From 16bb022390f2ba59d8d4a2efaa744aad327ae873 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Sun, 9 Feb 2025 23:29:45 +0900
Subject: [PATCH 01/16] Update docs/configuring-playbook-prometheus-grafana.md:
 create a section for exposing metrics of other services/roles focusing on
 Hookshot

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 ...configuring-playbook-prometheus-grafana.md | 30 ++++++++++++++++---
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index 75c50dff6..de4c2b49c 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -159,7 +159,7 @@ The following variables may be of interest:
 
 Name | Description
 -----|----------
-`matrix_metrics_exposure_enabled`|Set this to `true` to **enable metrics exposure for all services** on `https://matrix.example.com/metrics/*`. If you think this is too much, refer to the helpful (but nonexhaustive) list of individual `matrix_SERVICE_metrics_proxying_enabled` (or similar) variables below for exposing metrics on a per-service basis.
+`matrix_metrics_exposure_enabled`|Set this to `true` to **enable metrics exposure for all services** on `https://matrix.example.com/metrics/*`. If you think this is too much, refer [this section](#expose-metrics-of-other-services-roles) for exposing metrics on a per-service basis.
 `matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials.
 `matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
 `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
@@ -168,14 +168,36 @@ Name | Description
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
 `matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
-`matrix_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network).
-`matrix_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.example.com/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
-`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role.
 `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network).
 `matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.example.com/metrics/synapse/main-process` and `https://matrix.example.com/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_media_repo_metrics_enabled`|Set this to `true` to make media-repo expose metrics (locally, on the container network).
 `matrix_media_repo_metrics_proxying_enabled`|Set this to `true` to expose media-repo's metrics on `https://matrix.example.com/metrics/matrix-media-repo`.
 
+### Expose metrics of other services/roles
+
+Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details.
+
+To password-protect the metrics of a specific role, you can use `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled` and `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by the role.
+
+**Note**: alternatively you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` in order to password-protect the metrics of all services.
+
+For example, you can enable and expose metrics for [Hookshot](configuring-playbook-bridge-hookshot.md) protecting them with dedicated credentials by adding the following configuration to your `vars.yml` file:
+
+```yaml
+# Expose metrics (locally, on the container network).
+matrix_hookshot_metrics_enabled: true
+
+# Uncomment to expose metrics on https://matrix.example.com/metrics/hookshot.
+# matrix_hookshot_metrics_proxying_enabled: true
+
+# Uncomment to password-protect the metrics for Hookshot.
+# matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
+
+# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/hookshot`.
+# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+# matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
+```
+
 ### Collecting Synapse worker metrics to an external Prometheus server
 
 If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.example.com/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`.

From 64d9340f70074308d522b4c5983c693e2da69e16 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 01:40:05 +0900
Subject: [PATCH 02/16] Update docs/configuring-playbook-prometheus-grafana.md:
 add another example for exposing metrics with dedicated credentials for
 matrix-media-repo

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 ...configuring-playbook-prometheus-grafana.md | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index de4c2b49c..30488cfc5 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -170,8 +170,6 @@ Name | Description
 `matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network).
 `matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.example.com/metrics/synapse/main-process` and `https://matrix.example.com/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
-`matrix_media_repo_metrics_enabled`|Set this to `true` to make media-repo expose metrics (locally, on the container network).
-`matrix_media_repo_metrics_proxying_enabled`|Set this to `true` to expose media-repo's metrics on `https://matrix.example.com/metrics/matrix-media-repo`.
 
 ### Expose metrics of other services/roles
 
@@ -198,6 +196,23 @@ matrix_hookshot_metrics_enabled: true
 # matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
 ```
 
+If you wish to enable and expose metrics for [matrix-media-repo](configuring-playbook-matrix-media-repo.md) protecting them with dedicated credentials, you can add the following configuration to your `vars.yml` file in a similar way:
+
+```yaml
+# Expose metrics (locally, on the container network).
+matrix_media_repo_metrics_enabled: true
+
+# Uncomment to expose metrics on https://matrix.example.com/metrics/matrix-media-repo.
+# matrix_media_repo_metrics_proxying_enabled: true
+
+# Uncomment to password-protect the metrics for matrix-media-repo.
+# matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: true
+
+# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/matrix-media-repo`.
+# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+# matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: ''
+```
+
 ### Collecting Synapse worker metrics to an external Prometheus server
 
 If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.example.com/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`.

From da8e446e027d71c5773e1f0489561099f8f3b459 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 00:31:19 +0900
Subject: [PATCH 03/16] Update docs/configuring-playbook-prometheus-grafana.md:
 move some descriptions out of the table

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-prometheus-grafana.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index 30488cfc5..b6943cd4b 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -151,16 +151,18 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 
 When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network.
 
-The playbook provides a single endpoint (`https://matrix.example.com/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, `/metrics/hookshot`, etc). To expose all services on this `/metrics/*` feature, use `matrix_metrics_exposure_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` below.
+The playbook provides a single endpoint (`https://matrix.example.com/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, `/metrics/hookshot`, etc).
 
-When using `matrix_metrics_exposure_enabled`, you don't need to expose metrics for individual services one by one.
+To expose all services on this `/metrics/*` feature, you can use `matrix_metrics_exposure_enabled`. When using it, you don't need to expose metrics for individual services one by one. If you think this is too much, refer [this section](#expose-metrics-of-other-services-roles) for details about exposing metrics on a per-service basis.
+
+To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users`. When enabled, all endpoints beneath `/metrics` will be protected with the same credentials.
 
 The following variables may be of interest:
 
 Name | Description
 -----|----------
-`matrix_metrics_exposure_enabled`|Set this to `true` to **enable metrics exposure for all services** on `https://matrix.example.com/metrics/*`. If you think this is too much, refer [this section](#expose-metrics-of-other-services-roles) for exposing metrics on a per-service basis.
-`matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials.
+`matrix_metrics_exposure_enabled`|Set this to `true` to **enable metrics exposure for all services** on `https://matrix.example.com/metrics/*`.
+`matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
 `matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
 `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
 `prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.

From bfe86947956111d3d8493f914550f077f63eeaab Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 00:38:46 +0900
Subject: [PATCH 04/16] Update docs/configuring-playbook-prometheus-grafana.md:
 add the instruction about setting dedicated credentials to each endpoint

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-prometheus-grafana.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index b6943cd4b..d5f4554df 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -155,7 +155,7 @@ The playbook provides a single endpoint (`https://matrix.example.com/metrics/*`)
 
 To expose all services on this `/metrics/*` feature, you can use `matrix_metrics_exposure_enabled`. When using it, you don't need to expose metrics for individual services one by one. If you think this is too much, refer [this section](#expose-metrics-of-other-services-roles) for details about exposing metrics on a per-service basis.
 
-To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users`. When enabled, all endpoints beneath `/metrics` will be protected with the same credentials.
+To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users`. When enabled, all endpoints beneath `/metrics` will be protected with the same credentials. Alternatively, you can protect each endpoint with dedicated credentials. Refer [the section](#expose-metrics-of-other-services-roles) below for details about it.
 
 The following variables may be of interest:
 

From 968129398f499b4ac2407de522bfa269908b39c1 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 04:19:35 +0900
Subject: [PATCH 05/16] Update docs/configuring-playbook-prometheus-grafana.md:
 remove duplicated instruction to refer
 matrix_metrics_exposure_http_basic_auth_users

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-prometheus-grafana.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index d5f4554df..c64581076 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -165,13 +165,13 @@ Name | Description
 `matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
 `matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
 `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
-`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
+`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
-`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
+`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
-`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
+`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
 `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network).
-`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.example.com/metrics/synapse/main-process` and `https://matrix.example.com/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
+`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.example.com/metrics/synapse/main-process` and `https://matrix.example.com/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`).
 
 ### Expose metrics of other services/roles
 

From 88e946173fba30ac2cd7ae078ad95a73fa945caa Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 15:00:39 +0900
Subject: [PATCH 06/16] Update docs/configuring-playbook-prometheus-grafana.md:
 move descriptions about configuring Synapse metrics out of the table

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 ...configuring-playbook-prometheus-grafana.md | 27 ++++++++++++++-----
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index c64581076..fc5804278 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -170,8 +170,6 @@ Name | Description
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
 `matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
-`matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network).
-`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.example.com/metrics/synapse/main-process` and `https://matrix.example.com/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`).
 
 ### Expose metrics of other services/roles
 
@@ -181,7 +179,25 @@ To password-protect the metrics of a specific role, you can use `matrix_SERVICE_
 
 **Note**: alternatively you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` in order to password-protect the metrics of all services.
 
-For example, you can enable and expose metrics for [Hookshot](configuring-playbook-bridge-hookshot.md) protecting them with dedicated credentials by adding the following configuration to your `vars.yml` file:
+For example, you can enable and expose metrics for Synapse protecting them with dedicated credentials by adding the following configuration to your `vars.yml` file:
+
+```yaml
+# Expose metrics (locally, on the container network).
+matrix_synapse_metrics_enabled: true
+
+# Uncomment to expose metrics on https://matrix.example.com/metrics/synapse/main-process and https://matrix.example.com/metrics/synapse/worker/TYPE-ID.
+# Read the section below ("Collecting Synapse worker metrics to an external Prometheus server") if you're running a Synapse worker setup by setting `matrix_synapse_workers_enabled` to true.
+# matrix_synapse_metrics_proxying_enabled: true
+
+# Uncomment to password-protect the metrics for Synapse.
+# matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled: true
+
+# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoints.
+# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+# matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: ''
+```
+
+You can enable and expose metrics for [Hookshot](configuring-playbook-bridge-hookshot.md) protecting them with dedicated credentials by adding the following configuration to your `vars.yml` file:
 
 ```yaml
 # Expose metrics (locally, on the container network).
@@ -193,7 +209,7 @@ matrix_hookshot_metrics_enabled: true
 # Uncomment to password-protect the metrics for Hookshot.
 # matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
 
-# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/hookshot`.
+# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint.
 # See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 # matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
 ```
@@ -210,8 +226,7 @@ matrix_media_repo_metrics_enabled: true
 # Uncomment to password-protect the metrics for matrix-media-repo.
 # matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: true
 
-# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/matrix-media-repo`.
-# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint.
 # matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: ''
 ```
 

From 210a431c823cbde936be4fc616aac0ce1c154ee8 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 15:33:29 +0900
Subject: [PATCH 07/16] Update docs for metrics of Hookshot

As the document for Hookshot has the section for instrucion about configuring its metrics, this commit moves the instruction to it.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-bridge-hookshot.md  | 29 +++++++++++++++----
 ...configuring-playbook-prometheus-grafana.md | 17 -----------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 514f6b888..8341ad373 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -127,18 +127,35 @@ For more information, see the documentation in the [default configuration of the
 
 The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`.
 
-### Metrics
+### Enable metrics
+
+The playbook can enable and configure the metrics of the service for you.
 
 Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them.
 
-To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however.
+To enable the metrics, add the following configuration to your `vars.yml` file:
 
-**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.example.com/metrics/hookshot` by:
+```yaml
+# Expose metrics (locally, on the container network).
+matrix_hookshot_metrics_enabled: true
+```
 
-- either enabling metrics exposure for Hookshot via `matrix_hookshot_metrics_proxying_enabled: true`
-- or enabling metrics exposure for all services via `matrix_metrics_exposure_enabled: true`
+**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.example.com/metrics/hookshot` by adding the following configuration to your `vars.yml` file:
 
-Whichever one you go with, by default metrics are exposed publicly **without** password-protection. See [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for details about password-protection for metrics.
+```yaml
+matrix_hookshot_metrics_proxying_enabled: true
+```
+
+By default metrics are exposed publicly **without** password-protection. To password-protect the metrics with dedicated credentials, add the following configuration to your `vars.yml` file:
+
+```yaml
+matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
+matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
+```
+
+To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint. See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users for details about it.
+
+**Note**: alternatively, you can use `matrix_metrics_exposure_enabled` to expose all services on this `/metrics/*` feature, and you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` to password-protect the metrics of them. See [this section](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) for more information.
 
 ### Collision with matrix-appservice-webhooks
 
diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index fc5804278..d8a5aca41 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -197,23 +197,6 @@ matrix_synapse_metrics_enabled: true
 # matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: ''
 ```
 
-You can enable and expose metrics for [Hookshot](configuring-playbook-bridge-hookshot.md) protecting them with dedicated credentials by adding the following configuration to your `vars.yml` file:
-
-```yaml
-# Expose metrics (locally, on the container network).
-matrix_hookshot_metrics_enabled: true
-
-# Uncomment to expose metrics on https://matrix.example.com/metrics/hookshot.
-# matrix_hookshot_metrics_proxying_enabled: true
-
-# Uncomment to password-protect the metrics for Hookshot.
-# matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
-
-# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint.
-# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
-# matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
-```
-
 If you wish to enable and expose metrics for [matrix-media-repo](configuring-playbook-matrix-media-repo.md) protecting them with dedicated credentials, you can add the following configuration to your `vars.yml` file in a similar way:
 
 ```yaml

From 39c1c8b925606df45410a4628d048b9727700731 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 18:39:13 +0900
Subject: [PATCH 08/16] Update docs/configuring-playbook-bridge-hookshot.md:
 move the section for matrix-appservice-webhooks up

It should make the section for Grafana more noticiable.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-bridge-hookshot.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 8341ad373..2f8c96a25 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -127,6 +127,10 @@ For more information, see the documentation in the [default configuration of the
 
 The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`.
 
+### Collision with matrix-appservice-webhooks
+
+If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
+
 ### Enable metrics
 
 The playbook can enable and configure the metrics of the service for you.
@@ -157,10 +161,6 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
 
 **Note**: alternatively, you can use `matrix_metrics_exposure_enabled` to expose all services on this `/metrics/*` feature, and you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` to password-protect the metrics of them. See [this section](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) for more information.
 
-### Collision with matrix-appservice-webhooks
-
-If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
-
 ## Troubleshooting
 
 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-hookshot`.

From a814d5a499e9412c29abf8d033483e7e4f12a4c6 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 18:15:50 +0900
Subject: [PATCH 09/16] Update docs/configuring-playbook-bridge-hookshot.md:
 add the subsection for enabling Grafana

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-bridge-hookshot.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 2f8c96a25..b1bd39ab3 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -161,6 +161,12 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
 
 **Note**: alternatively, you can use `matrix_metrics_exposure_enabled` to expose all services on this `/metrics/*` feature, and you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` to password-protect the metrics of them. See [this section](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) for more information.
 
+#### Enable Grafana (optional)
+
+Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
+
+To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.
+
 ## Troubleshooting
 
 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-hookshot`.

From c0f440a0aa3d7d2672520292f2e20fe90f4881df Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 18:27:18 +0900
Subject: [PATCH 10/16] Update docs/configuring-playbook-bridge-hookshot.md:
 remove the line for metrics from the URLs table in favor of the section below

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-bridge-hookshot.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index b1bd39ab3..8aacefd66 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -96,7 +96,6 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
 | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
-| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and exposure enabled via `matrix_hookshot_metrics_proxying_enabled` or `matrix_metrics_exposure_enabled`. Read more in the [Metrics section](#metrics) below. | Prometheus |
 
 Also see the various `matrix_hookshot_container_labels_*` variables in [main.yml](../roles/custom/matrix-bridge-hookshot/defaults/main.yml), which expose URLs publicly.
 

From 63ff7a08ee1781a876e87db9f39067315fa566b0 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 17:55:19 +0900
Subject: [PATCH 11/16] Update docs/configuring-playbook-matrix-media-repo.md:
 move a note about disabling other media store roles up

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-matrix-media-repo.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md
index b832e4b85..a633794d3 100644
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -5,9 +5,8 @@ The playbook can install and configure [matrix-media-repo](https://docs.t2bot.io
 MMR is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification.
 
 **Notes**:
-
+- If MMR is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
 - Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption. Please do your research before deploying this as this project may not be useful for your environment.
-
 - For a simpler alternative (which allows you to offload your media repository storage to S3, etc.), you can [configure S3 storage](configuring-playbook-s3.md) instead of setting up matrix-media-repo.
 
 ## Adjusting the playbook configuration
@@ -21,7 +20,7 @@ matrix_media_repo_enabled: true
 # matrix_media_repo_metrics_enabled: true
 ```
 
-The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
+The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles.
 
 By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
 

From 60457af840023cb65fdf238698029658f88bda8a Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 17:56:38 +0900
Subject: [PATCH 12/16] Update docs/configuring-playbook-matrix-media-repo.md:
 remove descriptions about metrics for now

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-matrix-media-repo.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md
index a633794d3..a4f1af80a 100644
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -15,13 +15,8 @@ To enable matrix-media-repo, add the following configuration to your `inventory/
 
 ```yaml
 matrix_media_repo_enabled: true
-
-# (optional) Turned off by default
-# matrix_media_repo_metrics_enabled: true
 ```
 
-The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles.
-
 By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
 
 ### Extending the configuration

From 2ffea4fe73b7b53708e481da6af4e37c05bfe694 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 17:57:19 +0900
Subject: [PATCH 13/16] Update docs/configuring-playbook-matrix-media-repo.md:
 copy metrics section from configuring-playbook-bridge-hookshot.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 .../configuring-playbook-matrix-media-repo.md | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md
index a4f1af80a..fa0f33eba 100644
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -19,6 +19,42 @@ matrix_media_repo_enabled: true
 
 By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
 
+### Enable metrics
+
+The playbook can enable and configure the metrics of the service for you.
+
+Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them.
+
+To enable the metrics, add the following configuration to your `vars.yml` file:
+
+```yaml
+# Expose metrics (locally, on the container network).
+matrix_hookshot_metrics_enabled: true
+```
+
+**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.example.com/metrics/hookshot` by adding the following configuration to your `vars.yml` file:
+
+```yaml
+matrix_hookshot_metrics_proxying_enabled: true
+```
+
+By default metrics are exposed publicly **without** password-protection. To password-protect the metrics with dedicated credentials, add the following configuration to your `vars.yml` file:
+
+```yaml
+matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
+matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
+```
+
+To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint. See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users for details about it.
+
+**Note**: alternatively, you can use `matrix_metrics_exposure_enabled` to expose all services on this `/metrics/*` feature, and you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` to password-protect the metrics of them. See [this section](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) for more information.
+
+#### Enable Grafana (optional)
+
+Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
+
+To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.
+
 ### Extending the configuration
 
 There are some additional things you may wish to configure about the component.

From 11d423308806c731cc75b435a6cb189d1ff82549 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 17:58:58 +0900
Subject: [PATCH 14/16] Update docs/configuring-playbook-matrix-media-repo.md:
 replace variables for Hookshot with ones for MMR

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-matrix-media-repo.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md
index fa0f33eba..052cd90c3 100644
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -29,23 +29,23 @@ To enable the metrics, add the following configuration to your `vars.yml` file:
 
 ```yaml
 # Expose metrics (locally, on the container network).
-matrix_hookshot_metrics_enabled: true
+matrix_media_repo_metrics_enabled: true
 ```
 
-**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.example.com/metrics/hookshot` by adding the following configuration to your `vars.yml` file:
+**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.example.com/metrics/matrix-media-repo` by adding the following configuration to your `vars.yml` file:
 
 ```yaml
-matrix_hookshot_metrics_proxying_enabled: true
+matrix_media_repo_metrics_proxying_enabled: true
 ```
 
 By default metrics are exposed publicly **without** password-protection. To password-protect the metrics with dedicated credentials, add the following configuration to your `vars.yml` file:
 
 ```yaml
-matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: true
-matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: ''
+matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: true
+matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: ''
 ```
 
-To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint. See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users for details about it.
+To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users`, set the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint. See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users for details about it.
 
 **Note**: alternatively, you can use `matrix_metrics_exposure_enabled` to expose all services on this `/metrics/*` feature, and you can use `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` to password-protect the metrics of them. See [this section](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) for more information.
 

From 471944a72c8fc0cfbb25cbb72acb40b78c1d7ccc Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 18:01:38 +0900
Subject: [PATCH 15/16] Update docs/configuring-playbook-prometheus-grafana.md:
 remove instructions for setting up enabling and exposing metrics for MMR in
 favor of the one on the document for it

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-prometheus-grafana.md | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index d8a5aca41..e88e31b1e 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -197,22 +197,6 @@ matrix_synapse_metrics_enabled: true
 # matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: ''
 ```
 
-If you wish to enable and expose metrics for [matrix-media-repo](configuring-playbook-matrix-media-repo.md) protecting them with dedicated credentials, you can add the following configuration to your `vars.yml` file in a similar way:
-
-```yaml
-# Expose metrics (locally, on the container network).
-matrix_media_repo_metrics_enabled: true
-
-# Uncomment to expose metrics on https://matrix.example.com/metrics/matrix-media-repo.
-# matrix_media_repo_metrics_proxying_enabled: true
-
-# Uncomment to password-protect the metrics for matrix-media-repo.
-# matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: true
-
-# Uncomment and set this part to the Basic Authentication credentials (raw `htpasswd` file content) used to protect the endpoint.
-# matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: ''
-```
-
 ### Collecting Synapse worker metrics to an external Prometheus server
 
 If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.example.com/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`.

From 561ec6d622146d522480c9de81a60f37d2ee8143 Mon Sep 17 00:00:00 2001
From: Suguru Hirahara <acioustick@noreply.codeberg.org>
Date: Mon, 10 Feb 2025 20:32:30 +0900
Subject: [PATCH 16/16] Update docs/configuring-playbook-synapse.md: add an
 anchor link to the subsection on the Prometheus document

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---
 docs/configuring-playbook-synapse.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index 04e33c36b..72666042c 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -172,7 +172,7 @@ The playbook can install and configure Synapse Admin for you. For details about
 
 This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.
 
-To enable Synapse runtime metrics see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)
+To enable Synapse runtime metrics, see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) and [its subsection](configuring-playbook-prometheus-grafana.md#expose-metrics-of-other-services-roles)
 
 To enable Synapse usage metrics, see: [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)