Automatic translations update

2026-05-23 19:45:57 +03:00 · 2026-05-07 14:00:32 +00:00
113 changed files with 4740 additions and 2730 deletions
@@ -1,41 +1,3 @@
 # 2026-05-23
 ## Go-NEB has been removed from the playbook
 [Go-NEB](./docs/configuring-playbook-bot-go-neb.md) has been removed from the playbook, as it has been discontinued since June 2023.
 The playbook will let you know if you're using any `matrix_bot_go_neb_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the bot manually](./docs/configuring-playbook-bot-go-neb.md#uninstalling-go-neb-manually).
 # 2026-05-19
 ## matrix-registration has been removed from the playbook
 The [matrix-registration](./docs/configuring-playbook-matrix-registration.md) service has been removed from the playbook, as it has been unmaintained (archived) since November, 2025.
 The playbook will let you know if you're using any `matrix_registration_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-matrix-registration.md#uninstalling-the-component-manually).
 # 2026-05-18
 ## LiveKit Server has been upgraded to v1.12.0
 The playbook now ships [LiveKit Server](./docs/configuring-playbook-livekit-server.md) v1.12.0. See the [upstream release notes](https://github.com/livekit/livekit/releases/tag/v1.12.0) for details.
 This release tightens TURN security:
 - **TURN credentials now carry a TTL** (default: 300 seconds), exposed via `livekit_server_config_turn_ttl_seconds`.
 - **TURN no longer relays traffic to restricted peer CIDRs** (loopback, link-local, multicast, private, unspecified) by default. If your setup legitimately requires it, list the ranges in `livekit_server_config_turn_allow_restricted_peer_cidrs`.
    For example, to allow TURN to reach the common [RFC1918](https://www.rfc-editor.org/rfc/rfc1918) private ranges, add to your `vars.yml`:
    ```yaml
    livekit_server_config_turn_allow_restricted_peer_cidrs:
      - 10.0.0.0/8
      - 172.16.0.0/12
      - 192.168.0.0/16
    ```
    Adjust the ranges to match your network. To deny specific CIDRs (taking precedence over the allow list above), use `livekit_server_config_turn_deny_peer_cidrs` in the same shape.
 # 2026-05-07
 ## Tuwunel support
@@ -4,7 +4,7 @@
 ## 🎯 Purpose
-This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#-supported-services) related to that.
+This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#supported-services) related to that.
 That is, it lets you join the Matrix network using your own user ID like `@alice:example.com`, all hosted on your own server (see [prerequisites](docs/prerequisites.md)).
@@ -93,6 +93,7 @@ Extend and modify how users are authenticated on your homeserver.
 |[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | ❌ | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
 | [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | ❌ | LDAP Auth password provider module | [Link](docs/configuring-playbook-ldap-auth.md) |
 | [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
 | [matrix-registration](https://github.com/ZerataX/matrix-registration) | ❌ | Simple python application to have a token based Matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) |
 | [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token | [Link](docs/configuring-playbook-user-verification-service.md) |
 | [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | ❌ | Spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |
@@ -121,7 +122,7 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [mautrix-bluesky](https://github.com/mautrix/bluesky) | ❌ | Bridge to [Bluesky](https://bsky.social/) | [Link](docs/configuring-playbook-bridge-mautrix-bluesky.md) |
 | [mautrix-twitter](https://github.com/mautrix/twitter) | ❌ | Bridge to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
 | [mautrix-googlechat](https://github.com/mautrix/googlechat) | ❌ | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
-| [mautrix-meta](https://github.com/mautrix/meta) | ❌ | Bridge to [Messenger](https://messenger.com/) and [Instagram](https://instagram.com/) | Link for [Messenger](docs/configuring-playbook-bridge-mautrix-meta-messenger.md) / [Instagram](docs/configuring-playbook-bridge-mautrix-meta-instagram.md) |
+| [mautrix-meta](https://github.com/mautrix/instagram) | ❌ | Bridge to [Messenger](https://messenger.com/) and [Instagram](https://instagram.com/) | Link for [Messenger](docs/configuring-playbook-bridge-mautrix-meta-messenger.md) / [Instagram](docs/configuring-playbook-bridge-mautrix-meta-instagram.md) |
 | [mautrix-signal](https://github.com/mautrix/signal) | ❌ | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
 | [beeper-linkedin](https://github.com/beeper/linkedin) | ❌ | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
 | [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | ❌ | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
@@ -1,26 +1,267 @@
 <!--
-SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2021 Yannick Goossens
 SPDX-FileCopyrightText: 2022 Dennis Ciba
-SPDX-FileCopyrightText: 2022 Nikita Chernyi
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
-SPDX-FileCopyrightText: 2023-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2025 MDAD project contributors
 SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
-# Setting up Go-NEB (optional, removed)
+# Setting up Go-NEB (optional, unmaintained)
-🪦 The playbook used to be able to install and configure [Go-NEB](https://github.com/matrix-org/go-neb), but no longer includes this component as it has been discontinued.
+**Note**: [Go-NEB](https://github.com/matrix-org/go-neb) is now an archived (**unmaintained**) project. We recommend not bothering with installing it. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md). Consider using that bot instead of this one.
-While not a 1:1 replacement, the bot's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md).
+The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go-neb) for you.
-## Uninstalling Go-NEB manually
+Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
-If you still have the Go-NEB component installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:
+See the project's [documentation](https://github.com/matrix-org/go-neb/blob/master/README.md) to learn what it does and why it might be useful to you.
 ## Prerequisites
 ### Register the bot account
 The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot.
 Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
 You can use the playbook to [register a new user](registering-users.md):
 ```sh
-systemctl disable --now matrix-bot-go-neb.service
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 rm -rf /matrix/go-neb
 ```
 ### Obtain an access token
 The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
 > [!WARNING]
 > Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.
 ## Adjusting DNS records
 By default, this playbook installs Go-NEB on the `goneb.` subdomain (`goneb.example.com`) and requires you to create a CNAME record for `goneb`, which targets `matrix.example.com`.
 When setting, replace `example.com` with your own.
 ## Adjusting the playbook configuration
 To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_FOR_GONEB_HERE` and `ACCESS_TOKEN_FOR_ANOTHER_GONEB_HERE` with the ones created [above](#obtain-an-access-token).
 ```yaml
 matrix_bot_go_neb_enabled: true
 # You need at least 1 client.
 # Use the access token you obtained in the step above.
 matrix_bot_go_neb_clients:
  - UserID: "@goneb:{{ matrix_domain }}"
    AccessToken: "ACCESS_TOKEN_FOR_GONEB_HERE"
    DeviceID: "DEVICE1"
    HomeserverURL: "{{ matrix_addons_homeserver_client_api_url }}"
    Sync: true
    AutoJoinRooms: true
    DisplayName: "Go-NEB!"
    AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
  - UserID: "@another_goneb:{{ matrix_domain }}"
    AccessToken: "ACCESS_TOKEN_FOR_ANOTHER_GONEB_HERE"
    DeviceID: "DEVICE2"
    HomeserverURL: "{{ matrix_addons_homeserver_client_api_url }}"
    Sync: false
    AutoJoinRooms: false
    DisplayName: "Go-NEB!"
    AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
 # Optional, for use with the github_cmd, github_webhooks or jira services
 matrix_bot_go_neb_realms:
  - ID: "github_realm"
    Type: "github"
    Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
 # Optional. The list of *authenticated* sessions which Go-NEB is aware of.
 matrix_bot_go_neb_sessions:
  - SessionID: "your_github_session"
    RealmID: "github_realm"
    UserID: "@alice:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
    Config:
      # Populate these fields by generating a "Personal Access Token" on github.com
      AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
      Scopes: "admin:org_hook,admin:repo_hook,repo,user"
 # The list of services which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureService for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
 # You need at least 1 service.
 matrix_bot_go_neb_services:
  - ID: "echo_service"
    Type: "echo"
    UserID: "@goneb:{{ matrix_domain }}"
    Config: {}
 # Can be obtained from https://developers.giphy.com/dashboard/
  - ID: "giphy_service"
    Type: "giphy"
    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
    Config:
      api_key: "qwg4672vsuyfsfe"
      use_downsized: false
 # This service has been dead for over a year :/
  - ID: "guggy_service"
    Type: "guggy"
    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
    Config:
      api_key: "2356saaqfhgfe"
 # API Key via https://developers.google.com/custom-search/v1/introduction
 # CX via http://www.google.com/cse/manage/all
 # https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
 # 'Search the entire web' and 'Image search' enabled for best results
  - ID: "google_service"
    Type: "google"
    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
    Config:
      api_key: "AIzaSyA4FD39m9"
      cx: "AIASDFWSRRtrtr"
 # Obtain a key via https://api.imgur.com/oauth2/addclient
 # Select "oauth2 without callback url"
  - ID: "imgur_service"
    Type: "imgur"
    UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
    Config:
      client_id: "AIzaSyA4FD39m9"
      client_secret: "somesecret"
  - ID: "wikipedia_service"
    Type: "wikipedia"
    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
    Config:
  - ID: "rss_service"
    Type: "rssbot"
    UserID: "@another_goneb:{{ matrix_domain }}"
    Config:
      feeds:
        "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
          rooms: ["!qporfwt:{{ matrix_domain }}"]
          must_include:
            author:
              - author1
            description:
              - lorem
              - ipsum
          must_not_include:
            title:
              - Lorem
              - Ipsum
  - ID: "github_cmd_service"
    Type: "github"
    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
    Config:
      RealmID: "github_realm"
    # Make sure your BASE_URL can be accessed by Github!
  - ID: "github_webhook_service"
    Type: "github-webhook"
    UserID: "@another_goneb:{{ matrix_domain }}"
    Config:
      RealmID: "github_realm"
      ClientUserID: "@alice:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
      Rooms:
        "!qporfwt:example.com":
          Repos:
            "element-hq/synapse":
              Events: ["push", "issues"]
            "matrix-org/dendron":
              Events: ["pull_request"]
        "!aaabaa:example.com":
          Repos:
            "element-hq/synapse":
              Events: ["push", "issues"]
            "matrix-org/dendron":
              Events: ["pull_request"]
  - ID: "slackapi_service"
    Type: "slackapi"
    UserID: "@slackapi:{{ matrix_domain }}"
    Config:
      Hooks:
        "hook1":
          RoomID: "!qporfwt:example.com"
          MessageType: "m.text" # default is m.text
  - ID: "alertmanager_service"
    Type: "alertmanager"
    UserID: "@alertmanager:{{ matrix_domain }}"
    Config:
      # This is for information purposes only. It should point to Go-NEB path as follows:
      # `/services/hooks/<base64 encoded service ID>`
      # Where in this case "service ID" is "alertmanager_service"
      # Make sure your BASE_URL can be accessed by the Alertmanager instance!
      webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
      # Each room will get the notification with the alert rendered with the given template
      rooms:
        "!qporfwt:example.com":
          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
          msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 ```
 ### Adjusting the Go-NEB URL (optional)
 By tweaking the `matrix_bot_go_neb_hostname` and `matrix_bot_go_neb_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
 Example additional configuration for your `vars.yml` file:
 ```yaml
 # Switch to the domain used for Matrix services (`matrix.example.com`),
 # so we won't need to add additional DNS records for Go-NEB.
 matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_matrix }}"
 # Expose under the /go-neb subpath
 matrix_bot_go_neb_path_prefix: /go-neb
 ```
 After changing the domain, **you may need to adjust your DNS** records to point the Go-NEB domain to the Matrix server.
 If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
 ### Extending the configuration
 There are some additional things you may wish to configure about the bot.
 Take a look at:
 - `roles/custom/matrix-bot-go-neb/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-bot-go-neb/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_go_neb_configuration_extension_yaml` variable
 ## Installing
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
 ## Usage
 To use the bot, invite it to any existing Matrix room (`/invite @bot.go-neb:example.com` where `example.com` is your base domain, not the `matrix.` domain). Make sure you are granted with the sufficient permission if you are not the room owner.
 Basic usage is like this: `!echo hi` or `!imgur puppies` or `!giphy matrix`
 If you enabled the github_cmd service, send `!github help` to the bot in the room to see the available commands.
 You can also refer to the upstream [Documentation](https://github.com/matrix-org/go-neb).
 ## Troubleshooting
 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-go-neb`.
@@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you.
-See the project's [documentation](https://github.com/matrix-org/matrix-synapse-ldap3/blob/main/README.md) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/matrix-synapse-ldap3/blob/main/README.rst) to learn what it does and why it might be useful to you.
 ## Adjusting the playbook configuration
@@ -61,12 +61,6 @@ livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-tr
 and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.
 ## TURN access controls
 LiveKit's embedded TURN server enforces a credential TTL and restricts which peer CIDRs it will relay to. The playbook leaves these at the role's secure defaults, which are appropriate for typical deployments where TURN peers live on the public Internet.
 If your setup needs TURN to relay to private/restricted ranges, or you want to override the credential TTL, see the [TURN access controls and credential TTL](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md#turn-access-controls-and-credential-ttl) section of the role's documentation.
 ## Limitations
 LiveKit Server's TURN listener behavior depends on where TLS is terminated:
@@ -1,36 +1,115 @@
 <!--
-SPDX-FileCopyrightText: 2019 Edgars Voroboks
+SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
-SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2022 MDAD project contributors
-SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 Chris van Dijk
 SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2020 jens quade
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Kim Brose
 SPDX-FileCopyrightText: 2022 Travis Ralston
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2022 Yan Minagawa
 SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
-# Setting up matrix-registration (optional, removed)
+# Setting up matrix-registration (optional)
-> [!NOTE]
+> [!WARNING]
-> This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md).
+> - This is a poorly maintained and buggy project. It's better to avoid using it.
 > - This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)
-🪦 The playbook used to be able to install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration), but no longer includes this component, as it has been unmaintained since November, 2025.
+The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. It is a simple python application to have a token based Matrix registration.
-## Uninstalling the component manually
+Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows certain people (these having a special link) to register a user account, **keeping your server's registration closed (private)**.
-If you still have matrix-registration installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:
+**matrix-registration** provides 2 things:
 - **an API for creating registration tokens** (unique registration links). This API can be used via `curl` or via the playbook (see [Usage](#usage) below)
 - **a user registration page**, where people can use these registration tokens. By default, exposed at `https://matrix.example.com/matrix-registration`
 ## Adjusting DNS records (optional)
 By default, this playbook installs the matrix-registration on the `matrix.` subdomain, at the `/matrix-registration` path (https://matrix.example.com/matrix-registration). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.
 If you wish to adjust it, see the section [below](#adjusting-the-matrix-registration-url-optional) for details about DNS configuration.
 ## Adjusting the playbook configuration
 To enable matrix-registration, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_registration_enabled: true
 # Generate a strong secret here. You can create one with a command like `pwgen -s 64 1`.
 matrix_registration_admin_secret: "ENTER_SOME_SECRET_HERE"
 ```
 ### Adjusting the matrix-registration URL (optional)
 By tweaking the `matrix_registration_hostname` and `matrix_registration_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
 Example additional configuration for your `vars.yml` file:
 ```yaml
 # Change the default hostname and path prefix
 matrix_registration_hostname: registration.example.com
 matrix_registration_path_prefix: /
 ```
 If you've changed the default hostname, you may need to create a CNAME record for the matrix-registration domain (`registration.example.com`), which targets `matrix.example.com`.
 When setting, replace `example.com` with your own.
 ### Extending the configuration
 There are some additional things you may wish to configure about the component.
 Take a look at:
 - `roles/custom/matrix-registration/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-registration/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_registration_configuration_extension_yaml` variable
 ## Installing
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
 ## Usage
 **matrix-registration** gets exposed at `https://matrix.example.com/matrix-registration`
 It provides various [APIs](https://github.com/ZerataX/matrix-registration/wiki/api) — for creating registration tokens, listing tokens, disabling tokens, etc. To make use of all of its capabilities, consider using `curl`.
 We make the most common APIs easy to use via the playbook (see below).
 ### Creating registration tokens
 To **create a new user registration token (link)**, use this command:
 ```sh
-systemctl disable --now matrix-registration.service
+ansible-playbook -i inventory/hosts setup.yml \
-
+--tags=generate-matrix-registration-token \
-rm -rf /matrix/matrix-registration
+--extra-vars="one_time=yes ex_date=2021-12-31"
 /matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_registration;'
 ```
 The above command creates and returns a **one-time use** token, which **expires** on the 31st of December 2021. Adjust the `one_time` and `ex_date` variables as you see fit.
 Share the unique registration link (generated by the command above) with users to let them register on your Matrix server.
 ### Listing registration tokens
 To **list the existing user registration tokens**, use this command:
 ```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=list-matrix-registration-tokens
 ```
 The shortcut command with `just` program is also available: `just run-tags list-matrix-registration-tokens`
 ## Troubleshooting
 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-registration`.
@@ -140,16 +140,15 @@ The S3 backend ships with native multipart upload, so no goofys/rclone sidecar i
 ### RocksDB and cache tuning
-Tuwunel embeds RocksDB. The defaults (`rocksdb_compression_algo: zstd`) suit most deployments. For high-throughput servers you may want to enable direct I/O, raise parallelism, and configure a backup path:
+Tuwunel embeds RocksDB. The defaults (`rocksdb_compression_algo: zstd`) suit most deployments. For high-throughput servers you may want to enable direct I/O, raise parallelism, and bump the cache modifier:
 ```yaml
 matrix_tuwunel_config_rocksdb_direct_io: true
 matrix_tuwunel_config_rocksdb_parallelism_threads: 8
 matrix_tuwunel_config_cache_capacity_modifier: 2.0
 matrix_tuwunel_config_database_backup_path: /var/lib/tuwunel/backups
 ```
 `matrix_tuwunel_config_cache_capacity_modifier` is left empty by default, so Tuwunel picks a value (`1.0` since v1.7.0, with rebalanced per-cache sizes that already raise memory use). Set it to `2.0` only on small hosts with four or fewer cores; on larger machines the default is recommended.
 If you run on ZFS, the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html#zfs) lists the dataset properties (`recordsize`, `primarycache`, `compression`, `atime`, `logbias`) and config flags (`rocksdb_direct_io`, `rocksdb_allow_fallocate`) you need to adjust to avoid severe write amplification.
 To enable Sentry crash reporting, set `matrix_tuwunel_config_sentry_enabled: true`.
@@ -167,14 +166,7 @@ matrix_tuwunel_config_prevent_media_downloads_from:
  - 'heavy\.example\.com$'
 ```
-Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating. The policy itself lives in room state, but enforcement is opt-in at the server level:
+Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating; that lives in room state and needs no playbook configuration.
 ```yaml
 matrix_tuwunel_config_enable_policy_servers: true
 matrix_tuwunel_config_policy_server_request_timeout: 5
 ```
 When enabled, rooms with a valid `m.room.policy` state event have outgoing events signed by the configured policy server before federation. Transient network or timeout failures fail open (with a warn log), so a policy-server outage will not silently take the room offline.
 ### Default room version
@@ -106,6 +106,8 @@ Extend and modify how users are authenticated on your homeserver.
 - [Setting up Ketesa](configuring-playbook-ketesa.md)
 - [Setting up matrix-registration](configuring-playbook-matrix-registration.md)
 - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (advanced)
 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (advanced)
@@ -279,8 +281,6 @@ Various services that don't fit any other categories.
 - [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))
 - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)
 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))
 - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-instagram](configuring-playbook-bridge-mautrix-meta-instagram.md))
@@ -68,6 +68,7 @@ Extend and modify how users are authenticated on your homeserver.
 | [matrix-synapse-shared-secret-auth](configuring-playbook-shared-secret-auth.md) | (N/A) | ❌ | Password provider module |
 | [matrix-synapse-ldap3](configuring-playbook-ldap-auth.md) (advanced) | (N/A) | ❌ | LDAP Auth password provider module |
 | [matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) | [activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP |
 | [matrix-registration](configuring-playbook-matrix-registration.md) | [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) | ❌ | Simple python application to have a token based Matrix registration |
 | [Matrix User Verification Service](configuring-playbook-user-verification-service.md) | [matrixdotorg/matrix-user-verification-service](https://hub.docker.com/r/atrixdotorg/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token |
 | [synapse-simple-antispam](configuring-playbook-synapse-simple-antispam.md) (advanced) | (N/A) | ❌ | Spam checker module |
@@ -178,7 +179,6 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
 | [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
 | [matrix-chatgpt-bot](configuring-playbook-bot-chatgpt.md) | [matrixgpt/matrix-chatgpt-bot](https://ghcr.io/matrixgpt/matrix-chatgpt-bot) | ❌ | Accessing ChatGPT via your favourite Matrix client |
 | [matrix-registration](configuring-playbook-matrix-registration.md) | [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) | ❌ | Simple python application to have a token based Matrix registration |
 | [mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md) | [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) | ❌ | Bridge to [Facebook](https://facebook.com/) |
 | [mautrix-instagram](configuring-playbook-bridge-mautrix-instagram.md) | [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) | ❌ | Bridge to [Instagram](https://instagram.com/) |
 | [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
@@ -97,6 +97,10 @@ This `register-user` script actually invokes the `mas-cli manage register-user`
 To manage users and your homeserver more easily (via a web interface), you can install [Ketesa](configuring-playbook-ketesa.md) — a fully-featured admin UI covering users, rooms, media, sessions, and MAS management.
 ## Letting certain users register on your private server
 If you'd rather **keep your server private** (public registration closed, as is the default), and **let certain people create accounts by themselves** (instead of creating user accounts manually like this), consider installing and making use of [matrix-registration](configuring-playbook-matrix-registration.md).
 ## Enabling public user registration
 To **open up user registration publicly** (usually **not recommended**), add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
@@ -31,6 +31,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `hydrogen`
 - `cinny`
 - `sable`
 - `matrix-registration`
 - `coturn`
 - `matrix-corporal`
 - `exim-relay`
@@ -2,7 +2,7 @@
 # This variable acknowledges that you've reviewed breaking changes up to this version.
 # The playbook will fail if this is outdated, guiding you through what changed.
 # See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
-matrix_playbook_migration_validated_version: v2026.05.18.0
+matrix_playbook_migration_validated_version: v2026.04.24.0
 # The bare domain name which represents your Matrix identity.
 # Matrix user IDs for your server will be of the form (`@alice:example.com`).
@@ -310,6 +310,13 @@ devture_systemd_service_manager_services_list_auto: |
      'groups': ['matrix', 'bots', 'baibot', 'bot-baibot'],
    }] if matrix_bot_baibot_enabled else [])
    +
    ([{
      'name': 'matrix-bot-go-neb.service',
      'priority': 2200,
      'restart_necessary': (matrix_bot_go_neb_restart_necessary | bool),
      'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb'],
    }] if matrix_bot_go_neb_enabled else [])
    +
    ([{
      'name': 'matrix-bot-honoroit.service',
      'priority': 2200,
@@ -827,6 +834,13 @@ devture_systemd_service_manager_services_list_auto: |
      'groups': ['matrix', 'livekit-server'],
    }] if livekit_server_enabled else [])
    +
    ([{
      'name': 'matrix-registration.service',
      'priority': 4000,
      'restart_necessary': (matrix_registration_restart_necessary | bool),
      'groups': ['matrix', 'registration', 'matrix-registration'],
    }] if matrix_registration_enabled else [])
    +
    ([{
      'name': 'matrix-sygnal.service',
      'priority': 800,
@@ -2164,6 +2178,7 @@ matrix_mautrix_wsproxy_systemd_required_services_list_default: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == postgres_connection_hostname) else [])
  }}
 matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}"
@@ -2476,6 +2491,7 @@ matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matr
 matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
 ######################################################################
 #
@@ -3070,6 +3086,51 @@ matrix_bot_baibot_container_additional_networks_auto: |-
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bot-go-neb
 #
 ######################################################################
 # We don't enable bots by default.
 matrix_bot_go_neb_enabled: false
 matrix_bot_go_neb_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
 matrix_bot_go_neb_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}
 matrix_bot_go_neb_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_go_neb_container_image_registry_prefix_upstream_default }}"
 matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
 matrix_bot_go_neb_container_network: "{{ matrix_addons_container_network }}"
 matrix_bot_go_neb_container_additional_networks: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_go_neb_container_labels_traefik_enabled else [])
    ) | unique
  }}
 matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
 matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 ######################################################################
 #
 # /matrix-bot-go-neb
 #
 ######################################################################
 ######################################################################
 #
 # matrix-bot-mjolnir
@@ -3478,6 +3539,8 @@ matrix_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"
 matrix_rageshake_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_rageshake_container_image_registry_prefix_upstream_default }}"
 matrix_rageshake_container_network: matrix-rageshake
 matrix_rageshake_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
 matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9110') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
@@ -4061,6 +4124,12 @@ postgres_managed_databases_auto: |
      'password': matrix_bot_buscarron_database_password,
    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_registration_database_name,
      'username': matrix_registration_database_username,
      'password': matrix_registration_database_password,
    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_discord_database_name,
      'username': matrix_appservice_discord_database_username,
@@ -4394,6 +4463,12 @@ matrix_client_element_container_labels_traefik_compression_middleware_name: "{{
 matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
 matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
 # Use Scalar by default
 matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
 matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: "{{ ['https://scalar.vector.im/api'] }}"
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
 matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
@@ -4623,6 +4698,12 @@ matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ traefik
 matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
 matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"
 # Use Scalar by default
 matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/"
 matrix_client_schildichat_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_schildichat_integrations_widgets_urls: "{{ ['https://scalar.vector.im/api'] }}"
 matrix_client_schildichat_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_schildichat_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
 matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
@@ -4746,6 +4827,7 @@ matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entryp
 matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
 matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
 matrix_synapse_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
 matrix_synapse_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
@@ -4789,6 +4871,7 @@ matrix_synapse_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_pr
 matrix_synapse_email_enabled: "{{ exim_relay_enabled }}"
 matrix_synapse_email_smtp_host: "{{ exim_relay_identifier }}"
 matrix_synapse_email_smtp_port: 8025
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <{{ exim_relay_sender_address }}>"
 matrix_synapse_turn_uris: "{{ coturn_turn_uris if coturn_enabled else [] }}"
@@ -5142,6 +5225,7 @@ matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container
 matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
 matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
 matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
@@ -5487,6 +5571,76 @@ grafana_default_home_dashboard_path: |-
 #
 ######################################################################
 ######################################################################
 #
 # matrix-registration
 #
 ######################################################################
 matrix_registration_enabled: false
 matrix_registration_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_registration_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_registration_path_prefix: /matrix-registration
 matrix_registration_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname) else [])
  }}
 matrix_registration_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_registration_container_image_registry_prefix_upstream_default }}"
 matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 matrix_registration_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8767') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
 matrix_registration_container_network: "{{ matrix_addons_container_network }}"
 matrix_registration_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname and matrix_registration_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_registration_container_labels_traefik_enabled) else [])
    ) | unique
  }}
 matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_registration_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_registration_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
 matrix_registration_shared_secret: |-
  {{
    {
      'synapse': matrix_synapse_registration_shared_secret | default (''),
      'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
      'conduit': '',
      'continuwuity': '',
      'tuwunel': '',
    }[matrix_homeserver_implementation]
  }}
 matrix_registration_server_location: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_registration_api_validate_certs: "{{ matrix_playbook_ssl_enabled }}"
 # Postgres is the default, except if not using internal Postgres server
 matrix_registration_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_registration_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_registration_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mx.registr.db') | hash('sha512') | to_uuid }}"
 ######################################################################
 #
 # /matrix-registration
 #
 ######################################################################
 ######################################################################
 #
 # matrix-dendrite
@@ -6263,6 +6417,7 @@ matrix_livekit_jwt_service_enabled: "{{ matrix_rtc_enabled and livekit_server_en
 matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
 matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -1,22 +1,22 @@
 alabaster==1.0.0
 babel==2.18.0
-certifi==2026.5.20
+certifi==2026.4.22
 charset-normalizer==3.4.7
-click==8.4.1
+click==8.3.3
 docutils==0.22.4
-idna==3.16
+idna==3.13
 imagesize==2.0.0
 Jinja2==3.1.6
 linkify-it-py==2.1.0
-markdown-it-py==4.2.0
+markdown-it-py==4.1.0
 MarkupSafe==3.0.3
-mdit-py-plugins==0.6.1
+mdit-py-plugins==0.5.0
 mdurl==0.1.2
-myst-parser==5.1.0
+myst-parser==5.0.0
 packaging==26.2
 Pygments==2.20.0
 PyYAML==6.0.3
-requests==2.34.2
+requests==2.33.1
 setuptools==82.0.1
 snowballstemmer==3.0.1
 Sphinx==9.1.0
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
 tabulate==0.10.0
 uc-micro-py==2.0.0
-urllib3==2.7.0
+urllib3==2.6.3
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -41,7 +41,7 @@ msgid "🎯 Purpose"
 msgstr ""
 #: ../../../README.md:7
-msgid "This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#-supported-services) related to that."
+msgid "This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#supported-services) related to that."
 msgstr ""
 #: ../../../README.md:9
@@ -436,6 +436,18 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md)"
 msgstr ""
 #: ../../../README.md:0
 msgid "[matrix-registration](https://github.com/ZerataX/matrix-registration)"
 msgstr ""
 #: ../../../README.md:0
 msgid "Simple python application to have a token based Matrix registration"
 msgstr ""
 #: ../../../README.md:0
 msgid "[Link](docs/configuring-playbook-matrix-registration.md)"
 msgstr ""
 #: ../../../README.md:0
 msgid "[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)"
 msgstr ""
@@ -460,11 +472,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-synapse-simple-antispam.md)"
 msgstr ""
-#: ../../../README.md:99
+#: ../../../README.md:100
 msgid "File Storage"
 msgstr ""
-#: ../../../README.md:101
+#: ../../../README.md:102
 msgid "Use alternative file storage to the default `media_store` folder."
 msgstr ""
@@ -500,11 +512,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-matrix-media-repo.md)"
 msgstr ""
-#: ../../../README.md:109
+#: ../../../README.md:110
 msgid "Bridges"
 msgstr ""
-#: ../../../README.md:111
+#: ../../../README.md:112
 msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
 msgstr ""
@@ -617,7 +629,7 @@ msgid "[Link](docs/configuring-playbook-bridge-mautrix-googlechat.md)"
 msgstr ""
 #: ../../../README.md:0
-msgid "[mautrix-meta](https://github.com/mautrix/meta)"
+msgid "[mautrix-meta](https://github.com/mautrix/instagram)"
 msgstr ""
 #: ../../../README.md:0
@@ -796,11 +808,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bridge-postmoogle.md)"
 msgstr ""
-#: ../../../README.md:140
+#: ../../../README.md:141
 msgid "Bots"
 msgstr ""
-#: ../../../README.md:142
+#: ../../../README.md:143
 msgid "Bots provide various additional functionality to your installation."
 msgstr ""
@@ -900,11 +912,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bot-buscarron.md)"
 msgstr ""
-#: ../../../README.md:155
+#: ../../../README.md:156
 msgid "Administration"
 msgstr ""
-#: ../../../README.md:157
+#: ../../../README.md:158
 msgid "Services that help you in administrating and monitoring your Matrix installation."
 msgstr ""
@@ -992,11 +1004,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-synapse-usage-exporter.md)"
 msgstr ""
-#: ../../../README.md:169
+#: ../../../README.md:170
 msgid "Misc"
 msgstr ""
-#: ../../../README.md:171
+#: ../../../README.md:172
 msgid "Various services that don't fit any other categories."
 msgstr ""
@@ -1120,54 +1132,54 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-element-call.md)"
 msgstr ""
-#: ../../../README.md:186
+#: ../../../README.md:187
 msgid "🆕 Changes"
 msgstr ""
-#: ../../../README.md:188
+#: ../../../README.md:189
 msgid "This playbook evolves over time, sometimes with backward-incompatible changes."
 msgstr ""
-#: ../../../README.md:190
+#: ../../../README.md:191
 msgid "When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up with what's new."
 msgstr ""
-#: ../../../README.md:192
+#: ../../../README.md:193
 msgid "🆘 Support"
 msgstr ""
-#: ../../../README.md:194
+#: ../../../README.md:195
 msgid "Matrix room: [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com)"
 msgstr ""
-#: ../../../README.md:196
+#: ../../../README.md:197
 msgid "IRC channel: `#matrix-docker-ansible-deploy` on the [Libera Chat](https://libera.chat/) IRC network (irc.libera.chat:6697)"
 msgstr ""
-#: ../../../README.md:198
+#: ../../../README.md:199
 msgid "GitHub issues: [spantaleev/matrix-docker-ansible-deploy/issues](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues)"
 msgstr ""
-#: ../../../README.md:200
+#: ../../../README.md:201
 msgid "🌐 Translation"
 msgstr ""
-#: ../../../README.md:202
+#: ../../../README.md:203
 msgid "See the [i18n/README.md](i18n/README.md) file for more information about translation."
 msgstr ""
-#: ../../../README.md:204
+#: ../../../README.md:205
 msgid "Translations are still work in progress."
 msgstr ""
-#: ../../../README.md:206
+#: ../../../README.md:207
 msgid "🤝 Related"
 msgstr ""
-#: ../../../README.md:208
+#: ../../../README.md:209
 msgid "You may also be interested in [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - another Ansible playbook for self-hosting non-Matrix services (see its [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md))."
 msgstr ""
-#: ../../../README.md:210
+#: ../../../README.md:211
 msgid "mash-playbook also makes use of [Traefik](./docs/configuring-playbook-traefik.md) as its reverse-proxy, so with minor [interoperability adjustments](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md), you can make matrix-docker-ansible-deploy and mash-playbook co-exist and host Matrix and non-Matrix services on the same server."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -48,8 +48,8 @@ msgstr ""
 msgid "If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker)."
 msgstr ""
-#: ../../../docs/ansible.md:28
+#: ../../../docs/ansible.md:27
-msgid "One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory."
+msgid "[!WARNING] One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory."
 msgstr ""
 #: ../../../docs/ansible.md:30
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -96,8 +96,8 @@ msgstr ""
 msgid "traffic destined for the IPv6 address of the server will be forwarded to the containers that handle (and publish) that specific port"
 msgstr ""
-#: ../../../docs/configuring-ipv6.md:60
+#: ../../../docs/configuring-ipv6.md:59
-msgid "Without enabling this and assuming you have IPv6 `AAAA` DNS records pointing to the server (see [Configuring DNS records for IPv6](#configuring-dns-records-for-ipv6)), IPv6 traffic will still be handled, but NAT64 will be used instead of NAT66. As such, containers will only have an IPv4 address and all IPv6 traffic that reaches them will seem to originate from a local IP. Containers also won't be able to make outgoing (even cross-container) IPv6 requests."
+msgid "[!WARNING] Without enabling this and assuming you have IPv6 `AAAA` DNS records pointing to the server (see [Configuring DNS records for IPv6](#configuring-dns-records-for-ipv6)), IPv6 traffic will still be handled, but NAT64 will be used instead of NAT66. As such, containers will only have an IPv4 address and all IPv6 traffic that reaches them will seem to originate from a local IP. Containers also won't be able to make outgoing (even cross-container) IPv6 requests."
 msgstr ""
 #: ../../../docs/configuring-ipv6.md:63
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -64,8 +64,8 @@ msgstr ""
 msgid "The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:38
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:37
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-alertmanager-receiver.md:40
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 14:00+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -96,8 +96,8 @@ msgstr ""
 msgid "This admin room is used to control who has access to your D4A deployment. The room stores this data in the control room state, so your bot must have sufficient power level to send custom state events. This is `50` by default (moderator, as Element clients call this power level)."
 msgstr ""
-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:50
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:49
-msgid "Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
+msgid "[!WARNING] Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
 msgstr ""
 #: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:52
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 14:00+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -72,8 +72,8 @@ msgstr ""
 msgid "Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-draupnir.md:38
+#: ../../../docs/configuring-playbook-bot-draupnir.md:37
-msgid "Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
+msgid "[!WARNING] Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-draupnir.md:40
@@ -228,8 +228,8 @@ msgstr ""
 msgid "Manual access to Synapse's Admin APIs requires an access token for a homeserver admin account. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-draupnir.md:165
+#: ../../../docs/configuring-playbook-bot-draupnir.md:164
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-draupnir.md:167
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-23 05:22+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,22 +16,158 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-#: ../../../docs/configuring-playbook-bot-go-neb.md:12
+#: ../../../docs/configuring-playbook-bot-go-neb.md:11
-msgid "Setting up Go-NEB (optional, removed)"
+msgid "Setting up Go-NEB (optional, unmaintained)"
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-go-neb.md:14
+#: ../../../docs/configuring-playbook-bot-go-neb.md:13
-msgid "🪦 The playbook used to be able to install and configure [Go-NEB](https://github.com/matrix-org/go-neb), but no longer includes this component as it has been discontinued."
+msgid "**Note**: [Go-NEB](https://github.com/matrix-org/go-neb) is now an archived (**unmaintained**) project. We recommend not bothering with installing it. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md). Consider using that bot instead of this one."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-go-neb.md:16
+#: ../../../docs/configuring-playbook-bot-go-neb.md:15
-msgid "While not a 1:1 replacement, the bot's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md)."
+msgid "The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go-neb) for you."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-go-neb.md:18
+#: ../../../docs/configuring-playbook-bot-go-neb.md:17
-msgid "Uninstalling Go-NEB manually"
+msgid "Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-go-neb.md:20
+#: ../../../docs/configuring-playbook-bot-go-neb.md:19
-msgid "If you still have the Go-NEB component installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:"
+msgid "See the project's [documentation](https://github.com/matrix-org/go-neb/blob/master/README.md) to learn what it does and why it might be useful to you."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:21
 msgid "Prerequisites"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:23
 msgid "Register the bot account"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:25
 msgid "The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:27
 msgid "Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:29
 msgid "You can use the playbook to [register a new user](registering-users.md):"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:35
 msgid "Obtain an access token"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:37
 msgid "The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:39
 msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:42
 msgid "Adjusting DNS records"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:44
 msgid "By default, this playbook installs Go-NEB on the `goneb.` subdomain (`goneb.example.com`) and requires you to create a CNAME record for `goneb`, which targets `matrix.example.com`."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:46
 msgid "When setting, replace `example.com` with your own."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:48
 msgid "Adjusting the playbook configuration"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:50
 msgid "To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_FOR_GONEB_HERE` and `ACCESS_TOKEN_FOR_ANOTHER_GONEB_HERE` with the ones created [above](#obtain-an-access-token)."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:214
 msgid "Adjusting the Go-NEB URL (optional)"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:216
 msgid "By tweaking the `matrix_bot_go_neb_hostname` and `matrix_bot_go_neb_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:218
 msgid "Example additional configuration for your `vars.yml` file:"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:229
 msgid "After changing the domain, **you may need to adjust your DNS** records to point the Go-NEB domain to the Matrix server."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:231
 msgid "If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:233
 msgid "Extending the configuration"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:235
 msgid "There are some additional things you may wish to configure about the bot."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:237
 msgid "Take a look at:"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:239
 msgid "`roles/custom/matrix-bot-go-neb/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:240
 msgid "`roles/custom/matrix-bot-go-neb/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_go_neb_configuration_extension_yaml` variable"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:242
 msgid "Installing"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:244
 msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:251
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:253
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:255
 msgid "Usage"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:257
 msgid "To use the bot, invite it to any existing Matrix room (`/invite @bot.go-neb:example.com` where `example.com` is your base domain, not the `matrix.` domain). Make sure you are granted with the sufficient permission if you are not the room owner."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:259
 msgid "Basic usage is like this: `!echo hi` or `!imgur puppies` or `!giphy matrix`"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:261
 msgid "If you enabled the github_cmd service, send `!github help` to the bot in the room to see the available commands."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:263
 msgid "You can also refer to the upstream [Documentation](https://github.com/matrix-org/go-neb)."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:265
 msgid "Troubleshooting"
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-go-neb.md:267
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-go-neb`."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-03 11:56+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -177,8 +177,8 @@ msgstr ""
 msgid "Alternatively, you can refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). Be aware that you'd better use the **Obtain an access token via curl** method (not **Obtain an access token via Element Web**) as the latter will causes issues to your bot in encrypted rooms. Read [more](https://docs.mau.fi/maubot/usage/basic.html#creating-clients)."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-maubot.md:124
+#: ../../../docs/configuring-playbook-bot-maubot.md:123
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-maubot.md:126
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-03 11:56+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -60,9 +60,9 @@ msgstr ""
 msgid "The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-mjolnir.md:39
+#: ../../../docs/configuring-playbook-bot-mjolnir.md:38
-#: ../../../docs/configuring-playbook-bot-mjolnir.md:64
+#: ../../../docs/configuring-playbook-bot-mjolnir.md:63
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-mjolnir.md:41
@@ -142,8 +142,8 @@ msgstr ""
 msgid "Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room."
 msgstr ""
-#: ../../../docs/configuring-playbook-bot-mjolnir.md:87
+#: ../../../docs/configuring-playbook-bot-mjolnir.md:86
-msgid "Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
+msgid "[!WARNING] Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
 msgstr ""
 #: ../../../docs/configuring-playbook-bot-mjolnir.md:89
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,8 +28,8 @@ msgstr ""
 msgid "See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk/src/branch/master/README.md) to learn what it does and why it might be useful to you."
 msgstr ""
-#: ../../../docs/configuring-playbook-bridge-appservice-kakaotalk.md:17
+#: ../../../docs/configuring-playbook-bridge-appservice-kakaotalk.md:16
-msgid "There have been recent reports (~2022-09-16) that **using this bridge may get your account banned**."
+msgid "[!WARNING] There have been recent reports (~2022-09-16) that **using this bridge may get your account banned**."
 msgstr ""
 #: ../../../docs/configuring-playbook-bridge-appservice-kakaotalk.md:19
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,8 +28,8 @@ msgstr ""
 msgid "See the project's [documentation](https://github.com/duo/matrix-wechat/blob/master/README.md) to learn what it does and why it might be useful to you."
 msgstr ""
-#: ../../../docs/configuring-playbook-bridge-wechat.md:15
+#: ../../../docs/configuring-playbook-bridge-wechat.md:14
-msgid "This bridge does not work against newer versions of Synapse anymore. See [this issue](https://github.com/duo/matrix-wechat/issues/33). Don't even bother installing it. Unless bridge maintenance is resumed and fixes this issue, we have no choice but to remove it from the playbook."
+msgid "[!WARNING] This bridge does not work against newer versions of Synapse anymore. See [this issue](https://github.com/duo/matrix-wechat/issues/33). Don't even bother installing it. Unless bridge maintenance is resumed and fixes this issue, we have no choice but to remove it from the playbook."
 msgstr ""
 #: ../../../docs/configuring-playbook-bridge-wechat.md:17
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,6 +32,10 @@ msgstr ""
 msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."
 msgstr ""
 #: ../../../docs/configuring-playbook-conduit.md:16
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/configuring-playbook-conduit.md:17
 msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -60,6 +60,6 @@ msgstr ""
 msgid "If you are not going to migrate to [Tuwunel](configuring-playbook-tuwunel.md) or [Continuwuity](configuring-playbook-continuwuity.md), you can remove data by running the command on the server:"
 msgstr ""
-#: ../../../docs/configuring-playbook-conduwuit.md:49
+#: ../../../docs/configuring-playbook-conduwuit.md:48
-msgid "Once you removing the path, there is no going back. Your data on the homeserver (including chat history, rooms, etc.) will be deleted and not be possible to restore them. Please be certain."
+msgid "[!WARNING] Once you removing the path, there is no going back. Your data on the homeserver (including chat history, rooms, etc.) will be deleted and not be possible to restore them. Please be certain."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -36,6 +36,10 @@ msgstr ""
 msgid "💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook has supported."
 msgstr ""
 #: ../../../docs/configuring-playbook-continuwuity.md:18
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/configuring-playbook-continuwuity.md:19
 msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,6 +32,10 @@ msgstr ""
 msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."
 msgstr ""
 #: ../../../docs/configuring-playbook-dendrite.md:17
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/configuring-playbook-dendrite.md:18
 msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Dendrite). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-03 11:56+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -92,8 +92,8 @@ msgstr ""
 msgid "Example additional configuration for your `vars.yml` file:"
 msgstr ""
-#: ../../../docs/configuring-playbook-element-admin.md:54
+#: ../../../docs/configuring-playbook-element-admin.md:53
-msgid "A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**."
+msgid "[!WARNING] A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**."
 msgstr ""
 #: ../../../docs/configuring-playbook-element-admin.md:56
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -52,8 +52,8 @@ msgstr ""
 msgid "(Optional) Guest accounts being enabled for your Matrix server, if you'd like guests to be able to use Element Call. See [Allowing guests to use Element Call](#allowing-guests-to-use-element-call-optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook-element-call.md:24
+#: ../../../docs/configuring-playbook-element-call.md:23
-msgid "Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**."
+msgid "[!WARNING]  Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**."
 msgstr ""
 #: ../../../docs/configuring-playbook-element-call.md:26
@@ -192,8 +192,8 @@ msgstr ""
 msgid "Example additional configuration for your `vars.yml` file:"
 msgstr ""
-#: ../../../docs/configuring-playbook-element-call.md:83
+#: ../../../docs/configuring-playbook-element-call.md:82
-msgid "A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084)."
+msgid "[!WARNING] A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084)."
 msgstr ""
 #: ../../../docs/configuring-playbook-element-call.md:85
@@ -208,8 +208,8 @@ msgstr ""
 msgid "If you'd like guests to be able to use Element Call as well, you need to enable guest accounts support for your homeserver."
 msgstr ""
-#: ../../../docs/configuring-playbook-element-call.md:92
+#: ../../../docs/configuring-playbook-element-call.md:91
-msgid "Enabling guest accounts means that your homeserver's user database may get polluted with guest account signups (potentially made by bots). Guest accounts should be limited in what (damage) they can do to your server and the rest of the Matrix ecosystem, but it's better to not enable them unless necessary."
+msgid "[!WARNING] Enabling guest accounts means that your homeserver's user database may get polluted with guest account signups (potentially made by bots). Guest accounts should be limited in what (damage) they can do to your server and the rest of the Matrix ecosystem, but it's better to not enable them unless necessary."
 msgstr ""
 #: ../../../docs/configuring-playbook-element-call.md:95
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -124,8 +124,8 @@ msgstr ""
 msgid "To enable the Gravatar service nevertheless, add the following configuration to your `vars.yml` file:"
 msgstr ""
-#: ../../../docs/configuring-playbook-jitsi.md:91
+#: ../../../docs/configuring-playbook-jitsi.md:90
-msgid "This will result in third party request leaking data to the Gravatar Service (`gravatar.com`, unless configured otherwise). Besides metadata, the Matrix user_id and possibly the room ID (via `referrer` header) will be also sent to the third party."
+msgid "[!WARNING] This will result in third party request leaking data to the Gravatar Service (`gravatar.com`, unless configured otherwise). Besides metadata, the Matrix user_id and possibly the room ID (via `referrer` header) will be also sent to the third party."
 msgstr ""
 #: ../../../docs/configuring-playbook-jitsi.md:93
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,6 +28,10 @@ msgstr ""
 msgid "Ketesa is a fully-featured admin interface for Matrix homeservers — manage users, rooms, media, sessions, and more from one clean, responsive web UI. It is the evolution of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin): what began as a fork has grown into its own independent project with a redesigned interface, comprehensive Synapse and MAS API coverage, and multi-language support. See the [Ketesa v1.0.0 announcement](https://etke.cc/blog/introducing-ketesa/) for a full overview of what's new."
 msgstr ""
 #: ../../../docs/configuring-playbook-ketesa.md:20
 msgid "[!NOTE]"
 msgstr ""
 #: ../../../docs/configuring-playbook-ketesa.md:22
 msgid "Ketesa does not work with other homeserver implementations than Synapse due to API's incompatibility."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-20 02:45+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,7 +25,7 @@ msgid "The playbook can install and configure the [matrix-synapse-ldap3](https:/
 msgstr ""
 #: ../../../docs/configuring-playbook-ldap-auth.md:14
-msgid "See the project's [documentation](https://github.com/matrix-org/matrix-synapse-ldap3/blob/main/README.md) to learn what it does and why it might be useful to you."
+msgid "See the project's [documentation](https://github.com/matrix-org/matrix-synapse-ldap3/blob/main/README.rst) to learn what it does and why it might be useful to you."
 msgstr ""
 #: ../../../docs/configuring-playbook-ldap-auth.md:16
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-18 07:22+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -117,33 +117,21 @@ msgid "and configuring their own Traefik TCP entrypoint dedicated to LiveKit TUR
 msgstr ""
 #: ../../../docs/configuring-playbook-livekit-server.md:64
 msgid "TURN access controls"
 msgstr ""
 #: ../../../docs/configuring-playbook-livekit-server.md:66
 msgid "LiveKit's embedded TURN server enforces a credential TTL and restricts which peer CIDRs it will relay to. The playbook leaves these at the role's secure defaults, which are appropriate for typical deployments where TURN peers live on the public Internet."
 msgstr ""
 #: ../../../docs/configuring-playbook-livekit-server.md:68
 msgid "If your setup needs TURN to relay to private/restricted ranges, or you want to override the credential TTL, see the [TURN access controls and credential TTL](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md#turn-access-controls-and-credential-ttl) section of the role's documentation."
 msgstr ""
 #: ../../../docs/configuring-playbook-livekit-server.md:70
 msgid "Limitations"
 msgstr ""
-#: ../../../docs/configuring-playbook-livekit-server.md:72
+#: ../../../docs/configuring-playbook-livekit-server.md:66
 msgid "LiveKit Server's TURN listener behavior depends on where TLS is terminated:"
 msgstr ""
-#: ../../../docs/configuring-playbook-livekit-server.md:74
+#: ../../../docs/configuring-playbook-livekit-server.md:68
 msgid "Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible."
 msgstr ""
-#: ../../../docs/configuring-playbook-livekit-server.md:75
+#: ../../../docs/configuring-playbook-livekit-server.md:69
 msgid "With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit."
 msgstr ""
-#: ../../../docs/configuring-playbook-livekit-server.md:77
+#: ../../../docs/configuring-playbook-livekit-server.md:71
 msgid "It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -20,8 +20,8 @@ msgstr ""
 msgid "Setting up Matrix Corporal (optional, advanced)"
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-corporal.md:12
+#: ../../../docs/configuring-playbook-matrix-corporal.md:11
-msgid "This is an advanced feature! It requires prior experience with Matrix and a specific need for using [Matrix Corporal](https://github.com/devture/matrix-corporal). If you're unsure whether you have such a need, you most likely don't."
+msgid "[!WARNING] This is an advanced feature! It requires prior experience with Matrix and a specific need for using [Matrix Corporal](https://github.com/devture/matrix-corporal). If you're unsure whether you have such a need, you most likely don't."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-corporal.md:14
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,22 +16,166 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 #: ../../../docs/configuring-playbook-matrix-registration.md:9
 msgid "Setting up matrix-registration (optional)"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:11
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:12
 msgid "This is a poorly maintained and buggy project. It's better to avoid using it."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:13
 msgid "This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:15
 msgid "The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you. It is a simple python application to have a token based Matrix registration."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:17
 msgid "Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows certain people (these having a special link) to register a user account, **keeping your server's registration closed (private)**."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:19
-msgid "Setting up matrix-registration (optional, removed)"
+msgid "**matrix-registration** provides 2 things:"
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-registration.md:22
+#: ../../../docs/configuring-playbook-matrix-registration.md:21
-msgid "This is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)."
+msgid "**an API for creating registration tokens** (unique registration links). This API can be used via `curl` or via the playbook (see [Usage](#usage) below)"
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-registration.md:24
+#: ../../../docs/configuring-playbook-matrix-registration.md:23
-msgid "🪦 The playbook used to be able to install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration), but no longer includes this component, as it has been unmaintained since November, 2025."
+msgid "**a user registration page**, where people can use these registration tokens. By default, exposed at `https://matrix.example.com/matrix-registration`"
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-registration.md:26
+#: ../../../docs/configuring-playbook-matrix-registration.md:25
-msgid "Uninstalling the component manually"
+msgid "Adjusting DNS records (optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-registration.md:28
+#: ../../../docs/configuring-playbook-matrix-registration.md:27
-msgid "If you still have matrix-registration installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:"
+msgid "By default, this playbook installs the matrix-registration on the `matrix.` subdomain, at the `/matrix-registration` path (https://matrix.example.com/matrix-registration). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:29
 msgid "If you wish to adjust it, see the section [below](#adjusting-the-matrix-registration-url-optional) for details about DNS configuration."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:31
 msgid "Adjusting the playbook configuration"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:33
 msgid "To enable matrix-registration, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:42
 msgid "Adjusting the matrix-registration URL (optional)"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:44
 msgid "By tweaking the `matrix_registration_hostname` and `matrix_registration_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:46
 msgid "Example additional configuration for your `vars.yml` file:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:54
 msgid "If you've changed the default hostname, you may need to create a CNAME record for the matrix-registration domain (`registration.example.com`), which targets `matrix.example.com`."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:56
 msgid "When setting, replace `example.com` with your own."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:58
 msgid "Extending the configuration"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:60
 msgid "There are some additional things you may wish to configure about the component."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:62
 msgid "Take a look at:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:64
 msgid "`roles/custom/matrix-registration/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:65
 msgid "`roles/custom/matrix-registration/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_registration_configuration_extension_yaml` variable"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:67
 msgid "Installing"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:69
 msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:76
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:78
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:80
 msgid "Usage"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:82
 msgid "**matrix-registration** gets exposed at `https://matrix.example.com/matrix-registration`"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:84
 msgid "It provides various [APIs](https://github.com/ZerataX/matrix-registration/wiki/api) — for creating registration tokens, listing tokens, disabling tokens, etc. To make use of all of its capabilities, consider using `curl`."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:86
 msgid "We make the most common APIs easy to use via the playbook (see below)."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:88
 msgid "Creating registration tokens"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:90
 msgid "To **create a new user registration token (link)**, use this command:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:98
 msgid "The above command creates and returns a **one-time use** token, which **expires** on the 31st of December 2021. Adjust the `one_time` and `ex_date` variables as you see fit."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:100
 msgid "Share the unique registration link (generated by the command above) with users to let them register on your Matrix server."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:102
 msgid "Listing registration tokens"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:104
 msgid "To **list the existing user registration tokens**, use this command:"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:111
 msgid "The shortcut command with `just` program is also available: `just run-tags list-matrix-registration-tokens`"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:113
 msgid "Troubleshooting"
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-registration.md:115
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-registration`."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -56,8 +56,8 @@ msgstr ""
 msgid "A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android)."
 msgstr ""
-#: ../../../docs/configuring-playbook-matrix-rtc.md:25
+#: ../../../docs/configuring-playbook-matrix-rtc.md:24
-msgid "Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**."
+msgid "[!WARNING]  Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**."
 msgstr ""
 #: ../../../docs/configuring-playbook-matrix-rtc.md:27
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -24,8 +24,8 @@ msgstr ""
 msgid "The playbook can install [Prometheus](https://prometheus.io/) with [Grafana](https://grafana.com/) and configure performance metrics of your homeserver with graphs for you."
 msgstr ""
-#: ../../../docs/configuring-playbook-prometheus-grafana.md:19
+#: ../../../docs/configuring-playbook-prometheus-grafana.md:18
-msgid "Metrics and graphs contain a lot of information, and anyone who has access to them can make an educated guess about your server usage patterns. This especially applies to small personal/family scale homeservers, where the number of samples is fairly limited. Analyzing the metrics over time, one might be able to figure out your life cycle, such as when you wake up, go to bed, etc. Before enabling (anonymous) access, you should carefully evaluate the risk, and if you do enable it, it is highly recommended to change your Grafana password from the default one."
+msgid "[!WARNING] Metrics and graphs contain a lot of information, and anyone who has access to them can make an educated guess about your server usage patterns. This especially applies to small personal/family scale homeservers, where the number of samples is fairly limited. Analyzing the metrics over time, one might be able to figure out your life cycle, such as when you wake up, go to bed, etc. Before enabling (anonymous) access, you should carefully evaluate the risk, and if you do enable it, it is highly recommended to change your Grafana password from the default one."
 msgstr ""
 #: ../../../docs/configuring-playbook-prometheus-grafana.md:21
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -64,8 +64,8 @@ msgstr ""
 msgid "The role also supports the legacy `traefik_dashboard_basicauth_user` / `traefik_dashboard_basicauth_password` convenience variables, but that path depends on the `passlib` Python library on the Ansible controller, may be affected by passlib/bcrypt compatibility issues, and generates non-deterministic hashes which can lead to unnecessary changes."
 msgstr ""
-#: ../../../docs/configuring-playbook-traefik.md:54
+#: ../../../docs/configuring-playbook-traefik.md:53
-msgid "Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts."
+msgid "[!WARNING] Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts."
 msgstr ""
 #: ../../../docs/configuring-playbook-traefik.md:56
@@ -145,8 +145,8 @@ msgstr ""
 msgid "With these changes, all TCP traffic will be reverse-proxied to the target system."
 msgstr ""
-#: ../../../docs/configuring-playbook-traefik.md:171
+#: ../../../docs/configuring-playbook-traefik.md:170
-msgid "This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```."
+msgid "[!WARNING] This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```."
 msgstr ""
 #: ../../../docs/configuring-playbook-traefik.md:173
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -92,8 +92,8 @@ msgstr ""
 msgid "If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable."
 msgstr ""
-#: ../../../docs/configuring-playbook-turn.md:58
+#: ../../../docs/configuring-playbook-turn.md:57
-msgid "You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview."
+msgid "[!NOTE] You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview."
 msgstr ""
 #: ../../../docs/configuring-playbook-turn.md:60
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-21 19:21+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,6 +32,10 @@ msgstr ""
 msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:16
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:17
 msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse → Tuwunel). Proceed below only if you're OK with starting over, or you're dealing with a server on a new domain name which hasn't participated in the Matrix federation yet. The one exception is migrating from conduwuit; see [Migrating from conduwuit](#migrating-from-conduwuit)."
 msgstr ""
@@ -120,8 +124,8 @@ msgstr ""
 msgid "Tuwunel can authenticate `m.login.password` requests against an LDAP directory and, in search-then-bind mode, keep admin status in sync with directory membership. The shipped image already includes the `ldap` build feature."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:98
+#: ../../../docs/configuring-playbook-tuwunel.md:97
-msgid "`bind_password_file` is read **inside the container**. The role bind-mounts `/matrix/tuwunel/config` to `/etc/tuwunel` (read-only) and `/matrix/tuwunel/data` to `/var/lib/tuwunel`. To make the file available at the path above, drop it on the host at `/matrix/tuwunel/config/ldap.pw` (owned by `matrix:matrix`) before running the playbook; the role does not template secret files for you."
+msgid "[!NOTE] `bind_password_file` is read **inside the container**. The role bind-mounts `/matrix/tuwunel/config` to `/etc/tuwunel` (read-only) and `/matrix/tuwunel/data` to `/var/lib/tuwunel`. To make the file available at the path above, drop it on the host at `/matrix/tuwunel/config/ldap.pw` (owned by `matrix:matrix`) before running the playbook; the role does not template secret files for you."
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:100
@@ -152,8 +156,8 @@ msgstr ""
 msgid "The S3 backend ships with native multipart upload, so no goofys/rclone sidecar is required. MinIO, Cloudflare R2, and DigitalOcean Spaces all work; set `endpoint` and `use_vhost_request: false` as appropriate."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:139
+#: ../../../docs/configuring-playbook-tuwunel.md:138
-msgid "Local provider paths must live under `/var/lib/tuwunel` (the container's data mount, persisted on the host at `/matrix/tuwunel/data`), or you must mount the target directory into the container yourself via `matrix_tuwunel_container_extra_arguments`. The container otherwise runs read-only."
+msgid "[!NOTE] Local provider paths must live under `/var/lib/tuwunel` (the container's data mount, persisted on the host at `/matrix/tuwunel/data`), or you must mount the target directory into the container yourself via `matrix_tuwunel_container_extra_arguments`. The container otherwise runs read-only."
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:141
@@ -161,109 +165,101 @@ msgid "RocksDB and cache tuning"
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:143
-msgid "Tuwunel embeds RocksDB. The defaults (`rocksdb_compression_algo: zstd`) suit most deployments. For high-throughput servers you may want to enable direct I/O, raise parallelism, and configure a backup path:"
+msgid "Tuwunel embeds RocksDB. The defaults (`rocksdb_compression_algo: zstd`) suit most deployments. For high-throughput servers you may want to enable direct I/O, raise parallelism, and bump the cache modifier:"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:151
+#: ../../../docs/configuring-playbook-tuwunel.md:152
 msgid "`matrix_tuwunel_config_cache_capacity_modifier` is left empty by default, so Tuwunel picks a value (`1.0` since v1.7.0, with rebalanced per-cache sizes that already raise memory use). Set it to `2.0` only on small hosts with four or fewer cores; on larger machines the default is recommended."
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:153
 msgid "If you run on ZFS, the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html#zfs) lists the dataset properties (`recordsize`, `primarycache`, `compression`, `atime`, `logbias`) and config flags (`rocksdb_direct_io`, `rocksdb_allow_fallocate`) you need to adjust to avoid severe write amplification."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:155
+#: ../../../docs/configuring-playbook-tuwunel.md:154
 msgid "To enable Sentry crash reporting, set `matrix_tuwunel_config_sentry_enabled: true`."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:157
+#: ../../../docs/configuring-playbook-tuwunel.md:156
 msgid "Federation gating"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:159
+#: ../../../docs/configuring-playbook-tuwunel.md:158
 msgid "Tuwunel accepts regular-expression patterns at every level of remote-server filtering:"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:170
+#: ../../../docs/configuring-playbook-tuwunel.md:169
-msgid "Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating. The policy itself lives in room state, but enforcement is opt-in at the server level:"
+msgid "Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating; that lives in room state and needs no playbook configuration."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:177
+#: ../../../docs/configuring-playbook-tuwunel.md:171
 msgid "When enabled, rooms with a valid `m.room.policy` state event have outgoing events signed by the configured policy server before federation. Transient network or timeout failures fail open (with a warn log), so a policy-server outage will not silently take the room offline."
 msgstr ""
 #: ../../../docs/configuring-playbook-tuwunel.md:179
 msgid "Default room version"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:181
+#: ../../../docs/configuring-playbook-tuwunel.md:173
 msgid "The role sets `default_room_version: '12'`, so newly created rooms default to Matrix [room version 12](https://github.com/matrix-org/matrix-spec-proposals/pull/4289) (\"Hydra\"). Override `matrix_tuwunel_config_default_room_version` if you need an earlier version for client compatibility."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:183
+#: ../../../docs/configuring-playbook-tuwunel.md:175
 msgid "Creating the first user account"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:185
+#: ../../../docs/configuring-playbook-tuwunel.md:177
 msgid "Unlike Synapse and Dendrite, Tuwunel does not register users from the command line or via the playbook. On first startup it logs a one-time-use registration token to its journal:"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:192
+#: ../../../docs/configuring-playbook-tuwunel.md:184
 msgid "Use the token to create your first account from any client that supports token-gated registration (e.g. [Element Web](configuring-playbook-client-element-web.md)). The account is auto-promoted to admin and invited to the admin room together with the `@conduit:<server_name>` server bot. The bot keeps the legacy `conduit` localpart due to the project's lineage from Conduit."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:194
+#: ../../../docs/configuring-playbook-tuwunel.md:186
 msgid "Configuring bridges and appservices"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:196
+#: ../../../docs/configuring-playbook-tuwunel.md:188
 msgid "The playbook does not auto-register appservices for Tuwunel. After your bridge has produced its `registration.yaml` (e.g. `/matrix/mautrix-signal/bridge/registration.yaml`), register it manually by sending the contents to the admin room, prefixed with `!admin appservices register` and wrapped in a fenced code block:"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:217
+#: ../../../docs/configuring-playbook-tuwunel.md:209
 msgid "Registrations stored this way are persisted in the database and survive restarts. Re-running the command with the same `id` replaces the existing entry. See [Application services](https://matrix-construct.github.io/tuwunel/appservices.html) for the full reference and admin commands."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:219
+#: ../../../docs/configuring-playbook-tuwunel.md:211
 msgid "Migrating from conduwuit"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:221
+#: ../../../docs/configuring-playbook-tuwunel.md:213
 msgid "Tuwunel is a \"binary swap\" for conduwuit; it reads conduwuit's RocksDB layout directly, so migration is a data move, not an export/import."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:223
+#: ../../../docs/configuring-playbook-tuwunel.md:215
 msgid "Set `matrix_homeserver_implementation: tuwunel` on `vars.yml` and remove any `matrix_conduwuit_*` overrides."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:224
+#: ../../../docs/configuring-playbook-tuwunel.md:216
 msgid "Run a full installation so that the new service is created and the old one removed (e.g. `just setup-all`)."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:225
+#: ../../../docs/configuring-playbook-tuwunel.md:217
 msgid "Run `just run-tags tuwunel-migrate-from-conduwuit`."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:227
+#: ../../../docs/configuring-playbook-tuwunel.md:219
 msgid "The migration stops `matrix-conduwuit.service`, copies `/matrix/conduwuit` into `/matrix/tuwunel`, renames the config file, and starts `matrix-tuwunel.service`. The freshly generated tuwunel data directory is preserved alongside as `/matrix/tuwunel_old` until you remove it manually."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:230
+#: ../../../docs/configuring-playbook-tuwunel.md:221
-msgid "Migrating from any other Conduit derivative (Conduit itself, Continuwuity, or any other fork) is **not supported** and will corrupt your database. All Conduit forks share the same linear database version with no awareness of each other; switching between them produces unrecoverable damage. See the [upstream migration table](https://matrix-construct.github.io/tuwunel/#migrating-to-tuwunel)."
+msgid "[!CAUTION] Migrating from any other Conduit derivative (Conduit itself, Continuwuity, or any other fork) is **not supported** and will corrupt your database. All Conduit forks share the same linear database version with no awareness of each other; switching between them produces unrecoverable damage. See the [upstream migration table](https://matrix-construct.github.io/tuwunel/#migrating-to-tuwunel)."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:232
+#: ../../../docs/configuring-playbook-tuwunel.md:224
 msgid "Troubleshooting"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:234
+#: ../../../docs/configuring-playbook-tuwunel.md:226
 msgid "As with all other services, the logs are available via [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html):"
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:240
+#: ../../../docs/configuring-playbook-tuwunel.md:232
 msgid "Logging verbosity is controlled by `matrix_tuwunel_config_log` in [`tracing-subscriber` env-filter syntax](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html). The default (`info,state_res=warn`) is reasonable for production; for debugging, try `debug` or scope it tighter, e.g. `info,tuwunel_service::sending=debug`."
 msgstr ""
-#: ../../../docs/configuring-playbook-tuwunel.md:242
+#: ../../../docs/configuring-playbook-tuwunel.md:234
 msgid "For RocksDB-level issues, online backups, and offline backup procedures, see the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html). For protocol-compliance state across MSCs, the spec, and Complement, the project's [compliance dashboard](https://matrix-construct.github.io/tuwunel/development/compliance.html) is the authoritative tracker."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -100,8 +100,8 @@ msgstr ""
 msgid "UVS requires an access token as an admin user to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
-#: ../../../docs/configuring-playbook-user-verification-service.md:54
+#: ../../../docs/configuring-playbook-user-verification-service.md:53
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/configuring-playbook-user-verification-service.md:56
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -205,355 +205,355 @@ msgid "[Setting up Ketesa](configuring-playbook-ketesa.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:109
-msgid "[Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (advanced)"
+msgid "[Setting up matrix-registration](configuring-playbook-matrix-registration.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:111
-msgid "[Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (advanced)"
+msgid "[Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:113
-msgid "[Setting up the LDAP authentication password provider module](configuring-playbook-ldap-auth.md) (advanced)"
+msgid "[Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:115
-msgid "[Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (advanced)"
+msgid "[Setting up the LDAP authentication password provider module](configuring-playbook-ldap-auth.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:117
-msgid "[Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)"
+msgid "[Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:119
-msgid "[Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)"
+msgid "[Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:121
-msgid "File Storage"
+msgid "[Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:123
-msgid "Use alternative file storage to the default `media_store` folder."
+msgid "File Storage"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:125
-msgid "[Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md)"
+msgid "Use alternative file storage to the default `media_store` folder."
 msgstr ""
 #: ../../../docs/configuring-playbook.md:127
-msgid "[Storing Synapse media files on Amazon S3 or another compatible Object Storage](configuring-playbook-s3.md)"
+msgid "[Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:129
-msgid "[Storing Synapse media files on Amazon S3 with Goofys](configuring-playbook-s3-goofys.md)"
+msgid "[Storing Synapse media files on Amazon S3 or another compatible Object Storage](configuring-playbook-s3.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:131
-msgid "[Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)"
+msgid "[Storing Synapse media files on Amazon S3 with Goofys](configuring-playbook-s3-goofys.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:133
-msgid "Bridging other networks"
+msgid "[Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:135
-msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
+msgid "Bridging other networks"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:137
-msgid "[Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md) — a common guide for configuring mautrix bridges"
+msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
 msgstr ""
 #: ../../../docs/configuring-playbook.md:139
-msgid "[Setting up Mautrix Bluesky bridging](configuring-playbook-bridge-mautrix-bluesky.md)"
+msgid "[Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md) — a common guide for configuring mautrix bridges"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:141
-msgid "[Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md)"
+msgid "[Setting up Mautrix Bluesky bridging](configuring-playbook-bridge-mautrix-bluesky.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:143
-msgid "[Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md)"
+msgid "[Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:145
-msgid "[Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md)"
+msgid "[Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:147
-msgid "[Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md)"
+msgid "[Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:149
-msgid "[Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md)"
+msgid "[Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:151
-msgid "[Setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md)"
+msgid "[Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:153
-msgid "[Setting up Messenger bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-messenger.md)"
+msgid "[Setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:155
-msgid "[Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md)"
+msgid "[Setting up Messenger bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-messenger.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:157
-msgid "[Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md)"
+msgid "[Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:159
-msgid "[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)"
+msgid "[Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:161
-msgid "[Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)"
+msgid "[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:163
-msgid "[Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)"
+msgid "[Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:165
-msgid "[Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)"
+msgid "[Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:167
-msgid "[Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md)"
+msgid "[Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:169
-msgid "[Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md)"
+msgid "[Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:171
-msgid "[Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) — a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira)."
+msgid "[Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:173
-msgid "[Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)"
+msgid "[Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) — a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira)."
 msgstr ""
 #: ../../../docs/configuring-playbook.md:175
-msgid "[Setting up Steam bridging](configuring-playbook-bridge-steam.md)"
+msgid "[Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:177
-msgid "[Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)"
+msgid "[Setting up Steam bridging](configuring-playbook-bridge-steam.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:179
-msgid "[Setting up Postmoogle email bridging](configuring-playbook-bridge-postmoogle.md)"
+msgid "[Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:181
-msgid "[Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md)"
+msgid "[Setting up Postmoogle email bridging](configuring-playbook-bridge-postmoogle.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:183
-msgid "[Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md)"
+msgid "[Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:185
-msgid "[Setting up a Matrix <-> Meshtastic bridge](configuring-playbook-bridge-meshtastic-relay.md)"
+msgid "[Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:187
-msgid "[Setting up WeChat bridging](configuring-playbook-bridge-wechat.md)"
+msgid "[Setting up a Matrix <-> Meshtastic bridge](configuring-playbook-bridge-meshtastic-relay.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:189
-msgid "Bots"
+msgid "[Setting up WeChat bridging](configuring-playbook-bridge-wechat.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:191
-msgid "Bots provide various additional functionality to your installation."
+msgid "Bots"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:193
-msgid "[Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services ([OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md))"
+msgid "Bots provide various additional functionality to your installation."
 msgstr ""
 #: ../../../docs/configuring-playbook.md:195
-msgid "[Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) — a bot to remind you about stuff"
+msgid "[Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services ([OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md))"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:197
-msgid "[Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) — a bot to create and manage registration tokens to invite users"
+msgid "[Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) — a bot to remind you about stuff"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:199
-msgid "[Setting up maubot](configuring-playbook-bot-maubot.md) — a plugin-based Matrix bot system"
+msgid "[Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) — a bot to create and manage registration tokens to invite users"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:201
-msgid "[Setting up Honoroit](configuring-playbook-bot-honoroit.md) — a helpdesk bot"
+msgid "[Setting up maubot](configuring-playbook-bot-maubot.md) — a plugin-based Matrix bot system"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:203
-msgid "[Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) — a moderation tool/bot"
+msgid "[Setting up Honoroit](configuring-playbook-bot-honoroit.md) — a helpdesk bot"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:205
-msgid "[Setting up Draupnir](configuring-playbook-bot-draupnir.md) — a moderation tool/bot, forked from Mjolnir and maintained by its former leader developer"
+msgid "[Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) — a moderation tool/bot"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:207
-msgid "[Setting up Draupnir for all/D4A](configuring-playbook-appservice-draupnir-for-all.md) — like the [Draupnir bot](configuring-playbook-bot-draupnir.md) mentioned above, but running in appservice mode and supporting multiple instances"
+msgid "[Setting up Draupnir](configuring-playbook-bot-draupnir.md) — a moderation tool/bot, forked from Mjolnir and maintained by its former leader developer"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:209
-msgid "[Setting up Buscarron](configuring-playbook-bot-buscarron.md) — a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room"
+msgid "[Setting up Draupnir for all/D4A](configuring-playbook-appservice-draupnir-for-all.md) — like the [Draupnir bot](configuring-playbook-bot-draupnir.md) mentioned above, but running in appservice mode and supporting multiple instances"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:211
-msgid "Administration"
+msgid "[Setting up Buscarron](configuring-playbook-bot-buscarron.md) — a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:213
-msgid "Services that help you in administrating and monitoring your Matrix installation."
+msgid "Administration"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:215
-msgid "[Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](configuring-playbook-alertmanager-receiver.md)"
+msgid "Services that help you in administrating and monitoring your Matrix installation."
 msgstr ""
 #: ../../../docs/configuring-playbook.md:217
-msgid "[Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)"
+msgid "[Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](configuring-playbook-alertmanager-receiver.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:219
-msgid "[Setting up the rageshake bug report server](configuring-playbook-rageshake.md)"
+msgid "[Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:221
-msgid "[Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)"
+msgid "[Setting up the rageshake bug report server](configuring-playbook-rageshake.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:223
 msgid "[Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:225
 msgid "Backups:"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:224
+#: ../../../docs/configuring-playbook.md:226
 msgid "[Setting up BorgBackup](configuring-playbook-backup-borg.md) — a full Matrix server backup solution, including the Postgres database"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:226
+#: ../../../docs/configuring-playbook.md:228
 msgid "[Setting up Postgres backup](configuring-playbook-postgres-backup.md) — a Postgres-database backup solution (note: does not include other files)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:228
+#: ../../../docs/configuring-playbook.md:230
 msgid "Other specialized services"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:230
+#: ../../../docs/configuring-playbook.md:232
 msgid "Various services that don't fit any other categories."
 msgstr ""
-#: ../../../docs/configuring-playbook.md:232
+#: ../../../docs/configuring-playbook.md:234
 msgid "[Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application, built on top of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:234
+#: ../../../docs/configuring-playbook.md:236
 msgid "[Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) - a component of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:236
+#: ../../../docs/configuring-playbook.md:238
 msgid "[Setting up LiveKit Server](configuring-playbook-livekit-server.md) - a component of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:238
+#: ../../../docs/configuring-playbook.md:240
 msgid "[Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:240
+#: ../../../docs/configuring-playbook.md:242
 msgid "[Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:242
+#: ../../../docs/configuring-playbook.md:244
 msgid "[Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:244
+#: ../../../docs/configuring-playbook.md:246
 msgid "[Setting up Matrix.to](configuring-playbook-matrixto.md)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:246
+#: ../../../docs/configuring-playbook.md:248
 msgid "[Setting up Etherpad](configuring-playbook-etherpad.md)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:248
+#: ../../../docs/configuring-playbook.md:250
 msgid "[Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:250
+#: ../../../docs/configuring-playbook.md:252
 msgid "[Setting up Cactus Comments](configuring-playbook-cactus-comments.md) — a federated comment system built on Matrix"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:252
+#: ../../../docs/configuring-playbook.md:254
 msgid "[Setting up Pantalaimon (E2EE aware proxy daemon)](configuring-playbook-pantalaimon.md) (advanced)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:254
+#: ../../../docs/configuring-playbook.md:256
 msgid "[Setting up the Sygnal push gateway](configuring-playbook-sygnal.md)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:256
+#: ../../../docs/configuring-playbook.md:258
 msgid "[Setting up the ntfy push notifications server](configuring-playbook-ntfy.md)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:258
+#: ../../../docs/configuring-playbook.md:260
 msgid "Deprecated / unmaintained / removed services"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:260
+#: ../../../docs/configuring-playbook.md:262
 msgid "**Note**: since a deprecated or unmaintained service will not be updated, its bug or vulnerability will be unlikely to get patched. It is recommended to migrate from the service to an alternative if any, and make sure to do your own research before you decide to keep it running nonetheless."
 msgstr ""
-#: ../../../docs/configuring-playbook.md:262
+#: ../../../docs/configuring-playbook.md:264
 msgid "[Configuring conduwuit](configuring-playbook-conduwuit.md) (removed; this component has been abandoned and unmaintained)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:264
+#: ../../../docs/configuring-playbook.md:266
 msgid "[Setting up the Sliding Sync proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like old Element X versions, before it got switched to Simplified Sliding Sync)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:266
+#: ../../../docs/configuring-playbook.md:268
 msgid "[Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (removed; this component has been discontinued)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:268
+#: ../../../docs/configuring-playbook.md:270
 msgid "[Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (deprecated; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:270
+#: ../../../docs/configuring-playbook.md:272
 msgid "[Setting up the Dimension integration manager](configuring-playbook-dimension.md) ([unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md))"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:272
+#: ../../../docs/configuring-playbook.md:274
 msgid "[Setting up Email2Matrix](configuring-playbook-email2matrix.md) (removed; the author suggests taking a look at [Postmoogle](https://github.com/etkecc/postmoogle) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-postmoogle.md))"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:274
+#: ../../../docs/configuring-playbook.md:276
 msgid "[Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (unmaintained; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:276
+#: ../../../docs/configuring-playbook.md:278
 msgid "[Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (removed; Skype has been discontinued since May 2025)"
 msgstr ""
-#: ../../../docs/configuring-playbook.md:278
+#: ../../../docs/configuring-playbook.md:280
 msgid "[Setting up ma1sd Identity Server](configuring-playbook-ma1sd.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook.)"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:280
 msgid "[Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:282
-msgid "[Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)"
+msgid "[Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))"
 msgstr ""
 #: ../../../docs/configuring-playbook.md:284
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -332,6 +332,18 @@ msgstr ""
 msgid "Proxy that handles Matrix registration requests and forwards them to LDAP"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[matrix-registration](configuring-playbook-matrix-registration.md)"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/)"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "Simple python application to have a token based Matrix registration"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[Matrix User Verification Service](configuring-playbook-user-verification-service.md)"
 msgstr ""
@@ -352,11 +364,11 @@ msgstr ""
 msgid "Spam checker module"
 msgstr ""
-#: ../../../docs/container-images.md:74
+#: ../../../docs/container-images.md:75
 msgid "File Storage"
 msgstr ""
-#: ../../../docs/container-images.md:76
+#: ../../../docs/container-images.md:77
 msgid "Use alternative file storage to the default `media_store` folder."
 msgstr ""
@@ -388,11 +400,11 @@ msgstr ""
 msgid "Highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification."
 msgstr ""
-#: ../../../docs/container-images.md:84
+#: ../../../docs/container-images.md:85
 msgid "Bridges"
 msgstr ""
-#: ../../../docs/container-images.md:86
+#: ../../../docs/container-images.md:87
 msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
 msgstr ""
@@ -672,11 +684,11 @@ msgstr ""
 msgid "Email to Matrix bridge"
 msgstr ""
-#: ../../../docs/container-images.md:114
+#: ../../../docs/container-images.md:115
 msgid "Bots"
 msgstr ""
-#: ../../../docs/container-images.md:116
+#: ../../../docs/container-images.md:117
 msgid "Bots provide various additional functionality to your installation."
 msgstr ""
@@ -776,11 +788,11 @@ msgstr ""
 msgid "Web forms (HTTP POST) to Matrix"
 msgstr ""
-#: ../../../docs/container-images.md:129
+#: ../../../docs/container-images.md:130
 msgid "Administration"
 msgstr ""
-#: ../../../docs/container-images.md:131
+#: ../../../docs/container-images.md:132
 msgid "Services that help you in administrating and monitoring your Matrix installation."
 msgstr ""
@@ -900,11 +912,11 @@ msgstr ""
 msgid "Export the usage statistics of a Synapse homeserver to be scraped by Prometheus."
 msgstr ""
-#: ../../../docs/container-images.md:147
+#: ../../../docs/container-images.md:148
 msgid "Misc"
 msgstr ""
-#: ../../../docs/container-images.md:149
+#: ../../../docs/container-images.md:150
 msgid "Various services that don't fit any other categories."
 msgstr ""
@@ -1044,11 +1056,11 @@ msgstr ""
 msgid "A native Matrix video conferencing application"
 msgstr ""
-#: ../../../docs/container-images.md:167
+#: ../../../docs/container-images.md:168
 msgid "Container images of deprecated / unmaintained services"
 msgstr ""
-#: ../../../docs/container-images.md:169
+#: ../../../docs/container-images.md:170
 msgid "The list of the deprecated or unmaintained services is available [here](configuring-playbook.md#deprecated--unmaintained--removed-services)."
 msgstr ""
@@ -1144,18 +1156,6 @@ msgstr ""
 msgid "Accessing ChatGPT via your favourite Matrix client"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[matrix-registration](configuring-playbook-matrix-registration.md)"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/)"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "Simple python application to have a token based Matrix registration"
 msgstr ""
 #: ../../../docs/container-images.md:0
 msgid "[mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md)"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-05-07 11:16+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -112,8 +112,8 @@ msgstr ""
 msgid "To do the installation **without** starting services, run `ansible-playbook` with the `install-all` tag only:"
 msgstr ""
-#: ../../../docs/installing.md:71
+#: ../../../docs/installing.md:70
-msgid "Do not run the just \"recipe\" `just install-all` instead, because it automatically starts services at the end of execution. See: [Difference between playbook tags and shortcuts](just.md#difference-between-playbook-tags-and-shortcuts)"
+msgid "[!WARNING] Do not run the just \"recipe\" `just install-all` instead, because it automatically starts services at the end of execution. See: [Difference between playbook tags and shortcuts](just.md#difference-between-playbook-tags-and-shortcuts)"
 msgstr ""
 #: ../../../docs/installing.md:73
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -76,8 +76,8 @@ msgstr ""
 msgid "You can then proceed to write queries. Example: `SELECT COUNT(*) FROM users;`"
 msgstr ""
-#: ../../../docs/maintenance-postgres.md:39
+#: ../../../docs/maintenance-postgres.md:38
-msgid "**Modifying the database directly (especially as services are running) is dangerous and may lead to irreversible database corruption.** When in doubt, consider [making a backup](#backing-up-postgresql)."
+msgid "[!WARNING] **Modifying the database directly (especially as services are running) is dangerous and may lead to irreversible database corruption.** When in doubt, consider [making a backup](#backing-up-postgresql)."
 msgstr ""
 #: ../../../docs/maintenance-postgres.md:41
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-15 09:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -60,8 +60,8 @@ msgstr ""
 msgid "To make use of this Synapse Admin API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""
-#: ../../../docs/maintenance-synapse.md:31
+#: ../../../docs/maintenance-synapse.md:30
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/maintenance-synapse.md:33
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -24,8 +24,8 @@ msgstr ""
 msgid "When setting up some optional features like bots and bridges you will need to provide an access token for some user. This document provides documentation on how to obtain such an access token."
 msgstr ""
-#: ../../../docs/obtaining-access-tokens.md:15
+#: ../../../docs/obtaining-access-tokens.md:14
-msgid "Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
+msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""
 #: ../../../docs/obtaining-access-tokens.md:17
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-03 11:56+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -57,7 +57,7 @@ msgid "Registering users manually"
 msgstr ""
 #: ../../../docs/registering-users.md:25
-#: ../../../docs/registering-users.md:123
+#: ../../../docs/registering-users.md:127
 msgid "**Notes**:"
 msgstr ""
@@ -97,8 +97,8 @@ msgstr ""
 msgid "Feel free to register as many users (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your user account only (with `admin=yes`), and others should be created with `admin=no`."
 msgstr ""
-#: ../../../docs/registering-users.md:55
+#: ../../../docs/registering-users.md:54
-msgid "If you're registering users against Matrix Authentication Service, do note that it [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information."
+msgid "[!WARNING] If you're registering users against Matrix Authentication Service, do note that it [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information."
 msgstr ""
 #: ../../../docs/registering-users.md:57
@@ -129,8 +129,8 @@ msgstr ""
 msgid "This `register-user` script actually invokes the `mas-cli manage register-user` command under the hood. If you'd like more control over the registration process, consider invoking the `mas-cli` command directly:"
 msgstr ""
-#: ../../../docs/registering-users.md:94
+#: ../../../docs/registering-users.md:93
-msgid "Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information."
+msgid "[!WARNING] Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information."
 msgstr ""
 #: ../../../docs/registering-users.md:96
@@ -142,89 +142,97 @@ msgid "To manage users and your homeserver more easily (via a web interface), yo
 msgstr ""
 #: ../../../docs/registering-users.md:100
-msgid "Enabling public user registration"
+msgid "Letting certain users register on your private server"
 msgstr ""
 #: ../../../docs/registering-users.md:102
-msgid "To **open up user registration publicly** (usually **not recommended**), add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
+msgid "If you'd rather **keep your server private** (public registration closed, as is the default), and **let certain people create accounts by themselves** (instead of creating user accounts manually like this), consider installing and making use of [matrix-registration](configuring-playbook-matrix-registration.md)."
 msgstr ""
 #: ../../../docs/registering-users.md:104
 msgid "Enabling public user registration"
 msgstr ""
 #: ../../../docs/registering-users.md:106
 msgid "To **open up user registration publicly** (usually **not recommended**), add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""
 #: ../../../docs/registering-users.md:108
 msgid "For Synapse:"
 msgstr ""
-#: ../../../docs/registering-users.md:110
+#: ../../../docs/registering-users.md:114
 msgid "For Dendrite:"
 msgstr ""
-#: ../../../docs/registering-users.md:116
+#: ../../../docs/registering-users.md:120
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""
-#: ../../../docs/registering-users.md:125
+#: ../../../docs/registering-users.md:129
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""
-#: ../../../docs/registering-users.md:127
+#: ../../../docs/registering-users.md:131
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""
-#: ../../../docs/registering-users.md:129
+#: ../../../docs/registering-users.md:133
 msgid "If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md)."
 msgstr ""
-#: ../../../docs/registering-users.md:131
+#: ../../../docs/registering-users.md:135
 msgid "Adding/Removing Administrator privileges to an existing user"
 msgstr ""
-#: ../../../docs/registering-users.md:133
+#: ../../../docs/registering-users.md:137
 msgid "Adding/Removing Administrator privileges to an existing user in Synapse"
 msgstr ""
-#: ../../../docs/registering-users.md:135
+#: ../../../docs/registering-users.md:139
 msgid "To change the admin privileges for a user in Synapse's local database, you need to run an SQL query like this against the `synapse` database:"
 msgstr ""
-#: ../../../docs/registering-users.md:141
+#: ../../../docs/registering-users.md:145
 msgid "where:"
 msgstr ""
-#: ../../../docs/registering-users.md:143
+#: ../../../docs/registering-users.md:147
 msgid "`ADMIN_VALUE` being either `0` (regular user) or `1` (admin)"
 msgstr ""
-#: ../../../docs/registering-users.md:144
+#: ../../../docs/registering-users.md:148
 msgid "`USER` and `example.com` pointing to a valid user on your server"
 msgstr ""
-#: ../../../docs/registering-users.md:146
+#: ../../../docs/registering-users.md:150
 msgid "If you're using the integrated Postgres server and not an [external Postgres server](configuring-playbook-external-postgres.md), you can launch a Postgres into the `synapse` database by:"
 msgstr ""
-#: ../../../docs/registering-users.md:148
+#: ../../../docs/registering-users.md:152
 msgid "running `/matrix/postgres/bin/cli` — to launch [`psql`](https://www.postgresql.org/docs/current/app-psql.html)"
 msgstr ""
-#: ../../../docs/registering-users.md:149
+#: ../../../docs/registering-users.md:153
 msgid "running `\\c synapse` — to change to the `synapse` database"
 msgstr ""
-#: ../../../docs/registering-users.md:151
+#: ../../../docs/registering-users.md:155
 msgid "You can then proceed to run the query above."
 msgstr ""
-#: ../../../docs/registering-users.md:153
+#: ../../../docs/registering-users.md:157
 msgid "**Note**: directly modifying the raw data of Synapse (or any other software) could cause the software to break. You've been warned!"
 msgstr ""
-#: ../../../docs/registering-users.md:155
+#: ../../../docs/registering-users.md:159
 msgid "Adding/Removing Administrator privileges to an existing user in Matrix Authentication Service"
 msgstr ""
-#: ../../../docs/registering-users.md:157
+#: ../../../docs/registering-users.md:161
 msgid "Promoting/demoting a user in Matrix Authentication Service can be done using the [`mas-cli`](./configuring-playbook-matrix-authentication-service.md#management) management tool's [`manage promote-admin`](https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-promote-admin) and [`manage demote-admin`](https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-demote-admin) commands. For example: `/matrix/matrix-authentication-service/bin/mas-cli manage promote-admin some.username`."
 msgstr ""
-#: ../../../docs/registering-users.md:159
+#: ../../../docs/registering-users.md:163
 msgid "You can also do it via the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html)'s `POST /api/admin/v1/users/{id}/set-admin` endpoint."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-04-03 12:09+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -69,77 +69,81 @@ msgid "`sable`"
 msgstr ""
 #: ../../../docs/self-building.md:34
-msgid "`coturn`"
+msgid "`matrix-registration`"
 msgstr ""
 #: ../../../docs/self-building.md:35
-msgid "`matrix-corporal`"
+msgid "`coturn`"
 msgstr ""
 #: ../../../docs/self-building.md:36
-msgid "`exim-relay`"
+msgid "`matrix-corporal`"
 msgstr ""
 #: ../../../docs/self-building.md:37
-msgid "`matrix-bridge-hookshot`"
+msgid "`exim-relay`"
 msgstr ""
 #: ../../../docs/self-building.md:38
-msgid "`matrix-bridge-appservice-irc`"
+msgid "`matrix-bridge-hookshot`"
 msgstr ""
 #: ../../../docs/self-building.md:39
-msgid "`matrix-bridge-beeper-linkedin`"
+msgid "`matrix-bridge-appservice-irc`"
 msgstr ""
 #: ../../../docs/self-building.md:40
-msgid "`matrix-bridge-mautrix-googlechat`"
+msgid "`matrix-bridge-beeper-linkedin`"
 msgstr ""
 #: ../../../docs/self-building.md:41
-msgid "`matrix-bridge-mautrix-telegram`"
+msgid "`matrix-bridge-mautrix-googlechat`"
 msgstr ""
 #: ../../../docs/self-building.md:42
-msgid "`matrix-bridge-mautrix-signal`"
+msgid "`matrix-bridge-mautrix-telegram`"
 msgstr ""
 #: ../../../docs/self-building.md:43
-msgid "`matrix-bridge-mautrix-gmessages`"
+msgid "`matrix-bridge-mautrix-signal`"
 msgstr ""
 #: ../../../docs/self-building.md:44
-msgid "`matrix-bridge-mautrix-whatsapp`"
+msgid "`matrix-bridge-mautrix-gmessages`"
 msgstr ""
 #: ../../../docs/self-building.md:45
-msgid "`matrix-bridge-mx-puppet-steam`"
+msgid "`matrix-bridge-mautrix-whatsapp`"
 msgstr ""
 #: ../../../docs/self-building.md:46
-msgid "`matrix-bot-mjolnir`"
+msgid "`matrix-bridge-mx-puppet-steam`"
 msgstr ""
 #: ../../../docs/self-building.md:47
-msgid "`matrix-bot-honoroit`"
+msgid "`matrix-bot-mjolnir`"
 msgstr ""
 #: ../../../docs/self-building.md:48
-msgid "`matrix-bot-matrix-reminder-bot`"
+msgid "`matrix-bot-honoroit`"
 msgstr ""
 #: ../../../docs/self-building.md:49
-msgid "`matrix-bot-maubot`"
+msgid "`matrix-bot-matrix-reminder-bot`"
 msgstr ""
 #: ../../../docs/self-building.md:50
 msgid "`matrix-bot-maubot`"
 msgstr ""
 #: ../../../docs/self-building.md:51
 msgid "`matrix-pantalaimon`"
 msgstr ""
-#: ../../../docs/self-building.md:52
+#: ../../../docs/self-building.md:53
 msgid "Adding self-building support to other roles is welcome. Feel free to contribute!"
 msgstr ""
-#: ../../../docs/self-building.md:54
+#: ../../../docs/self-building.md:55
 msgid "If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-19 07:40+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -20,6 +20,10 @@ msgstr ""
 msgid "Uninstalling"
 msgstr ""
 #: ../../../docs/uninstalling.md:11
 msgid "[!WARNING]"
 msgstr ""
 #: ../../../docs/uninstalling.md:12
 msgid "If your server federates with others, make sure to **leave any federated rooms before nuking your Matrix server's data**. Otherwise, the next time you set up a Matrix server for this domain (regardless of the installation method you use), you'll encounter trouble federating."
 msgstr ""
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 [tools]
-prek = "0.4.1"
+prek = "0.3.13"
 [settings]
 yes = true
@@ -1,13 +1,13 @@
 ---
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
-  version: v1.0.0-7
+  version: v1.0.0-6
  name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
  version: v1.4.4-2.1.4-1
  name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
-  version: v4.12.1-0
+  version: v4.11.1-2
  name: cinny
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
  version: v0.4.2-5
@@ -27,7 +27,7 @@
  version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
  name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.7.2-1
+  version: v2.7.3-0
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
  version: v4.99.1-r0-2-1
@@ -36,13 +36,13 @@
  version: v11.6.5-10
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
-  version: v0.5.1-5
+  version: v0.5.1-4
  name: hydrogen
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10978-0
+  version: v10888-1
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.12.0-0
+  version: v1.11.0-2
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
  version: v2.22.0-1
@@ -57,7 +57,7 @@
  version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
  name: playbook_state_preserver
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
-  version: v18.4-0
+  version: v18.3-5
  name: postgres
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
  version: v18-3
@@ -75,7 +75,7 @@
  version: v0.19.1-4
  name: prometheus_postgres_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
-  version: v1.17.0-0
+  version: v1.15.2-0
  name: sable
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: v1.5.0-0
@@ -87,11 +87,11 @@
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.7.1-0
+  version: v3.7.0-0
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-7
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
-  version: v9.1.0-0
+  version: v9.0.4-0
  name: valkey
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2026.5.20
+matrix_alertmanager_receiver_version: 2026.5.6
 matrix_alertmanager_receiver_scheme: https
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.17.0
+matrix_authentication_service_version: 1.16.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -131,6 +131,9 @@ matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
 # This is where you access the Etherpad (if enabled via etherpad_enabled; disabled by default).
 matrix_server_fqn_etherpad: "etherpad.{{ matrix_domain }}"
 # For use with Go-NEB! (github callback url for example)
 matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}"
 # This is where you access Jitsi.
 matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.19.2
+matrix_bot_baibot_version: v1.18.0
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -0,0 +1,362 @@
 # SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 Yannick Goossens
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2023 Samuel Meenzen
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
 # Project source code URL: https://github.com/matrix-org/go-neb
 matrix_bot_go_neb_enabled: true
 # renovate: datasource=docker depName=matrixdotorg/go-neb
 matrix_bot_go_neb_version: latest
 matrix_bot_go_neb_scheme: https
 # The hostname at which Go-NEB is served.
 matrix_bot_go_neb_hostname: ''
 # The path at which Go-NEB is exposed.
 # This value must either be `/` or not end with a slash (e.g. `/go-neb`).
 matrix_bot_go_neb_path_prefix: /
 matrix_bot_go_neb_base_url: "{{ matrix_bot_go_neb_scheme }}://{{ matrix_bot_go_neb_hostname }}{{ matrix_bot_go_neb_path_prefix }}{{ '' if matrix_bot_go_neb_path_prefix == '/' else '/' }}"
 matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb"
 matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config"
 matrix_bot_go_neb_config_path_in_container: "/config/config.yaml"
 matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data"
 matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
 matrix_bot_go_neb_container_image: "{{ matrix_bot_go_neb_container_image_registry_prefix }}matrixdotorg/go-neb:{{ matrix_bot_go_neb_container_image_tag }}"
 matrix_bot_go_neb_container_image_tag: "{{ matrix_bot_go_neb_version }}"
 matrix_bot_go_neb_container_image_registry_prefix: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream }}"
 matrix_bot_go_neb_container_image_registry_prefix_upstream: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream_default }}"
 matrix_bot_go_neb_container_image_registry_prefix_upstream_default: "docker.io/"
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_bot_go_neb_container_network: matrix-bot-go-neb
 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_bot_go_neb_container_additional_networks: []
 # Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4050"), or empty string to not expose.
 matrix_bot_go_neb_container_http_host_bind_port: ''
 # matrix_bot_go_neb_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
 # To inject your own other container labels, see `matrix_bot_go_neb_container_labels_additional_labels`.
 matrix_bot_go_neb_container_labels_traefik_enabled: true
 matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_bot_go_neb_container_network }}"
 matrix_bot_go_neb_container_labels_traefik_hostname: "{{ matrix_bot_go_neb_hostname }}"
 # The path prefix must either be `/` or not end with a slash (e.g. `/go-neb`).
 matrix_bot_go_neb_container_labels_traefik_path_prefix: "{{ matrix_bot_go_neb_path_prefix }}"
 matrix_bot_go_neb_container_labels_traefik_rule: "Host(`{{ matrix_bot_go_neb_container_labels_traefik_hostname }}`){% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_go_neb_container_labels_traefik_path_prefix }}`){% endif %}"
 matrix_bot_go_neb_container_labels_traefik_priority: 0
 matrix_bot_go_neb_container_labels_traefik_entrypoints: web-secure
 matrix_bot_go_neb_container_labels_traefik_tls: "{{ matrix_bot_go_neb_container_labels_traefik_entrypoints != 'web' }}"
 matrix_bot_go_neb_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 # Controls which additional headers to attach to all HTTP responses.
 # To add your own headers, use `matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom`
 matrix_bot_go_neb_container_labels_traefik_additional_response_headers: "{{ matrix_bot_go_neb_container_labels_traefik_additional_response_headers_auto | combine(matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom) }}"
 matrix_bot_go_neb_container_labels_traefik_additional_response_headers_auto: |
  {{
    {}
    | combine ({'X-XSS-Protection': matrix_bot_go_neb_http_header_xss_protection} if matrix_bot_go_neb_http_header_xss_protection else {})
    | combine ({'X-Content-Type-Options': matrix_bot_go_neb_http_header_content_type_options} if matrix_bot_go_neb_http_header_content_type_options else {})
    | combine ({'Content-Security-Policy': matrix_bot_go_neb_http_header_content_security_policy} if matrix_bot_go_neb_http_header_content_security_policy else {})
    | combine ({'Permission-Policy': matrix_bot_go_neb_http_header_content_permission_policy} if matrix_bot_go_neb_http_header_content_permission_policy else {})
    | combine ({'Strict-Transport-Security': matrix_bot_go_neb_http_header_strict_transport_security} if matrix_bot_go_neb_http_header_strict_transport_security and matrix_bot_go_neb_container_labels_traefik_tls else {})
  }}
 matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom: {}
 # matrix_bot_go_neb_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
 # Example:
 # matrix_bot_go_neb_container_labels_additional_labels: |
 #   my.label=1
 #   another.label="here"
 matrix_bot_go_neb_container_labels_additional_labels: ''
 # A list of extra arguments to pass to the container
 matrix_bot_go_neb_container_extra_arguments: []
 # List of systemd services that matrix-bot-go-neb.service depends on
 matrix_bot_go_neb_systemd_required_services_list: "{{ matrix_bot_go_neb_systemd_required_services_list_default + matrix_bot_go_neb_systemd_required_services_list_auto + matrix_bot_go_neb_systemd_required_services_list_custom }}"
 matrix_bot_go_neb_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
 matrix_bot_go_neb_systemd_required_services_list_auto: []
 matrix_bot_go_neb_systemd_required_services_list_custom: []
 # List of systemd services that matrix-bot-go-neb.service wants
 matrix_bot_go_neb_systemd_wanted_services_list: []
 # Specifies the value of the `X-XSS-Protection` header
 # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
 #
 # Learn more about it is here:
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_bot_go_neb_http_header_xss_protection: "1; mode=block"
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_bot_go_neb_http_header_content_type_options: nosniff
 # Specifies the value of the `Content-Security-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 matrix_bot_go_neb_http_header_content_security_policy: frame-ancestors 'self'
 # Specifies the value of the `Permission-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
 matrix_bot_go_neb_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_bot_go_neb_floc_optout_enabled else '' }}"
 # Specifies the value of the `Strict-Transport-Security` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 matrix_bot_go_neb_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_bot_go_neb_hsts_preload_enabled else '' }}"
 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
 #
 # Learn more about what it is here:
 # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
 # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
 # - https://amifloced.org/
 #
 # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
 # See: `matrix_bot_go_neb_content_permission_policy`
 matrix_bot_go_neb_floc_optout_enabled: true
 # Controls if HSTS preloading is enabled
 #
 # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
 # indicates a willingness to be "preloaded" into browsers:
 # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
 # For more information visit:
 # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # - https://hstspreload.org/#opt-in
 # See: `matrix_bot_go_neb_http_header_strict_transport_security`
 matrix_bot_go_neb_hsts_preload_enabled: false
 # Database-related configuration fields.
 #
 # MUST be "sqlite3". No other type is supported.
 matrix_bot_go_neb_database_engine: 'sqlite3'
 matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
 matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"
 matrix_bot_go_neb_storage_database: "{{ {
    'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
 }[matrix_bot_go_neb_database_engine] }}"
 # The bot's username(s). These users need to be created manually beforehand.
 # The access tokens that the bot uses to authenticate.
 # Generate one as described in
 # https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token
 # via curl. With the Element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start)
 matrix_bot_go_neb_clients: []
 #  - UserID: "@goneb:{{ matrix_domain }}"
 #    AccessToken: "MDASDASJDIASDJASDAFGFRGER"
 #    DeviceID: "DEVICE1"
 #    HomeserverURL: "{{ matrix_addons_homeserver_client_api_url }}"
 #    Sync: true
 #    AutoJoinRooms: true
 #    DisplayName: "Go-NEB!"
 #    AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
 #
 #  - UserID: "@another_goneb:{{ matrix_domain }}"
 #    AccessToken: "MDASDASJDIASDJASDAFGFRGER"
 #    DeviceID: "DEVICE2"
 #    HomeserverURL: "{{ matrix_addons_homeserver_client_api_url }}"
 #    Sync: false
 #    AutoJoinRooms: false
 #    DisplayName: "Go-NEB!"
 #    AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
 # The list of realms which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureAuthRealm for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
 matrix_bot_go_neb_realms: []
 #  - ID: "github_realm"
 #    Type: "github"
 #    Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
 # The list of *authenticated* sessions which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # The full list of options are shown below: there is no single HTTP endpoint
 # which maps to this section.
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
 matrix_bot_go_neb_sessions: []
 #  - SessionID: "your_github_session"
 #    RealmID: "github_realm"
 #    UserID: "@alice:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
 #    Config:
 #      # Populate these fields by generating a "Personal Access Token" on github.com
 #      AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
 #      Scopes: "admin:org_hook,admin:repo_hook,repo,user"
 # The list of services which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureService for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
 matrix_bot_go_neb_services: []
 #  - ID: "echo_service"
 #    Type: "echo"
 #    UserID: "@goneb:{{ matrix_domain }}"
 #    Config: {}
 ## Can be obtained from https://developers.giphy.com/dashboard/
 #  - ID: "giphy_service"
 #    Type: "giphy"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "qwg4672vsuyfsfe"
 #      use_downsized: false
 #
 ## This service has been dead for over a year :/
 #  - ID: "guggy_service"
 #    Type: "guggy"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "2356saaqfhgfe"
 #
 ## API Key via https://developers.google.com/custom-search/v1/introduction
 ## CX via http://www.google.com/cse/manage/all
 ## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
 ## 'Search the entire web' and 'Image search' enabled for best results
 #  - ID: "google_service"
 #    Type: "google"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "AIzaSyA4FD39m9"
 #      cx: "AIASDFWSRRtrtr"
 #
 ## Get a key via https://api.imgur.com/oauth2/addclient
 ## Select "oauth2 without callback url"
 #  - ID: "imgur_service"
 #    Type: "imgur"
 #    UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      client_id: "AIzaSyA4FD39m9"
 #      client_secret: "somesecret"
 #
 #  - ID: "wikipedia_service"
 #    Type: "wikipedia"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #
 #  - ID: "rss_service"
 #    Type: "rssbot"
 #    UserID: "@another_goneb:{{ matrix_domain }}"
 #    Config:
 #      feeds:
 #        "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
 #          rooms: ["!qporfwt:localhost"]
 #          must_include:
 #            author:
 #              - author1
 #            description:
 #              - lorem
 #              - ipsum
 #          must_not_include:
 #            title:
 #              - Lorem
 #              - Ipsum
 #
 #  - ID: "github_cmd_service"
 #    Type: "github"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      RealmID: "github_realm"
 #
 #    # Make sure your BASE_URL can be accessed by Github!
 #  - ID: "github_webhook_service"
 #    Type: "github-webhook"
 #    UserID: "@another_goneb:{{ matrix_domain }}"
 #    Config:
 #      RealmID: "github_realm"
 #      ClientUserID: "@alice:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
 #      Rooms:
 #        "!qporfwt:example.com":
 #          Repos:
 #            "element-hq/synapse":
 #              Events: ["push", "issues"]
 #            "matrix-org/dendron":
 #              Events: ["pull_request"]
 #        "!aaabaa:example.com":
 #          Repos:
 #            "element-hq/synapse":
 #              Events: ["push", "issues"]
 #            "matrix-org/dendron":
 #              Events: ["pull_request"]
 #
 #  - ID: "slackapi_service"
 #    Type: "slackapi"
 #    UserID: "@slackapi:{{ matrix_domain }}"
 #    Config:
 #      Hooks:
 #        "hook1":
 #          RoomID: "!qporfwt:example.com"
 #          MessageType: "m.text" # default is m.text
 #
 #  - ID: "alertmanager_service"
 #    Type: "alertmanager"
 #    UserID: "@alertmanager:{{ matrix_domain }}"
 #    Config:
 #      # This is for information purposes only. It should point to Go-NEB path as follows:
 #      # `/services/hooks/<base64 encoded service ID>`
 #      # Where in this case "service ID" is "alertmanager_service"
 #      # Make sure your BASE_URL can be accessed by the Alertmanager instance!
 #      webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
 #      # Each room will get the notification with the alert rendered with the given template
 #      rooms:
 #        "!qporfwt:example.com":
 #          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
 #          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\"}}    {{ if eq .Status \"firing\"}}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
 #          msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_bot_go_neb_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_bot_go_neb_configuration_yaml`.
 matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml | from_yaml if matrix_bot_go_neb_configuration_extension_yaml | from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
 matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml | from_yaml | combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
 # matrix_bot_go_neb_restart_necessary controls whether the service
 # will be restarted (when true) or merely started (when false) by the
 # systemd service manager role (when conditional restart is enabled).
 #
 # This value is automatically computed during installation based on whether
 # any configuration files, the systemd service file, or the container image changed.
 # The default of `false` means "no restart needed" — appropriate when the role's
 # installation tasks haven't run (e.g., due to --tags skipping them).
 matrix_bot_go_neb_restart_necessary: false
@@ -0,0 +1,78 @@
 # SPDX-FileCopyrightText: 2021 Yannick Goossens
 # SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Jim Myhrberg
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 # SPDX-FileCopyrightText: 2024 David Mehren
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Ensure go-neb paths exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_go_neb_config_path }}", when: true}
    - {path: "{{ matrix_bot_go_neb_data_path }}", when: true}
    - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true}
  when: "item.when | bool"
 - name: Ensure go-neb config installed
  ansible.builtin.copy:
    content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_go_neb_config_result
 - name: Ensure go-neb support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_bot_go_neb_base_path }}/{{ item }}"
    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - env
    - labels
  register: matrix_bot_go_neb_support_files_result
 - name: Ensure go-neb container image is pulled
  community.docker.docker_image_pull:
    name: "{{ matrix_bot_go_neb_container_image }}"
    pull: always
  register: matrix_bot_go_neb_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: matrix_bot_go_neb_container_image_pull_result is not failed
 - name: Ensure go-neb container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_bot_go_neb_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 - name: Ensure matrix-bot-go-neb.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
    mode: '0644'
  register: matrix_bot_go_neb_systemd_service_result
 - name: Determine whether go-neb needs a restart
  ansible.builtin.set_fact:
    matrix_bot_go_neb_restart_necessary: >-
      {{
        matrix_bot_go_neb_config_result.changed | default(false)
        or matrix_bot_go_neb_support_files_result.changed | default(false)
        or matrix_bot_go_neb_systemd_service_result.changed | default(false)
        or matrix_bot_go_neb_container_image_pull_result.changed | default(false)
      }}
@@ -0,0 +1,26 @@
 # SPDX-FileCopyrightText: 2021 Yannick Goossens
 # SPDX-FileCopyrightText: 2022 - 2023 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - tags:
    - setup-all
    - setup-bot-go-neb
    - install-all
    - install-bot-go-neb
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
      when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
      when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
 - tags:
    - setup-all
    - setup-bot-go-neb
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
      when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
@@ -0,0 +1,32 @@
 # SPDX-FileCopyrightText: 2021 - 2023 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 Yannick Goossens
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Check existence of matrix-go-neb service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
  register: matrix_bot_go_neb_service_stat
 - when: matrix_bot_go_neb_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-go-neb is stopped
      ansible.builtin.service:
        name: matrix-bot-go-neb
        state: stopped
        enabled: false
        daemon_reload: true
    - name: Ensure matrix-bot-go-neb.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
        state: absent
    - name: Ensure Matrix go-neb paths don't exist
      ansible.builtin.file:
        path: "{{ matrix_bot_go_neb_base_path }}"
        state: absent
@@ -0,0 +1,26 @@
 # SPDX-FileCopyrightText: 2021 Yannick Goossens
 # SPDX-FileCopyrightText: 2022 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Fail if there's not at least 1 client
  ansible.builtin.fail:
    msg: >-
      You need at least 1 client in the matrix_bot_go_neb_clients block.
  when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined
 - name: Fail if there's not at least 1 service
  ansible.builtin.fail:
    msg: >-
      You need at least 1 service in the matrix_bot_go_neb_services block.
  when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined
 - name: (Deprecation) Catch and report renamed matrix-bot-go-neb variables
  ansible.builtin.fail:
    msg: >-
      The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead.
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_go_neb_container_image_force_pull', 'new': '<removed> (the new community.docker.docker_image_pull module handles this natively)'}
@@ -0,0 +1,44 @@
 # Go-NEB Configuration File
 #
 # This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs.
 #
 # This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`.
 # It will force Go-NEB to operate in "config" mode. This means:
 #   - Go-NEB will ONLY use the data contained inside this file.
 #   - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime.
 #   - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead.
 #
 # This file is broken down into 4 sections which matches the following HTTP APIs:
 #   - /configureClient
 #   - /configureAuthRealm
 #   - /configureService
 #   - /requestAuthSession (redirects not supported)
 # The list of clients which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureClient for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig
 clients:
  {{ matrix_bot_go_neb_clients|to_json }}
 # The list of realms which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureAuthRealm for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
 realms:
  {{ matrix_bot_go_neb_realms|to_json }}
 # The list of *authenticated* sessions which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # The full list of options are shown below: there is no single HTTP endpoint
 # which maps to this section.
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
 sessions:
  {{ matrix_bot_go_neb_sessions|to_json }}
 # The list of services which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureService for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
 services:
  {{ matrix_bot_go_neb_services|to_json }}
@@ -0,0 +1,4 @@
 SPDX-FileCopyrightText: 2021 Yannick Goossens
 SPDX-FileCopyrightText: 2022 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
@@ -0,0 +1,14 @@
 {#
 SPDX-FileCopyrightText: 2023 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 BIND_ADDRESS=:4050
 DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}
 DATABASE_URL={{ matrix_bot_go_neb_storage_database }}
 BASE_URL={{ matrix_bot_go_neb_base_url }}
 CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}
@@ -0,0 +1,52 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {% if matrix_bot_go_neb_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_bot_go_neb_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_bot_go_neb_container_labels_traefik_docker_network }}
 {% endif %}
 traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050
 {% set middlewares = [] %}
 {% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
 traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.regex=({{ matrix_bot_go_neb_container_labels_traefik_path_prefix | quote }})$
 traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.replacement=${1}/
 {% set middlewares = middlewares + ['matrix-bot-go-neb-slashless-redirect'] %}
 {% endif %}
 {% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
 traefik.http.middlewares.matrix-bot-go-neb-strip-prefix.stripprefix.prefixes={{ matrix_bot_go_neb_container_labels_traefik_path_prefix }}
 {% set middlewares = middlewares + ['matrix-bot-go-neb-strip-prefix'] %}
 {% endif %}
 {% if matrix_bot_go_neb_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
 {% for name, value in matrix_bot_go_neb_container_labels_traefik_additional_response_headers.items() %}
 traefik.http.middlewares.matrix-bot-go-neb-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
 {% endfor %}
 {% set middlewares = middlewares + ['matrix-bot-go-neb-add-headers'] %}
 {% endif %}
 traefik.http.routers.matrix-bot-go-neb.rule={{ matrix_bot_go_neb_container_labels_traefik_rule }}
 {% if matrix_bot_go_neb_container_labels_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-bot-go-neb.priority={{ matrix_bot_go_neb_container_labels_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-bot-go-neb.service=matrix-bot-go-neb
 {% if middlewares | length > 0 %}
 traefik.http.routers.matrix-bot-go-neb.middlewares={{ middlewares | join(',') }}
 {% endif %}
 traefik.http.routers.matrix-bot-go-neb.entrypoints={{ matrix_bot_go_neb_container_labels_traefik_entrypoints }}
 traefik.http.routers.matrix-bot-go-neb.tls={{ matrix_bot_go_neb_container_labels_traefik_tls | to_json }}
 {% if matrix_bot_go_neb_container_labels_traefik_tls %}
 traefik.http.routers.matrix-bot-go-neb.tls.certResolver={{ matrix_bot_go_neb_container_labels_traefik_tls_certResolver }}
 {% endif %}
 {% endif %}
 {{ matrix_bot_go_neb_container_labels_additional_labels }}
@@ -0,0 +1,55 @@
 #jinja2: lstrip_blocks: True
 [Unit]
 Description=Matrix Go-NEB bot
 {% for service in matrix_bot_go_neb_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_bot_go_neb_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-bot-go-neb \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_bot_go_neb_container_network }} \
 			{% if matrix_bot_go_neb_container_http_host_bind_port %}
 			-p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \
 			{% endif %}
 			--env-file={{ matrix_bot_go_neb_base_path }}/env \
 			--label-file={{ matrix_bot_go_neb_base_path }}/labels \
 			--mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \
 			--entrypoint=/bin/sh \
 			{% for arg in matrix_bot_go_neb_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_bot_go_neb_container_image }} \
 			-c "go-neb /config/config.yaml"
 {% for network in matrix_bot_go_neb_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-go-neb
 {% endfor %}
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-go-neb
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-go-neb 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,4 @@
 SPDX-FileCopyrightText: 2021 Yannick Goossens
 SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
@@ -23,9 +23,6 @@ matrix_bot_maubot_initial_password: ''
 matrix_bot_maubot_scheme: https
 matrix_bot_maubot_hostname: ''
 # The path at which maubot is exposed.
 # This value must either be `/` or not end with a slash (e.g. `/_matrix/maubot`).
 matrix_bot_maubot_path_prefix: /_matrix/maubot
 matrix_bot_maubot_container_image_self_build: false
@@ -61,9 +58,9 @@ matrix_bot_maubot_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/d
 matrix_bot_maubot_customized_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
 matrix_bot_maubot_bot_server_public_url: "{{ matrix_bot_maubot_scheme }}://{{ matrix_bot_maubot_hostname }}"
-matrix_bot_maubot_bot_server_base_path: "{{ '' if matrix_bot_maubot_path_prefix == '/' else matrix_bot_maubot_path_prefix }}/v1"
+matrix_bot_maubot_bot_server_base_path: "{{ matrix_bot_maubot_path_prefix }}/v1"
 matrix_bot_maubot_bot_server_ui_base_path: "{{ matrix_bot_maubot_path_prefix }}"
-matrix_bot_maubot_bot_server_plugin_base_path: "{{ '' if matrix_bot_maubot_path_prefix == '/' else matrix_bot_maubot_path_prefix }}/plugin/"
+matrix_bot_maubot_bot_server_plugin_base_path: "{{ matrix_bot_maubot_path_prefix }}/plugin/"
 matrix_bot_maubot_bot_server_appservice_base_path: "{{ matrix_bot_maubot_bot_server_base_path }}"
 matrix_bot_maubot_proxy_management_interface: true
@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.2605.0
+matrix_mautrix_gmessages_version: v0.2604.0
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_container_image: "{{ matrix_mautrix_gmessages_container_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.2605.0
+matrix_mautrix_meta_instagram_version: v0.2604.0
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.2605.0
+matrix_mautrix_meta_messenger_version: v0.2604.0
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
 matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
-matrix_mautrix_slack_version: v0.2605.0
+matrix_mautrix_slack_version: v0.2604.0
 # See: https://mau.dev/mautrix/slack/container_registry
 matrix_mautrix_slack_container_image: "{{ matrix_mautrix_slack_container_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
 matrix_mautrix_slack_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_container_image_registry_prefix_upstream }}"
@@ -26,7 +26,7 @@ matrix_mautrix_telegram_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_telegram_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
-matrix_mautrix_telegram_version: v0.2605.0
+matrix_mautrix_telegram_version: v0.2604.0
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_container_image: "{{ matrix_mautrix_telegram_container_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
@@ -2,7 +2,7 @@
 # Network-specific config options
 network:
    # Get your own API keys at https://my.telegram.org/apps
-    api_id: {{ matrix_mautrix_telegram_api_id | int | to_json }}
+    api_id: {{ matrix_mautrix_telegram_api_id | to_json }}
    api_hash: {{ matrix_mautrix_telegram_api_hash | to_json }}
    # Device info shown in the Telegram device list.
@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.2605.0
+matrix_mautrix_whatsapp_version: v0.2604.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_container_image: "{{ matrix_mautrix_whatsapp_container_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.12.18
+matrix_client_element_version: v1.12.17
 matrix_client_element_container_image: "{{ matrix_client_element_container_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_container_image_registry_prefix_upstream }}"
@@ -13,7 +13,7 @@ matrix_continuwuity_enabled: true
 matrix_continuwuity_hostname: ''
 # renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity
-matrix_continuwuity_version: v0.5.9
+matrix_continuwuity_version: v0.5.8
 matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}"
 matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}"
@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
 matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
-matrix_element_call_version: v0.19.4
+matrix_element_call_version: v0.19.2
 matrix_element_call_scheme: https
@@ -24,7 +24,7 @@ matrix_rageshake_path_prefix: /
 # There are no stable container image tags yet.
 # See: https://github.com/matrix-org/rageshake/issues/69
 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake
-matrix_rageshake_version: 1.18.0
+matrix_rageshake_version: 1.17.1
 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake"
 matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config"
@@ -0,0 +1,176 @@
 # SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 Aaron Raimist
 # SPDX-FileCopyrightText: 2021 Ahmad Haghighi
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2023 Samuel Meenzen
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 # matrix-registration is a simple python application to have a token based Matrix registration
 # See: https://zeratax.github.io/matrix-registration/
 # Project source code URL: https://github.com/ZerataX/matrix-registration
 matrix_registration_enabled: true
 matrix_registration_scheme: https
 matrix_registration_hostname: ''
 matrix_registration_path_prefix: /
 matrix_registration_container_image_self_build: false
 matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration"
 matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}"
 # Controls whether we'll be patching the dependencies in `setup.py` when self-building.
 # Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`).
 # This is an attempt to get matrix-registration in its current (outdated) version to build.
 matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true
 matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
 matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
 matrix_registration_data_path: "{{ matrix_registration_base_path }}/data"
 matrix_registration_container_src_files_path: "{{ matrix_registration_base_path }}/docker-src"
 # renovate: datasource=docker depName=zeratax/matrix-registration
 matrix_registration_version: "v0.7.2"
 matrix_registration_container_image: "{{ matrix_registration_container_image_registry_prefix }}zeratax/matrix-registration:{{ matrix_registration_version }}"
 matrix_registration_container_image_registry_prefix: "{{ 'localhost/' if matrix_registration_container_image_self_build else matrix_registration_container_image_registry_prefix_upstream }}"
 matrix_registration_container_image_registry_prefix_upstream: "{{ matrix_registration_container_image_registry_prefix_upstream_default }}"
 matrix_registration_container_image_registry_prefix_upstream_default: "docker.io/"
 matrix_registration_container_network: ""
 matrix_registration_container_additional_networks: "{{ matrix_registration_container_additional_networks_auto + matrix_registration_container_additional_networks_custom }}"
 matrix_registration_container_additional_networks_auto: []
 matrix_registration_container_additional_networks_custom: []
 # matrix_registration_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
 # To inject your own other container labels, see `matrix_registration_container_labels_additional_labels`.
 matrix_registration_container_labels_traefik_enabled: true
 matrix_registration_container_labels_traefik_docker_network: "{{ matrix_registration_container_network }}"
 matrix_registration_container_labels_traefik_entrypoints: web-secure
 matrix_registration_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 # Controls whether labels will be added that expose matrix-registration's public endpoints
 matrix_registration_container_labels_public_endpoint_enabled: true
 matrix_registration_container_labels_public_endpoint_traefik_rule: "Host(`{{ matrix_registration_hostname }}`){% if matrix_registration_path_prefix != '/' %} && PathPrefix(`{{ matrix_registration_path_prefix }}`){% endif %}"
 matrix_registration_container_labels_public_endpoint_traefik_priority: 0
 matrix_registration_container_labels_public_endpoint_traefik_entrypoints: "{{ matrix_registration_container_labels_traefik_entrypoints }}"
 matrix_registration_container_labels_public_endpoint_traefik_tls: "{{ matrix_registration_container_labels_public_endpoint_traefik_entrypoints != 'web' }}"
 matrix_registration_container_labels_public_endpoint_traefik_tls_certResolver: "{{ matrix_registration_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # matrix_registration_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
 # Example:
 # matrix_registration_container_labels_additional_labels: |
 #   my.label=1
 #   another.label="here"
 matrix_registration_container_labels_additional_labels: ''
 # A list of extra arguments to pass to the container
 matrix_registration_container_extra_arguments: []
 # List of systemd services that matrix-registration.service depends on
 matrix_registration_systemd_required_services_list: "{{ matrix_registration_systemd_required_services_list_default + matrix_registration_systemd_required_services_list_auto + matrix_registration_systemd_required_services_list_custom }}"
 matrix_registration_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
 matrix_registration_systemd_required_services_list_auto: []
 matrix_registration_systemd_required_services_list_custom: []
 # List of systemd services that matrix-registration.service wants
 matrix_registration_systemd_wanted_services_list: []
 # Controls whether the matrix-registration container exposes its HTTP port (tcp/5000 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8767"), or empty string to not expose.
 matrix_registration_container_http_host_bind_port: ''
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.
 #
 # To use Postgres:
 # - change the engine (`matrix_registration_database_engine: 'postgres'`)
 # - adjust your database credentials via the `matrix_registration_database_*` variables
 matrix_registration_database_engine: 'sqlite'
 matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3"
 matrix_registration_sqlite_database_path_in_container: "/data/db.sqlite3"
 matrix_registration_database_username: 'matrix_registration'
 matrix_registration_database_password: 'some-password'
 matrix_registration_database_hostname: ''
 matrix_registration_database_port: 5432
 matrix_registration_database_name: 'matrix_registration'
 matrix_registration_database_connection_string: 'postgresql://{{ matrix_registration_database_username }}:{{ matrix_registration_database_password }}@{{ matrix_registration_database_hostname }}:{{ matrix_registration_database_port }}/{{ matrix_registration_database_name }}'
 # For some reason, matrix-registraiton expects the `db` field to be like this: `sqlite:////data/db.sqlite3`.
 # (seems like one too many slashes, but..)
 matrix_registration_db: "{{ {
    'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
    'postgres': matrix_registration_database_connection_string,
 }[matrix_registration_database_engine] }}"
 matrix_registration_base_url: "{{ matrix_registration_path_prefix }}"
 matrix_registration_api_register_endpoint: "{{ matrix_registration_scheme }}://{{ matrix_registration_hostname }}{{ matrix_registration_base_url }}{{ '' if matrix_registration_base_url == '/' else '/' }}register"
 matrix_registration_api_token_endpoint: "{{ matrix_registration_scheme }}://{{ matrix_registration_hostname }}{{ matrix_registration_base_url }}{{ '' if matrix_registration_base_url == '/' else '/' }}token"
 matrix_registration_api_validate_certs: true
 # The URL to your homeserver (e.g.: `https://matrix.example.com`).
 # A local (in-container address) is preferable.
 matrix_registration_server_location: ""
 matrix_registration_server_name: "{{ matrix_domain }}"
 # matrix_registration_shared_secret needs to match the homeserver's registration secret.
 # For Synapse, that's the `registration_shared_secret` setting.
 matrix_registration_shared_secret: ""
 # matrix_registration_admin_secret is your own admin secret for using matrix-registration (creating new tokens, etc.)
 matrix_registration_admin_secret: ""
 matrix_registration_riot_instance: "https://element.io/app/"
 # Default matrix-registration configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_registration_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_registration_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_registration_configuration_extension_yaml: |
  # Your custom YAML configuration for registration goes here.
  # This configuration extends the default starting configuration (`matrix_registration_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_registration_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # password:
  #   min_length: 12
 matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml | from_yaml if matrix_registration_configuration_extension_yaml | from_yaml is mapping else {} }}"
 # Holds the final matrix-registration configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`.
 matrix_registration_configuration: "{{ matrix_registration_configuration_yaml | from_yaml | combine(matrix_registration_configuration_extension, recursive=True) }}"
 # matrix_registration_restart_necessary controls whether the service
 # will be restarted (when true) or merely started (when false) by the
 # systemd service manager role (when conditional restart is enabled).
 #
 # This value is automatically computed during installation based on whether
 # any configuration files, the systemd service file, or the container image changed.
 # The default of `false` means "no restart needed" — appropriate when the role's
 # installation tasks haven't run (e.g., due to --tags skipping them).
 matrix_registration_restart_necessary: false
@@ -0,0 +1,57 @@
 # SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Fail if playbook called incorrectly
  ansible.builtin.fail:
    msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars"
  when: "one_time is not defined or one_time not in ['yes', 'no']"
 - name: Fail if playbook called incorrectly
  ansible.builtin.fail:
    msg: "The `ex_date` variable (expiration date) needs to be provided to this playbook, via --extra-vars"
  when: "ex_date is not defined or ex_date == '<date>'"
 - name: Call matrix-registration token creation API
  ansible.builtin.uri:
    url: "{{ matrix_registration_api_token_endpoint }}"
    follow_redirects: none
    validate_certs: "{{ matrix_registration_api_validate_certs }}"
    headers:
      Content-Type: application/json
      Authorization: "SharedSecret {{ matrix_registration_admin_secret }}"
    method: POST
    body_format: json
    body: |
      {
        "one_time": {{ 'true' if one_time == 'yes' else 'false' }},
        "ex_date": {{ ex_date | to_json }}
      }
  check_mode: false
  register: matrix_registration_api_result
 - ansible.builtin.set_fact:
    matrix_registration_api_result_message: >-
      matrix-registration result:
      Direct registration link (with the token prefilled):
      {{ matrix_registration_api_register_endpoint }}?token={{ matrix_registration_api_result.json.name }}
      Full token details are:
      {{ matrix_registration_api_result.json }}
  check_mode: false
 - name: Inject result message into devture_playbook_runtime_messages_list
  ansible.builtin.set_fact:
    devture_playbook_runtime_messages_list: |
      {{
        devture_playbook_runtime_messages_list | default([])
        +
        [matrix_registration_api_result_message]
      }}
  check_mode: false
@@ -0,0 +1,37 @@
 # SPDX-FileCopyrightText: 2021 MDAD project contributors
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Call matrix-registration list all tokens API
  ansible.builtin.uri:
    url: "{{ matrix_registration_api_token_endpoint }}"
    follow_redirects: none
    validate_certs: "{{ matrix_registration_api_validate_certs }}"
    headers:
      Content-Type: application/json
      Authorization: "SharedSecret {{ matrix_registration_admin_secret }}"
    method: GET
    body_format: json
  check_mode: false
  register: matrix_registration_api_result
 - ansible.builtin.set_fact:
    matrix_registration_api_result_message: >-
      matrix-registration result:
      {{ matrix_registration_api_result.json | to_nice_json }}
  check_mode: false
 - name: Inject result message into devture_playbook_runtime_messages_list
  ansible.builtin.set_fact:
    devture_playbook_runtime_messages_list: |
      {{
        devture_playbook_runtime_messages_list | default([])
        +
        [matrix_registration_api_result_message]
      }}
  check_mode: false
@@ -0,0 +1,38 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2021 MDAD project contributors
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - tags:
    - setup-all
    - setup-matrix-registration
    - install-all
    - install-matrix-registration
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 - tags:
    - setup-all
    - setup-matrix-registration
  block:
    - when: not matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
 - tags:
    - generate-matrix-registration-token
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/generate_token.yml"
 - tags:
    - list-matrix-registration-tokens
  block:
    - when: matrix_registration_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/list_tokens.yml"
@@ -0,0 +1,149 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2020 Stuart Mumford
 # SPDX-FileCopyrightText: 2022 Jim Myhrberg
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Nikita Chernyi
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 # SPDX-FileCopyrightText: 2024 David Mehren
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - ansible.builtin.set_fact:
    matrix_registration_migration_requires_restart: false
 - when: "matrix_registration_database_engine == 'postgres'"
  block:
    - name: Check if an SQLite database already exists
      ansible.builtin.stat:
        path: "{{ matrix_registration_sqlite_database_path_local }}"
      register: matrix_registration_sqlite_database_path_local_stat_result
    - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
      block:
        - ansible.builtin.include_role:
            name: galaxy/postgres
            tasks_from: migrate_db_to_postgres
          vars:
            postgres_db_migration_request:
              src: "{{ matrix_registration_sqlite_database_path_local }}"
              dst: "{{ matrix_registration_database_connection_string }}"
              caller: "{{ role_path | basename }}"
              engine_variable_name: 'matrix_registration_database_engine'
              engine_old: 'sqlite'
              systemd_services_to_stop: ['matrix-registration.service']
              # pgloader makes `ex_date` of type `TIMESTAMP WITH TIMEZONE`,
              # which makes matrix-registration choke on it later on when comparing dates.
              additional_psql_statements_list:
                - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE;
              additional_psql_statements_db_name: "{{ matrix_registration_database_name }}"
        - ansible.builtin.set_fact:
            matrix_registration_migration_requires_restart: true
 - name: Ensure matrix-registration paths exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_registration_base_path }}", when: true}
    - {path: "{{ matrix_registration_config_path }}", when: true}
    - {path: "{{ matrix_registration_data_path }}", when: true}
    - {path: "{{ matrix_registration_container_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure matrix-registration image is pulled
  community.docker.docker_image_pull:
    name: "{{ matrix_registration_container_image }}"
    pull: always
  when: "not matrix_registration_container_image_self_build | bool"
  register: matrix_registration_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: matrix_registration_container_image_pull_result is not failed
 - name: Ensure matrix-registration repository is present when self-building
  ansible.builtin.git:
    repo: "{{ matrix_registration_container_image_self_build_repo }}"
    dest: "{{ matrix_registration_container_src_files_path }}"
    version: "{{ matrix_registration_container_image_self_build_branch }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
  register: matrix_registration_git_pull_results
  when: "matrix_registration_container_image_self_build | bool"
 # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864
 - name: Patch setup.py to allow self-built version to work
  ansible.builtin.lineinfile:
    path: "{{ matrix_registration_container_src_files_path }}/setup.py"
    regexp: 'flask-limiter'
    line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",'
  when: "matrix_registration_container_image_self_build | bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled | bool"
 - name: Ensure matrix-registration Docker image is built
  community.docker.docker_image_build:
    name: "{{ matrix_registration_container_image }}"
    dockerfile: Dockerfile
    path: "{{ matrix_registration_container_src_files_path }}"
    pull: true
    rebuild: "{{ 'always' if matrix_registration_git_pull_results.changed | bool else 'never' }}"
  when: "matrix_registration_container_image_self_build | bool"
  register: matrix_registration_container_image_build_result
 - name: Ensure matrix-registration config installed
  ansible.builtin.copy:
    content: "{{ matrix_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_registration_config_path }}/config.yaml"
    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_registration_config_result
 - name: Ensure matrix-registration support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_registration_base_path }}/{{ item }}"
    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - labels
  register: matrix_registration_support_files_result
 - name: Ensure matrix-registration container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_registration_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 - name: Ensure matrix-registration.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
    mode: '0644'
  register: matrix_registration_systemd_service_result
 - name: Determine whether matrix-registration needs a restart
  ansible.builtin.set_fact:
    matrix_registration_restart_necessary: >-
      {{
        matrix_registration_migration_requires_restart | default(false)
        or matrix_registration_config_result.changed | default(false)
        or matrix_registration_support_files_result.changed | default(false)
        or matrix_registration_systemd_service_result.changed | default(false)
        or matrix_registration_container_image_pull_result.changed | default(false)
        or matrix_registration_container_image_build_result.changed | default(false)
      }}
 - name: Ensure matrix-registration.service restarted, if necessary
  ansible.builtin.service:
    name: "matrix-registration.service"
    state: restarted
    daemon_reload: true
  when: "matrix_registration_migration_requires_restart | bool"
@@ -0,0 +1,26 @@
 # SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 Marko Weltzer
 # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Check existence of matrix-registration service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
  register: matrix_registration_service_stat
 - when: matrix_registration_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-registration is stopped
      ansible.builtin.service:
        name: matrix-registration
        state: stopped
        enabled: false
        daemon_reload: true
    - name: Ensure matrix-registration.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
        state: absent
@@ -0,0 +1,37 @@
 # SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2025 Suguru Hirahara
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_registration_docker_repo', 'new': 'matrix_registration_container_image_self_build_repo'}
    - {'old': 'matrix_registration_public_endpoint', 'new': 'matrix_registration_path_prefix'}
    - {'old': 'matrix_registration_docker_image', 'new': 'matrix_registration_container_image'}
    - {'old': 'matrix_registration_docker_image_force_pull', 'new': 'matrix_registration_container_image_force_pull'}
    - {'old': 'matrix_registration_docker_image_registry_prefix', 'new': 'matrix_registration_container_image_registry_prefix'}
    - {'old': 'matrix_registration_docker_image_registry_prefix_upstream', 'new': 'matrix_registration_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_registration_docker_image_registry_prefix_upstream_default', 'new': 'matrix_registration_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_registration_docker_src_files_path', 'new': 'matrix_registration_container_src_files_path'}
    - {'old': 'matrix_registration_container_image_force_pull', 'new': '<removed> (the new community.docker.docker_image_pull module handles this natively)'}
 - name: Fail if required matrix-registration settings not defined
  ansible.builtin.fail:
    msg: >
      You need to define a required configuration setting (`{{ item.name }}`).
  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
  with_items:
    - {'name': 'matrix_registration_hostname', when: true}
    - {'name': 'matrix_registration_path_prefix', when: true}
    - {'name': 'matrix_registration_container_network', when: true}
    - {'name': 'matrix_registration_shared_secret', when: true}
    - {'name': 'matrix_registration_admin_secret', when: true}
    - {'name': 'matrix_registration_server_location', when: true}
    - {'name': 'matrix_registration_database_hostname', when: "{{ matrix_registration_database_engine == 'postgres' }}"}
@@ -0,0 +1,37 @@
 {#
 SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 server_location: {{ matrix_registration_server_location|to_json }}
 server_name: {{ matrix_registration_server_name|to_json }}
 shared_secret: {{ matrix_registration_shared_secret|to_json }}
 admin_secret: {{ matrix_registration_admin_secret|to_json }}
 riot_instance: {{ matrix_registration_riot_instance|to_json }}
 db: {{ matrix_registration_db|to_json }}
 host: '0.0.0.0'
 port: 5000
 rate_limit: ["100 per day", "10 per minute"]
 allow_cors: false
 logging:
  disable_existing_loggers: False
  version: 1
  root:
    level: DEBUG
    handlers: [console]
  formatters:
    brief:
      format: '%(name)s - %(levelname)s - %(message)s'
    precise:
      format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
  handlers:
    console:
      class: logging.StreamHandler
      level: INFO
      formatter: brief
      stream: ext://sys.stdout
 # password requirements
 password:
  min_length: 8
 base_url: {{ matrix_registration_base_url|to_json }}
@@ -0,0 +1,69 @@
 {#
 SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {% if matrix_registration_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_registration_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_registration_container_labels_traefik_docker_network }}
 {% endif %}
 traefik.http.services.matrix-registration.loadbalancer.server.port=5000
 {% if matrix_registration_container_labels_public_endpoint_enabled %}
 ############################################################
 #                                                          #
 # Public (e.g. /matrix-registration)                       #
 #                                                          #
 ############################################################
 {% set middlewares = [] %}
 {% if matrix_registration_path_prefix != '/' %}
 traefik.http.middlewares.matrix-registration-slashless-redirect-slashless.redirectregex.regex=({{ matrix_registration_path_prefix | quote }})$
 traefik.http.middlewares.matrix-registration-slashless-redirect-slashless.redirectregex.replacement=${1}/
 {% set middlewares = middlewares + ['matrix-registration-slashless-redirect-slashless'] %}
 {% endif %}
 # matrix-registration serves nothing at the root URL, so we redirect to /register instead.
 traefik.http.middlewares.matrix-registration-slashless-redirect-root.redirectregex.regex=({{ matrix_registration_path_prefix | quote }}{{ '' if matrix_registration_path_prefix == '/' else '/' }})$
 traefik.http.middlewares.matrix-registration-slashless-redirect-root.redirectregex.replacement=${1}register
 {% set middlewares = middlewares + ['matrix-registration-slashless-redirect-root'] %}
 {% if matrix_registration_path_prefix != '/' %}
 traefik.http.middlewares.matrix-registration-strip-prefix.stripprefix.prefixes={{ matrix_registration_path_prefix }}
 {% set middlewares = middlewares + ['matrix-registration-strip-prefix'] %}
 {% endif %}
 traefik.http.routers.matrix-registration-public.rule={{ matrix_registration_container_labels_public_endpoint_traefik_rule }}
 {% if middlewares | length > 0 %}
 traefik.http.routers.matrix-registration-public.middlewares={{ middlewares | join(',') }}
 {% endif %}
 {% if matrix_registration_container_labels_public_endpoint_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-registration-public.priority={{ matrix_registration_container_labels_public_endpoint_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-registration-public.service=matrix-registration
 traefik.http.routers.matrix-registration-public.entrypoints={{ matrix_registration_container_labels_public_endpoint_traefik_entrypoints }}
 traefik.http.routers.matrix-registration-public.tls={{ matrix_registration_container_labels_public_endpoint_traefik_tls | to_json }}
 {% if matrix_registration_container_labels_public_endpoint_traefik_tls %}
 traefik.http.routers.matrix-registration-public.tls.certResolver={{ matrix_registration_container_labels_public_endpoint_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Public (e.g. /matrix-registration)                      #
 #                                                          #
 ############################################################
 {% endif %}
 {% endif %}
 {{ matrix_registration_container_labels_additional_labels }}
@@ -0,0 +1,51 @@
 #jinja2: lstrip_blocks: True
 [Unit]
 Description=matrix-registration
 {% for service in matrix_registration_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_registration_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-registration \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_registration_container_network }} \
 			{% if matrix_registration_container_http_host_bind_port %}
 			-p {{ matrix_registration_container_http_host_bind_port }}:5000 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_registration_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_registration_data_path }},dst=/data \
 			--label-file={{ matrix_registration_base_path }}/labels \
 			{% for arg in matrix_registration_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_registration_container_image }} \
 			serve
 {% for network in matrix_registration_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-registration
 {% endfor %}
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-registration
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-registration 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-registration
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,3 @@
 SPDX-FileCopyrightText: 2020 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.153.0
+matrix_synapse_version: v1.152.0
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -1616,7 +1616,7 @@ matrix_synapse_ext_encryption_config_yaml: |
 # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider.
 matrix_synapse_ext_synapse_s3_storage_provider_enabled: false
 # renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider
-matrix_synapse_ext_synapse_s3_storage_provider_version: 1.6.1
+matrix_synapse_ext_synapse_s3_storage_provider_version: 1.6.0
 # Controls whether media from this (local) server is stored in s3-storage-provider
 matrix_synapse_ext_synapse_s3_storage_provider_store_local: true
 # Controls whether media from remote servers is stored in s3-storage-provider
@@ -1844,7 +1844,7 @@ matrix_synapse_register_user_script_matrix_authentication_service_path: ""
 matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled and matrix_synapse_workers_enabled }}"
 # renovate: datasource=docker depName=nginx
-matrix_synapse_reverse_proxy_companion_version: 1.31.1-alpine
+matrix_synapse_reverse_proxy_companion_version: 1.30.0-alpine
 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -13,7 +13,7 @@ matrix_tuwunel_enabled: true
 matrix_tuwunel_hostname: ''
 # renovate: datasource=docker depName=ghcr.io/matrix-construct/tuwunel
-matrix_tuwunel_version: v1.7.0
+matrix_tuwunel_version: v1.6.1
 matrix_tuwunel_container_image: "{{ matrix_tuwunel_container_image_registry_prefix }}matrix-construct/tuwunel:{{ matrix_tuwunel_container_image_tag }}"
 matrix_tuwunel_container_image_tag: "{{ matrix_tuwunel_version }}"
@@ -177,18 +177,6 @@ matrix_tuwunel_config_forbidden_remote_server_names: []
 matrix_tuwunel_config_forbidden_remote_room_directory_server_names: []
 matrix_tuwunel_config_prevent_media_downloads_from: []
 # MSC4284 policy server enforcement.
 # When enabled, rooms with a valid `m.room.policy` state event will have
 # outgoing events signed by the configured policy server before federation.
 # Refusal aborts the local request; transient network or timeout failures
 # fail open with a warn log so a policy-server outage does not silently
 # take the room offline.
 matrix_tuwunel_config_enable_policy_servers: false
 # Timeout (in seconds) for outbound `/sign` calls and inbound
 # signature-fetches against a room's policy server.
 matrix_tuwunel_config_policy_server_request_timeout: 5
 # Outgoing presence is heavy on CPU and network and almost no clients use it. Off by default.
 matrix_tuwunel_config_allow_outgoing_presence: false
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -1,5 +1,5 @@
-# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
+# SPDX-FileCopyrightText: 2026 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,3 @@`
							`SPDX-FileCopyrightText: 2020 Slavi Pantaleev`

							`SPDX-License-Identifier: AGPL-3.0-or-later`