Merge branch 'master' into synapse-s3-support

3 лет назад · f9a7c91854
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,86 @@
 # 2022-06-23
 ## (Potential Backward Compatibility Break) Changes around metrics collection
 **TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below.
 **Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all).
 **The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
 **If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that:
 1. **Metrics may not be enabled by default anymore**:
  - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network.
  - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below.
 2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation.
 3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`.
 **If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`.
 **If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`.
 **If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that:
 1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them.
 2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation
 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics`
 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`).
 **If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. 
 # 2022-06-13
 ## go-skype-bridge bridging support
 Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/).
 See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started.
 The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken.
 # 2022-06-09
 ## Running Ansible in a container can now happen on the Matrix server itself
 If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself).
 # 2022-05-31
 ## Synapse v1.60 upgrade may cause trouble and require manual intervention
 Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted.
 We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky.
 **If Synapse fails to start** after your next playbook run, you'll need to:
 - SSH into the Matrix server
 - launch `/usr/local/bin/matrix-postgres-cli`
 - switch to the `synapse` database: `\c synapse`
 - run the following SQL query:
 ```sql
 BEGIN;
 DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN (
  SELECT row_id, state_group, prev_state_group
  FROM (
    SELECT
      ctid AS row_id,
      MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id,
      state_group,
      prev_state_group
    FROM state_group_edges
  ) AS t1
  WHERE row_id <> min_row_id
 );
 COMMIT;
 ```
 You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
 # 2022-04-25
 ## buscarron bot support
--- a/README.md
+++ b/README.md
@@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve
 - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
 - (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
 - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
 - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
--- a/docs/alternative-architectures.md
+++ b/docs/alternative-architectures.md
@@ -2,7 +2,7 @@
 As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
 To that end add the following variable to your `vars.yaml` file:
 To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)):
 ```yaml
 matrix_architecture: <your-matrix-server-architecture>
@@ -13,7 +13,7 @@ Currently supported architectures are the following:
 - `arm64`
 - `arm32`
 so for the Raspberry Pi, the following should be in your `vars.yaml` file:
 so for the Raspberry Pi, the following should be in your `vars.yml` file:
 ```yaml
 matrix_architecture: "arm32"
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff
 - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
 - by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
 - by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`).
 If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path.
@@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting
 ## Using Ansible via Docker
 Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
 Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
 Here's a sample command to get you started (run this from the playbook's directory):
 This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.
 There are 2 ways to go about it:
 - [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
 - [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)
 ### Running Ansible in a container on the Matrix server itself
 To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
 Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
 - you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
 - **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
 Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
 You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
 Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`
 Run this from the playbook's directory:
 ```bash
 docker run -it --rm \
 --privileged \
 --pid=host \
 -w /work \
 -v `pwd`:/work \
 --entrypoint=/bin/sh \
 docker.io/devture/ansible:2.13.0-r0
 ```
 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
 The `/work` directory contains the playbook's code.
 You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
 ### Running Ansible in a container on another computer (not the Matrix server)
 Run this from the playbook's directory:
 ```bash
 docker run -it --rm \
@@ -51,7 +92,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
 docker.io/devture/ansible:2.11.6-r1
 docker.io/devture/ansible:2.13.0-r0
 ```
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
 The `/work` directory contains the playbook's code.
 You can execute `ansible-playbook` commands as per normal now.
 You can execute `ansible-playbook ...` commands as per normal now.
 ### If you don't use SSH keys for authentication
 #### If you don't use SSH keys for authentication
 If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
 To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
--- a/docs/configuring-playbook-bridge-go-skype-bridge.md
+++ b/docs/configuring-playbook-bridge-go-skype-bridge.md
@@ -0,0 +1,23 @@
 # Setting up Go Skype Bridge (optional)
 The playbook can install and configure
 [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you.
 See the project page to learn what it does and why it might be useful to you.
 To enable the [Skype](https://www.skype.com/) bridge just use the following
 playbook configuration:
 ```yaml
 matrix_go_skype_bridge_enabled: true
 ```
 ## Usage
 Once the bot is enabled, you need to start a chat with `Skype bridge bot`
 with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
 domain, not the `matrix.` domain).
 Send `help` to the bot to see the commands available.
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -4,19 +4,19 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr
 Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.
 See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
 See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you.
 Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.
 ## Setup Instructions
 Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
 Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.
 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
@@ -26,14 +26,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | listener | default path | variable | used as |
 |---|---|---|---|
 | webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. |
 | webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
 | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
 | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
 | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
 | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
 | widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets |
 | metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus |
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
 | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml).
@@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_
 ### Metrics
 If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md).
 Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them.
 To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however.
 **To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to:
 - enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature)
 - expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true`
 ### Collision with matrix-appservice-webhooks
--- a/docs/configuring-playbook-bridge-mautrix-facebook.md
+++ b/docs/configuring-playbook-bridge-mautrix-facebook.md
@@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can
 matrix_mautrix_facebook_configuration_extension_yaml: |
  bridge:
    permissions:
      '@YOUR_USERNAME:YOUR_DOMAIN': admin
      '@YOUR_USERNAME:{{ matrix_domain }}': admin
 ```
 You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure.
 Using both would look like
 ```yaml
 matrix_mautrix_facebook_configuration_extension_yaml: |
  bridge:
    permissions:
      '@YOUR_USERNAME:{{ matrix_domain }}': admin
    encryption:
      allow: true
      default: true
 ```
 You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
 ## Set up Double Puppeting
@@ -91,3 +103,5 @@ Once connected, you should be able to verify that you're browsing the web throug
 Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/).
 Once logged in, proceed to [set up bridging](#usage).
 If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change
--- a/docs/configuring-playbook-bridge-mautrix-instagram.md
+++ b/docs/configuring-playbook-bridge-mautrix-instagram.md
@@ -7,6 +7,32 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i
 ```yaml
 matrix_mautrix_instagram_enabled: true
 ```
 There are some additional things you may wish to configure about the bridge before you continue.
 Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
 ```yaml
 matrix_mautrix_instagram_configuration_extension_yaml: |
  bridge:
    encryption:
      allow: true
      default: true
 ```
 If you would like to be able to administrate the bridge from your account it can be configured like this:
 ```yaml
 # The easy way. The specified Matrix user ID will be made an admin of all bridges
 matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
 # OR:
 # The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins.
 matrix_mautrix_instagram_configuration_extension_yaml: |
  bridge:
    permissions:
      '@YOUR_USERNAME:YOUR_DOMAIN': admin
 ```
 You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-skype.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md
@@ -1,5 +1,7 @@
 # Setting up MX Puppet Skype (optional)
 **Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this.
 The playbook can install and configure
 [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you.
--- a/docs/configuring-playbook-matrix-registration.md
+++ b/docs/configuring-playbook-matrix-registration.md
@@ -2,6 +2,8 @@
 The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you.
 **WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.
 > matrix-registration is a simple python application to have a token based matrix registration.
 Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
 If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
 If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
 ```yaml
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose.
 matrix_synapse_container_client_api_host_bind_port: ''
 matrix_synapse_container_federation_api_plain_host_bind_port: ''
 ```
 ### Using your own external Apache webserver
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -9,8 +9,12 @@ Remember to add `stats.<your-domain>` to DNS as described in [Configuring DNS](c
 ```yaml
 matrix_prometheus_enabled: true
 # You can remove this, if unnecessary.
 matrix_prometheus_node_exporter_enabled: true
 # You can remove this, if unnecessary.
 matrix_prometheus_postgres_exporter_enabled: true
 matrix_grafana_enabled: true
 matrix_grafana_anonymous_access: false
@@ -34,6 +38,7 @@ Name | Description
 -----|----------
 `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
 `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
 `matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
 `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
 `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
 `matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@@ -48,28 +53,55 @@ Most of our docker containers run with limited system access, but the `prometheu
 ## Collecting metrics to an external Prometheus server
 If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation.
 **If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly".
 When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network.
 The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below.
 To do this, you may be interested in the following variables:
 The following variables may be of interest:
 Name | Description
 -----|----------
 `matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service.
 `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials
 `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead
 `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with
 `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead.
 `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
 `matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
 `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
 `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. 
 `matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
 `matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`).
 `matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network)
 `matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
 `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
 `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`
 `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below)
 Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations:
 ```nginx
 matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks:
  - 'location /metrics/another-service {
  resolver 127.0.0.11 valid=5s;
  proxy_pass http://matrix-another-service:9100/metrics;
  }'
 ```
 Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above).
 Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. 
 ### Collecting worker metrics to an external Prometheus server
 ### Collecting Synapse worker metrics to an external Prometheus server
 If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
 If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
 The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
 The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
 It will look a bit like this:
 ```yaml
 scrape_configs:
  - job_name: 'synapse'
    metrics_path: /_synapse/metrics
    metrics_path: /metrics/synapse/main-process
    scheme: https
    basic_auth:
      username: prometheus
@@ -80,7 +112,7 @@ scrape_configs:
          job: "master"
          index: 1
  - job_name: 'synapse-generic_worker-1'
    metrics_path: /_synapse-worker-generic_worker-18111/metrics
    metrics_path: /metrics/synapse/worker/generic_worker-18111
    scheme: https
    basic_auth:
      username: prometheus
@@ -92,38 +124,6 @@ scrape_configs:
          index: 18111
 ```
 ### Collecting system and Postgres metrics to an external Prometheus server (advanced)
 When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.
 It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network.
 Use the following variables in addition to the ones mentioned above:
 Name | Description
 -----|----------
 `matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy
 `matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain
 `matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter
 `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter
 `matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below)
 ```nginx
 matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks:
  - 'location /node-exporter/ {
  resolver 127.0.0.11 valid=5s;
  proxy_pass http://matrix-prometheus-node-exporter:9100/;
  auth_basic "protected";
  auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
  }'
  - 'location /postgres-exporter/ {
  resolver 127.0.0.11 valid=5s;
  proxy_pass http://matrix-prometheus-postgres-exporter:9187/;
  auth_basic "protected";
  auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
  }'
 ```
 You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187.
 ## More information
@@ -131,4 +131,3 @@ You can customize the `location`s to your liking, just point your Prometheus to
 - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana)
 - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
--- a/docs/configuring-playbook-prometheus-postgres.md
+++ b/docs/configuring-playbook-prometheus-postgres.md
@@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv
 ```yaml
 matrix_prometheus_postgres_exporter_enabled: true
 # the role creates a postgres user as credential. You can configure these if required:
 matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter'
 matrix_prometheus_postgres_exporter_database_password: 'some-password'
 ```
 ## What does it do?
@@ -20,7 +15,8 @@ Name | Description
 -----|----------
 `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false'
 `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter'
 `matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database.
 `matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook
 `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 ## More information
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
 - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional)
 - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
@@ -134,6 +134,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
 - [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional)
 - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
 - [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional)
--- a/docs/configuring-well-known.md
+++ b/docs/configuring-well-known.md
@@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W
 If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS.
 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them.
 You have 3 options when it comes to installing the files on the base domain's server:
@@ -98,16 +98,15 @@ server {
 }
 ```
 **For Apache**, it would be something like this:
 **For Apache2**, it would be something like this:
 ```apache
 <VirtualHost *:443>
 	ServerName DOMAIN
 	SSLProxyEngine on
 	<Location /.well-known/matrix>
 		ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
 	</Location>
 	ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
 	ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
 	# other configuration
 </VirtualHost>
@@ -116,8 +115,22 @@ server {
 **For Caddy 2**, it would be something like this:
 ```caddy
 reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN {
 	header_up Host {http.reverse_proxy.upstream.hostport}
 DOMAIN.com {
   @wellknown {
         path /.well-known/matrix/*:x
   }
   handle @wellknown {
      reverse_proxy https://matrix.DOMAIN.com {
          header_up Host {http.reverse_proxy.upstream.hostport}
      }
   }
    # Configration for the base domain goes here
  # handle {
  #    header -Server
  #     encode zstd gzip
  #    reverse_proxy localhost:4020
  # }
 }
 ```
@@ -155,6 +168,11 @@ backend matrix-backend
 /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200!
 ```
 **For AWS CloudFront**
   1. Add a custom origin with matrix.<your-domain> to your distribution
   1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin.
 Make sure to:
 - **replace `DOMAIN`** in the server configuration with your actual domain name
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
 - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
 - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
 - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@@ -214,3 +214,21 @@ element.DOMAIN.tld {
 #        }
 #  }
 #}
 #DOMAIN.com {
 # Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
 #    @wellknown {
 #        path /.well-known/matrix/*
 #    }
 #
 #    handle @wellknown {
 #        reverse_proxy https://matrix.DOMAIN.com {
 #            header_up Host {http.reverse_proxy.upstream.hostport}
 #        }
 #    }
 #    # Configration for the base domain goes here
 #   # handle {
 #   #    header -Server
 #   #     encode zstd gzip
 #   #    reverse_proxy localhost:4020
 #   # }
 #}
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -252,6 +252,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-go-skype-bridge
 #
 ######################################################################
 # We don't enable bridges by default.
 matrix_go_skype_bridge_enabled: false
 matrix_go_skype_bridge_container_image_self_build: true
 matrix_go_skype_bridge_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    ['matrix-' + matrix_homeserver_implementation + '.service']
    +
    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
    +
    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
  }}
 matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
 matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
 matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
 matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
 ######################################################################
 #
 # /matrix-bridge-go-skype-bridge
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bridge-mautrix-facebook
@@ -533,14 +571,14 @@ matrix_mautrix_twitter_systemd_required_services_list: |
    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
  }}
 matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}"
 matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}"
 matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
 matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
 matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
 matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
 matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
 ######################################################################
 #
@@ -673,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena
 matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
 matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}"
 matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}"
 # We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled.
 #
 # People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
 # - `matrix_hookshot_metrics_enabled`
 # - `matrix_hookshot_metrics_proxying_enabled`
 # - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
 matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}"
 matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}"
 matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}"
@@ -1222,7 +1265,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
 matrix_coturn_enabled: true
 matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
@@ -1495,7 +1538,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
    }[matrix_homeserver_implementation]|int
  }}
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}"
 matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"
@@ -1535,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}"
 matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
 matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}"
@@ -1548,13 +1591,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po
 matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
 # This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
 # The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public.
 # A local Prometheus can consume them over the container network.
 matrix_nginx_proxy_proxy_synapse_metrics: false
 matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
 matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
@@ -1576,8 +1612,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers
 matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
 matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
 matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
 matrix_nginx_proxy_systemd_wanted_services_list: |
  {{
    ['matrix-' + matrix_homeserver_implementation + '.service']
@@ -1770,6 +1804,12 @@ matrix_postgres_additional_databases: |
      'password': matrix_beeper_linkedin_database_password,
    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else [])
    +
    ([{
      'name': matrix_go_skype_bridge_database_name,
      'username': matrix_go_skype_bridge_database_username,
      'password': matrix_go_skype_bridge_database_password,
    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else [])
    +
    ([{
      'name': matrix_mautrix_facebook_database_name,
      'username': matrix_mautrix_facebook_database_username,
@@ -2152,7 +2192,7 @@ matrix_synapse_admin_enabled: false
 # Synapse Admin's HTTP port to the local host.
 matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
 matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 ######################################################################
 #
@@ -2357,9 +2397,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_
 matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
 matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
 matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
 matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}"
 matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}"
 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@@ -8,6 +8,10 @@
 # Example value: example.com
 matrix_domain: ~
 # The optional matrix admin MXID, used in bridges' configs to set bridge admin user
 # Example value: "@someone:{{ matrix_domain }}"
 matrix_admin: ''
 # This will contain the homeserver implementation that is in use.
 # Valid values: synapse, dendrite
 #
--- a/roles/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/matrix-bot-buscarron/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false
 matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 matrix_bot_buscarron_version: v1.0.0
 matrix_bot_buscarron_version: v1.2.0
 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}"
 # forms configuration
 matrix_bot_buscarron_forms: []
 # Disable encryption
 matrix_bot_buscarron_noencryption:
 # Sentry DSN
 matrix_bot_buscarron_sentry:
@@ -88,6 +91,24 @@ matrix_bot_buscarron_spam_hosts: []
 # spam email addresses
 matrix_bot_buscarron_spam_emails: []
 # spam email localparts
 matrix_bot_buscarron_spam_localparts: []
 # Ban duration in hours
 matrix_bot_buscarron_ban_duration: 24
 # Banlist size
 matrix_bot_buscarron_ban_size: 10000
 # Postmark token (confirmation emails)
 matrix_bot_buscarron_pm_token:
 # Postmark sender signature
 matrix_bot_buscarron_pm_from:
 # Postmark confirmation email's reply-to
 matrix_bot_buscarron_pm_replyto:
 # Additional environment variables to pass to the buscarron container
 #
 # Example:
--- a/roles/matrix-bot-buscarron/templates/env.j2
+++ b/roles/matrix-bot-buscarron/templates/env.j2
@@ -5,14 +5,24 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
 BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
 BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
 BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
 BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
 BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
 BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
 BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
 BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
 BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
 BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }}
 BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
 BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
 BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}
 BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }}
 {% endfor %}
 BUSCARRON_LIST={{ forms|join(" ") }}
--- a/roles/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/matrix-bot-honoroit/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 matrix_bot_honoroit_version: v0.9.7
 matrix_bot_honoroit_version: v0.9.9
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: ''
 # Log level
 matrix_bot_honoroit_loglevel: ''
 # Disable encryption
 matrix_bot_honoroit_noencryption: false
 # Max items in cache
 matrix_bot_honoroit_cachesize: ''
--- a/roles/matrix-bot-honoroit/templates/env.j2
+++ b/roles/matrix-bot-honoroit/templates/env.j2
@@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
 HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
 HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
 HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
 HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
 HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
 HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
--- a/roles/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/matrix-bot-mjolnir/defaults/main.yml
@@ -4,7 +4,7 @@
 matrix_bot_mjolnir_enabled: true
 matrix_bot_mjolnir_version: "v1.4.1"
 matrix_bot_mjolnir_version: "v1.4.2"
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
--- a/roles/matrix-bridge-appservice-discord/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml
@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-discord-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-discord-registration.yaml"]
      }}
  when: matrix_appservice_discord_enabled|bool
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 matrix_appservice_irc_version: release-0.33.0
 matrix_appservice_irc_version: release-0.34.0
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
--- a/roles/matrix-bridge-appservice-irc/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml
@@ -21,12 +21,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-irc-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-irc-registration.yaml"]
      }}
  when: matrix_appservice_irc_enabled|bool
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 matrix_appservice_slack_version: release-1.10.0
 matrix_appservice_slack_version: release-1.11.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
--- a/roles/matrix-bridge-appservice-slack/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml
@@ -21,14 +21,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-slack-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-slack-registration.yaml"]
      }}
  when: matrix_appservice_slack_enabled|bool
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
--- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-webhooks-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-appservice-webhooks-registration.yaml"]
      }}
  when: matrix_appservice_webhooks_enabled|bool
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
--- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml
+++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
 matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
 matrix_beeper_linkedin_bridge_presence: true
 # A list of extra arguments to pass to the container
 matrix_beeper_linkedin_container_extra_arguments: []
--- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
+++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-beeper-linkedin-registration.yaml"]
      }}
  when: matrix_beeper_linkedin_enabled|bool
--- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
+++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
@@ -238,6 +238,9 @@ bridge:
    #     mxid - Specific user
    permissions:
        "{{ matrix_beeper_linkedin_homeserver_domain }}": user
        {% if matrix_admin %}
        "{{ matrix_admin }}": admin
        {% endif %}
@@ -256,12 +259,12 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: DEBUG
            level: WARNING
        paho:
            level: INFO
            level: WARNING
        aiohttp:
            level: INFO
            level: WARNING
    root:
        level: DEBUG
        level: WARNING
        handlers: [ console]
--- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml
+++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml
@@ -0,0 +1,132 @@
 ---
 # Go Skype Bridge is a Matrix <-> Skype bridge
 # See: https://github.com/kelaresg/go-skype-bridge
 matrix_go_skype_bridge_enabled: true
 matrix_go_skype_bridge_container_image_self_build: true
 matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git"
 matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}"
 matrix_go_skype_bridge_version: latest
 matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}"
 matrix_go_skype_bridge_docker_image_name_prefix: "localhost/"
 matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}"
 matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge"
 matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config"
 matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data"
 matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src"
 matrix_go_skype_bridge_homeserver_address: "{{ matrix_homeserver_container_url }}"
 matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}"
 matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080'
 # A list of extra arguments to pass to the container
 matrix_go_skype_bridge_container_extra_arguments: []
 # List of systemd services that matrix-go-skype-bridge.service depends on.
 matrix_go_skype_bridge_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-go-skype-bridge.service wants
 matrix_go_skype_bridge_systemd_wanted_services_list: []
 matrix_go_skype_bridge_appservice_token: ''
 matrix_go_skype_bridge_homeserver_token: ''
 matrix_go_skype_bridge_appservice_bot_username: skypebridgebot
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_go_skype_bridge_federate_rooms: true
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.
 #
 # To use Postgres:
 # - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`)
 # - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables
 matrix_go_skype_bridge_database_engine: 'sqlite'
 matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
 matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db"
 matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge'
 matrix_go_skype_bridge_database_password: 'some-password'
 matrix_go_skype_bridge_database_hostname: 'matrix-postgres'
 matrix_go_skype_bridge_database_port: 5432
 matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge'
 matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable'
 matrix_go_skype_bridge_appservice_database_type: "{{
 	{
 		'sqlite': 'sqlite3',
 		'postgres':'postgres',
 	}[matrix_go_skype_bridge_database_engine]
 }}"
 matrix_go_skype_bridge_appservice_database_uri: "{{
 	{
 		'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container,
 		'postgres': matrix_go_skype_bridge_database_connection_string,
 	}[matrix_go_skype_bridge_database_engine]
 }}"
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_go_skype_bridge_login_shared_secret: ''
 matrix_go_skype_bridge_bridge_login_shared_secret_map:
  "{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}"
 # Servers to always allow double puppeting from
 matrix_go_skype_bridge_bridge_double_puppet_server_map:
  "{{ matrix_go_skype_bridge_homeserver_domain :  matrix_go_skype_bridge_homeserver_address }}"
 # Default go-skype-bridge configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_go_skype_bridge_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_go_skype_bridge_configuration_yaml`.
 matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`.
 matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}"
 matrix_go_skype_bridge_registration_yaml: |
  id: skype
  url: {{ matrix_go_skype_bridge_appservice_address }}
  as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
  hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
  # See https://github.com/mautrix/signal/issues/43
  sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }}
  rate_limited: false
  namespaces:
      users:
      - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$'
        exclusive: true
      - exclusive: true
        regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
 matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}"
 # Enable End-to-bridge encryption
 matrix_go_skype_bridge_bridge_encryption_allow: false
 matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
 # Minimum severity of journal log messages.
 # Options: debug, info, warn, error, fatal
 matrix_go_skype_bridge_log_level: 'warn'
--- a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml
+++ b/roles/matrix-bridge-go-skype-bridge/tasks/init.yml
@@ -0,0 +1,21 @@
 ---
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}"
  when: matrix_go_skype_bridge_enabled|bool
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-go-skype-bridge-registration.yaml"]
      }}
  when: matrix_go_skype_bridge_enabled|bool
--- a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml
+++ b/roles/matrix-bridge-go-skype-bridge/tasks/main.yml
@@ -0,0 +1,23 @@
 ---
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool"
  tags:
    - setup-all
    - setup-go-skype-bridge
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool"
  tags:
    - setup-all
    - setup-go-skype-bridge
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool"
  tags:
    - setup-all
    - setup-go-skype-bridge
--- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -0,0 +1,147 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - set_fact:
    matrix_go_skype_bridge_requires_restart: false
 - block:
    - name: Check if an SQLite database already exists
      stat:
        path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
      register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result
    - block:
        - set_fact:
            matrix_postgres_db_migration_request:
              src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
              dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
              caller: "{{ role_path|basename }}"
              engine_variable_name: 'matrix_go_skype_bridge_database_engine'
              engine_old: 'sqlite'
              systemd_services_to_stop: ['matrix-go-skype-bridge.service']
              pgloader_options: ['--with "quote identifiers"']
        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
        - set_fact:
            matrix_go_skype_bridge_requires_restart: true
      when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool"
  when: "matrix_go_skype_bridge_database_engine == 'postgres'"
 - name: Ensure Go Skype Bridge paths exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true}
    - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true}
    - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true}
    - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"}
  when: item.when|bool
 - name: Ensure Go Skype Bridge image is pulled
  docker_image:
    name: "{{ matrix_go_skype_bridge_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}"
  when: not matrix_go_skype_bridge_container_image_self_build
  register: result
  retries: "{{ matrix_container_retries_count }}"
  delay: "{{ matrix_container_retries_delay }}"
  until: result is not failed
 - name: Ensure Go Skype Bridge repository is present on self-build
  git:
    repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}"
    dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
    version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_username }}"
  register: matrix_go_skype_bridge_git_pull_results
  when: "matrix_go_skype_bridge_container_image_self_build|bool"
 - name: Ensure Go Skype Bridge Docker image is built
  docker_image:
    name: "{{ matrix_go_skype_bridge_docker_image }}"
    source: build
    force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
      pull: true
  when: "matrix_go_skype_bridge_container_image_self_build|bool"
 - name: Check if an old database file exists
  stat:
    path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db"
  register: matrix_go_skype_bridge_stat_database
 - name: Check if an old matrix state file exists
  stat:
    path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json"
  register: matrix_go_skype_bridge_stat_mx_state
 - name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped
  service:
    name: matrix-go-skype-bridge
    state: stopped
    enabled: false
    daemon_reload: true
  failed_when: false
  when: "matrix_go_skype_bridge_stat_database.stat.exists"
 - name: (Data relocation) Move go-skype-bridge database file to ./data directory
  command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
  when: "matrix_go_skype_bridge_stat_database.stat.exists"
 - name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory
  command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json"
  when: "matrix_go_skype_bridge_stat_mx_state.stat.exists"
 - name: Ensure go-skype-bridge config.yaml installed
  copy:
    content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure go-skype-bridge registration.yaml installed
  copy:
    content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure matrix-go-skype-bridge.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service"
    mode: 0644
  register: matrix_go_skype_bridge_systemd_service_result
 - name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation
  service:
    daemon_reload: true
  when: "matrix_go_skype_bridge_systemd_service_result.changed"
 - name: Ensure matrix-go-skype-bridge.service restarted, if necessary
  service:
    name: "matrix-go-skype-bridge.service"
    state: restarted
  when: "matrix_go_skype_bridge_requires_restart|bool"
--- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
@@ -0,0 +1,25 @@
 ---
 - name: Check existence of matrix-go-skype-bridge service
  stat:
    path: "/etc/systemd/system/matrix-go-skype-bridge.service"
  register: matrix_go_skype_bridge_service_stat
 - name: Ensure matrix-go-skype-bridge is stopped
  service:
    name: matrix-go-skype-bridge
    state: stopped
    enabled: false
    daemon_reload: true
  when: "matrix_go_skype_bridge_service_stat.stat.exists"
 - name: Ensure matrix-go-skype-bridge.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-go-skype-bridge.service"
    state: absent
  when: "matrix_go_skype_bridge_service_stat.stat.exists"
 - name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal
  service:
    daemon_reload: true
  when: "matrix_go_skype_bridge_service_stat.stat.exists"
--- a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml
+++ b/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml
@@ -0,0 +1,10 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_go_skype_bridge_appservice_token"
    - "matrix_go_skype_bridge_homeserver_token"
--- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
+++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
@@ -0,0 +1,241 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details.
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: {{ matrix_go_skype_bridge_homeserver_address }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ matrix_go_skype_bridge_homeserver_domain }}
    # If you don’t know what this is, no need to modify(for parse "mention user/reply message, etc")
    server_name: matrix.to
 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.
 appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: {{ matrix_go_skype_bridge_appservice_address }}
    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 8080
    # Database config.
    database:
        # The database type. "sqlite3" and "postgres" are supported.
        type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }}
        # The database URI.
        #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
        uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }}
        # Maximum number of connections. Mostly relevant for Postgres.
        max_open_conns: 20
        max_idle_conns: 2
    # Settings for provisioning API
    provisioning:
        # Prefix for the provisioning API paths.
        prefix: /_matrix/provision/v1
        # Shared secret for authentication. If set to "disable", the provisioning API will be disabled.
        shared_secret: disable
    # The unique ID of this appservice.
    id: skype
    # Appservice bot details.
    bot:
        # Username of the appservice bot.
        username: skypebridgebot
        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
        # to leave display name/avatar as-is.
        displayname: Skype bridge bot
        avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC
    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
    hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
 # Bridge config
 bridge:
    # Localpart template of MXIDs for Skype users.
    # {{ '{{.}}' }} is replaced with the phone number of the Skype user.
    username_template: {{ 'skype-{{.}}' }}
    # Displayname template for Skype users.
    # {{ '{{.Notify}}' }} - nickname set by the Skype user
    # {{ '{{.Jid}}' }}    - phone number (international format)
    # The following variables are also available, but will cause problems on multi-user instances:
    # {{ '{{.Name}}' }}   - display name from contact list
    # {{ '{{.Short}}' }}  - short display name from contact list
    # To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example:
    # "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)"
    displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)"
    # Localpart template for per-user room grouping community IDs.
    # On startup, the bridge will try to create these communities, add all of the specific user's
    # portals to the community, and invite the Matrix user to it.
    # (Note that, by default, non-admins might not have your homeserver's permission to create
    #  communities.)
    # {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user.
    community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }}
    # Skype connection timeout in seconds.
    connection_timeout: 20
    # If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message
    # to see if it was actually bridged? Use this if you have problems with sends timing out but actually
    # succeeding.
    fetch_message_on_timeout: false
    # Whether or not the bridge should send a read receipt from the bridge bot when a message has been
    # sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will
    # trigger a read receipt too.
    delivery_receipts: false
    # Number of times to regenerate QR code when logging in.
    # The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds)
    login_qr_regen_count: 2
    # Maximum number of times to retry connecting on connection error.
    max_connection_attempts: 3
    # Number of seconds to wait between connection attempts.
    # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
    connection_retry_delay: -1
    # Whether or not the bridge should send a notice to the user's management room when it retries connecting.
    # If false, it will only report when it stops retrying.
    report_connection_retry: true
    # Maximum number of seconds to wait for chats to be sent at startup.
    # If this is too low and you have lots of chats, it could cause backfilling to fail.
    chat_list_wait: 30
    # Maximum number of seconds to wait to sync portals before force unlocking message processing.
    # If this is too low and you have lots of chats, it could cause backfilling to fail.
    portal_sync_wait: 600
    # Whether or not to send call start/end notices to Matrix.
    call_notices:
        start: true
        end: true
    # Number of chats to sync for new users.
    # Since some of the obtained conversations are not the conversations that the user needs to see,
    # the actual number of conversations displayed on the matrix client will be slightly less than the set value
    initial_chat_sync_count: 10
    # Number of old messages to fill when creating new portal rooms.
    initial_history_fill_count: 20
    # Whether or not notifications should be turned off while filling initial history.
    # Only applicable when using double puppeting.
    initial_history_disable_notifications: false
    # Maximum number of chats to sync when recovering from downtime.
    # Set to -1 to sync all new chats during downtime.
    recovery_chat_sync_limit: -1
    # Whether or not to sync history when recovering from downtime.
    recovery_history_backfill: true
    # Maximum number of seconds since last message in chat to skip
    # syncing the chat in any case. This setting will take priority
    # over both recovery_chat_sync_limit and initial_chat_sync_count.
    # Default is 3 days = 259200 seconds
    sync_max_chat_age: 259200
    # sync contact, Non-martix-standard parameter, defaults to false
    sync_contact: false
    # Whether or not to sync with custom puppets to receive EDUs that
    # are not normally sent to appservices.
    sync_with_custom_puppets: true
    # Servers to always allow double puppeting from
    double_puppet_server_map:
        "{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
    login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }}
    # Whether or not to invite own Skype user's Matrix puppet into private
    # chat portals when backfilling if needed.
    # This always uses the default puppet instead of custom puppets due to
    # rate limits and timestamp massaging.
    invite_own_puppet_for_backfilling: true
    # Whether or not to explicitly set the avatar and room name for private
    # chat portal rooms. This can be useful if the previous field works fine,
    # but causes room avatar/name bugs.
    private_chat_portal_meta: true
    # Whether or not thumbnails from Skype should be sent.
    # They're disabled by default due to very low resolution.
    Skype_thumbnail: false
    # Allow invite permission for user. User can invite any bots to room with Skype
    # users (private chat and groups)
    allow_user_invite: false
    # The prefix for commands. Only required in non-management rooms.
    command_prefix: "!wa"
    # End-to-bridge encryption support options. This requires login_shared_secret to be configured
    # in order to get a device for the bridge bot.
    #
    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
    # application service.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }}
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        # It is recommended to also set private_chat_portal_meta to true when using this.
        default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }}
        puppet_id:
            # when set to true, the matrixid of the contact (puppet) from the bridge to the matrix will be encrypted into another string
            allow: false
            # 8 characters
            key: '12dsf323'
            # Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors)
            username_template_prefix: 'skype-'
    # Permissions for using the bridge.
    # Permitted values:
    # relaybot - Talk through the relaybot (if enabled), no access otherwise
    #     user - Access to use the bridge to chat with a Skype account.
    #    admin - User level and some additional administration tools
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
        "{{ matrix_go_skype_bridge_homeserver_domain }}": user
        {% if matrix_admin %}
        "{{ matrix_admin }}": admin
        {% endif %}
    relaybot:
        # Whether or not relaybot support is enabled.
        enabled: false
        # The management room for the bot. This is where all status notifications are posted and
        # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
        # the command prefix completely like in user management rooms is not possible.
        management: '!foo:example.com'
        # List of users to invite to all created rooms that include the relaybot.
        invites: []
        # The formats to use when sending messages to Skype via the relaybot.
        message_formats:
            m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
            m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
            m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
            m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
            m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
            m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
            m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
            m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
 # Logging config.
 logging:
    # The directory for log files. Will be created if not found.
    directory: ./logs
    # Available variables: .Date for the file date and .Index for different log files on the same day.
    # empy/null = journal logging only
    file_name_format:
    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
    file_date_format: "2006-01-02"
    # Log file permissions.
    file_mode: 0600
    # Timestamp format for log entries in the Go time format.
    timestamp_format: "Jan _2, 2006 15:04:05"
    # Minimum severity for log messages.
    # Options: debug, info, warn, error, fatal
    print_level: {{ matrix_go_skype_bridge_log_level }}
--- a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2
+++ b/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2
@@ -0,0 +1,43 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Go Skype Bridge bridge
 {% for service in matrix_go_skype_bridge_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_go_skype_bridge_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_go_skype_bridge_config_path }}:/config:z \
 			-v {{ matrix_go_skype_bridge_data_path }}:/data:z \
 			--workdir=/data \
 			{% for arg in matrix_go_skype_bridge_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_go_skype_bridge_docker_image }} \
 			/usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-go-skype-bridge
 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -4,7 +4,7 @@
 matrix_heisenbridge_enabled: true
 matrix_heisenbridge_version: 1.12.0
 matrix_heisenbridge_version: 1.13.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
--- a/roles/matrix-bridge-heisenbridge/tasks/init.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml
@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/heisenbridge-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/heisenbridge-registration.yaml"]
      }}
  when: matrix_heisenbridge_enabled|bool
--- a/roles/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/matrix-bridge-hookshot/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 matrix_hookshot_version: 1.5.0
 matrix_hookshot_version: 1.7.3
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot
 matrix_hookshot_appservice_port: 9993
 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
 # Metrics work only in conjunction with matrix_synapse_metrics_enabled etc
 matrix_hookshot_metrics_enabled: true
 # Controls whether metrics are enabled in the bridge configuration.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
 # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`.
 matrix_hookshot_metrics_enabled: false
 # Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`.
 # This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
 # See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
 matrix_hookshot_metrics_proxying_enabled: false
 # There is no need to edit ports.
 # Read the documentation to learn about using hookshot metrics with external Prometheus
 # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_metrics_port: 9001
 matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics"
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_webhook_port: 9000
@@ -121,6 +128,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false
 matrix_hookshot_generic_user_id_prefix: '_webhooks_'
 matrix_hookshot_feeds_enabled: false
 # polling interval in seconds
 matrix_hookshot_feeds_interval: 600
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_provisioning_port: 9002
 matrix_hookshot_provisioning_secret: ''
--- a/roles/matrix-bridge-hookshot/tasks/init.yml
+++ b/roles/matrix-bridge-hookshot/tasks/init.yml
@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/hookshot-registration.yml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/hookshot-registration.yml"]
      }}
  when: matrix_hookshot_enabled|bool
 - block:
@@ -99,11 +103,10 @@
            [matrix_hookshot_matrix_nginx_proxy_configuration]
          }}
    - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
    - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
      set_fact:
        matrix_hookshot_matrix_nginx_proxy_metrics_configuration: |
          {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %}
          location {{ matrix_hookshot_metrics_endpoint }} {
        matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
          location /metrics/hookshot {
            {% if matrix_nginx_proxy_enabled|default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
@@ -113,24 +116,18 @@
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
            {% endif %}
            proxy_set_header Host $host;
            {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %}
              auth_basic "protected";
              auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
            {% endif %}
          }
          {% endif %}
      when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool
    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy
    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
      set_fact:
        matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: |
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([])
            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([])
            +
            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration]
            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
          }}
  tags:
    - always
      when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool
  when: matrix_hookshot_enabled|bool
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
--- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml
+++ b/roles/matrix-bridge-hookshot/tasks/validate_config.yml
@@ -57,3 +57,16 @@
  when: "matrix_hookshot_provisioning_enabled and vars[item] == ''"
  with_items:
    - "matrix_hookshot_provisioning_secret"
 - name: (Deprecation) Catch and report old metrics usage
  fail:
    msg: >-
      Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot,
      which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`.
      We now recommend exposing Hookshot metrics in another way, from another URL.
      Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22
  with_items:
    - matrix_hookshot_proxy_metrics
    - matrix_hookshot_metrics_endpoint
  when: "item in vars"
--- a/roles/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2
@@ -78,6 +78,13 @@ generic:
  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
  userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
 {% endif %}
 {% if matrix_hookshot_feeds_enabled %}
 feeds:
  # (Optional) Configure this to enable RSS/Atom feed support
  #
  enabled: {{ matrix_hookshot_feeds_enabled }}
  pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }}
 {% endif %}
 {% if matrix_hookshot_provisioning_enabled %}
 provisioning:
  # (Optional) Provisioning API for integration managers
--- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot
 matrix_mautrix_facebook_bridge_presence: true
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_facebook_logging_level: WARNING
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-facebook-registration.yaml"]
      }}
  when: matrix_mautrix_facebook_enabled|bool
 - block:
--- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
@@ -203,6 +203,9 @@ bridge:
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_facebook_homeserver_domain }}': user
      {% if matrix_admin %}
      '{{ matrix_admin }}': admin
      {% endif %}
    relay:
        # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
@@ -250,11 +253,11 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: DEBUG
            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
        paho:
            level: INFO
            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
    root:
        level: DEBUG
        level: {{ matrix_mautrix_facebook_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true
 matrix_mautrix_googlechat_container_image_self_build: false
 matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
 matrix_mautrix_googlechat_version: v0.3.1
 matrix_mautrix_googlechat_version: v0.3.3
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
@@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: ''
 matrix_mautrix_googlechat_appservice_bot_username: googlechatbot
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_googlechat_logging_level: WARNING
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-googlechat-registration.yaml"]
      }}
  when: matrix_mautrix_googlechat_enabled|bool
 - block:
--- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2
@@ -119,6 +119,9 @@ bridge:
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_googlechat_homeserver_domain }}': user
      {% if matrix_admin %}
      '{{ matrix_admin }}': admin
      {% endif %}
 # Python logging configuration.
 #
@@ -138,11 +141,11 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: DEBUG
            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
        hangups:
            level: DEBUG
            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
    root:
        level: DEBUG
        level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
@@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: ''
 matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_hangouts_logging_level: WARNING
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-hangouts-registration.yaml"]
      }}
  when: matrix_mautrix_hangouts_enabled|bool
 - block:
--- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
@@ -116,6 +116,9 @@ bridge:
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_hangouts_homeserver_domain }}': user
      {% if matrix_admin %}
      '{{ matrix_admin }}': admin
      {% endif %}
 # Python logging configuration.
 #
@@ -135,11 +138,11 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: DEBUG
            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
        hangups:
            level: DEBUG
            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
    root:
        level: DEBUG
        level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml
@@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot
 matrix_mautrix_instagram_bridge_presence: true
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_instagram_logging_level: WARNING
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-instagram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-instagram-registration.yaml"]
      }}
  when: matrix_mautrix_instagram_enabled|bool
--- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
@@ -135,7 +135,7 @@ bridge:
    # Whether or not the bridge should backfill chats when reconnecting.
    resync: true
    # Should even disconnected users be reconnected?
    always: false  
    always: false
  # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
  # and login_shared_secret to be configured in order to get a device for the bridge bot.
  #
@@ -166,7 +166,7 @@ bridge:
  # been sent to Instagram.
  delivery_receipts: false
  # Whether or not delivery errors should be reported as messages in the Matrix room.
  delivery_error_reports: false
  delivery_error_reports: true
  # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
  # This field will automatically be changed back to false after it,
  # except if the config file is not writable.
@@ -187,6 +187,9 @@ bridge:
  #     mxid - Specific user
  permissions:
    "{{ matrix_mautrix_instagram_homeserver_domain }}": user
    {% if matrix_admin %}
    "{{ matrix_admin }}": admin
    {% endif %}
  # Provisioning API part of the web server for automated portal creation and fetching information.
  # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
  provisioning:
@@ -216,13 +219,13 @@ logging:
      formatter: colored
  loggers:
    mau:
      level: DEBUG
      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
    mauigpapi:
      level: DEBUG
      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
    paho:
      level: INFO
      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
    aiohttp:
      level: INFO
      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
  root:
    level: DEBUG
    level: {{ matrix_mautrix_instagram_logging_level|to_json }}
    handlers: [console]
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 matrix_mautrix_signal_version: v0.3.0
 matrix_mautrix_signal_daemon_version: 0.18.1
 matrix_mautrix_signal_daemon_version: 0.18.5
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
@@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: ''
 matrix_mautrix_signal_appservice_bot_username: signalbot
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_signal_logging_level: WARNING
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_mautrix_signal_federate_rooms: true
@@ -99,6 +102,9 @@ matrix_mautrix_signal_relaybot_enabled: false
 matrix_mautrix_signal_bridge_permissions: |
  '*': relay
  '{{ matrix_mautrix_signal_homeserver_domain }}': user
  {% if matrix_admin %}
  "{{ matrix_admin }}": admin
  {% endif %}
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
@@ -127,3 +133,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis
 matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"
 matrix_mautrix_signal_log_level: 'DEBUG'
 matrix_mautrix_signal_bridge_encryption_allow: false
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
--- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml
@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-signal-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-signal-registration.yaml"]
      }}
  when: matrix_mautrix_signal_enabled|bool
--- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -152,15 +152,15 @@ bridge:
    # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }}
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false
        default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }}
        # Options for automatic key sharing.
        key_sharing:
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow: false
            allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }}
            # Require the requesting device to have a valid cross-signing signature?
            # This doesn't require that the bridge has verified the device, only that the user has verified it.
            # Not yet implemented.
@@ -177,7 +177,7 @@ bridge:
    # Note that this is not related to Signal delivery receipts.
    delivery_receipts: false
    # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented)
    delivery_error_reports: false
    delivery_error_reports: true
    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
    # This field will automatically be changed back to false after it,
    # except if the config file is not writable.
@@ -223,7 +223,7 @@ bridge:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions: 
    permissions:
        {{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
    relay:
@@ -266,9 +266,9 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: {{ matrix_mautrix_signal_log_level }}
            level: {{ matrix_mautrix_signal_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_signal_logging_level|to_json }}
    root:
        level: {{ matrix_mautrix_signal_log_level }}
        level: {{ matrix_mautrix_signal_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq
 matrix_mautrix_telegram_appservice_bot_username: telegrambot
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_telegram_logging_level: WARNING
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_mautrix_telegram_federate_rooms: true
--- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-telegram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-telegram-registration.yaml"]
      }}
  when: matrix_mautrix_telegram_enabled|bool
 - block:
--- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
@@ -105,11 +105,11 @@ bridge:
    # synced when they send messages. The maximum is 10000, after which the Telegram server
    # will not send any more members.
    # Defaults to no local limit (-> limited to 10000 by server)
    max_initial_member_sync: -1
    max_initial_member_sync: 10
    # Whether or not to sync the member list in channels.
    # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
    # list regardless of this setting.
    sync_channel_members: true
    sync_channel_members: false
    # Whether or not to skip deleted members when syncing members.
    skip_deleted_members: true
    # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
@@ -204,7 +204,7 @@ bridge:
    # been sent to Telegram.
    delivery_receipts: false
    # Whether or not delivery errors should be reported as messages in the Matrix room.
    delivery_error_reports: false
    delivery_error_reports: true
    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
    # This field will automatically be changed back to false after it,
    # except if the config file is not writable.
@@ -291,6 +291,9 @@ bridge:
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_telegram_homeserver_domain }}': full
      {% if matrix_admin %}
      '{{ matrix_admin }}': admin
      {% endif %}
    # Options related to the message relay Telegram bot.
    relaybot:
@@ -401,11 +404,11 @@ logging:
            formatter: precise
    loggers:
        mau:
            level: DEBUG
            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
        telethon:
            level: DEBUG
            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
    root:
        level: DEBUG
        level: {{ matrix_mautrix_telegram_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true
 matrix_mautrix_twitter_container_image_self_build: false
 matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
 matrix_mautrix_twitter_version: v0.1.3
 matrix_mautrix_twitter_version: v0.1.4
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
@@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt
 matrix_mautrix_twitter_appservice_bot_username: twitterbot
 # Specifies the default log level for all bridge loggers.
 matrix_mautrix_twitter_logging_level: WARNING
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
@@ -7,14 +7,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-twitter-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-twitter-registration.yaml"]
      }}
  when: matrix_mautrix_twitter_enabled|bool
 # ansible lower than 2.8, does not support docker_image build parameters
--- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
@@ -149,7 +149,7 @@ bridge:
    # been sent to Twitter.
    delivery_receipts: false
    # Whether or not delivery errors should be reported as messages in the Matrix room.
    delivery_error_reports: false
    delivery_error_reports: true
    # Whether or not non-fatal polling errors should send notices to the notice room.
    temporary_disconnect_notices: true
    # Number of seconds to sleep more than the previous error when a polling error occurs.
@@ -175,6 +175,9 @@ bridge:
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_twitter_homeserver_domain }}': user
      {% if matrix_admin %}
      '{{ matrix_admin }}': admin
      {% endif %}
 # Python logging configuration.
@@ -195,9 +198,9 @@ logging:
            formatter: colored
    loggers:
        mau:
            level: DEBUG
            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
        aiohttp:
            level: INFO
            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
    root:
        level: DEBUG
        level: {{ matrix_mautrix_twitter_logging_level|to_json }}
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_version: v0.3.1
 matrix_mautrix_whatsapp_version: v0.5.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@@ -123,3 +123,12 @@ matrix_mautrix_whatsapp_registration_yaml: |
  de.sorunome.msc2409.push_ephemeral: true
 matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"
 # Enable End-to-bridge encryption
 matrix_mautrix_whatsapp_bridge_encryption_allow: false
 matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 # Minimum severity of journal log messages.
 # Options: debug, info, warn, error, fatal
 matrix_mautrix_whatsapp_log_level: 'warn'
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
@@ -6,12 +6,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mautrix-whatsapp-registration.yaml"]
      }}
  when: matrix_mautrix_whatsapp_enabled|bool
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -10,7 +10,7 @@ homeserver:
    # The URL to push real-time bridge status to.
    # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
    # The bridge will use the appservice as_token to authorize requests.
    status_endpoint: "null"
    status_endpoint: null
 appservice:
    # The address that the homeserver can use to connect to this appservice.
@@ -158,16 +158,16 @@ bridge:
    # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }}
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        # It is recommended to also set private_chat_portal_meta to true when using this.
        default: false
        default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }}
        # Options for automatic key sharing.
        key_sharing:
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow: false
            allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
            # Require the requesting device to have a valid cross-signing signature?
            # This doesn't require that the bridge has verified the device, only that the user has verified it.
            # Not yet implemented.
@@ -187,6 +187,9 @@ bridge:
    #     mxid - Specific user
    permissions:
        "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
        {% if matrix_admin %}
        "{{ matrix_admin }}": admin
        {% endif %}
    # Settings for relay mode
    relay:
@@ -211,7 +214,8 @@ logging:
    # The directory for log files. Will be created if not found.
    directory: ./logs
    # Available variables: .Date for the file date and .Index for different log files on the same day.
    file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
    # empy/null = journal logging only
    file_name_format:
    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
    file_date_format: "2006-01-02"
    # Log file permissions.
@@ -220,4 +224,4 @@ logging:
    timestamp_format: "Jan _2, 2006 15:04:05"
    # Minimum severity for log messages.
    # Options: debug, info, warn, error, fatal
    print_level: debug
    print_level: {{ matrix_mautrix_whatsapp_log_level }}
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@@ -1,27 +1,21 @@
 ---
 # Mx Puppet Discord is a Matrix <-> Discord bridge
 # See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord)
 #
 # We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See:
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/201
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/202
 # - https://github.com/matrix-discord/mx-puppet-discord/issues/203
 # - (other similar issues in the past)
 # See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord
 matrix_mx_puppet_discord_enabled: true
 matrix_mx_puppet_discord_container_image_self_build: false
 matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo"
 matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git"
 matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord"
 matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile"
 # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_discord_container_http_host_bind_port: ''
 matrix_mx_puppet_discord_version: latest
 matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_version: v0.1.1
 matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-discord-registration.yaml"]
      }}
  when: matrix_mx_puppet_discord_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
@@ -25,7 +25,7 @@ presence:
  # Bridge Discord online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  interval: 5000
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
@@ -117,7 +117,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 ExecStartPre={{ matrix_host_command_sleep }} 15
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
 			--log-driver=none \
--- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-groupme-registration.yaml"]
      }}
  when: matrix_mx_puppet_groupme_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2
@@ -78,7 +78,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-instagram-registration.yaml"]
      }}
  when: matrix_mx_puppet_instagram_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
@@ -18,7 +18,7 @@ presence:
  # Bridge Instagram online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  interval: 5000
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
@@ -61,7 +61,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-skype-registration.yaml"]
      }}
  when: matrix_mx_puppet_skype_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
@@ -29,7 +29,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Optionally, you can apply filters to the console logging
  #console:
  #  level: info
@@ -80,7 +80,7 @@ presence:
  # Bridge online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  interval: 5000
  # if the im.vector.user_status state setting should be diabled
  #disableStatusState: false
  # A blacklist of remote user IDs for the im.vector.user_status state setting
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # Mx Puppet Slack is a Matrix <-> Slack bridge
 # See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack)
 # See: https://github.com/Sorunome/mx-puppet-slack
 matrix_mx_puppet_slack_enabled: true
@@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: ''
 matrix_mx_puppet_slack_oauth_client_secret: ''
 matrix_mx_puppet_slack_container_image_self_build: false
 matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git"
 matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git"
 matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack"
 matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile"
 # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_slack_container_http_host_bind_port: ''
 matrix_mx_puppet_slack_version: latest
 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_version: v0.1.2
 matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
--- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-slack-registration.yaml"]
      }}
  when: matrix_mx_puppet_slack_enabled|bool
 - block:
--- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
@@ -32,7 +32,7 @@ presence:
  # Bridge Discord online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  interval: 5000
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
@@ -75,7 +75,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-steam-registration.yaml"]
      }}
  when: matrix_mx_puppet_steam_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
@@ -78,7 +78,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-mx-puppet-twitter-registration.yaml"]
      }}
  when: matrix_mx_puppet_twitter_enabled|bool
 - block:
--- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
@@ -28,7 +28,7 @@ presence:
  # Bridge Twitter online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  interval: 5000
 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
@@ -71,7 +71,7 @@ logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  console: warn
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
--- a/roles/matrix-bridge-sms/tasks/init.yml
+++ b/roles/matrix-bridge-sms/tasks/init.yml
@@ -15,12 +15,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
      {{
        matrix_synapse_container_extra_arguments|default([])
        +
        ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
      }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-sms-bridge-registration.yaml"] }}
      {{
        matrix_synapse_app_service_config_files|default([])
        +
        ["/matrix-sms-bridge-registration.yaml"]
      }}
  when: matrix_sms_bridge_enabled|bool
--- a/roles/matrix-client-cinny/defaults/main.yml
+++ b/roles/matrix-client-cinny/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true
 matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 matrix_client_cinny_version: v1.8.2
 matrix_client_cinny_version: v2.0.4
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@@ -3,13 +3,13 @@
 matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git"
 # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 matrix_client_element_version: v1.10.10
 matrix_client_element_version: v1.10.15
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
--- a/roles/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/matrix-client-hydrogen/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 matrix_client_hydrogen_version: v0.2.26
 matrix_client_hydrogen_version: v0.2.29
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
--- a/roles/matrix-client-hydrogen/tasks/main.yml
+++ b/roles/matrix-client-hydrogen/tasks/main.yml
@@ -21,3 +21,10 @@
  tags:
    - setup-all
    - setup-client-hydrogen
 - import_tasks: "{{ role_path }}/tasks/self_check.yml"
  delegate_to: 127.0.0.1
  become: false
  when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool"
  tags:
    - self-check
--- a/roles/matrix-client-hydrogen/tasks/self_check.yml
+++ b/roles/matrix-client-hydrogen/tasks/self_check.yml
@@ -1,7 +1,7 @@
 ---
 - set_fact:
    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}"
    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json"
 - name: Check Hydrogen
  uri:
--- a/roles/matrix-corporal/defaults/main.yml
+++ b/roles/matrix-corporal/defaults/main.yml
@@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 matrix_corporal_version: 2.2.3
 matrix_corporal_version: 2.3.0
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}"  # for backward-compatibility
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 matrix_coturn_version: 4.5.2-r11
 matrix_coturn_version: 4.5.2-r12
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
--- a/roles/matrix-dendrite/defaults/main.yml
+++ b/roles/matrix-dendrite/defaults/main.yml
@@ -61,7 +61,7 @@ matrix_dendrite_systemd_wanted_services_list: []
 # Specifies which template files to use when configuring Dendrite.
 # If you'd like to have your own different configuration, feel free to copy and paste
 # the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
 # and then change the specific host's `vars.yaml` file like this:
 # and then change the specific host's `vars.yml` file like this:
 # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
 matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
--- a/roles/matrix-dimension/templates/config.yaml.j2
+++ b/roles/matrix-dimension/templates/config.yaml.j2
@@ -73,13 +73,3 @@ dimension:
  # This is where Dimension is accessible from clients. Be sure to set this
  # to your own Dimension instance.
  publicUrl: "https://{{ matrix_server_fqn_dimension }}"
 # Settings for controlling how logging works
 logging:
  file: /dev/null
  console: true
  consoleLevel: verbose
  fileLevel: info
  rotate:
    size: 52428800 # bytes, default is 50mb
    count: 5
--- a/roles/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/matrix-dynamic-dns/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 matrix_dynamic_dns_version: v3.9.1-ls79
 matrix_dynamic_dns_version: v3.9.1-ls89
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/matrix-etherpad/defaults/main.yml
+++ b/roles/matrix-etherpad/defaults/main.yml
@@ -4,7 +4,7 @@ matrix_etherpad_enabled: false
 matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
 matrix_etherpad_version: 1.8.16
 matrix_etherpad_version: 1.8.18
 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}"
 matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"