled|bool
--- a/roles/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/matrix-bridge-hookshot/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"

 matrix_hookshot_version: 1.5.0
 matrix_hookshot_version: 1.7.3

 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false
 matrix_hookshot_generic_user_id_prefix: '_webhooks_'


 matrix_hookshot_feeds_enabled: false
 # polling interval in seconds
 matrix_hookshot_feeds_interval: 600


 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_provisioning_port: 9002
 matrix_hookshot_provisioning_secret: ''
--- a/roles/matrix-bridge-hookshot/tasks/init.yml
+++ b/roles/matrix-bridge-hookshot/tasks/init.yml
@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/hookshot-registration.yml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/hookshot-registration.yml"]
      }}
  when: matrix_hookshot_enabled|bool

 - block:
--- a/roles/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2
@@ -78,6 +78,13 @@ generic:
  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
  userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
 {% endif %}
 {% if matrix_hookshot_feeds_enabled %}
 feeds:
  # (Optional) Configure this to enable RSS/Atom feed support
  #
  enabled: {{ matrix_hookshot_feeds_enabled }}
  pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }}
 {% endif %}
 {% if matrix_hookshot_provisioning_enabled %}
 provisioning:
  # (Optional) Provisioning API for integration managers
--- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-facebook-registration.yaml"]
      }}
  when: matrix_mautrix_facebook_enabled|bool

 - block:
--- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true
 matrix_mautrix_googlechat_container_image_self_build: false
 matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"

 matrix_mautrix_googlechat_version: v0.3.1
 matrix_mautrix_googlechat_version: v0.3.3
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-googlechat-registration.yaml"]
      }}
  when: matrix_mautrix_googlechat_enabled|bool

 - block:
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-hangouts-registration.yaml"]
      }}
  when: matrix_mautrix_hangouts_enabled|bool

 - block:
--- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-instagram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-instagram-registration.yaml"]
      }}
  when: matrix_mautrix_instagram_enabled|bool
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"

 matrix_mautrix_signal_version: v0.3.0
 matrix_mautrix_signal_daemon_version: 0.18.1
 matrix_mautrix_signal_daemon_version: 0.18.5
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
@@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis
 matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"

 matrix_mautrix_signal_log_level: 'DEBUG'

 matrix_mautrix_signal_bridge_encryption_allow: false
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
--- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml
@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-signal-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-signal-registration.yaml"]
      }}
  when: matrix_mautrix_signal_enabled|bool
--- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -152,15 +152,15 @@ bridge:
    # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }}
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false
        default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }}
        # Options for automatic key sharing.
        key_sharing:
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow: false
            allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }}
            # Require the requesting device to have a valid cross-signing signature?
            # This doesn't require that the bridge has verified the device, only that the user has verified it.
            # Not yet implemented.
--- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-telegram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-telegram-registration.yaml"]
      }}
  when: matrix_mautrix_telegram_enabled|bool

 - block:
--- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true
 matrix_mautrix_twitter_container_image_self_build: false
 matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"

 matrix_mautrix_twitter_version: v0.1.3
 matrix_mautrix_twitter_version: v0.1.4
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
@@ -7,14 +7,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-twitter-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-twitter-registration.yaml"]
      }}
  when: matrix_mautrix_twitter_enabled|bool

 # ansible lower than 2.8, does not support docker_image build parameters
--- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"

 matrix_mautrix_whatsapp_version: v0.3.1
 matrix_mautrix_whatsapp_version: v0.4.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@@ -123,3 +123,12 @@ matrix_mautrix_whatsapp_registration_yaml: |
  de.sorunome.msc2409.push_ephemeral: true

 matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"

 # Enable End-to-bridge encryption
 matrix_mautrix_whatsapp_bridge_encryption_allow: false
 matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"

 # Minimum severity of journal log messages.
 # Options: debug, info, warn, error, fatal
 matrix_mautrix_whatsapp_log_level: 'warn'
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
@@ -6,12 +6,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-whatsapp-registration.yaml"]
      }}
  when: matrix_mautrix_whatsapp_enabled|bool
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -10,7 +10,7 @@ homeserver:
    # The URL to push real-time bridge status to.
    # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
    # The bridge will use the appservice as_token to authorize requests.
    status_endpoint: "null"
    status_endpoint: null

 appservice:
    # The address that the homeserver can use to connect to this appservice.
@@ -158,16 +158,16 @@ bridge:
    # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }}
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        # It is recommended to also set private_chat_portal_meta to true when using this.
        default: false
        default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }}
        # Options for automatic key sharing.
        key_sharing:
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow: false
            allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
            # Require the requesting device to have a valid cross-signing signature?
            # This doesn't require that the bridge has verified the device, only that the user has verified it.
            # Not yet implemented.
@@ -211,7 +211,8 @@ logging:
    # The directory for log files. Will be created if not found.
    directory: ./logs
    # Available variables: .Date for the file date and .Index for different log files on the same day.
    file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
    # empy/null = journal logging only
    file_name_format:
    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
    file_date_format: "2006-01-02"
    # Log file permissions.
@@ -220,4 +221,4 @@ logging:
    timestamp_format: "Jan _2, 2006 15:04:05"
    # Minimum severity for log messages.
    # Options: debug, info, warn, error, fatal
    print_level: debug
    print_level: {{ matrix_mautrix_whatsapp_log_level }}
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@@ -1,27 +1,21 @@
 ---
 # Mx Puppet Discord is a Matrix <-> Discord bridge
 # See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord)
 #
 # We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See:
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/201
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/202
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/203
 # - (other similar issues in the past)
 # See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord

 matrix_mx_puppet_discord_enabled: true

 matrix_mx_puppet_discord_container_image_self_build: false
 matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo"
 matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git"
 matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord"
 matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile"

 # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_discord_container_http_host_bind_port: ''

 matrix_mx_puppet_discord_version: latest
 matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_version: v0.1.1
 matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"

--- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-discord-registration.yaml"]
      }}
  when: matrix_mx_puppet_discord_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'

 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStartPre={{ matrix_host_command_sleep }} 15

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
 			--log-driver=none \
--- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-groupme-registration.yaml"]
      }}
  when: matrix_mx_puppet_groupme_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-instagram-registration.yaml"]
      }}
  when: matrix_mx_puppet_instagram_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-skype-registration.yaml"]
      }}
  when: matrix_mx_puppet_skype_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # Mx Puppet Slack is a Matrix <-> Slack bridge
 # See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack)
 # See: https://github.com/Sorunome/mx-puppet-slack

 matrix_mx_puppet_slack_enabled: true

@@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: ''
 matrix_mx_puppet_slack_oauth_client_secret: ''

 matrix_mx_puppet_slack_container_image_self_build: false
 matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git"
 matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git"
 matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack"
 matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile"

 # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_slack_container_http_host_bind_port: ''

 matrix_mx_puppet_slack_version: latest
 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_version: v0.1.2
 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"

--- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-slack-registration.yaml"]
      }}
  when: matrix_mx_puppet_slack_enabled|bool

 - block:
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-steam-registration.yaml"]
      }}
  when: matrix_mx_puppet_steam_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-twitter-registration.yaml"]
      }}
  when: matrix_mx_puppet_twitter_enabled|bool

 - block:
--- a/roles/matrix-bridge-sms/tasks/init.yml
+++ b/roles/matrix-bridge-sms/tasks/init.yml
@@ -15,12 +15,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
      }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-sms-bridge-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-sms-bridge-registration.yaml"]
      }}
  when: matrix_sms_bridge_enabled|bool
--- a/roles/matrix-client-cinny/defaults/main.yml
+++ b/roles/matrix-client-cinny/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true
 matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"

 matrix_client_cinny_version: v1.8.2
 matrix_client_cinny_version: v2.0.4
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@@ -3,13 +3,13 @@
 matrix_client_element_enabled: true

 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git"
 # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"

 matrix_client_element_version: v1.10.11
 matrix_client_element_version: v1.10.14
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
--- a/roles/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/matrix-client-hydrogen/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"

 matrix_client_hydrogen_version: v0.2.26
 matrix_client_hydrogen_version: v0.2.29
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"

 matrix_coturn_version: 4.5.2-r11
 matrix_coturn_version: 4.5.2-r12
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
--- a/roles/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/matrix-dynamic-dns/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'

 matrix_dynamic_dns_version: v3.9.1-ls79
 matrix_dynamic_dns_version: v3.9.1-ls89

 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/matrix-etherpad/defaults/main.yml
+++ b/roles/matrix-etherpad/defaults/main.yml
@@ -4,7 +4,7 @@ matrix_etherpad_enabled: false

 matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"

 matrix_etherpad_version: 1.8.16
 matrix_etherpad_version: 1.8.18
 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}"
 matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"

--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_grafana_enabled: false

 matrix_grafana_version: 8.5.1
 matrix_grafana_version: 8.5.3
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false
 # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
 matrix_ssl_lets_encrypt_server: ''

 matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0"
 matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~
--- a/roles/matrix-postgres/defaults/main.yml
+++ b/roles/matrix-postgres/defaults/main.yml
@@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64
 # > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"

 matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"

 # This variable is assigned at runtime. Overriding its value has no effect.
--- a/roles/matrix-registration/defaults/main.yml
+++ b/roles/matrix-registration/defaults/main.yml
@@ -7,6 +7,10 @@ matrix_registration_enabled: true
 matrix_registration_container_image_self_build: false
 matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration"
 matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}"
 # Controls whether we'll be patching the dependencies in `setup.py` when self-building.
 # Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`).
 # This is an attempt to get matrix-registration in its current (outdated) version to build.
 matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true

 matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
 matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
--- a/roles/matrix-registration/tasks/setup_install.yml
+++ b/roles/matrix-registration/tasks/setup_install.yml
@@ -68,6 +68,14 @@
  register: matrix_registration_git_pull_results
  when: "matrix_registration_container_image_self_build|bool"

 # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864
 - name: Patch setup.py to allow self-built version to work
  lineinfile:
    path: "{{ matrix_registration_docker_src_files_path }}/setup.py"
    regexp: 'flask-limiter'
    line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",'
  when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool"

 - name: Ensure matrix-registration Docker image is built
  docker_image:
    name: "{{ matrix_registration_docker_image }}"
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s

 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_synapse_version: v1.58.1
 matrix_synapse_version: v1.60.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

@@ -358,10 +358,13 @@ matrix_synapse_workers_presets:
  one-of-each:
    generic_workers_count: 1
    pusher_workers_count: 1
    appservice_workers_count: 1
    # appservice workers are deprecated since Synapse v1.59. This will be removed.
    appservice_workers_count: 0
    federation_sender_workers_count: 1
    media_repository_workers_count: 1
    # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved.
    # user_dir workers are deprecated since Synapse v1.59. This will be removed.
    # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
    user_dir_workers_count: 0
    frontend_proxy_workers_count: 1

@@ -383,7 +386,9 @@ matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[
 matrix_synapse_workers_pusher_workers_metrics_range_start: 19200

 # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported.
 matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}"
 # appservice workers are deprecated since Synapse v1.59. This will be removed.
 # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
 matrix_synapse_workers_appservice_workers_count: 0
 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300

 # matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now.
@@ -397,7 +402,9 @@ matrix_synapse_workers_media_repository_workers_port_range_start: 18551
 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551

 # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved.
 matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}"
 # user_dir workers are deprecated since Synapse v1.59. This will be removed.
 # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
 matrix_synapse_workers_user_dir_workers_count: 0
 matrix_synapse_workers_user_dir_workers_port_range_start: 18661
 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661

@@ -552,7 +559,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
 # Enable this to activate the E2EE disabling Synapse module.
 # See: https://github.com/digitalentity/matrix_encryption_disabler
 matrix_synapse_ext_encryption_disabler_enabled: false
 matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py"
 matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py"
 # A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
 # By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
 matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
--- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
@@ -27,11 +27,15 @@
      }}

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
      }}

    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }}
      {{
        matrix_synapse_additional_loggers
        +
        [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}]
      }}
--- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
+++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
@@ -4,7 +4,9 @@
    matrix_synapse_password_providers_enabled: true

    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
      {{
        matrix_synapse_additional_loggers
       +
        [{'name': 'ldap_auth_provider', 'level': 'INFO'}]
      }}
  when: matrix_synapse_ext_password_provider_ldap_enabled|bool
--- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
@@ -34,19 +34,23 @@

 - set_fact:
    matrix_synapse_spam_checker: >
      {{ matrix_synapse_spam_checker }}
      +
      [{
        "module": "mjolnir.AntiSpam",
        "config": {
          "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }},
          "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }},
          "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }},
          "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}
        }
      }]
      {{
        matrix_synapse_spam_checker
        +
        [{
          "module": "mjolnir.AntiSpam",
          "config": {
            "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites,
            "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages,
            "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames,
            "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists,
          }
        }]
      }}

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
      }}
--- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
@@ -22,11 +22,15 @@
    matrix_synapse_password_providers_enabled: true

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
      }}

    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }}
      {{
        matrix_synapse_additional_loggers
        +
        [{'name': 'rest_auth_provider', 'level': 'INFO'}]
      }}
--- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
@@ -37,11 +37,15 @@
      }}

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
      }}

    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}
      {{
        matrix_synapse_additional_loggers
        +
        [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
      }}
--- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
@@ -39,16 +39,20 @@

 - set_fact:
    matrix_synapse_modules: >
      {{ matrix_synapse_modules }}
      +
      [{
        "module": "synapse_simple_antispam.AntiSpamInvites",
        "config": {
          "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
        }
      }]
      {{
        matrix_synapse_modules
        +
        [{
          "module": "synapse_simple_antispam.AntiSpamInvites",
          "config": {
            "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers
          }
        }]
      }}

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
      }}
--- a/roles/matrix-synapse/tasks/validate_config.yml
+++ b/roles/matrix-synapse/tasks/validate_config.yml
@@ -12,13 +12,24 @@
    - "matrix_synapse_database_password"
    - "matrix_synapse_database_database"

 - name: Fail if asking to configure deprecaed workers (appservice, userdir)
  fail:
    msg: >-
      `{{ item }}` cannot be more than 0.
      This type of worker has been deprecated since Synapse v1.59.
      Please remove your `{{ item }}` configuration to solve this problem.
      See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
  when: "vars[item]|int != 0"
  with_items:
    - "matrix_synapse_workers_appservice_workers_count"
    - "matrix_synapse_workers_user_dir_workers_count"

 - name: Fail if asking for more than 1 instance of single-instance workers
  fail:
    msg: >-
      `{{ item }}` cannot be more than 1. This is a single-instance worker.
  when: "vars[item]|int > 1"
  with_items:
    - "matrix_synapse_workers_appservice_workers_count"
    - "matrix_synapse_workers_pusher_workers_count"
    - "matrix_synapse_workers_federation_sender_workers_count"

--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver

 # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/
 # reduce the main worker's offerings to core homeserver business
 {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'appservice')|list  %}
 notify_appservices: false
 {% endif %}
 {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list  %}
 send_federation: false
 {% endif %}
@@ -364,9 +361,6 @@ enable_media_repo: false
 {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list  %}
 start_pushers: false
 {% endif %}
 {% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'user_dir')|list  %}
 update_user_directory: false
 {% endif %}

 daemonize: false
 {% endif %}
@@ -432,6 +426,11 @@ manhole_settings:
 # sign up in a short space of time never to return after their initial
 # session.
 #
 # The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
 # applies a different trial number if the user was registered by an appservice.
 # A value of 0 means no trial days are applied. Appservices not listed in this
 # dictionary use the value of `mau_trial_days` instead.
 #
 # 'mau_limit_alerting' is a means of limiting client side alerting
 # should the mau limit be reached. This is useful for small instances
 # where the admin has 5 mau seats (say) for 5 specific people and no
@@ -442,6 +441,8 @@ manhole_settings:
 #max_mau_value: 50
 #mau_trial_days: 2
 #mau_limit_alerting: false
 #mau_appservice_trial_days:
 #  "appservice-id": 1

 # If enabled, the metrics for the number of monthly active users will
 # be populated, however no one will be limited. If limit_usage_by_mau
@@ -742,11 +743,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
 #
 #allow_profile_lookup_over_federation: false

 # Uncomment to disable device display name lookup over federation. By default, the
 # Federation API allows other homeservers to obtain device display names of any user
 # on this homeserver. Defaults to 'true'.
 # Uncomment to allow device display name lookup over federation. By default, the
 # Federation API prevents other homeservers from obtaining the display names of
 # user devices on this homeserver. Defaults to 'false'.
 #
 #allow_device_name_lookup_over_federation: false
 #allow_device_name_lookup_over_federation: true


 ## Caching ##
@@ -1375,7 +1376,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
 #
 registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }}


 # Allow users to submit a token during registration to bypass any required 3pid
 # steps configured in `registrations_require_3pid`.
 # Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
 #
 #enable_registration_token_3pid_bypass: false

 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
@@ -2521,8 +2526,10 @@ password_providers:
        uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }}
        mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }}
        name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }}
 {% if matrix_synapse_ext_password_provider_ldap_bind_dn %}
      bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }}
      bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }}
 {% endif %}
      filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }}
 {% endif %}
 {% endif %}
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -279,7 +279,7 @@ matrix_synapse_workers_generic_worker_endpoints:
  # run_background_tasks_on: background_worker
  # ```

  # You might also wish to investigate the `update_user_directory` and
  # You might also wish to investigate the `update_user_directory_from_worker` and
  # `media_instance_running_background_jobs` settings.

  # An example for a dedicated background worker instance:
@@ -288,6 +288,40 @@ matrix_synapse_workers_generic_worker_endpoints:
  # {{#include systemd-with-workers/workers/background_worker.yaml}}
  # ```

  # #### Updating the User Directory

  # You can designate one generic worker to update the user directory.

  # Specify its name in the shared configuration as follows:

  # ```yaml
  # update_user_directory_from_worker: worker_name
  # ```

  # This work cannot be load-balanced; please ensure the main process is restarted
  # after setting this option in the shared configuration!

  # This style of configuration supersedes the legacy `synapse.app.user_dir`
  # worker application type.


  # #### Notifying Application Services

  # You can designate one generic worker to send output traffic to Application Services.

  # Specify its name in the shared configuration as follows:

  # ```yaml
  # notify_appservices_from_worker: worker_name
  # ```

  # This work cannot be load-balanced; please ensure the main process is restarted
  # after setting this option in the shared configuration!

  # This style of configuration supersedes the legacy `synapse.app.appservice`
  # worker application type.


 # pusher worker (no API endpoints) [
  # Handles sending push notifications to sygnal and email. Doesn't handle any
  # REST endpoints itself, but you should set `start_pushers: False` in the
@@ -305,6 +339,9 @@ matrix_synapse_workers_generic_worker_endpoints:
 # ]

 # appservice worker (no API endpoints) [
  # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
  # `notify_appservices_from_worker` option instead.](#notifying-application-services)

  # Handles sending output traffic to Application Services. Doesn't handle any
  # REST endpoints itself, but you should set `notify_appservices: False` in the
  # shared configuration file to stop the main synapse sending appservice notifications.
@@ -371,6 +408,9 @@ matrix_synapse_workers_media_repository_endpoints:
  # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately).

 matrix_synapse_workers_user_dir_endpoints:
  # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
  # `update_user_directory_from_worker` option instead.](#updating-the-user-directory)

  # Handles searches in the user directory. It can handle REST endpoints matching
  # the following regular expressions: