meta: move inventory structure to be more usable

meta: add own inventory, add vault-unlock with GPG
2025-03-09 12:18:43 +01:00 · 2025-03-09 11:45:17 +01:00
148 changed files with 574 additions and 1981 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,16 +1,3 @@
 # 2025-03-15
 ## Element Call support
 The playbook now supports [Element Call](https://github.com/element-hq/element-call) as an optional feature. Thanks to [wjbeckett](https://github.com/wjbeckett) for getting us started via [PR#3562](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562).
 Element Call is a native Matrix video conferencing application developed by [Element](https://element.io/) that has the goal of replacing [Jitsi](./docs/configuring-playbook-jitsi.md) and the old WebRTC stack used in previous Element versions.
 💡 For now, Element Call is only supported with the [Synapse](docs/configuring-playbook-synapse.md) homeserver (with [federation](docs/configuring-playbook-federation.md) enabled) and [Element Web](docs/configuring-playbook-client-element-web.md) and Element X mobile clients. See the [Prerequisites](docs/configuring-playbook-element-call.md#prerequisites) section of the [Element Call documentation](docs/configuring-playbook-element-call.md) for more details.
 To get started, see the [Configuring Element Call](docs/configuring-playbook-element-call.md) documentation page.
 # 2025-03-08
 ## 6️⃣ IPv6 support enablement recommended by default
@ -376,8 +363,8 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:
 ```yaml
-matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
+matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
-matrix_synapse_admin_docker_image_registry_prefix_upstream: docker.io/
+matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else 'docker.io/' }}"
 matrix_synapse_admin_version: 0.10.3
--- a/README.md
+++ b/README.md
@ -80,8 +80,6 @@ Services that run on the server to make the various parts of your installation w
 | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
 | [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md)
 | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) |
 | [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) |
 | [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) |
 ### Authentication
@ -187,7 +185,6 @@ Various services that don't fit any other categories.
 | [Pantalaimon](https://github.com/matrix-org/pantalaimon) | ❌ | E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) |
 | [Sygnal](https://github.com/matrix-org/sygnal) | ❌ | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |
 | [ntfy](https://ntfy.sh) | ❌ | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) |
 | [Element Call](https://github.com/element-hq/element-call) | ❌ | A native Matrix video conferencing application | [Link](docs/configuring-playbook-element-call.md) |
 ## 🆕 Changes
--- a/ansible.cfg
+++ b/ansible.cfg
@ -3,7 +3,7 @@
 vault_password_file = gpg/open_vault.sh
 retry_files_enabled = False
-result_format = yaml
+stdout_callback = yaml
 inventory = inventory/hosts
--- a/bin/rebuild-mautrix-meta-instagram.sh
+++ b/bin/rebuild-mautrix-meta-instagram.sh
@ -37,17 +37,7 @@ done
 sed --in-place 's/matrix_mautrix_meta_instagram_meta_mode: \(.*\)/matrix_mautrix_meta_instagram_meta_mode: instagram/g' $instagram_role_path/defaults/main.yml
 sed --in-place 's/matrix_mautrix_meta_instagram_identifier: \(.*\)/matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram/g' $instagram_role_path/defaults/main.yml
-# Create the README.md file with the license header
+echo "# matrix-mautrix-meta-instagram" > $instagram_role_path/README.md
 cat > $instagram_role_path/README.md << 'EOF'
 <!--
 SPDX-FileCopyrightText: 2024 - 2025 MDAD Contributors
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 EOF
 echo "" >> $instagram_role_path/README.md
 echo "# matrix-mautrix-meta-instagram" >> $instagram_role_path/README.md
 echo "" >> $instagram_role_path/README.md
 echo "This bridge role is derived from the matrix-mautrix-meta-messenger Ansible role via automatic changes (see \`just rebuild-mautrix-meta-instagram\` or \`bin/rebuild-mautrix-meta-instagram.sh\`)." >> $instagram_role_path/README.md
 echo "" >> $instagram_role_path/README.md
--- a/docs/configuring-ipv6.md
+++ b/docs/configuring-ipv6.md
@ -58,7 +58,7 @@ Doing this:
 > [!WARNING]
 > Without enabling this and assuming you have IPv6 `AAAA` DNS records pointing to the server (see [Configuring DNS records for IPv6](#configuring-dns-records-for-ipv6)), IPv6 traffic will still be handled, but NAT64 will be used instead of NAT66.
-> As such, containers will only have an IPv4 address and all IPv6 traffic that reaches them will seem to originate from a local IP. Containers also won't be able to make outgoing (even cross-container) IPv6 requests.
+> As such, containers will only have an IPv4 address and all IPv6 traffic that reaches them will seem to originate from a local IP.
 To confirm connectivity, see the following other resources:
--- a/docs/configuring-playbook-alertmanager-receiver.md
+++ b/docs/configuring-playbook-alertmanager-receiver.md
@ -105,12 +105,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-appservice-double-puppet.md
+++ b/docs/configuring-playbook-appservice-double-puppet.md
@ -35,12 +35,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-appservice-draupnir-for-all.md
+++ b/docs/configuring-playbook-appservice-draupnir-for-all.md
@ -45,7 +45,7 @@ Add the following configuration to your `inventory/host_vars/matrix.example.com/
 ```yaml
 matrix_appservice_draupnir_for_all_enabled: true
-matrix_appservice_draupnir_for_all_config_adminRoom: "MANAGEMENT_ROOM_ALIAS_HERE"
+matrix_appservice_draupnir_for_all_master_control_room_alias: "MANAGEMENT_ROOM_ALIAS_HERE"
 ```
 ### Extending the configuration
--- a/docs/configuring-playbook-backup-borg.md
+++ b/docs/configuring-playbook-backup-borg.md
@ -14,6 +14,6 @@ The playbook can install and configure [BorgBackup](https://www.borgbackup.org/)
 BorgBackup is a deduplicating backup program with optional compression and encryption. That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service.
-The [Ansible role for BorgBackup](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring BorgBackup, you can check them via:
+The Ansible role for BorgBackup is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg). For details about configuring BorgBackup, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg/blob/main/docs/configuring-backup-borg.md) online
 - 📁 `roles/galaxy/backup_borg/docs/configuring-backup-borg.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
--- a/docs/configuring-playbook-bot-draupnir.md
+++ b/docs/configuring-playbook-bot-draupnir.md
@ -54,11 +54,11 @@ To enable the native E2EE support, add the following configuration to your `vars
 ```yaml
 # Enables the native E2EE support
-matrix_bot_draupnir_config_experimentalRustCrypto: true
+matrix_bot_draupnir_enable_experimental_rust_crypto: true
 # Access token which the bot will use for logging in.
 # Comment out `matrix_bot_draupnir_login_native` when using this option.
-matrix_bot_draupnir_config_accessToken: "CLEAN_ACCESS_TOKEN_HERE"
+matrix_bot_draupnir_access_token: "CLEAN_ACCESS_TOKEN_HERE"
 ```
 ## Adjusting the playbook configuration
@ -73,13 +73,13 @@ matrix_bot_draupnir_enabled: true
 # matrix_bot_draupnir_login: bot.draupnir
 # Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
-# If creating the user on your own and using `matrix_bot_draupnir_config_accessToken` to login you can comment out this line.
+# If creating the user on your own and using `matrix_bot_draupnir_access_token` to login you can comment out this line.
 matrix_bot_draupnir_password: PASSWORD_FOR_THE_BOT
-# Comment out if using `matrix_bot_draupnir_config_experimentalRustCrypto: true` or `matrix_bot_draupnir_config_accessToken` to login.
+# Comment out if using `matrix_bot_draupnir_enable_experimental_rust_crypto: true` or `matrix_bot_draupnir_access_token` to login.
 matrix_bot_draupnir_login_native: true
-matrix_bot_draupnir_config_managementRoom: "MANAGEMENT_ROOM_ID_HERE"
+matrix_bot_draupnir_management_room: "MANAGEMENT_ROOM_ID_HERE"
 ```
 ### Create and invite the bot to the management room
@ -142,7 +142,7 @@ Draupnir can receive reports in the management room.
 The bot can intercept the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver. If you are using Traefik, this playbook can set this up for you:
 ```yaml
-matrix_bot_draupnir_config_web_abuseReporting: true
+matrix_bot_draupnir_abuse_reporting_enabled: true
 ```
 <!--
@ -190,15 +190,9 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-**Notes**:
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 - If you change the bot password (`matrix_bot_draupnir_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_draupnir_password` to let the bot know its new password.
 ## Usage
--- a/docs/configuring-playbook-bot-go-neb.md
+++ b/docs/configuring-playbook-bot-go-neb.md
@ -245,12 +245,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bot-mjolnir.md
+++ b/docs/configuring-playbook-bot-mjolnir.md
@ -189,11 +189,13 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
 **Notes**:
 - The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
--- a/docs/configuring-playbook-bridge-appservice-discord.md
+++ b/docs/configuring-playbook-bridge-appservice-discord.md
@ -52,13 +52,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Self-Service Bridging (Manual)
--- a/docs/configuring-playbook-bridge-appservice-irc.md
+++ b/docs/configuring-playbook-bridge-appservice-irc.md
@ -84,12 +84,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md
+++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md
@ -49,12 +49,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-appservice-slack.md
+++ b/docs/configuring-playbook-bridge-appservice-slack.md
@ -94,12 +94,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-appservice-webhooks.md
+++ b/docs/configuring-playbook-bridge-appservice-webhooks.md
@ -47,12 +47,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-beeper-linkedin.md
+++ b/docs/configuring-playbook-bridge-beeper-linkedin.md
@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2021 Alexandar Mechev
 SPDX-FileCopyrightText: 2022 Cody Wyatt Neiman
 SPDX-FileCopyrightText: 2023 Kuba Orlik
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -46,12 +46,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-go-skype-bridge.md
+++ b/docs/configuring-playbook-bridge-go-skype-bridge.md
@ -1,6 +1,6 @@
 <!--
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -43,12 +43,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-heisenbridge.md
+++ b/docs/configuring-playbook-bridge-heisenbridge.md
@ -65,12 +65,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-matrix-bridge-sms.md
+++ b/docs/configuring-playbook-bridge-matrix-bridge-sms.md
@ -54,12 +54,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-bluesky.md
+++ b/docs/configuring-playbook-bridge-mautrix-bluesky.md
@ -1,7 +1,6 @@
 <!--
 SPDX-FileCopyrightText: 2025 MDAD project contributors
 SPDX-FileCopyrightText: 2025 Slavi Pantaleev
 SPDX-FileCopyrightText: 2025 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -58,7 +57,7 @@ To use the bridge, you need to start a chat with `@blueskybot:example.com` (wher
 You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/bluesky/authentication.html).
-After logging in, the bridge will create portal rooms for recent chats. Portal rooms for other chats will be created as you receive messages.
+After logging in, the bridge will create portal rooms for some recent chats. Portal rooms for other chats will be created as you receive messages.
 ## Troubleshooting
--- a/docs/configuring-playbook-bridge-mautrix-bridges.md
+++ b/docs/configuring-playbook-bridge-mautrix-bridges.md
@ -153,12 +153,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-discord.md
+++ b/docs/configuring-playbook-bridge-mautrix-discord.md
@ -57,12 +57,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-facebook.md
+++ b/docs/configuring-playbook-bridge-mautrix-facebook.md
@ -50,12 +50,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-gmessages.md
+++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md
@ -43,12 +43,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-googlechat.md
+++ b/docs/configuring-playbook-bridge-mautrix-googlechat.md
@ -46,12 +46,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
@ -59,7 +63,7 @@ To use the bridge, you need to start a chat with `@googlechatbot:example.com` (w
 You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/googlechat/authentication.html).
-After logging in, the bridge will create portal rooms for recent chats. Portal rooms for other chats will be created as you receive messages.
+After logging in, the bridge will create portal rooms for some recent chats. Portal rooms for other chats will be created as you receive messages.
 ## Troubleshooting
--- a/docs/configuring-playbook-bridge-mautrix-instagram.md
+++ b/docs/configuring-playbook-bridge-mautrix-instagram.md
@ -37,12 +37,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-meta-instagram.md
+++ b/docs/configuring-playbook-bridge-mautrix-meta-instagram.md
@ -58,12 +58,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-meta-messenger.md
+++ b/docs/configuring-playbook-bridge-mautrix-meta-messenger.md
@ -72,12 +72,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-signal.md
+++ b/docs/configuring-playbook-bridge-mautrix-signal.md
@ -56,12 +56,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-slack.md
+++ b/docs/configuring-playbook-bridge-mautrix-slack.md
@ -54,12 +54,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-telegram.md
+++ b/docs/configuring-playbook-bridge-mautrix-telegram.md
@ -88,12 +88,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-twitter.md
+++ b/docs/configuring-playbook-bridge-mautrix-twitter.md
@ -46,12 +46,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
@ -59,7 +63,7 @@ To use the bridge, you need to start a chat with `@twitterbot:example.com` (wher
 You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/twitter/authentication.html).
-After logging in, the bridge will create portal rooms for recent chats. Portal rooms for other chats will be created as you receive messages.
+After logging in, the bridge will create portal rooms for some recent chats. Portal rooms for other chats will be created as you receive messages.
 ## Troubleshooting
--- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md
+++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md
@ -6,7 +6,7 @@ SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Marko Weltzer
 SPDX-FileCopyrightText: 2023 James Collier
 SPDX-FileCopyrightText: 2023 Kuba Orlik
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -49,12 +49,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md
+++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md
@ -61,12 +61,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-discord.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md
@ -2,7 +2,7 @@
 SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 Hugues Morisset
 SPDX-FileCopyrightText: 2022 MDAD project contributors
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -31,12 +31,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md
@ -2,7 +2,7 @@
 SPDX-FileCopyrightText: 2021 Cody Neiman
 SPDX-FileCopyrightText: 2021 Slavi Pantaleev
 SPDX-FileCopyrightText: 2022 Cody Wyatt Neiman
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -27,12 +27,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-instagram.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md
@ -1,6 +1,6 @@
 <!--
 SPDX-FileCopyrightText: 2021 MDAD project contributors
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -25,12 +25,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-slack.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md
@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2020 Rodrigo Belem
 SPDX-FileCopyrightText: 2021 Marcel Ackermann
 SPDX-FileCopyrightText: 2022 Jim Myhrberg
 SPDX-FileCopyrightText: 2022 Nikita Chernyi
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -38,12 +38,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-steam.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md
@ -2,7 +2,7 @@
 SPDX-FileCopyrightText: 2020 - 2021 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 Hugues Morisset
 SPDX-FileCopyrightText: 2020 Panagiotis Vasilopoulos
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -27,12 +27,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-bridge-mx-puppet-twitter.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md
@ -1,7 +1,7 @@
 <!--
 SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2021 Slavi Pantaleev
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -37,12 +37,16 @@ After configuring the playbook, run it with [playbook tags](playbook-tags.md) as
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-cactus-comments.md
+++ b/docs/configuring-playbook-cactus-comments.md
@ -2,7 +2,7 @@
 SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
 SPDX-FileCopyrightText: 2023 MDAD project contributors
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -86,12 +86,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-element-call.md
+++ b/docs/configuring-playbook-element-call.md
@ -1,82 +0,0 @@
 <!--
 SPDX-FileCopyrightText: 2024 wjbeckett
 SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Setting up Element Call (optional)
 The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) for you.
 Element Call is a native Matrix video conferencing application developed by [Element](https://element.io), designed for secure, scalable, privacy-respecting, and decentralized video and voice calls over the Matrix protocol. Built on MatrixRTC ([MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)), it utilizes [MSC4195](https://github.com/hughns/matrix-spec-proposals/blob/hughns/matrixrtc-livekit/proposals/4195-matrixrtc-livekit.md) with [LiveKit Server](configuring-playbook-livekit-server.md) as its backend.
 See the project's [documentation](https://github.com/element-hq/element-call) to learn more.
 ## Prerequisites
 - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
 - [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
 - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
 - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when Element Call is enabled)
 - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when Element Call is enabled)
 - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
 > [!WARNING]
 >  Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
 ## Decide on a domain and path
 By default, Element Call is configured to be served on the `call.element.example.com` domain.
 If you'd like to run Element Call on another hostname, see the [Adjusting the Element Call URL](#adjusting-the-element-call-url-optional) section below.
 ## Adjusting DNS records
 By default, this playbook installs Element Call on the `call.element.` subdomain (`call.element.example.com`) and requires you to create a `CNAME` record for `call.element`, which targets `matrix.example.com`.
 When setting these values, replace `example.com` with your own.
 All dependency services for Element Call ([LiveKit Server](configuring-playbook-livekit-server.md) and [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md)) are installed and configured automatically by the playbook. By default, these services are installed on subpaths on the `matrix.` domain (e.g. `/livekit-server`, `/livekit-jwt-service`), so no DNS record adjustments are required for them.
 ## Adjusting firewall rules
 In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section.
 ## Adjusting the playbook configuration
 Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_element_call_enabled: true
 ```
 ### Adjusting the Element Call URL (optional)
 By tweaking the `matrix_element_call_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
 Example additional configuration for your `vars.yml` file:
 ```yaml
 matrix_element_call_hostname: element-call.example.com
 ```
 > [!WARNING]
 > A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084).
 ## Installing
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
 ## Usage
 Once installed, Element Call integrates seamlessly with Matrix clients like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android).
--- a/docs/configuring-playbook-email.md
+++ b/docs/configuring-playbook-email.md
@ -13,7 +13,7 @@ By default, this playbook sets up an [Exim](https://www.exim.org/) relay SMTP ma
 **With the default setting, exim-relay attempts to deliver emails directly with the address `matrix@matrix.example.com`**, as specified by the `exim_relay_sender_address` playbook variable. See below if you want to configure the playbook to relay email through another SMTP server.
-The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring exim-relay, you can check them via:
+The Ansible role for exim-relay is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay). For details about configuring exim-relay, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online
 - 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
--- a/docs/configuring-playbook-etherpad.md
+++ b/docs/configuring-playbook-etherpad.md
@ -18,8 +18,7 @@ Etherpad is an open source collaborative text editor. It can not only be integra
 When enabled together with the Jitsi video-conferencing platform (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences.
-The [Ansible role for Etherpad](https://github.com/mother-of-all-self-hosting/ansible-role-etherpad) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Etherpad, you can check them via:
+The Ansible role for Etherpad is developed and maintained by the [MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-etherpad). For details about configuring Etherpad, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-etherpad/blob/main/docs/configuring-etherpad.md) online
 - 📁 `roles/galaxy/etherpad/docs/configuring-etherpad.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
@ -86,12 +85,16 @@ After configuring the playbook and potentially [adjusting your DNS records](#adj
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
 ```
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+**Notes**:
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the Etherpad admin user (`etherpad_admin_username`).
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
 ## Usage
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@ -20,9 +20,7 @@ The playbook can install and configure the [Jitsi](https://jitsi.org/) video-con
 Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.
-💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.
+The Ansible role for Jitsi is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi). For details about configuring Jitsi, you can check them via:
 The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online
 - 📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
--- a/docs/configuring-playbook-jwt-service.md
+++ b/docs/configuring-playbook-jwt-service.md
@ -1,47 +0,0 @@
 <!--
 SPDX-FileCopyrightText: 2024 wjbeckett
 SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Setting up JWT Service (optional)
 The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service) for you.
 LK-JWT-Service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU.
 See the project's [documentation](https://github.com/element-hq/lk-jwt-service/) to learn more.
 ## Decide on a domain and path
 By default, JWT Service is configured to be served:
 - on the Matrix domain (`matrix.example.com`), configurable via `matrix_livekit_jwt_service_hostname`
 - under a `/livekit-jwt-service` path prefix, configurable via `matrix_livekit_jwt_service_path_prefix`
 This makes it easy to set it up, **without** having to adjust your DNS records manually.
 ## Adjusting DNS records
 If you've changed the default hostname, **you may need to adjust your DNS** records accordingly to point to the correct server.
 ## Adjusting the playbook configuration
 Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_livekit_jwt_service_enabled: true
 ```
 ## Installing
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command: `just install-all` or `just setup-all`
 ## Usage
 Once installed, a new `org.matrix.msc4143.rtc_foci` section is added to the Element Web client to point to your JWT service URL (e.g., `https://matrix.example.com/livekit-jwt-service`).
 ## Additional Information
 Refer to the LiveKit JWT-Service documentation for more details on configuring and using JWT Service.
--- a/docs/configuring-playbook-livekit-jwt-service.md
+++ b/docs/configuring-playbook-livekit-jwt-service.md
@ -1,18 +0,0 @@
 <!--
 SPDX-FileCopyrightText: 2025 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Setting up LiveKit JWT Service (optional)
 The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service/) for you.
 This is a helper component that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md).
 💡 LiveKit JWT Service is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
 Take a look at:
 - `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.
--- a/docs/configuring-playbook-livekit-server.md
+++ b/docs/configuring-playbook-livekit-server.md
@ -1,28 +0,0 @@
 <!--
 SPDX-FileCopyrightText: 2024 wjbeckett
 SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Setting up LiveKit Server (optional)
 The playbook can install and configure [LiveKit Server](https://github.com/livekit/livekit) for you.
 LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications.
 💡 LiveKit Server is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
 The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
 - 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
 ## Adjusting firewall rules
 To ensure LiveKit Server functions correctly, the following firewall rules and port forwarding settings are required:
 - `7881/tcp`: ICE/TCP
 - `7882/udp`: ICE/UDP Mux
 💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
--- a/docs/configuring-playbook-ntfy.md
+++ b/docs/configuring-playbook-ntfy.md
@ -1,6 +1,5 @@
 <!--
 SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2022 - 2024 Nikita Chernyi
 SPDX-FileCopyrightText: 2022 Julian Foad
 SPDX-FileCopyrightText: 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2023 Felix Stupp
@ -11,37 +10,13 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 # Setting up the ntfy push notifications server (optional)
-The playbook can install and configure the [ntfy](https://ntfy.sh/) (pronounced "notify") push notifications server for you.
+The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you.
-ntfy lets you send push notifications to your phone or desktop via scripts from any computer, using simple HTTP PUT or POST requests. It makes it possible to send/receive notifications, without relying on servers owned and controlled by third parties.
+Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible Matrix compatible client apps running on Android and other devices.
-With the [UnifiedPush](https://unifiedpush.org) standard, ntfy also enables self-hosted push notifications from Matrix (and other) servers to UnifiedPush-compatible Matrix client apps running on Android devices.
+This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features.
-See the project's [documentation](https://docs.ntfy.sh/) to learn what ntfy does and why it might be useful to you.
+**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it.
 The [Ansible role for ntfy](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring ntfy, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md) online
 - 📁 `roles/galaxy/ntfy/docs/configuring-ntfy.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
 **Note**: this playbook focuses on setting up a ntfy server for getting it send push notifications with UnifiedPush to Matrix-related services that this playbook installs, while the installed server will be available for other non-Matrix apps like [Tusky](https://tusky.app/) and [DAVx⁵](https://www.davx5.com/) as well. This playbook does not intend to support all of ntfy's features. If you want to use them as well, refer the role's documentation for details to configure them by yourself.
 ### Improve push notification's privacy with ntfy
 By default, push notifications received on Matrix apps on Android/iOS act merely as "wake-up calls" for the application, which contain only event IDs, and do not transmit actual message payload such as text message data.
 While your messages remain private even without ntfy, it makes it possible to improve privacy and sovereignty of your Matrix installation, offering greater control over your data, by avoiding routing these "application wake-up calls" through Google or Apple servers and having them pass through the self-hosted ntfy instance on your Matrix server.
 ### How ntfy works with UnifiedPush
 ⚠️ [UnifiedPush does not work on iOS.](https://unifiedpush.org/users/faq/#will-unifiedpush-ever-work-on-ios)
 ntfy implements UnifiedPush, the standard which makes it possible to send and receive push notifications without using Google's Firebase Cloud Messaging (FCM) service.
 Working as a **Push Server**, a ntfy server can forward messages via [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/) as a **Distributor** to a UnifiedPush-compatible Matrix client such as Element Android and FluffyChat Android (see [here](https://unifiedpush.org/users/distributors/#definitions) for the definition of the Push Server and the Distributor).
 Note that UnifiedPush-compatible applications must be able to communicate with the ntfy Android app which works as the Distributor on the same device, in order to receive push notifications from the Push Server.
 As the ntfy Android app functions as the Distributor, you do not have to install something else on your device, besides a UnifiedPush-compatible Matrix client.
 ## Adjusting DNS records
@ -51,28 +26,16 @@ When setting, replace `example.com` with your own.
 ## Adjusting the playbook configuration
-To enable a ntfy server, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+To enable ntfy, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
-########################################################################
+# Enabling it is the only required setting
 #                                                                      #
 # ntfy                                                                 #
 #                                                                      #
 ########################################################################
 ntfy_enabled: true
-########################################################################
+# Uncomment to enable the ntfy web app (disabled by default)
-#                                                                      #
+# ntfy_web_root: app  # defaults to "disable"
 # /ntfy                                                                #
 #                                                                      #
 ########################################################################
 ```
 As the most of the necessary settings for the role have been taken care of by the playbook, you can enable the ntfy server on your Matrix server with this minimum configuration.
 See the role's documentation for details about configuring ntfy per your preference (such as [setting access control with authentication](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#enable-access-control-with-authentication-optional)).
 ### Adjusting the ntfy URL (optional)
 By tweaking the `ntfy_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
@ -86,19 +49,15 @@ ntfy_hostname: push.example.com
 After changing the domain, **you may need to adjust your DNS** records to point the ntfy domain to the Matrix server.
-### Enable web app (optional)
+### Extending the configuration
-The ntfy server can be accessed via its web app where you can subscribe to and push to "topics" from the browser. The web app may be helpful to troubleshoot notification issues or to use ntfy for other purposes than getting ntfy send UnifiedPush notifications to your Matrix-related services.
+There are some additional things you may wish to configure about the component.
-**Note**: subscribing to a topic is not necessary for using the nfty server as the Push Server for UnifiedPush.
+Take a look at:
-To enable the web app, add the following configuration to your `vars.yml` file:
+- [ntfy role](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `ntfy_configuration_extension_yaml` variable
-```yaml
+For a complete list of ntfy config options that you could put in `ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).
 ntfy_web_root: app
 ```
 See [the official documentation](https://docs.ntfy.sh/subscribe/web/) for details about how to use it.
 ## Installing
@ -115,47 +74,72 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 ## Usage
-To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it.
+To make use of your ntfy installation, on Android for example, you need two things:
-For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation.
+* the `ntfy` app
 * a UnifiedPush-compatible Matrix app
-⚠️ Though the ntfy app is available for iOS ([App Store](https://apps.apple.com/us/app/ntfy/id1625396347); the app's source code can be retrieved from [here](https://github.com/binwiederhier/ntfy-ios)), **any Matrix clients for iOS currently do not support ntfy** due to [technical limitations of the iOS platform](https://github.com/binwiederhier/ntfy-ios/blob/main/docs/TECHNICAL_LIMITATIONS.md). If you develop your own Matrix client app for iOS, you may need to use the [Sygnal](configuring-playbook-sygnal.md) push gateway service to deliver push notifications to it.
+You need to install the `ntfy` app on each device on which you want to receive push notifications through your ntfy server. The `ntfy` app will provide UnifiedPush notifications to any number of UnifiedPush-compatible messaging apps installed on the same device.
-### Setting up a UnifiedPush-compatible Matrix client
+### Setting up the `ntfy` Android app
-Having configured the ntfy Android app, you can configure a UnifiedPush-compatible Matrix client on the same device.
+1. Install the [ntfy Android app](https://ntfy.sh/docs/subscribe/phone/) from F-droid or Google Play.
 2. In its Settings -> `General: Default server`, enter your ntfy server URL, such as `https://ntfy.example.com`.
 3. In its Settings -> `Advanced: Connection protocol`, choose `WebSockets`.
-Steps needed for specific Matrix clients:
+That is all you need to do in the ntfy app. It has many other features, but for our purposes you can ignore them. In particular you do not need to follow any instructions about subscribing to a notification topic as UnifiedPush will do that automatically.
-* FluffyChat-Android: this should auto-detect and use the app. No manual settings required.
+### Setting up a UnifiedPush-compatible Matrix app
-* SchildiChat-Android:
+Install any UnifiedPush-enabled Matrix app on that same device. The Matrix app will learn from the `ntfy` app that you have configured UnifiedPush on this device, and then it will tell your Matrix server to use it.
 Steps needed for specific Matrix apps:
 * FluffyChat-android:
  - Should auto-detect and use it. No manual settings.
 * SchildiChat-android:
  1. enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`.
-  2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in the ntfy Android app, force-close SchildiChat, re-open it.)*
+  2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in `ntfy` app, force-close SchildiChat, re-open it.)*
  3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
-* Element-Android v1.4.26+:
+* Element-android v1.4.26+:
  1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy`
  2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings`
-If the Matrix client asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
+If the Matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
-If the Matrix client doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
+If the Matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
 ### Web App
 ntfy also has a web app to subscribe to and push to topics from the browser. This may be helpful to further troubleshoot UnifiedPush problems or to use ntfy for other purposes. The web app only runs in the browser locally (after downloading the JavaScript).
 The web app is disabled in this playbook by default as the expectation is that most users won't use it. You can either use the [official hosted one](https://ntfy.sh/app) (it supports using other public reachable ntfy instances) or host it yourself by setting `ntfy_web_root: "app"` and re-running Ansible.
 ## Troubleshooting
-The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device.
+### Check a client application
-### Check the Matrix client
+First check that the Matrix client app you are using supports UnifiedPush. There may well be different variants of the app.
-Make sure that the Matrix client you are using supports UnifiedPush. There may well be different variants of the app.
+To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element Android or SchildiChat Android, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each Matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL.
 To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element Android or SchildiChat Android, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each Matrix client that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL.
 In the "Notification Targets" screen in Element Android or SchildiChat Android, two relevant URLs are shown, "push\_key" and "Url", and both should begin with your ntfy server's URL. If "push\_key" shows your server but "Url" shows an external server such as `up.schildi.chat` then push notifications will still work but are being routed through that external server before they reach your ntfy server. To rectify that, in SchildiChat (at least around version 1.4.20.sc55) you must enable the `Force custom push gateway` setting as described in the "Usage" section above.
 If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat Android (possibly also Element Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app.
 The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device.
 ### Check the service's logs
-See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#check-the-services-logs) on the role's documentation for details.
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-ntfy`.
 #### Increase logging verbosity
 If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
 ```yaml
 ntfy_configuration_extension_yaml: |
  log_level: DEBUG
 ```
--- a/docs/configuring-playbook-postgres-backup.md
+++ b/docs/configuring-playbook-postgres-backup.md
@ -10,7 +10,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
-The [Ansible role for docker-postgres-backup-local](https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring docker-postgres-backup-local, you can check them via:
+The Ansible role for docker-postgres-backup-local is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup). For details about configuring docker-postgres-backup-local, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup/blob/main/docs/configuring-postgres-backup.md) online
 - 📁 `roles/galaxy/postgres_backup/docs/configuring-postgres-backup.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@ -6,7 +6,7 @@ SPDX-FileCopyrightText: 2021 Kim Brose
 SPDX-FileCopyrightText: 2021 Luca Di Carlo
 SPDX-FileCopyrightText: 2022 Olivér Falvai
 SPDX-FileCopyrightText: 2023 Michael Hollister
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@ -16,9 +16,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install [Prometheus](https://prometheus.io/) with [Grafana](https://grafana.com/) and configure performance metrics of your homeserver with graphs for you.
 > [!WARNING]
-> Metrics and graphs contain a lot of information, and anyone who has access to them can make an educated guess about your server usage patterns. This especially applies to small personal/family scale homeservers, where the number of samples is fairly limited. Analyzing the metrics over time, one might be able to figure out your life cycle, such as when you wake up, go to bed, etc. Before enabling (anonymous) access, you should carefully evaluate the risk, and if you do enable it, it is highly recommended to change your Grafana password from the default one.
+> Metrics and resulting graphs can contain a lot of information. This includes system specs but also usage patterns. This applies especially to small personal/family scale homeservers. Someone might be able to figure out when you wake up and go to sleep by looking at the graphs over time. Think about this before enabling (anonymous) access. And you should really not forget to change your Grafana password.
 >
-> Most of our Docker containers run with limited system access, but the `prometheus-node-exporter` can access the host network stack and (readonly) root filesystem. If it is fine, you can enable it and have it capture metrics about them (see [below](#enable-metrics-and-graphs-for-generic-system-information-optional) for the instruction). Even if `prometheus-node-exporter` is not enabled, you will still get Synapse homeserver metrics. Note that both of these dashboards are always be enabled, so you can still see historical data even after disabling either source.
+> Most of our docker containers run with limited system access, but the `prometheus-node-exporter` has access to the host network stack and (readonly) root filesystem. This is required to report on them. If you don't like that, you can set `prometheus_node_exporter_enabled: false` (which is actually the default). You will still get Synapse metrics with this container disabled. Both of the dashboards will always be enabled, so you can still look at historical data after disabling either source.
 ## Adjusting DNS records
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@ -11,60 +11,57 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 # Adjusting SSL certificate retrieval (optional, advanced)
-By default, the playbook retrieves and automatically renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) via [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) for the domains of the services it installs (e.g. `matrix.example.com` and others). Refer this guide if you want to modify settings about how it manages SSL certificates or have the Traefik server use yours.
+By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (e.g. `matrix.example.com` and others)
-**Notes**:
+This guide is about using the integrated Traefik server and doesn't apply if you're using [your own webserver](configuring-playbook-own-webserver.md).
 - This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
 - Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
-  The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).
+## Using staging Let's Encrypt certificates instead of real ones
-## Use staging Let's Encrypt certificates
+For testing purposes, you may wish to use staging certificates provide by Let's Encrypt.
-For testing purposes, you may wish to use staging certificates provided by Let's Encrypt to avoid hitting [its rate limits](https://letsencrypt.org/docs/rate-limits/).
+Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 To use ones, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 traefik_config_certificatesResolvers_acme_use_staging: true
 ```
-## Disable SSL termination
+## Disabling SSL termination
 For testing or other purposes, you may wish to install services without SSL termination and have services exposed to `http://` instead of `https://`.
-To do so, add the following configuration to your `vars.yml` file:
+Add the following configuration to your `vars.yml` file:
 ```yaml
 traefik_config_entrypoint_web_secure_enabled: false
 ```
-## Use self-signed SSL certificates
+## Using self-signed SSL certificates
-To use self-signed certificates, generate them and follow the documentation below about using your own certificates.
+If you'd like to use your own SSL certificates, instead of the default (SSL certificates obtained automatically via [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) from [Let's Encrypt](https://letsencrypt.org/)):
-## Use your own SSL certificates
+- generate your self-signed certificate files
 - follow the [Using your own SSL certificates](#using-your-own-ssl-certificates) documentation below
-To use your own certificates, prepare them and follow the steps below:
+## Using your own SSL certificates
- Disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
+To use your own SSL certificates with Traefik, you need to:
 - Put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
 - Register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
 - Put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
-For those steps, you can add the following configuration to your `vars.yml` file (adapt to your needs). If you will put the custom configuration files manually, make sure to remove the `aux_file_definitions` variable.
+- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
 - put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
 - register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
 - put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
 ```yaml
 # Disable ACME / Let's Encrypt support.
 traefik_config_certificatesResolvers_acme_enabled: false
-# Disabling ACME support (above) automatically disables the SSL directory to be created.
+# Disabling ACME support (above) automatically disables the creation of the SSL directory.
-# Force-enable it to be created with this configuration, because we'll add our certificate files there.
+# Force-enable it here, because we'll add our certificate files there.
 traefik_ssl_dir_enabled: true
-# Tell Traefik to load our custom SSL key pair by extending provider configuration.
+# Tell Traefik to load our custom ssl key pair by extending provider configuration.
 # The key pair files are created below, in `aux_file_definitions`.
-# Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
+# The `/ssl/…` path is an in-container path, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
 traefik_provider_configuration_extension_yaml:
  tls:
    certificates:
@ -77,14 +74,14 @@ traefik_provider_configuration_extension_yaml:
          keyFile: /ssl/privkey.pem
 # Use the aux role to create our custom files on the server.
-# If you'd like to do this manually, remove this `aux_file_definitions` variable.
+# If you'd like to do this manually, you remove this `aux_file_definitions` variable.
 aux_file_definitions:
  # Create the privkey.pem file on the server by
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
    src: /path/on/your/Ansible/computer/to/privkey.pem
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
-    # Mind the indentation level (indented with two white space characters).
+    # Note the indentation level.
    # content: |
    #   FILE CONTENT
    #   HERE
@ -94,22 +91,20 @@ aux_file_definitions:
  - dest: "{{ traefik_ssl_dir_path }}/cert.pem"
    src: /path/on/your/Ansible/computer/to/cert.pem
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
-    # Mind the indentation level (indented with two white space characters).
+    # Note the indentation level.
    # content: |
    #   FILE CONTENT
    #   HERE
 ```
-## Use a DNS-01 ACME challenge type, instead of HTTP-01
+## Using a DNS-01 ACME challenge type, instead of HTTP-01
-You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for Let's Encrypt. This is less commonly used than the default [HTTP-01 challenge type](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), but can be helpful to:
+You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for Let's Encrypt. This is less commonly used than the default [HTTP-01 challenge type](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), but it can be helpful to:
 - hide your public IP from Let's Encrypt logs
 - allow you to obtain SSL certificates for servers which are not accessible (via HTTP) from the public internet (and for which the HTTP-01 challenge would fail)
-### Example: Cloudflare
+This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
 Here is an example for configurations on the `vars.yml` file for Cloudflare. Please adjust it as necessary before applying it.
 ```yaml
 traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
@ -117,7 +112,7 @@ traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
 traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
 traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
  - "1.1.1.1:53"
-traefik_environment_variables: |
+traefik_environment_variables_additional_variables: |
  CF_API_EMAIL=redacted
  CF_ZONE_API_TOKEN=redacted
  CF_DNS_API_TOKEN=redacted
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@ -237,12 +237,6 @@ Services that help you in administrating and monitoring your Matrix installation
 Various services that don't fit any other categories.
 - [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application (optional)
 - [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (optional)
 - [Setting up LiveKit Server](configuring-playbook-livekit-server.md) (optional)
 - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
 - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers
--- a/docs/container-images.md
+++ b/docs/container-images.md
@ -54,8 +54,6 @@ Services that run on the server to make the various parts of your installation w
 | [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) |
 | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
 | [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider |
 | [LiveKit Server](configuring-playbook-livekit-server.md) | [livekit/livekit-server](https://hub.docker.com/r/livekit/livekit-server/) | ❌ | WebRTC server for audio/video calls |
 | [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md) | [element-hq/lk-jwt-service](https://ghcr.io/element-hq/lk-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) |
 ## Authentication
@ -169,7 +167,6 @@ Various services that don't fit any other categories.
 | [Pantalaimon](configuring-playbook-pantalaimon.md) | [matrixdotorg/pantalaimon](https://hub.docker.com/r/matrixdotorg/pantalaimon) | ❌ | E2EE aware proxy daemon |
 | [Sygnal](configuring-playbook-sygnal.md) | [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) | ❌ | Reference Push Gateway for Matrix |
 | [ntfy](configuring-playbook-ntfy.md) | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) | ❌ | Self-hosted, UnifiedPush-compatible push notifications server |
 | [Element Call](configuring-playbook-element-call.md) | [element-hq/element-call](https://ghcr.io/element-hq/element-call) | ❌ | A native Matrix video conferencing application |
 ## Container images of deprecated / unmaintained services
--- a/docs/howto-srv-server-delegation.md
+++ b/docs/howto-srv-server-delegation.md
@ -80,7 +80,7 @@ traefik_configuration_extension_yaml: |
        storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
 # 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
-traefik_environment_variables: |
+traefik_environment_variables_additional_variables: |
  CF_API_EMAIL=redacted
  CF_ZONE_API_TOKEN=redacted
  CF_DNS_API_TOKEN=redacted
@ -158,7 +158,7 @@ traefik_configuration_extension_yaml: |
 traefik_certResolver_primary: "dns"
 # Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare)
-traefik_environment_variables: |
+traefik_environment_variables_additional_variables: |
  CF_API_EMAIL=redacted
  CF_ZONE_API_TOKEN=redacted
  CF_DNS_API_TOKEN=redacted
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@ -98,7 +98,7 @@ As part of the upgrade, the database is dumped to `/tmp`, an upgraded and empty
 To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense of CPU usage. If you have plenty of space in `/tmp` and would rather avoid gzipping, you can explicitly pass a dump filename which doesn't end in `.gz`. Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
-**All databases, roles, etc. on the Postgres server are migrated**. However, other components that depend on specific Postgres versions (like the [Postgres Backup](configuring-playbook-postgres-backup.md) service) may need to be updated after the upgrade by using `just install-all`
+**All databases, roles, etc. on the Postgres server are migrated**.
 ## Tuning PostgreSQL
--- a/docs/playbook-tags.md
+++ b/docs/playbook-tags.md
@ -27,7 +27,7 @@ Here are some playbook tags that you should be familiar with:
 - `stop` — stops all systemd services
- `ensure-matrix-users-created` or its alias `ensure-users-created` — a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created. See the variable `matrix_user_creator_users_auto` on [`group_vars/matrix_servers`](../group_vars/matrix_servers) for actual values of users which running this tag can create by default.
+- `ensure-matrix-users-created` — a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
 **Notes**:
 - `setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
--- a/examples/hosts
+++ b/examples/hosts
@ -2,8 +2,8 @@
 # If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
 #
 # To connect using a non-root user (and elevate to root with sudo later),
-# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
+# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`.
-# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
+# If sudo requires a password, either add `become_password=PASSWORD_HERE` to the host line
 # or tell Ansible to ask you for the password interactively by adding a `--ask-become-pass` (`-K`) flag to all `ansible-playbook` (or `just`) commands.
 #
 # For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.
--- a/examples/hosts.license
+++ b/examples/hosts.license
@ -1,4 +1,4 @@
-SPDX-FileCopyrightText: 2017 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2017 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2019 Dan Arnfield
 SPDX-FileCopyrightText: 2019 MDAD project contributors
 SPDX-FileCopyrightText: 2021 Aaron Raimist
--- a/examples/reverse-proxies/caddy2-in-container/Caddyfile
+++ b/examples/reverse-proxies/caddy2-in-container/Caddyfile
@ -10,7 +10,7 @@ matrix.example.com {
        encode zstd gzip
        # Use the docker service name instead of localhost or 127.0.0.1 here
-        reverse_proxy matrix-traefik:8080 {
+        matrix-traefik:8080 {
               header_up X-Forwarded-Port {http.request.port}
               header_up X-Forwarded-TlsProto {tls_protocol}
               header_up X-Forwarded-TlsCipher {tls_cipher}
--- a/examples/reverse-proxies/caddy2-in-container/docker-compose.yaml
+++ b/examples/reverse-proxies/caddy2-in-container/docker-compose.yaml
@ -19,7 +19,7 @@ services:
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      # - ./site:/var/www
-    # Other configurations …
+    #  Other configurations …
 networks:
  # add this as well
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -36,8 +36,6 @@ matrix_playbook_docker_installation_daemon_options_auto: |
 matrix_playbook_docker_installation_daemon_options_custom: {}
 matrix_playbook_docker_installation_daemon_options_file_path: /etc/docker/daemon.json
 # Controls whether to attach Traefik labels to services.
 # This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
 # yet still use Traefik installed in another way.
@ -447,12 +445,6 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
    +
    ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
    +
    ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
    +
    ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else [])
    +
    ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
    +
    ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
@ -686,8 +678,6 @@ matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_a
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 matrix_authentication_service_container_network: "{{ matrix_homeserver_container_network }}"
@ -2077,8 +2067,6 @@ matrix_wechat_systemd_required_services_list_auto: |
 matrix_wechat_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_wechat_container_image_registry_prefix_upstream_default }}"
 matrix_wechat_agent_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_wechat_agent_container_image_registry_prefix_upstream_default }}"
 matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 matrix_wechat_agent_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
@ -3194,10 +3182,10 @@ matrix_bot_draupnir_container_additional_networks_auto: |-
    ) | unique
  }}
-matrix_bot_draupnir_config_homeserverUrl: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"  # noqa var-naming
+matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
-matrix_bot_draupnir_config_rawHomeserverUrl: "{{ matrix_addons_homeserver_client_api_url }}"  # noqa var-naming
+matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
-matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_config_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
@ -4539,7 +4527,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
 #
 ######################################################################
-valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}"
+valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) }}"
 valkey_identifier: matrix-valkey
@ -4611,14 +4599,6 @@ matrix_client_element_enable_presence_by_hs_url: |-
 matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}"
 matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}"
 matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}"
 matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}"
 matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}"
 matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}"
 ######################################################################
 #
 # /matrix-client-element
@ -4805,8 +4785,6 @@ matrix_synapse_docker_image_registry_prefix_upstream: "{{ matrix_container_globa
 matrix_s3_goofys_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_s3_goofys_docker_image_registry_prefix_upstream_default }}"
 matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream_default }}"
 matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url: "{{ ('http://matrix-ma1sd:' + matrix_ma1sd_container_port| string) }}"
@ -4855,8 +4833,6 @@ matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matr
 matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
 matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
 matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}"
 matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
 matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
@ -4934,9 +4910,7 @@ matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
 # Enable Synapse statistics reporting when using synapse-usage-exporter
 matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
-matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"
+matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}/report-usage-stats/push"
 matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}"
 matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
 matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
@ -4946,10 +4920,6 @@ matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_
 matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
 matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}"
 matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}"
 # Disable password authentication when delegating authentication to Matrix Authentication Service.
 # Unless this is done, Synapse fails on startup with:
 # > Error in configuration at 'password_config.enabled':
@ -5043,9 +5013,6 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_compression_midd
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_container_labels_public_federation_api_traefik_tls }}"
@ -6089,7 +6056,7 @@ matrix_user_verification_service_container_url: "http://{{  matrix_user_verifica
 matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
 # We connect via the container network (private IPs), so we need to disable IP checks
-matrix_user_verification_service_uvs_disable_ip_blacklist: "{{ matrix_synapse_enabled }}"
+matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
 matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
@ -6125,7 +6092,7 @@ matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_do
 # If we're not serving a static webpage, serve a redirect instead of a 404.
 matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}"
-matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}/${1}"
+matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}"
 matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
@ -6142,14 +6109,6 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{
 # See: https://github.com/etkecc/synapse-admin/pull/126
 matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}"
 matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}"
 matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |-
  {{
    (
      [{'type': 'livekit', 'livekit_service_url': matrix_livekit_jwt_service_public_url}] if matrix_livekit_jwt_service_enabled else []
    )
  }}
 matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
@ -6264,124 +6223,3 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai
 # /traefik_certs_dumper                                                #
 #                                                                      #
 ########################################################################
 ########################################################################
 #                                                                      #
 # matrix-element-call                                                  #
 #                                                                      #
 ########################################################################
 matrix_element_call_enabled: false
 matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_element_call_container_network: "{{ matrix_addons_container_network }}"
 matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
 matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_service_public_url if matrix_livekit_jwt_service_enabled else '' }}"
 ########################################################################
 #                                                                      #
 # /matrix-element-call                                                 #
 #                                                                      #
 ########################################################################
 ########################################################################
 #                                                                      #
 # livekit-server                                                       #
 #                                                                      #
 ########################################################################
 livekit_server_enabled: "{{ matrix_element_call_enabled }}"
 livekit_server_identifier: matrix-livekit-server
 livekit_server_uid: "{{ matrix_user_uid }}"
 livekit_server_gid: "{{ matrix_user_gid }}"
 livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server"
 livekit_server_hostname: "{{ matrix_server_fqn_matrix }}"
 livekit_server_path_prefix: "/livekit-server"
 livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 livekit_server_container_network: "{{ matrix_addons_container_network }}"
 livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
 livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 livekit_server_config_keys_auto: |-
  {{
    {}
    | combine(
      {matrix_livekit_jwt_service_environment_variable_livekit_key: matrix_livekit_jwt_service_environment_variable_livekit_secret}
      if matrix_livekit_jwt_service_enabled else {}
    )
  }}
 # The playbook intentionally uses a non-standard port than the default used by the role (5349),
 # because Coturn is already using that port.
 # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
 livekit_server_config_turn_tls_port: 5350
 # The playbook intentionally uses a non-standard port than the default used by the role (3478),
 # because Coturn is already using that port.
 # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
 livekit_server_config_turn_udp_port: 3479
 ########################################################################
 #                                                                      #
 # /livekit-server                                                      #
 #                                                                      #
 ########################################################################
 ########################################################################
 #                                                                      #
 # matrix-livekit-jwt-service                                           #
 #                                                                      #
 ########################################################################
 matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}"
 matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
 matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}"
 matrix_livekit_jwt_service_container_additional_networks_auto: |
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [])
  }}
 matrix_livekit_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_livekit_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_livekit_jwt_service_environment_variable_livekit_url: "{{ livekit_server_websocket_public_url }}"
 matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.key', rounds=655555) | to_uuid }}"
 matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"
 ########################################################################
 #                                                                      #
 # /matrix-livekit-jwt-service                                          #
 #                                                                      #
 ########################################################################
--- a/group_vars/matrix_servers.license
+++ b/group_vars/matrix_servers.license
@ -52,7 +52,7 @@ SPDX-FileCopyrightText: 2023 - 2024 Michael Hollister
 SPDX-FileCopyrightText: 2023 - 2024 Pierre 'McFly' Marty
 SPDX-FileCopyrightText: 2023 Antonis Christofides
 SPDX-FileCopyrightText: 2023 Benjamin Kampmann
-SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
+SPDX-FileCopyrightText: 2023 Catalan Lover
 SPDX-FileCopyrightText: 2023 Cody Wyatt Neiman
 SPDX-FileCopyrightText: 2023 Johan Swetzén
 SPDX-FileCopyrightText: 2023 Kabir Kwatra
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@ -17,7 +17,7 @@ packaging==24.2
 Pygments==2.19.1
 PyYAML==6.0.2
 requests==2.32.3
-setuptools==78.1.0
+setuptools==75.9.1
 snowballstemmer==2.2.0
 Sphinx==8.2.3
 sphinx-intl==2.3.1
--- a/requirements.yml
+++ b/requirements.yml
@ -10,7 +10,7 @@
  version: v0.3.0-4
  name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.4.7
+  version: 7.4.5
  name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
  version: 129c8590e106b83e6f4c259649a613c6279e937a
@ -25,13 +25,10 @@
  version: v11.5.2-2
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10133-1-0
+  version: v10078-1-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
  version: v1.8.4-2
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.11.0-4
+  version: v2.11.0-3
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: 201c939eed363de269a83ba29784fc3244846048
@ -67,10 +64,10 @@
  version: v1.0.0-0
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.3.4-1
+  version: v3.3.4-0
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
-  version: v2.10.0-0
+  version: v2.8.3-7
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
  version: v8.0.1-3
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.3.26
+matrix_alertmanager_receiver_version: 2025.3.5
 matrix_alertmanager_receiver_scheme: https
--- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
@ -1,5 +1,4 @@
-# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 - 2025 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
@ -52,12 +51,12 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
 # Note: Draupnir is fairly verbose - expect a lot of messages from it.
 # This room is diffrent for Appservice Mode compared to normal mode.
 # In Appservice mode it provides functions like user management.
-matrix_appservice_draupnir_for_all_config_adminRoom: ""  # noqa var-naming
+matrix_appservice_draupnir_for_all_master_control_room_alias: ""
-# Controls if the room state backing store is activated.
+# Placeholder Remenant of the fact that Cat belived Master Control Room to be separated from Access Control Policy List.
-# Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia.
+# The alias of the Policy list used to control who can provision a bot for them selfs.
-# This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
+# This should be a room alias - not a matrix.to URL.
-matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled: false  # noqa var-naming
+# matrix_appservice_draupnir_for_all_management_policy_list_alias: ""
 matrix_appservice_draupnir_for_all_database_username: matrix_appservice_draupnir_for_all
 matrix_appservice_draupnir_for_all_database_password: 'some-passsword'
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
@ -1,6 +1,5 @@
 # SPDX-FileCopyrightText: 2024 David Mehren
 # SPDX-FileCopyrightText: 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2025 Suguru Hirahara
 #
@ -11,7 +10,7 @@
  ansible.builtin.fail:
    msg: "The `{{ item }}` variable must be defined and have a non-null value."
  with_items:
-    - "matrix_appservice_draupnir_for_all_config_adminRoom"
+    - "matrix_appservice_draupnir_for_all_master_control_room_alias"
    - "matrix_bot_draupnir_container_network"
  when: "vars[item] == '' or vars[item] is none"
@ -23,5 +22,3 @@
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
    - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
    - {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}
--- a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2
+++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2
@ -1,6 +1,5 @@
 {#
 SPDX-FileCopyrightText: 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
 SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
@ -19,14 +18,8 @@ db:
 # A room you have created that scopes who can access the appservice.
 # See docs/access_control.md
-adminRoom: {{ matrix_appservice_draupnir_for_all_config_adminRoom | to_json }}
+adminRoom: "{{ matrix_appservice_draupnir_for_all_master_control_room_alias }}"
 # This is a web api that the widget connects to in order to interact with the appservice.
 webAPI:
  port: 9000
 # The directory the bot should store various bits of information in
 dataPath: "/data"
 roomStateBackingStore:
  enabled: {{ matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled | to_json }}
--- a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2
+++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2
@ -1,6 +1,5 @@
 {#
 SPDX-FileCopyrightText: 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@ -74,20 +73,3 @@ commands:
      - "brigading"
      - "harassment"
      - "disagreement"
 # Safe mode provides recovery options for some failure modes when Draupnir
 # fails to start. For example, if the bot fails to resolve a room alias in
 # a watched list, or if the server has parted from a protected room and can't
 # find a way back in. Safe mode will provide different options to recover from
 # these. Such as unprotecting the room or unwatching the policy list.
 # By default Draupnir will boot into safe mode only when the failure mode
 # is recoverable.
 # It may be desirable to prevent the bot from starting into safe mode if you have
 # a pager system when Draupnir is down, as Draupnir could prevent your monitoring
 # system from identifying a failure to start.
 #safeMode:
 #  # The option for entering safe mode when Draupnir fails to start up.
 #  # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default.
 #  # - "Never" will never start the bot in safe mode when Draupnir fails to start normally.
 #  # - "Always" will always start the bot in safe mode when Draupnir fails to start normally.
 #  bootOption: RecoveryOnly
--- a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2.license
+++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2.license
@ -1,5 +1,4 @@
 SPDX-FileCopyrightText: 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
 SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@ -563,10 +563,8 @@ matrix_authentication_service_syn2mas_dry_run: false
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas
 matrix_authentication_service_syn2mas_version: 0.14.1
-matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
+matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
-matrix_authentication_service_syn2mas_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream }}"
+matrix_authentication_service_syn2mas_container_image_name_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
 matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default: ghcr.io/
 matrix_authentication_service_syn2mas_container_image_force_pull: "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}"
 matrix_authentication_service_syn2mas_container_image_self_build: "{{ matrix_authentication_service_container_image_self_build }}"
--- a/roles/custom/matrix-authentication-service/tasks/validate_config.yml
+++ b/roles/custom/matrix-authentication-service/tasks/validate_config.yml
@ -43,4 +43,3 @@
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'}
    - {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2023 Samuel Meenzen
 # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 #
@ -28,9 +27,9 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
 matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
-matrix_bot_draupnir_config_web_abuseReporting: false  # noqa var-naming
+matrix_bot_draupnir_abuse_reporting_enabled: false
-matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
+matrix_bot_draupnir_web_enabled: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
-matrix_bot_draupnir_config_displayReports: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
+matrix_bot_draupnir_display_reports: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
 matrix_bot_draupnir_container_network: ""
@ -57,7 +56,7 @@ matrix_bot_draupnir_systemd_wanted_services_list: []
 # Whether Draupnir should talk to the homeserver through Pantalaimon
 # If true, then other variables must be provided including pointing
-# `matrix_bot_draupnir_config_homeserverUrl` to the Pantalaimon URL.
+# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL.
 #
 # The upstream project discourages enabling this option, because it is
 # known that running Draupnir along with Pantalaimon breaks all workflows that involve
@ -71,41 +70,39 @@ matrix_bot_draupnir_pantalaimon_breakage_ignore: false
 # Tells the bot if it should use its native E2EE support in the form of experimental Rust Crypto in the bot SDK.
 # This option is mutually exclusive with `matrix_bot_draupnir_pantalaimon_use`.
 # Rust Crypto requires a clean access token that has not touched E2EE so curl is recommended as a method to obtain it.
-matrix_bot_draupnir_config_experimentalRustCrypto: false  # noqa var-naming
+matrix_bot_draupnir_enable_experimental_rust_crypto: false
 # The access token for the bot user. Required if Pantalaimon is NOT used.
 # (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.)
-matrix_bot_draupnir_config_accessToken: ""  # noqa var-naming
+matrix_bot_draupnir_access_token: ""
 # Username and password for the bot. Required if Pantalaimon is used.
-# (Otherwise provide `matrix_bot_draupnir_config_accessToken` instead.)
+# (Otherwise provide `matrix_bot_draupnir_access_token` instead.)
 matrix_bot_draupnir_pantalaimon_username: ""
 matrix_bot_draupnir_pantalaimon_password: ""
 # Username and password the bot uses for logging in directly. If Pantalaimon is used,
 # these values become the values of `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password`
 # These config options do not follow the common naming schema as to not cause user confusion over them being called Pantalaimon when using native login.
 matrix_bot_draupnir_login: "{{ matrix_bot_draupnir_pantalaimon_username if matrix_bot_draupnir_pantalaimon_use == 'true' else 'bot.draupnir' }}"
 matrix_bot_draupnir_password: "{{ matrix_bot_draupnir_pantalaimon_password }}"
 # Controls if we activate the config block for Pantalaimon for now. Its name will
 # probably be changed for our usecase due to Draupnir's push to scrub Pantalaimon from the codebase.
 # This configuration option does not follow the common naming schema as its not controlling a config key directly.
 matrix_bot_draupnir_login_native: ""
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
 # Note: Draupnir is fairly verbose - expect a lot of messages from it.
-matrix_bot_draupnir_config_managementRoom: ""  # noqa var-naming
+matrix_bot_draupnir_management_room: ""
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API).
 # Set this to the Pantalaimon URL if you're using that.
-matrix_bot_draupnir_config_homeserverUrl: ""  # noqa var-naming
+matrix_bot_draupnir_homeserver_url: ""
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/).
 # Only set this to the public-internet homeserver client API URL. Do NOT set this to the Pantalaimon URL.
-matrix_bot_draupnir_config_rawHomeserverUrl: ""  # noqa var-naming
+matrix_bot_draupnir_raw_homeserver_url: ""
 # Disable Server ACL is used if you do not want to give the bot the right to apply Server ACLs in rooms without complaints from the bot.
 # This setting is described the following way in the configuration.
@ -115,19 +112,12 @@ matrix_bot_draupnir_config_rawHomeserverUrl: ""  # noqa var-naming
 # It is recommended to consult with people from the upstream project beforehand.
 #
 # It is exposed here because it is common enough to be valid to expose.
-matrix_bot_draupnir_config_disableServerACL: false  # noqa var-naming
+matrix_bot_draupnir_disable_server_acl: "false"
 # Control if Draupnir wants for the Synapse Admin API to be exposed internally to containers, therefore giving Draupnir Access.
 matrix_bot_draupnir_admin_api_enabled: "{{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand }}"
 # Controls if the Draupnir room hijack command is activated or not.
 # Also see `matrix_bot_draupnir_admin_api_enabled`.
 matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand: false  # noqa var-naming
 # Controls if the room state backing store is activated.
 # Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia.
 # This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
-matrix_bot_draupnir_config_roomStateBackingStore_enabled: true  # noqa var-naming
+matrix_bot_draupnir_enable_room_state_backing_store: "true"
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
--- a/roles/custom/matrix-bot-draupnir/tasks/main.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/main.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2023 MDAD project contributors
 # SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2023 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
 # SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 David Mehren
 # SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
--- a/roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2023 MDAD project contributors
 # SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
@ -1,66 +1,33 @@
 # SPDX-FileCopyrightText: 2023 - 2025 MDAD project contributors
 # SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: (Deprecation) Catch and report renamed Draupnir settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
    - {'old': 'matrix_bot_draupnir_enable_room_state_backing_store', 'new': 'matrix_bot_draupnir_config_roomStateBackingStore_enabled'}
    - {'old': 'matrix_bot_draupnir_disable_server_acl', 'new': 'matrix_bot_draupnir_config_disableServerACL'}
    - {'old': 'matrix_bot_draupnir_enable_experimental_rust_crypto', 'new': 'matrix_bot_draupnir_config_experimentalRustCrypto'}
    - {'old': 'matrix_bot_draupnir_access_token', 'new': 'matrix_bot_draupnir_config_accessToken'}
    - {'old': 'matrix_bot_draupnir_management_room', 'new': 'matrix_bot_draupnir_config_managementRoom'}
    - {'old': 'matrix_bot_draupnir_homeserver_url', 'new': 'matrix_bot_draupnir_config_homeserverUrl'}
    - {'old': 'matrix_bot_draupnir_raw_homeserver_url', 'new': 'matrix_bot_draupnir_config_rawHomeserverUrl'}
    - {'old': 'matrix_bot_draupnir_web_enabled', 'new': 'matrix_bot_draupnir_config_web_enabled'}
    - {'old': 'matrix_bot_draupnir_abuse_reporting_enabled', 'new': 'matrix_bot_draupnir_config_web_abuseReporting'}
    - {'old': 'matrix_bot_draupnir_display_reports', 'new': 'matrix_bot_draupnir_config_displayReports'}
 - name: Fail if required matrix-bot-draupnir variables are undefined
  ansible.builtin.fail:
    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
  with_items:
-    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
-    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_config_experimentalRustCrypto }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
-    - {'name': 'matrix_bot_draupnir_config_managementRoom', when: true}
+    - {'name': 'matrix_bot_draupnir_management_room', when: true}
    - {'name': 'matrix_bot_draupnir_container_network', when: true}
-    - {'name': 'matrix_bot_draupnir_config_homeserverUrl', when: true}
+    - {'name': 'matrix_bot_draupnir_homeserver_url', when: true}
-    - {'name': 'matrix_bot_draupnir_config_rawHomeserverUrl', when: true}
+    - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true}
    - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
    - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
  when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
 - name: Fail if Draupnir room hijacking enabled without enabling the Synapse Admin API
  ansible.builtin.fail:
    msg: "When matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand is enabled, matrix_bot_draupnir_admin_api_enabled must also be enabled"
  when: "matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | bool and not matrix_bot_draupnir_admin_api_enabled | bool"
 - name: Fail if inappropriate variables are defined
  ansible.builtin.fail:
    msg: "The `{{ item.name }}` variable must be undefined or have a null value."
  with_items:
-    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
-    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_login_native }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_login_native }}"}
    - {'name': 'matrix_bot_draupnir_pantalaimon_use', when: "{{  matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
  when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"
 - name: Fail when matrix_bot_draupnir_config_experimentalRustCrypto is enabled together with matrix_bot_draupnir_pantalaimon_use
  ansible.builtin.fail:
    msg: >-
      Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
      These settings are mutually incompatible and therefore cant be used at the same time.
  when:
    - matrix_bot_draupnir_pantalaimon_use
    - matrix_bot_draupnir_config_experimentalRustCrypto
 - when: "matrix_bot_draupnir_pantalaimon_use == 'true' and matrix_bot_draupnir_pantalaimon_breakage_ignore == 'false'"
  block:
    - name: Inject warning if Pantalaimon is used together with Draupnir
@ -70,6 +37,15 @@
            devture_playbook_runtime_messages_list | default([])
            +
            [
-              "Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_config_experimentalRustCrypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
+              "Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_enable_experimental_rust_crypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
            ]
          }}
 - name: (Deprecation) Catch and report renamed Draupnir settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
@ -1,6 +1,5 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
 SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2024 Suguru Hirahara
@ -8,16 +7,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
-homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}
+homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
 # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-rawHomeserverUrl: {{ matrix_bot_draupnir_config_rawHomeserverUrl | to_json }}
+rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}
 # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
 # This option can be loaded from a file by passing "--access-token-path <path>" at the command line,
 # which would allow using secret management systems such as systemd's service credentials.
-accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}
+accessToken: {{ matrix_bot_draupnir_access_token | to_json }}
 {% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
@ -43,7 +42,7 @@ pantalaimon:
 # Make sure Pantalaimon is disabled in Draupnir's configuration.
 #
 # Warning: At this time this is not considered production safe.
-experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}
+experimentalRustCrypto: {{ matrix_bot_draupnir_enable_experimental_rust_crypto | to_json }}
 # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
@ -66,7 +65,7 @@ recordIgnoredInvites: false
 #
 # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
 # (see verboseLogging to adjust this a bit.)
-managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}
+managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}
 # Deprecated and will be removed in a future version.
 # Running with verboseLogging is unsupported.
@ -94,7 +93,7 @@ noop: false
 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
-disableServerACL: {{ matrix_bot_draupnir_config_disableServerACL | to_json }}
+disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}
 # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
 #
@ -131,15 +130,18 @@ protectAllJoinedRooms: false
 # of the homeserver may be more impacted.
 backgroundDelayMS: 500
 # FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
 # be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
 # Server administration commands, these commands will only work if Draupnir is
 # a global server administrator, and the bot's server is a Synapse instance.
-admin:
+#admin:
-  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
+#  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
-  # (with enough permissions) to "make" a user an admin.
+#  # (with enough permissions) to "make" a user an admin.
-  #
+#  #
-  # This only works if a local user with enough admin permissions is present in the room.
+#  # This only works if a local user with enough admin permissions is present in the room.
-  enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}
+#  enableMakeRoomAdminCommand: false
-
+#
 # Misc options for command handling and commands
 commands:
  # Whether or not the `!draupnir` prefix is necessary to submit commands.
@ -197,7 +199,7 @@ commands:
 # homeserver and know that Draupnir is starting up quickly. If your homeserver can
 # respond quickly to Draupnir's requests for `/state` then you might not need this option.
 roomStateBackingStore:
-  enabled: {{ matrix_bot_draupnir_config_roomStateBackingStore_enabled | to_json }}
+  enabled: {{ matrix_bot_draupnir_enable_room_state_backing_store | to_json }}
 # Safe mode provides recovery options for some failure modes when Draupnir
 # fails to start. For example, if the bot fails to resolve a room alias in
@ -259,7 +261,7 @@ health:
    # and 1.0 means "trace performance at every opportunity".
    # tracesSampleRate: 0.5
-{% if matrix_bot_draupnir_config_web_enabled %}
+{% if matrix_bot_draupnir_web_enabled %}
 # Options for exposing web APIs.
 web:
  # Whether to enable web APIs.
@ -285,7 +287,7 @@ web:
  # to configure a reverse proxy, see e.g. test/nginx.conf
  abuseReporting:
    # Whether to enable this feature.
-    enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }}
+    enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}
 {% endif %}
 # FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
@ -298,4 +300,4 @@ web:
 # Whether or not new reports, received either by webapi or polling,
 # should be printed to our managementRoom.
-displayReports: {{ matrix_bot_draupnir_config_displayReports | to_json }}
+displayReports: {{ matrix_bot_draupnir_display_reports | to_json }}
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2.license
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2.license
@ -1,5 +1,4 @@
 SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
 SPDX-FileCopyrightText: 2023 - 2024 Catalan Lover <catalanlover@protonmail.com>
 SPDX-FileCopyrightText: 2024 MDAD project contributors
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@ -19,7 +19,7 @@ matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_heisenbridge_path_prefix: "/heisenbridge"
 # renovate: datasource=docker depName=hif1/heisenbridge
-matrix_heisenbridge_version: 1.15.2
+matrix_heisenbridge_version: 1.15.0
 matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
 matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
@ -14,7 +14,7 @@ matrix_mautrix_bluesky_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_bluesky_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_bluesky_version == 'latest' else matrix_mautrix_bluesky_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/bluesky
-matrix_mautrix_bluesky_version: v0.1.1
+matrix_mautrix_bluesky_version: v0.1.0
 # See: https://mau.dev/tulir/mautrix-bluesky/container_registry
 matrix_mautrix_bluesky_docker_image: "{{ matrix_mautrix_bluesky_docker_image_registry_prefix }}mautrix/bluesky:{{ matrix_mautrix_bluesky_version }}"
 matrix_mautrix_bluesky_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_bluesky_container_image_self_build else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.6.1
+matrix_mautrix_gmessages_version: v0.6.0
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/README.md
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/README.md
@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2024 - 2025 MDAD Contributors
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.4.5
+matrix_mautrix_meta_instagram_version: v0.4.4
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml
@ -20,7 +20,7 @@
    - {'name': 'matrix_mautrix_meta_instagram_database_hostname', when: "{{ matrix_mautrix_meta_instagram_database_engine == 'postgres' }}"}
    - {'name': 'matrix_mautrix_meta_instagram_database_password', when: "{{ matrix_mautrix_meta_instagram_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed mautrix-meta-instagram variables
+- name: (Deprecation) Catch and report renamed mautrix-meta-instagram settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2
@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
-{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
+{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %}
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.4.5
+matrix_mautrix_meta_messenger_version: v0.4.4
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2
@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
-{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
+{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %}
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2.license
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2.license
@ -1,3 +1,3 @@
-SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.8.1
+matrix_mautrix_signal_version: v0.8.0
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
--- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
 matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
-matrix_mautrix_slack_version: v0.2.0
+matrix_mautrix_slack_version: v0.1.4
 # See: https://mau.dev/mautrix/slack/container_registry
 matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
 matrix_mautrix_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.3.0
+matrix_mautrix_twitter_version: v0.2.1
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.11.4
+matrix_mautrix_whatsapp_version: v0.11.3
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
--- a/roles/custom/matrix-bridge-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bridge-postmoogle/defaults/main.yml
@ -18,7 +18,7 @@ matrix_postmoogle_docker_repo_version: "{{ 'main' if matrix_postmoogle_version =
 matrix_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
-matrix_postmoogle_version: v0.9.26
+matrix_postmoogle_version: v0.9.24
 matrix_postmoogle_docker_image: "{{ matrix_postmoogle_docker_image_registry_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}"
 matrix_postmoogle_docker_image_registry_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else matrix_postmoogle_docker_image_registry_prefix_upstream }}"
 matrix_postmoogle_docker_image_registry_prefix_upstream: "{{ matrix_postmoogle_docker_image_registry_prefix_upstream_default }}"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
transcaffeine	6b6d855a52	meta: move inventory structure to be more usable	2025-03-09 12:18:43 +01:00
jdreichmann	cde1ca043a	meta: add own inventory, add vault-unlock with GPG	2025-03-09 11:45:17 +01:00
`@ -1,3 +1,3 @@`
	`SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev`	`SPDX-FileCopyrightText: 2024 Slavi Pantaleev`

	`SPDX-License-Identifier: AGPL-3.0-or-later`	`SPDX-License-Identifier: AGPL-3.0-or-later`