diff --git a/.gitignore b/.gitignore
index 380d0fa41..42e31f650 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,7 @@
 .DS_Store
 .python-version
 .idea/
-flake.lock
+.direnv/
 
 # ignore roles pulled by ansible-galaxy
 /roles/galaxy/*
diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md
index 3e6f798e4..5bf988268 100644
--- a/docs/configuring-playbook-bridge-appservice-slack.md
+++ b/docs/configuring-playbook-bridge-appservice-slack.md
@@ -20,8 +20,24 @@ matrix_appservice_slack_enabled: true
 matrix_appservice_slack_control_room_id: "Your matrix admin room id"
 ```
 
-3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
-4. Invite the bridge bot user into the admin room:
+3. Enable puppeting (optional, but recommended)
+
+```yaml
+matrix_appservice_slack_puppeting_enabled: true
+matrix_appservice_slack_puppeting_slackapp_client_id: "Your Classic Slack App Client ID"
+matrix_appservice_slack_puppeting_slackapp_client_secret: "Your Classic Slack App Client Secret"
+```
+
+4. Enable Team Sync (optional)
+
+```yaml
+matrix_appservice_slack_team_sync_enabled: true
+```
+
+   See https://matrix-appservice-slack.readthedocs.io/en/latest/team_sync/
+
+4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
+5. Invite the bridge bot user into the admin room:
 
 ```
     /invite @slackbot:MY.DOMAIN
@@ -29,7 +45,7 @@ matrix_appservice_slack_control_room_id: "Your matrix admin room id"
 
 Note that the bot's domain is your server's domain **without the `matrix.` prefix.**
 
-5. Create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
+6. Create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
 
     Name the app "matrixbot" (or anything else you'll remember).
 
@@ -37,7 +53,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
     Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
 
-6. Click on Event Subscriptions and enable them and use the request url `https://matrix.DOMAIN/appservice-slack`. Then add the following events and save:
+7. Click on Event Subscriptions and enable them and use the request url `https://matrix.DOMAIN/appservice-slack`. Then add the following events and save:
 
      Bot User Events:
 
@@ -47,7 +63,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
     - reaction_added
     - reaction_removed
 
-7. Click on OAuth & Permissions and add the following scopes:
+8. Click on OAuth & Permissions and add the following scopes:
 
     - chat:write:bot
     - users:read
@@ -59,9 +75,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
     Note: In order to make Slack files visible to matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details.
 
-8. Click on Install App and Install App to Workspace. Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
+9. Click on Install App and Install App to Workspace. Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
 
-9. For each channel you would like to bridge, perform the following steps:
+10. If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:
 
     * Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID - it will look something like !aBcDeF:example.com.
 
@@ -86,7 +102,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
 Other configuration options are available via the `matrix_appservice_slack_configuration_extension_yaml` variable.
 
-10. Unlinking
+11. Unlinking
 
     Channels can be unlinked again like this:
     ```
diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index 74eed348c..1c162cb0e 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -87,8 +87,6 @@ This playbook can upgrade your existing Postgres setup with the following comman
 just run-tags upgrade-postgres
 ```
 
-**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 16 support yet.**
-
 **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
 To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`
 
diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md
index 93c150022..f89594a45 100644
--- a/docs/maintenance-synapse.md
+++ b/docs/maintenance-synapse.md
@@ -74,7 +74,7 @@ Synapse's presence feature which tracks which users are online and which are off
 
 If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).
 
-[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will aslo need to tune Postgres manually.
+[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.
 
 ### Tuning caches and cache autotuning
 
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 000000000..b4d9ebdb9
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,60 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712578459,
+        "narHash": "sha256-r+rjtYIdwV7mEqFwbvaS7dZSH+3xNW9loR3Rh9C0ifI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b1a486be09c354e25a18689eb21425e43892e38c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
index 412309a89..3738e97db 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,19 +1,30 @@
 {
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-
-  outputs = { self, nixpkgs, ... }:
-    let
-      pkgs = import nixpkgs { system = "x86_64-linux"; };
-    in
-    {
-      devShell.x86_64-linux = pkgs.mkShell {
-        buildInputs = with pkgs; [
-          just
-          python311Packages.ansible-core
-          python311Packages.passlib
-        ];
-        LC_ALL = "C.UTF-8";
-        LC_CTYPE = "C.UTF-8";
-      };
-    };
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+  }:
+    flake-utils.lib.eachDefaultSystem
+    (
+      system: let
+        pkgs = import nixpkgs {
+          inherit system;
+        };
+      in
+        with pkgs; {
+          devShells.default = mkShell {
+            buildInputs = [
+              just
+              ansible
+            ];
+            shellHook = ''
+              echo "$(ansible --version)"
+            '';
+          };
+        }
+    );
 }
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index d7b8658b3..074066e41 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -19,6 +19,14 @@
 # Also see `devture_docker_sdk_for_python_installation_enabled`.
 matrix_playbook_docker_installation_enabled: true
 
+matrix_playbook_docker_installation_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options_auto | combine(matrix_playbook_docker_installation_daemon_options_custom, recursive=True) }}"
+
+matrix_playbook_docker_installation_daemon_options_auto:
+  experimental: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+  ip6tables: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+
+matrix_playbook_docker_installation_daemon_options_custom: {}
+
 # Controls whether to attach Traefik labels to services.
 # This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
 # yet still use Traefik installed in another way.
@@ -489,13 +497,7 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d
 #                                                                      #
 ########################################################################
 
-docker_daemon_options: |
-  {{
-    {
-      'experimental': devture_systemd_docker_base_ipv6_enabled,
-      'ip6tables': devture_systemd_docker_base_ipv6_enabled,
-    }
-  }}
+docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}"
 
 ########################################################################
 #                                                                      #
@@ -1921,15 +1923,15 @@ matrix_hookshot_systemd_wanted_services_list: |
   {{
     matrix_addons_homeserver_systemd_services_list
     +
-    ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
+    ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
     +
-    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
+    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
   }}
 
 # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
 # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
 # because connectivity is still potentially troublesome and is to be investigated.
-matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
+matrix_hookshot_cache_redis_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
 
 matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
 
@@ -1938,9 +1940,9 @@ matrix_hookshot_container_additional_networks_auto: |
     (
       ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
       +
-      ([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
+      ([redis_container_network] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
       +
-      ([keydb_container_network] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
+      ([keydb_container_network] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
       +
       ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
     ) | unique
@@ -3422,7 +3424,7 @@ exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64',
 
 exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"
 
-exim_relay_sender_address: "matrix@{{ matrix_domain }}"
+exim_relay_sender_address: "matrix@{{ exim_relay_hostname }}"
 
 ########################################################################
 #                                                                      #
@@ -5033,6 +5035,7 @@ matrix_dendrite_systemd_wanted_services_list_auto: |
     (['matrix-coturn.service'] if matrix_coturn_enabled else [])
   }}
 
+matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
 matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
 
 ######################################################################
diff --git a/requirements.yml b/requirements.yml
index f33c35b1c..18cda83c7 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -7,7 +7,7 @@
   version: v1.2.8-1.8.9-0
   name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
-  version: v0.1.1-3
+  version: v0.1.2-1
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
   version: 7.1.0
@@ -16,16 +16,16 @@
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v2.0.1-2
+  version: v2.0.3-0
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.97-r0-0-3
+  version: v4.97.1-r0-0-2
   name: exim_relay
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.4.1-0
+  version: v11.0.0-0
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v9364-1
+  version: v9457-3
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
   version: v6.3.4-1
@@ -43,16 +43,16 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
   name: playbook_state_preserver
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v16.1-6
+  version: v16.3-0
   name: postgres
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
   version: 046004a8cb9946979b72ce81c2526c8033ea8067
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.51.0-0
+  version: v2.52.0-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.7.0-3
+  version: v1.8.0-0
   name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
   version: v0.14.0-4
@@ -70,7 +70,7 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v2.11.0-4
+  version: v2.11.2-0
   name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
   version: v2.8.3-1
diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml
index 116155cef..a10974754 100644
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
@@ -6,7 +6,7 @@
 matrix_bot_buscarron_enabled: true
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron
-matrix_bot_buscarron_version: v1.4.0
+matrix_bot_buscarron_version: v1.4.1
 
 # The hostname at which Buscarron is served.
 matrix_bot_buscarron_hostname: ''
diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml
index 76ab590f6..d11f2a769 100644
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -21,7 +21,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit
-matrix_bot_honoroit_version: v0.9.20
+matrix_bot_honoroit_version: v0.9.21
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
index 9d3556a0c..08799a7e8 100644
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_v
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle
-matrix_bot_postmoogle_version: v0.9.17
+matrix_bot_postmoogle_version: v0.9.18
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
index eb4863530..73449d729 100644
--- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
@@ -105,6 +105,14 @@ matrix_appservice_slack_database_port: 5432
 matrix_appservice_slack_database_name: matrix_appservice_slack
 matrix_appservice_slack_database_sslmode: disable
 
+matrix_appservice_slack_puppeting_enabled: false
+matrix_appservice_slack_puppeting_slackapp_client_id: ''
+matrix_appservice_slack_puppeting_slackapp_client_secret: ''
+matrix_appservice_slack_puppeting_onboard_users: true
+
+matrix_appservice_slack_team_sync_enabled: false
+matrix_appservice_slack_team_sync_alias_prefix: 'slack_'
+
 # The name of the container network to use when importing a NeDB database into Postgres.
 # For Postgres not working in a container, this can be left empty.
 matrix_appservice_slack_database_container_network: ''
diff --git a/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2
index 911dd75e4..10a53fa5f 100644
--- a/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2
@@ -24,6 +24,26 @@ rtm:
   #
   log_level: "silent"
 
+{% if matrix_appservice_slack_puppeting_enabled %}
+puppeting:
+  enabled: true
+  onboard_users: {{ matrix_appservice_slack_puppeting_onboard_users | to_json }}
+
+oauth2:
+  client_id: {{ matrix_appservice_slack_puppeting_slackapp_client_id | to_json }}
+  client_secret: {{ matrix_appservice_slack_puppeting_slackapp_client_secret | to_json }}
+{% endif %}
+
+{% if matrix_appservice_slack_team_sync_enabled %}
+team_sync:
+  all:
+    channels:
+      enabled: true
+      alias_prefix: {{ matrix_appservice_slack_team_sync_alias_prefix | to_json }}
+    users:
+      enabled: true
+{% endif %}
+
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"
 {% else %}
diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index 507b7692e..e5f2af0bf 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 5.2.1
+matrix_hookshot_version: 5.3.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -40,15 +40,17 @@ matrix_hookshot_appservice_port: 9993
 matrix_hookshot_appservice_hostname: "{{ matrix_hookshot_public_hostname }}"
 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
 
-# The variables below control the queue parameters and may optionally be pointed to a Redis instance.
-# These are required when experimental encryption is enabled (`matrix_hookshot_experimental_encryption_enabled`).
-matrix_hookshot_queue_host: ''
-matrix_hookshot_queue_port: 6739
+# The variables below control the Redis cache parameters.
+# Using caching is required when experimental encryption is enabled (`matrix_hookshot_experimental_encryption_enabled`)
+# but may also speed up Hookshot startup, etc.
+matrix_hookshot_cache_redis_host: ''
+matrix_hookshot_cache_redis_port: "6379"
+matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_host + ':' + matrix_hookshot_cache_redis_port) if matrix_hookshot_cache_redis_host else '' }}"  # noqa var-naming
 
 # Controls whether the experimental end-to-bridge encryption support is enabled.
 # This requires that:
 # - support to also be enabled in the homeserver, see the documentation of Hookshot.
-# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_queue_*` variables.
+# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables.
 matrix_hookshot_experimental_encryption_enabled: false
 
 # Controls whether metrics are enabled in the bridge configuration.
@@ -91,7 +93,7 @@ matrix_hookshot_github_oauth_client_id: ''  # "Client ID" on the GitHub App page
 matrix_hookshot_github_oauth_client_secret: ''  # "Client Secret" on the GitHub App page
 # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
 matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
-matrix_hookshot_github_oauth_redirect_uri: "https://{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
+matrix_hookshot_github_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
 
 # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
 matrix_hookshot_github_defaultOptions_ignoreHooks: {}  # noqa var-naming
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
index cb1fa3025..9a0f38353 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
@@ -29,6 +29,8 @@
     - {'old': 'matrix_hookshot_jira_oauth_uri', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
     - {'old': 'matrix_hookshot_gitlab_secret', 'new': 'matrix_hookshot_gitlab_webhook_secret'}
     - {'old': 'matrix_hookshot_ident', 'new': 'matrix_hookshot_identifier'}
+    - {'old': 'matrix_hookshot_queue_host', 'new': 'matrix_hookshot_cache_redis_host'}
+    - {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'}
 
 - name: Fail if required Hookshot settings not defined
   ansible.builtin.fail:
@@ -93,8 +95,8 @@
 - name: Fail if no Redis queue enabled when Hookshot encryption is enabled
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`) to enable Hookshot encryption.
-  when: "matrix_hookshot_experimental_encryption_enabled and matrix_hookshot_queue_host == ''"
+      You need to define a required configuration setting (`matrix_hookshot_cache_redis*`) to enable Hookshot encryption.
+  when: "matrix_hookshot_experimental_encryption_enabled and matrix_hookshot_cache_redisUri == ''"
 
 - name: (Deprecation) Catch and report old metrics usage
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
index 77036b52c..cf60803a8 100644
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
@@ -107,11 +107,9 @@ metrics:
   # (Optional) Prometheus metrics support
   #
   enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
-{% if matrix_hookshot_queue_host != '' %}
-queue:
-  monolithic: true
-  port: {{ matrix_hookshot_queue_port }}
-  host: {{ matrix_hookshot_queue_host | to_json }}
+{% if matrix_hookshot_cache_redisUri %}
+cache:
+  redisUri: {{ matrix_hookshot_cache_redisUri | to_json }}
 {% endif %}
 {% if matrix_hookshot_experimental_encryption_enabled %}
 experimentalEncryption:
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
index e44ca39cd..b067222aa 100644
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.3.0
+matrix_mautrix_gmessages_version: v0.4.1
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
index 4079143e4..078b53062 100644
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.2.0
+matrix_mautrix_meta_instagram_version: v0.3.1
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
index 7a9cd2f80..67ca3cb1c 100644
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.2.0
+matrix_mautrix_meta_messenger_version: v0.3.1
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
index 4e11de2da..d3bc23a78 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.5.1
+matrix_mautrix_signal_version: v0.6.1
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index fdbe6145c..1be65f4a9 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.10.6
+matrix_mautrix_whatsapp_version: v0.10.7
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml
index be967e686..882e6dc16 100644
--- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml
+++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.28.0
+matrix_cactus_comments_client_version: 2.30.0
 
 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"
diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index 506f07f83..fa15efeb0 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=vectorim/element-web
-matrix_client_element_version: v1.11.63
+matrix_client_element_version: v1.11.66
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -160,8 +160,8 @@ matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg"
 # URL of link on welcome image
 matrix_client_element_welcome_logo_link: "https://element.io"
 
-matrix_client_element_welcome_headline: "_t('Welcome to Element')"
-matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
+matrix_client_element_welcome_headline: "_t(\"welcome_to_element\")"
+matrix_client_element_welcome_text: "_t(\"powered_by_matrix_with_logo\")"
 
 # Links, shown in footer of welcome page:
 # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
diff --git a/roles/custom/matrix-client-element/templates/welcome.html.j2 b/roles/custom/matrix-client-element/templates/welcome.html.j2
index d1c604133..f25ac6812 100644
--- a/roles/custom/matrix-client-element/templates/welcome.html.j2
+++ b/roles/custom/matrix-client-element/templates/welcome.html.j2
@@ -178,11 +178,11 @@ we don't have an account and should hide them. No account == no guest account ei
     <div class="mx_ButtonGroup">
         <div class="mx_ButtonRow">
             <a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
-                <div class="mx_ButtonLabel">_t("Sign In")</div>
+                <div class="mx_ButtonLabel">_t("action|sign_in")</div>
             </a>
 {% if matrix_client_element_registration_enabled %}
             <a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
-                <div class="mx_ButtonLabel">_t("Create Account")</div>
+                <div class="mx_ButtonLabel">_t("action|create_account")</div>
             </a>
 {% endif %}
         </div>
@@ -195,7 +195,7 @@ we don't have an account and should hide them. No account == no guest account ei
         <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
             <div>
                 <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
-                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
+                    <div class="mx_ButtonLabel">_t("action|explore_rooms")</div>
                 </a>
             </div>
         </div>
diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml
index 3957c5c43..215ee4a2a 100644
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_conduit_hostname: ''
 matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
 matrix_conduit_docker_image_name_prefix: "docker.io/"
 # renovate: datasource=docker depName=matrixconduit/matrix-conduit
-matrix_conduit_docker_image_tag: "v0.6.0"
+matrix_conduit_docker_image_tag: "v0.7.0"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"
diff --git a/roles/custom/matrix-conduit/templates/labels.j2 b/roles/custom/matrix-conduit/templates/labels.j2
index da6df1a77..33c2789a0 100644
--- a/roles/custom/matrix-conduit/templates/labels.j2
+++ b/roles/custom/matrix-conduit/templates/labels.j2
@@ -83,14 +83,14 @@ traefik.http.routers.matrix-conduit-public-client-api.tls.certResolver={{ matrix
 #                                                          #
 ############################################################
 
-traefik.http.routers.matrix-conduit-public-client-api.rule={{ matrix_conduit_container_labels_internal_client_api_traefik_rule }}
+traefik.http.routers.matrix-conduit-internal-client-api.rule={{ matrix_conduit_container_labels_internal_client_api_traefik_rule }}
 
 {% if matrix_conduit_container_labels_internal_client_api_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-conduit-public-client-api.priority={{ matrix_conduit_container_labels_internal_client_api_traefik_priority }}
+traefik.http.routers.matrix-conduit-internal-client-api.priority={{ matrix_conduit_container_labels_internal_client_api_traefik_priority }}
 {% endif %}
 
-traefik.http.routers.matrix-conduit-public-client-api.service=matrix-conduit
-traefik.http.routers.matrix-conduit-public-client-api.entrypoints={{ matrix_conduit_container_labels_internal_client_api_traefik_entrypoints }}
+traefik.http.routers.matrix-conduit-internal-client-api.service=matrix-conduit
+traefik.http.routers.matrix-conduit-internal-client-api.entrypoints={{ matrix_conduit_container_labels_internal_client_api_traefik_entrypoints }}
 
 ############################################################
 #                                                          #
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index 944d64858..356860a04 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
 # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith
-matrix_dendrite_docker_image_tag: "v0.13.6"
+matrix_dendrite_docker_image_tag: "v0.13.7"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml
index 0598a0b7b..9289f0dd9 100644
--- a/roles/custom/matrix-rageshake/defaults/main.yml
+++ b/roles/custom/matrix-rageshake/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_rageshake_path_prefix: /
 # There are no stable container image tags yet.
 # See: https://github.com/matrix-org/rageshake/issues/69
 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake
-matrix_rageshake_version: 1.12.0
+matrix_rageshake_version: 1.13.0
 
 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake"
 matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config"
diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml
index f7028f120..522dd2a9b 100644
--- a/roles/custom/matrix-sliding-sync/defaults/main.yml
+++ b/roles/custom/matrix-sliding-sync/defaults/main.yml
@@ -6,7 +6,7 @@
 matrix_sliding_sync_enabled: true
 
 # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync
-matrix_sliding_sync_version: v0.99.15
+matrix_sliding_sync_version: v0.99.17
 
 matrix_sliding_sync_scheme: https
 
diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml
index fc83e7100..1027e7d57 100644
--- a/roles/custom/matrix-static-files/defaults/main.yml
+++ b/roles/custom/matrix-static-files/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.28.0
+matrix_static_files_version: 2.30.0
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml
index a365f2951..b2e391ce8 100644
--- a/roles/custom/matrix-sygnal/defaults/main.yml
+++ b/roles/custom/matrix-sygnal/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_sygnal_hostname: ''
 matrix_sygnal_path_prefix: /
 
 # renovate: datasource=docker depName=matrixdotorg/sygnal
-matrix_sygnal_version: v0.14.0
+matrix_sygnal_version: v0.14.1
 
 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml
index 1dee1d756..cb20be673 100644
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@@ -12,7 +12,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
 
 # renovate: datasource=docker depName=awesometechnologies/synapse-admin
-matrix_synapse_admin_version: 0.8.7
+matrix_synapse_admin_version: 0.10.1
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
diff --git a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml
index 20f52008b..347d9eecb 100644
--- a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml
+++ b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml
@@ -6,7 +6,7 @@
 matrix_synapse_auto_compressor_enabled: true
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/rust-synapse-compress-state
-matrix_synapse_auto_compressor_version: "{{ 'latest' if matrix_synapse_auto_compressor_container_image_self_build else 'v0.1.3' }}"
+matrix_synapse_auto_compressor_version: v0.1.4
 
 matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor"
 matrix_synapse_auto_compressor_container_src_files_path: "{{ matrix_synapse_auto_compressor_base_path }}/container-src"
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
index 08c425fa0..ac3dab8c1 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -7,11 +7,13 @@
 #
 # When Synapse workers are enabled, however, the reverse-proxying configuration is much more complicated - certain requests need to go to certain workers, etc.
 # matrix-synapse-reverse-proxy-companion is the central place services that need to reach Synapse could be pointed to.
+#
+# Project source code URL: https://github.com/nginx/nginx
 
 matrix_synapse_reverse_proxy_companion_enabled: true
 
 # renovate: datasource=docker depName=nginx
-matrix_synapse_reverse_proxy_companion_version: 1.25.4-alpine
+matrix_synapse_reverse_proxy_companion_version: 1.25.5-alpine
 
 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index c9499207a..0cfb9d30c 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.104.0
+matrix_synapse_version: v1.107.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -1227,6 +1227,8 @@ matrix_synapse_ext_synapse_auto_accept_invite_enabled: false
 matrix_synapse_ext_synapse_auto_accept_invite_version: 1.1.3
 # Specifies whether only direct messages (1:1 rooms) will be auto accepted.
 matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: false
+# Specifies whether only invites from local users will be auto accepted.
+matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users: false
 # When Synapse workers enabled it is possible (but not required) to assign a worker to run this module on (null = main process).
 matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: null
 
diff --git a/roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite/setup_install.yml
index 06457e370..182d42b03 100644
--- a/roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite/setup_install.yml
@@ -10,6 +10,7 @@
             "module": "synapse_auto_accept_invite.InviteAutoAccepter",
             "config": {
               "accept_invites_only_for_direct_messages": matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages,
+              "accept_invites_only_from_local_users": matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users,
               "worker_to_run_on": matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on,
           },
         }]
diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
index 736493280..c22e9d04a 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
@@ -94,7 +94,7 @@
 - name: Generate initial Synapse config and signing key
   ansible.builtin.command:
     cmd: |
-      docker run
+      {{ devture_systemd_docker_base_host_command_docker }} run
       --rm
       --name=matrix-config
       --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
diff --git a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_ssl.yml b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_ssl.yml
index c1c66409b..20e600e1f 100644
--- a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_ssl.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_ssl.yml
@@ -5,10 +5,12 @@
     path: "{{ matrix_base_data_path }}/ssl"
     state: absent
 
-- name: Ensure matrix-ssl-lets-encrypt-certificates-renew systemd timer and service are gone
+- name: Ensure matrix SSL-related systemd timers and services are gone
   ansible.builtin.file:
     path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
     state: absent
   with_items:
     - matrix-ssl-lets-encrypt-certificates-renew.timer
     - matrix-ssl-lets-encrypt-certificates-renew.service
+    - matrix-ssl-nginx-proxy-reload.timer
+    - matrix-ssl-nginx-proxy-reload.service
diff --git a/setup.yml b/setup.yml
index 9d4a1f282..fc1d3caf2 100644
--- a/setup.yml
+++ b/setup.yml
@@ -127,8 +127,6 @@
     - custom/matrix-bridge-appservice-polychat
     - custom/matrix-pantalaimon
 
-    - role: galaxy/auxiliary
-
     - role: galaxy/postgres_backup
 
     - role: galaxy/backup_borg
@@ -142,6 +140,8 @@
 
     - role: galaxy/traefik_certs_dumper
 
+    - role: galaxy/auxiliary
+
     - when: devture_systemd_service_manager_enabled | bool
       role: galaxy/systemd_service_manager