meta: move inventory structure to be more usable

meta: add own inventory, add vault-unlock with GPG
Update ghcr.io/etkecc/fluffychat-web Docker tag to v2
2025-06-22 12:28:34 +02:00 · 2025-06-21 14:45:24 +02:00 · 2025-06-21 05:17:02 +03:00 · 2025-06-19 05:48:36 +03:00 · 2025-06-18 08:08:03 +03:00 · 2025-06-18 06:58:43 +03:00
122 changed files with 1093 additions and 265 deletions
--- a/.codespellrc
+++ b/.codespellrc
@ -0,0 +1,2 @@
 [codespell]
 ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -9,8 +9,8 @@
 	"customManagers": [
 		{
 			"customType": "regex",
-			"fileMatch": [
+			"managerFilePatterns": [
-				"defaults/main.yml$"
+				"/defaults/main.yml$/"
 			],
 			"matchStrings": [
 				"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
@ -28,5 +28,8 @@
 	],
 	"ignoreDeps": [
 		"ghcr.io/matrixgpt/matrix-chatgpt-bot"
-	]
+	],
 	"pre-commit": {
 		"enabled": true
 	}
 }
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@ -7,9 +7,7 @@
 ---
 name: Matrix CI
-on:  # yamllint disable-line rule:truthy
+on: [push, pull_request]  # yamllint disable-line rule:truthy
  push:
  pull_request:
 jobs:
  yamllint:
@ -30,3 +28,11 @@ jobs:
        uses: ansible-community/ansible-lint-action@v6.17.0
        with:
          path: roles/custom
  precommit:
    name: Run pre-commit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run pre-commit
        uses: pre-commit/action@v3.0.1
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@ -1,20 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
 #
 # SPDX-License-Identifier: CC0-1.0
 ---
 name: REUSE Compliance Check
 on: [push, pull_request]  # yamllint disable-line rule:truthy
 permissions:
  contents: read
 jobs:
  reuse-compliance-check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: REUSE Compliance Check
        uses: fsfe/reuse-action@v5
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,26 @@
 ---
 default_install_hook_types: [pre-push]
 exclude: "LICENSES/"
 # See: https://pre-commit.com/hooks.html
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      # - id: check-executables-have-shebangs
      - id: check-added-large-files
      - id: check-case-conflict
      - id: check-json
      - id: check-toml
      - id: trailing-whitespace
      - id: end-of-file-fixer
  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.1
    hooks:
      - id: codespell
        args: ["--skip=*.po,*.pot,i18n/"]
  - repo: https://github.com/fsfe/reuse-tool  # https://reuse.software/dev/#pre-commit-hook
    rev: v5.0.2
    hooks:
      - id: reuse
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -156,7 +156,7 @@ To **completely eliminate the problem** of DDoS amplification attacks done throu
 The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**.
-💡 Users may wish to further remove the (now unnnecessary) firewall rule allowing access to `3478/udp`.
+💡 Users may wish to further remove the (now unnecessary) firewall rule allowing access to `3478/udp`.
 If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:
@ -170,7 +170,7 @@ matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
 # 2025-02-17
-## FluffyChat Web suport
+## FluffyChat Web support
 Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host.
@ -192,7 +192,7 @@ The playbook will let you know if you're using any `matrix_mautrix_hangouts_*` v
 ## Redis and KeyDB are no longer part of the playbook
-**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly definining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
+**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly defining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
 The playbook has gone through several iterations of memorystore implementations:
@ -745,7 +745,7 @@ For people building commercial products on top of Synapse, they may have to eith
 We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own!
-If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this:
+If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by introducing a new Ansible variable. You can do it like this:
 ```yaml
 # Switch the organization that Synapse container images (or source code for self-building) are pulled from.
@ -828,7 +828,7 @@ Despite these downsides (which the playbook manages automatically), we believe i
 People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically.
-**People runnning their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
+**People running their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
 You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended.
@ -2851,7 +2851,7 @@ As always, re-running the playbook is enough to get the updated bits.
 ## SMS bridging requires db reset
-The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
+The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new required var `matrix_sms_bridge_default_region`.
 To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
@ -2883,7 +2883,7 @@ Until the issue gets fixed, we're making User Directory search not go to ma1sd b
 This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream
 made a change to how you define manual mappings. If you added a
-`mapping` to your configuration, you will need to update it accoring
+`mapping` to your configuration, you will need to update it according
 to the [upstream
 instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no
 change is necessary. `mappings` is not part of the default
@ -3046,7 +3046,7 @@ As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unw
 Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**.
-As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
+As with anything else, these new defaults can be overridden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
 # 2019-10-05
@ -3600,7 +3600,7 @@ The following changes had to be done:
 - glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file.
- `matrix_postgres_use_external` has been superceeded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
+- `matrix_postgres_use_external` has been superseded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
 - Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`)
@ -3789,7 +3789,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widge
 There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse.
-You may wish to reenable TLSv1 if you need to access Riot in older browsers.
+You may wish to re-enable TLSv1 if you need to access Riot in older browsers.
 Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details.
--- a/REUSE.toml
+++ b/REUSE.toml
@ -13,10 +13,12 @@ path = [
    "i18n/PUBLISHED_LANGUAGES",
    "i18n/requirements.txt",
    "roles/custom/**/*.repo",
    ".codespellrc",
    ".editorconfig",
    ".envrc",
    ".gitattributes",
    ".gitignore",
    ".pre-commit-config.yaml",
    ".yamllint",
    "ansible.cfg",
    "flake.lock",
--- a/YEAR-IN-REVIEW.md
+++ b/YEAR-IN-REVIEW.md
@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable.
-AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
+AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
 *   complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult
 *   the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way.
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,6 +1,11 @@
 [defaults]
 vault_password_file = gpg/open_vault.sh
 retry_files_enabled = False
 result_format = yaml
 inventory = inventory/hosts
 [connection]
 pipelining = True
--- a/docs/README.md
+++ b/docs/README.md
@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 # Table of Contents
-## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
+## ⬇️ Installation guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
 There are two installation guides available for beginners and advanced users.
--- a/docs/ansible.md
+++ b/docs/ansible.md
@ -117,7 +117,7 @@ Then, to be asked for the password whenever running an `ansible-playbook` comman
 #### Resolve directory ownership issues
-Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
+Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
 > fatal: unsafe repository ('/work' is owned by someone else)
 > To add an exception for this directory, call:
--- a/docs/configuring-playbook-appservice-draupnir-for-all.md
+++ b/docs/configuring-playbook-appservice-draupnir-for-all.md
@ -95,13 +95,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ## Usage
-If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it.
+If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it.
 The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode.
 ### Granting Users the ability to use D4A
-Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
+Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended.
 The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))
--- a/docs/configuring-playbook-bot-baibot.md
+++ b/docs/configuring-playbook-bot-baibot.md
@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_
 # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
 # If you'd like to use another text-generation agent, uncomment and adjust:
-# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
+# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
 ```
 Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.
--- a/docs/configuring-playbook-bot-chatgpt.md
+++ b/docs/configuring-playbook-bot-chatgpt.md
@ -57,7 +57,7 @@ matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE'
 matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE'
-# Configuring the system promt used, needed if the bot is used for special tasks.
+# Configuring the system prompt used, needed if the bot is used for special tasks.
 # More information: https://github.com/mustvlad/ChatGPT-System-Prompts
 matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
 ```
--- a/docs/configuring-playbook-bot-draupnir.md
+++ b/docs/configuring-playbook-bot-draupnir.md
@ -145,6 +145,20 @@ The bot can intercept the report API endpoint of the client-server API, which re
 matrix_bot_draupnir_config_web_abuseReporting: true
 ```
 ### Enabling synapse-http-antispam support
 Certain protections in Draupnir require the [synapse-http-antispam](https://github.com/maunium/synapse-http-antispam) module and a Synapse homeserver plus homeserver admin status to function. This module can be enabled in the playbook via setting `matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled` to `true` and making sure that Draupnir admin API access is enabled.
 ```yaml
 # Enables the integration between Draupnir and synapse-http-antispam module.
 matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: true
 # Enables draupnir to access Synapse admin APIs. This is required for the module functionality to take full effect.
 matrix_bot_draupnir_admin_api_enabled: true
 ```
 These protections need to be manually activated and consulting the [enabling protections](#enabling-built-in-protections) guide can be helpful or consulting upstream documentation.
 <!--
 NOTE: this is unsupported by the playbook due to the admin API being inaccessible from containers currently.
@ -228,7 +242,7 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
 We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
-Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
+Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
 You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@ -77,7 +77,7 @@ Send `help` to the bot to see the available commands.
 You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
-If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
+If you have any questions, or if you need help setting it up, read the [troubleshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
 To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc… you can use:
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@ -103,7 +103,6 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
 | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | Jira OAuth |
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
 | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
 | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
@ -132,10 +131,6 @@ aux_file_definitions:
 For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).
 ### Provisioning API
 The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`.
 ### Collision with matrix-appservice-webhooks
 If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
@ -172,7 +167,7 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
 #### Enable Grafana (optional)
-Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
+Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
 To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.
--- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md
+++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md
@ -70,7 +70,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 ## Usage
-Follow the [mautrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
+Follow the [mautrix-imessage documentation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
 ## Troubleshooting
--- a/docs/configuring-playbook-element-call.md
+++ b/docs/configuring-playbook-element-call.md
@ -30,7 +30,7 @@ These **clients will use their own embedded Element Call frontend**, so **self-h
 💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call.
-The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
+The playbook makes a distinction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
 | Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) |
 |------------------------|-----------------------|----------------|---------------------|
--- a/docs/configuring-playbook-matrix-authentication-service.md
+++ b/docs/configuring-playbook-matrix-authentication-service.md
@ -41,7 +41,7 @@ Below, we'll try to **highlight some potential reasons for switching** to Matrix
 ## Prerequisites
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
+- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
 - ❌ **disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below.
@ -61,7 +61,7 @@ This section details what you can expect when switching to the Matrix Authentica
 - ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
+- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
 - ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration).
@ -85,7 +85,7 @@ For new homeservers (which don't have any users in their Synapse database yet),
 ### Existing homeserver
-Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
+Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
 For existing Synapse homeservers:
--- a/docs/configuring-playbook-matrix-corporal.md
+++ b/docs/configuring-playbook-matrix-corporal.md
@ -13,7 +13,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.
-In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
+In short, it's a sort of automation and firewalling service, which is helpful if you're installing Matrix services in a controlled corporate environment.
 See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you.
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@ -60,7 +60,7 @@ To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_use
 #### Enable Grafana (optional)
-Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
+Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
 To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.
--- a/docs/configuring-playbook-ntfy.md
+++ b/docs/configuring-playbook-ntfy.md
@ -115,7 +115,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 ## Usage
-To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it.
+To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distributor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notifications are "distributed" from it.
 For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation.
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@ -258,4 +258,4 @@ As with all other services, you can find the logs in [systemd-journald](https://
 - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
 - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
- [The PostgresSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)
+- [The PostgreSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)
--- a/docs/configuring-playbook-s3.md
+++ b/docs/configuring-playbook-s3.md
@ -22,13 +22,11 @@ Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring
 ## Choosing an Object Storage provider
-You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Storj](https://storj.io), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc.
+You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), [Storj](https://storj.io), etc.
-Amazon S3, Backblaze B2, and Storj are pay-as-you with no minimum charges for storing too little data.
+Amazon S3 and Backblaze B2 are pay-as-you with no minimum charges for storing too little data. Note that Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
-All these providers have different prices, with Storj appearing to be the cheapest (as of 2024-10, storage fee is $0.004 per GB/month, and egress fee is $0.007 per GB; check actual pricing [here](https://storj.dev/dcs/pricing)). Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
+Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). Though Storj does not set minimum amount of data to be stored, it also charges $5 minimum monthly usage fee since July 1, 2025, if your monthly usage (storage, bandwidth, and segments) totals less than $5.
 Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10).
 Here are some of the important aspects of choosing the right provider:
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@ -15,7 +15,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
 **Notes**:
 - This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
+- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
  The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).
--- a/docs/configuring-playbook-synapse-simple-antispam.md
+++ b/docs/configuring-playbook-synapse-simple-antispam.md
@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you.
-It lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
+It lets you fight invite-spam by automatically blocking invitations from a list of servers specified by you (blacklisting).
 See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you.
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@ -53,7 +53,7 @@ You may also consider [tweaking the number of workers of each type](#controlling
 ##### Specialized workers
-The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requestor's IP adddress, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requestor and/or on the resource (room, etc.) being requested.
+The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requester's IP address, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requester and/or on the resource (room, etc.) being requested.
 The playbook supports these **4 types** of specialized workers:
--- a/docs/faq.md
+++ b/docs/faq.md
@ -235,7 +235,7 @@ Running Matrix on a server with 1GB of memory is possible (especially if you dis
 **We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea.
-Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
+Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
 ### Can I run this in an LXC container?
@ -362,7 +362,7 @@ Configuration variables are defined in multiple places in this playbook and are
 You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`).
-As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
+As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`.
 Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).
--- a/docs/howto-srv-server-delegation.md
+++ b/docs/howto-srv-server-delegation.md
@ -42,7 +42,7 @@ This is because with SRV federation, some servers / tools (one of which being th
 ### Tell Traefik which certificate to serve for the federation endpoint
-Now that the federation endpoint is not bound to a domain anymore we need to explicitely tell Traefik to use a wildcard certificate in addition to one containing the base name.
+Now that the federation endpoint is not bound to a domain anymore we need to explicitly tell Traefik to use a wildcard certificate in addition to one containing the base name.
 This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work.
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
 - [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
+- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
 - An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
--- a/examples/reverse-proxies/nginx-proxy-manager/README.md
+++ b/examples/reverse-proxies/nginx-proxy-manager/README.md
@ -23,7 +23,7 @@ If Matrix federation is enabled, then you will need to make changes to [NPM's Do
 You'll need to create two proxy hosts in NPM for Matrix web and federation traffic.
-Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxys configuration like this:
+Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxy's configuration like this:
 ```md
 # Details
@ -44,7 +44,7 @@ Custom Nginx Configuration:
 	client_max_body_size 50M;
 ```
-Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxys configuration like this:
+Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this:
 ```md
 # Details
--- a/gpg/open_vault.sh
+++ b/gpg/open_vault.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 set -e -u
 gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null
--- a/gpg/vault_passphrase.gpg
+++ b/gpg/vault_passphrase.gpg
@ -0,0 +1,18 @@
 -----BEGIN PGP MESSAGE-----
 hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
 iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
 foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
 C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
 luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
 +rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
 RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
 4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
 0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
 eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
 ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
 jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
 anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
 yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
 =Cecg
 -----END PGP MESSAGE-----
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -2317,7 +2317,6 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping:
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"
 matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"
@ -2326,8 +2325,6 @@ matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_rev
 matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
 matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
@ -3202,6 +3199,9 @@ matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 #The salt is size restricted here as a maximum salt size of 16 characters exists due to the functions used.
 matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'draupnir.httpmod', rounds=655555) | to_uuid }}" # noqa var-naming
 ######################################################################
 #
 # /matrix-bot-draupnir
@ -4835,6 +4835,8 @@ matrix_synapse_container_additional_networks_auto: |
      ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
      +
      ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
      +
      ([matrix_bot_draupnir_container_network] if (matrix_synapse_ext_synapse_http_antispam_enabled and matrix_synapse_ext_synapse_http_antispam_config_base_url == matrix_bot_draupnir_synapse_http_antispam_config_base_url and matrix_bot_draupnir_container_network != matrix_synapse_container_network) else [])
    ) | unique
  }}
@ -4930,6 +4932,13 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
 # Disable creation of media repository Synapse worker when using media-repo
 matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
 matrix_synapse_ext_synapse_http_antispam_enabled: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"
 matrix_synapse_ext_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_synapse_http_antispam_config_base_url if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
 matrix_synapse_ext_synapse_http_antispam_config_authorization: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
 matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: "{{ matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else [] }}"
 matrix_synapse_ext_synapse_http_antispam_config_fail_open: "{{ matrix_bot_draupnir_synapse_http_antispam_config_fail_open if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
 matrix_synapse_ext_synapse_http_antispam_config_async: "{{ matrix_bot_draupnir_synapse_http_antispam_config_async if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
 # Enable Synapse statistics reporting when using synapse-usage-exporter
 matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
 matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"
--- a/i18n/README.md
+++ b/i18n/README.md
@ -20,7 +20,7 @@ Currently, we support translation of:
 Organization of this `i18n` directory is as follows:
 - [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory)
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionaly ignore translated results (`translations/<language>` directories) for languages taht are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
+- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionally ignore translated results (`translations/<language>` directories) for languages that are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
 - [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner
 - [requirements.txt](requirements.txt): a list of Python packages required to work with translations
 - [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@ -1,8 +1,8 @@
 alabaster==1.0.0
 babel==2.17.0
-certifi==2025.4.26
+certifi==2025.6.15
 charset-normalizer==3.4.2
-click==8.1.8
+click==8.2.1
 docutils==0.21.2
 idna==3.10
 imagesize==1.4.1
@ -16,9 +16,9 @@ myst-parser==4.0.1
 packaging==25.0
 Pygments==2.19.1
 PyYAML==6.0.2
-requests==2.32.3
+requests==2.32.4
-setuptools==80.3.1
+setuptools==80.9.0
-snowballstemmer==2.2.0
+snowballstemmer==3.0.1
 Sphinx==8.2.3
 sphinx-intl==2.3.1
 sphinx-markdown-builder==0.6.8
@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
 tabulate==0.9.0
 uc-micro-py==1.0.3
-urllib3==2.4.0
+urllib3==2.5.0
--- a/inventory/host_vars/matrix.finallycoffee.eu/postgresql.yml
+++ b/inventory/host_vars/matrix.finallycoffee.eu/postgresql.yml
@ -0,0 +1,17 @@
 ---
 postgres_max_connections: 400
 postgres_shared_buffers: 3145728 # (3072 MiB)
 postgres_effective_cache_size: 8388608 # (8192 MiB)
 postgres_container_shm_size: 1G
 postgres_maintenance_work_mem: 786432 # (768 MiB)
 postgres_wal_buffers: 16384 # (16 MiB)
 postgres_random_page_cost: 1.3
 postgres_work_mem: 4096
 postgres_huge_pages: try
 postgres_min_wal_size: 524288 # (512 MiB)
 postgres_max_wal_size: 4194304 # (4GiB)
 postgres_max_worker_processes: 8
 postgres_max_parallel_workers: 8
 postgres_max_parallel_workers_per_gather: 4
 postgres_max_parallel_maintenance_workers: 4
--- a/inventory/host_vars/matrix.finallycoffee.eu/vars.yml
+++ b/inventory/host_vars/matrix.finallycoffee.eu/vars.yml
@ -0,0 +1,386 @@
 #
 # General config
 # Domain of the matrix server and SSL config
 #
 matrix_domain: finallycoffee.eu
 matrix_playbook_reverse_proxy_type: playbook-managed-traefik
 matrix_playbook_ssl_enabled: true
 traefik_config_entrypoint_web_secure_enabled: false
 traefik_container_web_host_bind_port: '127.0.10.1:8080'
 traefik_config_entrypoint_web_forwardedHeaders_insecure: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
  forwardedHeaders:
    insecure: true
 matrix_synapse_metrics_proxying_enabled: true
 matrix_sliding_sync_enabled: true
 matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
 matrix_server_fqn_element: "chat.{{ matrix_domain }}"
 matrix_playbook_docker_installation_enabled: false
 #matrix_dimension_scheme: https
 devture_timesync_installation_enabled: false
 matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
 devture_systemd_service_manager_up_verification_delay_seconds: 300
 web_user: "web"
 revproxy_autoload_dir: "/vault/services/web/sites.d"
 postgres_dump_dir: /vault/temp
 #
 # General Synapse config
 #
 postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
 # A secret used to protect access keys issued by the server.
 # matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
 # Make synapse accept larger media aswell
 matrix_synapse_max_upload_size_mb: 200
 # Enable metrics at (default) :9100/_synapse/metrics
 matrix_synapse_metrics_enabled: true
 matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
 matrix_synapse_turn_uris:
  - "turn:voip.matrix.finallycoffee.eu?transport=udp"
  - "turn:voip.matrix.finallycoffee.eu?transport=tcp"
 # Auto-join all users into those rooms
 matrix_synapse_auto_join_rooms:
  - "#welcome:finallycoffee.eu"
  - "#announcements:finallycoffee.eu"
 ## Synapse rate limits
 #matrix_synapse_rc_federation:
 #  window_size: 1000
 #  sleep_limit: 50
 #  sleep_delay: 500
 #  reject_limit: 50
 #  concurrent: 10
 #matrix_synapse_rc_message:
 #  per_second: 0.5
 #  burst_count: 25
 #matrix_synapse_rc_joins:
 #  local:
 #    per_second: 0.5
 #    burst_count: 20
 #  remote:
 #    per_second: 0.05
 #    burst_count: 20
 #matrix_synapse_rc_joins_per_room:
 #  per_second: 1
 #  burst_count: 10
 #matrix_synapse_rc_invites:
 #  per_room:
 #    per_second: 0.5
 #    burst_count: 10
 #  per_user:
 #    per_second: 0.006
 #    burst_count: 10
 #  per_issuer:
 #    per_second: 2
 #    burst_count: 20
 ## Synapse cache tuning
 #matrix_synapse_caches_global_factor: 1.5
 #matrix_synapse_event_cache_size: "300K"
 ## Synapse workers
 matrix_synapse_workers_enabled: true
 matrix_synapse_workers_preset: "little-federation-helper"
 matrix_synapse_workers_generic_workers_count: 1
 matrix_synapse_workers_media_repository_workers_count: 1
 matrix_synapse_workers_federation_sender_workers_count: 1
 matrix_synapse_workers_pusher_workers_count: 0
 matrix_synapse_workers_appservice_workers_count: 1
 # Static secret auth for matrix-synapse-shared-secret-auth
 #matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
 #matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 #matrix_synapse_ext_password_provider_rest_auth_enabled: true
 #matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
 #matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
 #matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
 #matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
 matrix_synapse_configuration_extension_yaml: |
  database:
    args:
      cp_min: 10
      cp_max: 30
      cp_reconnect: True
 #  caches:
 #    per_cache_factors:
 #      device_id_exists: 3
 #      get_users_in_room: 4
 #      _get_joined_users_from_context: 4
 #      _get_joined_profile_from_event_id: 3
 #      "*stateGroupMembersCache*": 2
 #      _matches_user_in_member_list: 3
 #      get_users_who_share_room_with_user: 3
 #      is_interested_in_room: 2
 #      get_user_by_id: 1.5
 #      room_push_rule_cache: 1.5
 #    expire_caches: true
 #    cache_entry_ttl: 45m
 #    sync_response_cache_duration: 2m
 #
 # synapse-admin tool
 #
 #matrix_synapse_admin_enabled: true
 #matrix_synapse_admin_container_http_host_bind_port: 8985
 #
 # VoIP / CoTURN config
 #
 # A shared secret (between Synapse and Coturn) used for authentication.
 matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
 # Disable coturn, as we use own instance
 matrix_coturn_enabled: false
 #
 # dimension (integration manager) config
 #
 matrix_dimension_enabled: false
 #matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
 #matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
 #matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
 #matrix_dimension_configuration_extension_yaml: |
 #    telegram:
 #        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
 #
 # mautrix-whatsapp config
 #
 matrix_mautrix_whatsapp_enabled: true
 matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
 matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
 matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
 matrix_mautrix_whatsapp_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
 matrix_mautrix_whatsapp_configuration_extension_yaml: |
    bridge:
        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
        max_connection_attempts: 5
        connection_timeout: 30
        contact_wait_delay: 5
        private_chat_portal_meta: true
        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
    logging:
        print_level: info
    metrics:
        enabled: true
        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
    whatsapp:
        os_name: Linux mautrix-whatsapp
        browser_name: Chrome
 #
 # mautrix-telegram config
 #
 matrix_mautrix_telegram_enabled: true
 matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
 matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
 matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
 matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
 matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
 matrix_mautrix_telegram_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
 matrix_mautrix_telegram_configuration_extension_yaml: |
    bridge:
        displayname_template: "{displayname} (via Telegram)"
        parallel_file_transfer: false
        inline_images: false
        image_as_file_size: 20
        delivery_receipts: true
        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
        animated_sticker:
            target: webm
        encryption:
            allow: true
            default: true
        permissions:
            "@transcaffeine:finallycoffee.eu": "admin"
            "boobies.software": "full"
    logging:
        root:
            level: INFO
    metrics:
        enabled: true
        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
 #        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
 #
 # mautrix-signal config
 #
 matrix_mautrix_signal_enabled: true
 matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
 matrix_mautrix_signal_container_extra_arguments:
    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
 matrix_mautrix_signal_configuration_extension_yaml: |
    bridge:
        displayname_template: "{displayname} (via Signal)"
        community_id: "+signal:finallycoffee.eu"
        encryption:
            allow: true
            default: true
            key_sharing:
                allow: true
                require_verification: false
        delivery_receipts: true
        permissions:
          "@ilosai:fairydust.space": "user"
    logging:
        root:
            level: INFO
    metrics:
        enabled: true
        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
 matrix_bridges_encryption_enabled: true
 matrix_bridges_encryption_default: true
 matrix_appservice_double_puppet_enabled: true
 matrix_mautrix_slack_enabled: true
 matrix_mautrix_slack_appservice_bot_username: slack
 #
 # mx-puppet-instagram configuration
 #
 matrix_mx_puppet_instagram_enabled: false
 #matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
 #matrix_mx_puppet_instagram_container_extra_arguments:
 #  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
 #matrix_mx_puppet_instagram_configuration_extension_yaml: |
 #    bridge:
 #        enableGroupSync: true
 #        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
 #    metrics:
 #        enabled: true
 #        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
 #        path: /metrics
 #    presence:
 #        enabled: true
 #        interval: 3000
 #
 #
 ##
 ## mx-puppet-discord configuration
 ##
 matrix_mx_puppet_discord_enabled: false
 #matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
 #matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
 #matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
 #matrix_mx_puppet_discord_container_extra_arguments:
 #  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
 #matrix_mx_puppet_discord_configuration_extension_yaml: |
 #    bridge:
 #        enableGroupSync: true
 #        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
 #    metrics:
 #        enabled: true
 #        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
 #        path: /metrics
 #    limits:
 #        maxAutojoinUsers: 500
 #        roomUserAutojoinDelay: 50
 #    presence:
 #        enabled: true
 #        interval: 3000
 #
 # mx-puppet-slack configuration
 #
 matrix_mx_puppet_slack_enabled: false
 #matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
 #matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
 #matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
 #matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
 #matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
 #matrix_mx_puppet_slack_container_extra_arguments:
 #  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
 #  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
 #matrix_mx_puppet_slack_configuration_extension_yaml: |
 #    bridge:
 #        enableGroupSync: true
 #    metrics:
 #        enabled: true
 #        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
 #        path: /metrics
 #    limits:
 #        maxAutojoinUsers: 500
 #        roomUserAutojoinDelay: 50
 #    presence:
 #        enabled: true
 #        interval: 3000
 #
 # Element web configuration
 #
 # Branding config
 matrix_client_element_brand: "Chat"
 matrix_client_element_default_theme: "dark"
 matrix_client_element_themes_enabled: true
 matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
 matrix_client_element_welcome_text: |
    Decentralised, encrypted chat &amp; collaboration,<br />
    hosted on finallycoffee.eu, powered by element.io &amp;
    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
    </a>
 matrix_client_element_welcome_logo: "welcome/images/logo.png"
 matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
 matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
 matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
 matrix_client_element_container_extra_arguments:
  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
 # Integration and capabilites config
 matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
 matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
 matrix_client_element_integrations_widgets_urls:
  - "https://{{ matrix_server_fqn_dimension }}/widgets"
  - "https://scalar.vector.im/api"
 matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
 matrix_client_element_disable_custom_urls: false
 matrix_client_element_room_directory_servers:
  - "matrix.org"
  - "finallycoffee.eu"
 matrix_client_element_enable_presence_by_hs_url:
  https://matrix.org: false
 # Matrix ma1sd extended configuration
 #matrix_ma1sd_configuration_extension_yaml: |
 #    hashing:
 #      enabled: true
 #      pepperLength: 20
 #      rotationPolicy: per_requests
 #      requests: 10
 #      hashStorageType: sql
 #      algorithms:
 #          - none
 #          - sha256
 # Matrix mail notification relay setup
 exim_relay_enabled: true
 exim_relay_sender_address: "system-matrix@{{ matrix_domain }}"
 exim_relay_relay_use: true
 exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
 exim_relay_relay_host_port: 587
 exim_relay_relay_auth: true
 exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
 exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"
--- a/inventory/host_vars/matrix.finallycoffee.eu/vault.yml
+++ b/inventory/host_vars/matrix.finallycoffee.eu/vault.yml
@ -0,0 +1,105 @@
 $ANSIBLE_VAULT;1.1;AES256
 61626165616330663863393762663031623164636666346339343636363035663463636135656533
 3338383762633130346536613334626164306464333835380a353264386431326437616234393165
 61323266623432353731373634353339393936643130346434346530336563326533386331646533
 3030663037666664360a346636343966663733663836633736316630663230613137663166336336
 62383131343934353635633261323036613231646439626162306238313132316664653237653533
 34376464633335626133376138343139653561613232333133393535393137653964633561313761
 62653632663432313936336231613832626362343737383863343562636437646439666638383733
 63313538616430393536356534303164633332653538643264353834393465373538643963343039
 31366661636263353936363931343938323563626538303133366263363533393564386466666361
 38666264643931336563633663663538616431313231336364653631383261326537336162313837
 32373730343538653862326636303264353737353139663161393762383138393531363264633531
 32383661396537636635666665316630663032333932393131336235663938623932383230343830
 31613563656663343830353438396535663864306531333239623738653838633331386465353466
 37366363643334623165373562363465636161396437333966303864663033636665623564613565
 39643635333636363132633462386536393634303838343835363633626162363236653839376230
 34666430363933336335323330386339656339356637653931643565303166303436333562333361
 38633838636337316137343564613338346239663933356130396562306164376430363233373632
 66303430303034353262343565373139333535636231623062633537653636376136656138623637
 34396562376233643234643436323433336436393163363935643033643833386631633762343162
 33633136316635326532343430383437366139333830373731636265386234356164393066333663
 37663934633437653364356231383934313132343162323436373339393964656336646164333533
 37626336616565323237633736653433316238366261303465343466643363303131376665346231
 62623133336561313732393837323330643138663830353662366139373366383436323530333732
 38623633666537643038636163303164653866343934616236343733386533663936303637326462
 63633137626632613736313333643363373963306161353431396261646635383930366166363135
 66353962643638616635376137346439383339303236323761366439306638623762343966623035
 30323435396533633238313962306366343362393339616131393839653565666666313833313433
 66386362353061323465666563616230336565663339646162623634643330646239343934373636
 33363061316637613266373831376133303337616639643239393835636138323266613134633633
 65356634636562313961643865353334306131333030373566666535373039343337613964306465
 32393163666232383266363763336132653765316162663961653933633832626533646537376136
 64613133373135616531343837616264656461313963646565656465656165303534343834663734
 62313865366634656265613264623234653165633839323030643333643139323531643637393439
 61656561303732663834336334643765616234373063306236303538646663316131663933323236
 63396263663034613832653361383061336132663032646133323931386562653661346264363439
 35636463613635316239363061363836623564303933373964363365626133373039643264666530
 30343165366365333339366639353033666634613162363164333433633563613461666532323566
 63303836353331326439646139653738633866356463303264623166306262393766346338373537
 62373865303264633663666333323135343530323434383835393763363739636135646538336364
 33376438636264393635383163353431336463396263333239626566653262373434316532343633
 61363061623430636462393135316564636536633963393338383334643134366232396564316635
 31373963633164653235643665653863303831663065383433363036633962633462393839363235
 36323562323634643639643561636261643136313633656236656566353539343063386162383234
 38653461633561353639336531353333393262633065386539353031386332343739656261653238
 31326434386130336465613233663563323035666631303137313665336566363134306638663265
 62353430353934633965316636643566653235366230323139656539646539626236616138313362
 31643437366563383164306331303662356562616366366237613633666534623765323034396534
 38326537376265343065313738316433353266633539313134323735383864623663323662633662
 65613862623766343736343031636238356161343036363566646635643334373030386434646135
 64336263356663376564333935623135396231623165326437393563333361356435346634616665
 66376231666633643936323264323565346637343538366138616631383964376632613437323163
 30366537326533363939643237376538366230313263623139323662396633343239343066313564
 63356533373338653030313038653137666434323737323763623136666530313035356634666633
 35643530333632633664643361633964666432336631636561343739646266653634353963323534
 35663731616539646332393837633566393734643033623937316661653839663937303666376339
 65653036373565323435636637373231316265393231333734356462356635346531366530316262
 37643632346164366561353236373633623464643536373361666263303739356335333934313537
 31373035633333313065613162346133663736313265376230393135353431343765306539633032
 63353338656231376666613138353235613362643334653537353237653139396533363630303033
 36363039613232666266333535343466336263663762623865376532326262666332303361356266
 65646337323037383564666639363636333135323265633932333264346363326466343234653936
 65656535343663356562613064323138656338633064633462313864616665653230626638373939
 61623862386364396335323836396664653731633365623936383435383330643038386665653238
 62643961626464313666343431303064303338396135643432383730613161336435306262653132
 38373432393564333562363761386239343366343465386638643737663561633837303734333835
 66366465633164346365356637313534376136303630666432613664363030323336316639393339
 61383565316432383633383832363439316366373536336639643961333663303631633464633238
 31396331386163386261393565346266636436386465326639326363663930666665306637393263
 65363763336561316566363164626466643637343731666530386432343431653634353336376461
 33366233366533656334666138346661323463633133303933626163343666623761613961346231
 35383232306336386665313264393933646631656333613138353532666133366339656564353865
 35353330393131366137663466333363653866323936353734306361633163626537363561346332
 65363231623766666638383661323964633034366261633035303861383135383235656465373738
 66373762626130356633626436366533626633353836346239666333353262656665636330626561
 66613165313137373766623464646330643662393033396266643662653136393233336265353430
 38376130663634333133353763383264623133373230323938316638323864643430386633376564
 65356264623766666637353866326638613435663830623063343439373030663663623432393863
 33343134626465313230646239646537653938613938633736346235323438393237363639373932
 61376231386265366132333965333133343737623066383534666633396635356537623432623132
 62656431323033633265626265613736383435376132613532333037613834313130626361373533
 39653361323366636335343865343737346264636433386332666332376662343634356630316135
 30366163333561353338663666363738313732303031333637636266623530623261306335616233
 31346436346663643464626134313338346439323838343663613135663834666632653866346431
 64376566343963346664366363353636636231386530363961333131383133323163396265313563
 35393534343664336237336231313831333739633662306636373338663434613231306538343865
 61613063306432623932616534363865333639396232383562396161383539363336303463323731
 63313239666538306239663864653839616132363662336331636262353061663136386331306131
 66336361396239383638623463663635613364366433343739356331633330633561653038633530
 38303832363663656432396636613134613965373639353731366138323435326135626339353263
 39313032333966376135653664623666626233613530646534636362646237303465653931666563
 65343936623462633162343334643335623834323364646362633232346237306337303430616363
 61633930343132303962653432636230343331343332616434323035633963623138653737306566
 34353135623134626237653165663738633435656439393234643432353535646439313638653664
 39326437393166633937663261336330656266303431383437626163623163303133323139313563
 39383664633739373664653131326665306533633162373535396464663637653662336237656161
 39633138383166316437313237303733336365343066366462643165643865653039343037633263
 61613730393666636530633231396165363033313161663463323861663262383234643236643038
 61633138323664613061663538383333323566393262303633623136613166636361306562356163
 66363033373262396461316438643238396633353962616362623363303035353765393164616230
 35303664616539363639373830623337396239626539613761613839363638326664306465313762
 34646634326338306430653065343231366430666534306331336532346535663737633639363834
 34623539616339363535633365306230663264626234363637366436353833663136303032623338
 32633761333165393231303165393234643363313839373339666433666130313035643836626531
 63356638666264333163
--- a/inventory/hosts
+++ b/inventory/hosts
@ -0,0 +1,24 @@
 $ANSIBLE_VAULT;1.1;AES256
 37366366376266633033656235333633346134336666323465356666353363323130366365393534
 3365373534643965613139656465323663393862336163640a623663366631323035346632353030
 37396264356137336535363663323935646464333138653035623562346438643139323439366132
 3364356364353738660a616638393635333938373838316631396536386134333831613831343732
 39333066363566643864343661646633326134633039316636306332303063366665373638353735
 34386339633566663038613538316233306238383734623363623666346261336562663039373264
 31313061616432643761633139643039636164613136643264663131666166646531366335346164
 34303339393334616434633736383763653035386333363137336431363034653263306261646661
 37323563373436333736633836666563646162303232393932346430373039346431356166393930
 37616639333038653936633163323139396666303638663039623633633832333737633764643863
 61383763613865323061636662663837656339373335643066333964393362303766366533303332
 63646335356639366130393530373936636330633132356639626531303839656166346263613733
 31333362316537323934306434393630656161353465636434303538643835396361613563663437
 34383765626235356530396433643037306233663263623664636163326132316237386231323165
 65643235356434626161396136303563633836313961343664653339623862633338313963333237
 63663961636661383634343532356234626531373938313164373561386139366338393066623036
 36633137623361626161313961386630623635323336353036623165316632353333383162623531
 61353138613030343636326166303762656264643834396330313563616439323265333039323566
 64356538346662613836356462613536656636373065643734346166353466363266353939393535
 66333739623735656463373530646663303535643562363534306438323135353763303363376135
 37653566306461396563333135633235626130313231636165383438376237383663373939353637
 30366661303131333438376363366131613361326635366264363064633034376230353137663030
 346238306532363635623732396366633538
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,11 @@
 ansible==11.3.0
 ansible-core==2.18.3
 cffi==1.17.1
 cryptography==44.0.2
 Jinja2==3.1.6
 MarkupSafe==3.0.2
 packaging==24.2
 passlib==1.7.4
 pycparser==2.22
 PyYAML==6.0.2
 resolvelib==1.0.1
--- a/requirements.yml
+++ b/requirements.yml
@ -22,13 +22,13 @@
  version: v4.98.1-r0-2-0
  name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.1-2
+  version: v11.6.3-0
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10184-0
+  version: v10314-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.8.4-5
+  version: v1.9.0-0
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
  version: v2.11.0-5
@ -49,7 +49,7 @@
  version: v17-3
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.3.1-0
+  version: v3.4.1-0
  name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
  version: v1.9.1-3
@ -67,11 +67,11 @@
  version: v1.0.0-0
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.4.0-0
+  version: v3.4.1-1
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-0
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
-  version: v8.1.1-0
+  version: v8.1.2-0
  name: valkey
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.4.23
+matrix_alertmanager_receiver_version: 2025.5.21
 matrix_alertmanager_receiver_scheme: https
--- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
@ -12,7 +12,7 @@
 matrix_appservice_draupnir_for_all_enabled: true
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_appservice_draupnir_for_all_version: "v2.2.0"
+matrix_appservice_draupnir_for_all_version: "v2.3.1"
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@ -50,7 +50,7 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias - not a matrix.to URL.
 # Note: Draupnir is fairly verbose - expect a lot of messages from it.
-# This room is diffrent for Appservice Mode compared to normal mode.
+# This room is different for Appservice Mode compared to normal mode.
 # In Appservice mode it provides functions like user management.
 matrix_appservice_draupnir_for_all_config_adminRoom: ""  # noqa var-naming
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 0.16.0
+matrix_authentication_service_version: 0.17.1
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@ -217,7 +217,7 @@ matrix_homeserver_container_url: "http://{{ matrix_homeserver_container_client_a
 # Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network).
 # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
-# This likely gets overriden elsewhere.
+# This likely gets overridden elsewhere.
 matrix_homeserver_container_client_api_endpoint: ""
 # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
@ -225,7 +225,7 @@ matrix_homeserver_container_federation_url: "http://{{ matrix_homeserver_contain
 # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
 # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
-# This likely gets overriden elsewhere.
+# This likely gets overridden elsewhere.
 matrix_homeserver_container_federation_api_endpoint: ""
 # Specifies the public url of the Sync v3 (sliding-sync) API.
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@ -104,7 +104,7 @@
    msg: >-
      Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge.
      By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict.
-      We recommend that you disable at least one of the bridges (preferrably the old mautrix-instagram bridge), or to resolve the conflict in another way.
+      We recommend that you disable at least one of the bridges (preferably the old mautrix-instagram bridge), or to resolve the conflict in another way.
      To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now.
  when:
    - matrix_mautrix_instagram_enabled | bool
--- a/roles/custom/matrix-bot-baibot/defaults/main.yml
+++ b/roles/custom/matrix-bot-baibot/defaults/main.yml
@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.6.0
+matrix_bot_baibot_version: v1.7.4
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@ -389,9 +389,10 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_response_format: opus
 matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_enabled: true
-matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: dall-e-3
+matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: gpt-image-1
-matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: vivid
+matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: null
-matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: 1024x1024
+matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: null
 matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality: null
 ########################################################################################
 #                                                                                      #
--- a/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2
+++ b/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2
@ -35,4 +35,5 @@ image_generation:
  model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id | to_json }}
  style: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style | to_json }}
  size: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size | to_json }}
  quality: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality | to_json }}
 {% endif %}
--- a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
@ -20,7 +20,7 @@
 - name: Fail if OpenAI configuration not up-to-date.
  ansible.builtin.fail:
    msg: >-
-      Your configuration contains a varible that is no longer used.
+      Your configuration contains a variable that is no longer used.
      Please change your configuration to remove the variable (`{{ item.name }}`).
  when: "item.name in vars"
  with_items:
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@ -12,7 +12,7 @@
 matrix_bot_draupnir_enabled: true
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v2.2.0"
+matrix_bot_draupnir_version: "v2.3.1"
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@ -28,8 +28,18 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
 matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
 matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"  # noqa var-naming
 matrix_bot_draupnir_config_web_abuseReporting: false  # noqa var-naming
-matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
+
 matrix_bot_draupnir_config_web_port: 8080
 # These variables are used for turning on the integration between the synapseHTTPAntispam module and Draupnir.
 # Authorisation is a shared secret between Draupnir and the module just like is used by Appservices and the homeserver
 # therefore the same creation mechanism is used here too.
 matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: false  # noqa var-naming
 matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: ''  # noqa var-naming
 matrix_bot_draupnir_config_displayReports: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
 matrix_bot_draupnir_container_network: ""
@ -129,6 +139,27 @@ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand: false  # noqa var-n
 # This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
 matrix_bot_draupnir_config_roomStateBackingStore_enabled: true  # noqa var-naming
 matrix_bot_draupnir_web_url: 'http://matrix-bot-draupnir'
 # This controls the URL that the module targets in Draupnir.
 matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_web_url }}:{{ matrix_bot_draupnir_config_web_port }}/api/1/spam_check"
 # These variables control the configuration of the Synapse module as the configuration is highly consumer dependent.
 # Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant.
 matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks:
  - check_event_for_spam
  - user_may_invite
  - user_may_join_room
 matrix_bot_draupnir_synapse_http_antispam_config_fail_open:
  check_event_for_spam: true
  user_may_invite: true
  user_may_join_room: true
 matrix_bot_draupnir_synapse_http_antispam_config_async:
  check_event_for_spam: true
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
@ -63,7 +63,7 @@
  ansible.builtin.fail:
    msg: >-
      Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
-      These settings are mutually incompatible and therefore cant be used at the same time.
+      These settings are mutually incompatible and therefore can't be used at the same time.
  when:
    - matrix_bot_draupnir_pantalaimon_use
    - matrix_bot_draupnir_config_experimentalRustCrypto
--- a/roles/custom/matrix-bot-draupnir/templates/labels.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/labels.j2
@ -12,7 +12,7 @@ traefik.enable=true
 traefik.docker.network={{ matrix_bot_draupnir_container_labels_traefik_docker_network }}
 {% endif %}
-traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port=8080
+traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port={{ matrix_bot_draupnir_config_web_port }}
 {% if matrix_bot_draupnir_config_web_abuseReporting %}
 ############################################################
--- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
@ -7,7 +7,8 @@ SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
-# Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
+# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
 # set this to the pantalaimon URL if you're using that.
 homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
@ -22,7 +23,10 @@ accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}
 {% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
 pantalaimon:
-  # Set to `true` when the bot is to login and fetch the access token on its own.
+  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
  # set to `true` if you're using pantalaimon.
  #
  # Be sure to point homeserverUrl to the pantalaimon instance.
  #
  # Draupnir will log in using the given username and password once,
  # then store the resulting access token in a file under dataPath.
@ -34,13 +38,14 @@ pantalaimon:
  # The password Draupnir will login with.
  #
  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
-  # This option can be loaded from a file by passing "--password-path <path>" at the command line,
+  # This option can be loaded from a file by passing "--pantalaimon-password-path <path>" at the command line,
  # which would allow using secret management systems such as systemd's service credentials.
  password: {{ matrix_bot_draupnir_password | to_json }}
 {% endif %}
-# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon.
+# Experimental usage of the matrix-bot-sdk rust crypto.
-# Make sure Pantalaimon is disabled in Draupnir's configuration.
+# This can not be used with Pantalaimon.
 # Make sure to setup the bot as if you are not using pantalaimon for this.
 #
 # Warning: At this time this is not considered production safe.
 experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}
@ -68,22 +73,12 @@ recordIgnoredInvites: false
 # (see verboseLogging to adjust this a bit.)
 managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}
 # Deprecated and will be removed in a future version.
 # Running with verboseLogging is unsupported.
 # Whether Draupnir should log a lot more messages in the room,
 # mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
 verboseLogging: false
 # The log level of terminal (or container) output,
 # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
 #
 # This should be at INFO or DEBUG in order to get support for Draupnir problems.
 logLevel: "INFO"
 # Whether or not Draupnir should synchronize policy lists immediately after startup.
 # Equivalent to running '!draupnir sync'.
 syncOnStartup: true
 # Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
 # Equivalent to running `!draupnir verify`.
 verifyPermissionsOnStartup: true
@ -131,11 +126,13 @@ protectAllJoinedRooms: false
 # of the homeserver may be more impacted.
 backgroundDelayMS: 500
-# Server administration commands, these commands will only work if Draupnir is
+# Server administrative features. These will only work if Draupnir is
 # a global server administrator, and the bot's server is a Synapse instance.
 # Please review https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration
 admin:
-  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
+  # Whether to enable the make admin command.
-  # (with enough permissions) to "make" a user an admin.
+  # This command allows Draupnir can temporarily take control of any eligible account
  # from the local homeserver in the target room (with enough permissions) to "make" another user an admin.
  #
  # This only works if a local user with enough admin permissions is present in the room.
  enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}
@ -266,7 +263,7 @@ web:
  enabled: true
  # The port to expose the webserver on. Defaults to 8080.
-  port: 8080
+  port: {{ matrix_bot_draupnir_config_web_port | to_json }}
  # The address to listen for requests on. Defaults to only the current
  # computer.
@ -286,15 +283,24 @@ web:
  abuseReporting:
    # Whether to enable this feature.
    enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }}
  # Whether to setup a endpoints for synapse-http-antispam
  # https://github.com/maunium/synapse-http-antispam
  # this is required for some features of Draupnir,
  # such as support for room takedown policies.
  #
  # Please FOLLOW the instructions here:
  # https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam
  synapseHTTPAntispam:
    enabled: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled | to_json }}
    # This is a secret that you must place into your synapse module config
    # https://github.com/maunium/synapse-http-antispam?tab=readme-ov-file#configuration
    authorization: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization | to_json }}
 {% endif %}
 # FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
 # be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
 # Whether or not to actively poll synapse for abuse reports, to be used
 # instead of intercepting client calls to synapse's abuse endpoint, when that
 # isn't possible/practical.
-#pollReports: false
+pollReports: false
 # Whether or not new reports, received either by webapi or polling,
 # should be printed to our managementRoom.
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
@ -25,7 +25,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--read-only \
 			--network={{ matrix_bot_draupnir_container_network }} \
 			{% if matrix_bot_draupnir_container_http_host_bind_port %}
-			-p {{ matrix_bot_draupnir_container_http_host_bind_port }}:8080 \
+			-p {{ matrix_bot_draupnir_container_http_host_bind_port }}:{{ matrix_bot_draupnir_config_web_port }} \
 			{% endif %}
 			--label-file={{ matrix_bot_draupnir_base_path }}/labels \
 			--mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \
--- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
@ -17,7 +17,7 @@
 matrix_bot_mjolnir_enabled: true
 # renovate: datasource=docker depName=matrixdotorg/mjolnir
-matrix_bot_mjolnir_version: "v1.9.2"
+matrix_bot_mjolnir_version: "v1.10.0"
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
--- a/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2
@ -2,7 +2,7 @@
 bridge:
  # Domain part of the bridge, e.g. matrix.org
  domain: {{ matrix_appservice_discord_bridge_domain|to_json }}
-  # This should be your publically facing URL because Discord may use it to
+  # This should be your publicly facing URL because Discord may use it to
  # fetch media from the media store.
  homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }}
  # Interval at which to process users in the 'presence queue'. If you have
--- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
@ -358,7 +358,7 @@ matrix_appservice_irc_ircService_servers: []  # noqa var-naming
 #       # not apply an idle timeout. This value is ignored if this IRC server is
 #       # mirroring Matrix membership lists to IRC. Default: 172800 (48 hours)
 #       idleTimeout: 10800
-#       # The number of millseconds to wait between consecutive reconnections if a
+#       # The number of milliseconds to wait between consecutive reconnections if a
 #       # client gets disconnected. Setting to 0 will cause the scheduling to be
 #       # disabled, i.e. it will be scheduled immediately (with jitter.
 #       # Otherwise, the scheduling interval will be used such that one client
--- a/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
@ -224,7 +224,7 @@ logging:
    # The directory for log files. Will be created if not found.
    directory: ./logs
    # Available variables: .Date for the file date and .Index for different log files on the same day.
-    # empy/null = journal logging only
+    # empty/null = journal logging only
    file_name_format:
    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
    file_date_format: "2006-01-02"
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 6.0.3
+matrix_hookshot_version: 7.0.0
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}"
@ -74,7 +74,7 @@ matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_ho
 # - support to also be enabled in the homeserver, see the documentation of Hookshot.
 # - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables.
 # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
-matrix_hookshot_encryption_enabled: false
+matrix_hookshot_encryption_enabled: "{{ matrix_bridges_encryption_enabled }}"
 # Controls whether metrics are enabled in the bridge configuration.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
@ -187,16 +187,6 @@ matrix_hookshot_feeds_enabled: true
 matrix_hookshot_feeds_pollIntervalSeconds: 600  # noqa var-naming
 matrix_hookshot_feeds_pollTimeoutSeconds: 30  # noqa var-naming
 matrix_hookshot_provisioning_enabled: false
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_provisioning_port: 9002
 matrix_hookshot_provisioning_secret: ''
 # Provisioning will be automatically enabled if Dimension is enabled and you have provided a provisioning secret, unless you override it
 matrix_hookshot_provisioning_internal: "/v1"
 matrix_hookshot_provisioning_hostname: "{{ matrix_hookshot_public_hostname }}"
 matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}"
 # Valid values: error, warn, info, debug
 matrix_hookshot_logging_level: warn
@ -289,15 +279,7 @@ matrix_hookshot_container_labels_widgets_traefik_entrypoints: "{{ matrix_hooksho
 matrix_hookshot_container_labels_widgets_traefik_tls: "{{ matrix_hookshot_container_labels_widgets_traefik_entrypoints != 'web' }}"
 matrix_hookshot_container_labels_widgets_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-# Controls whether labels will be added that expose Hookshot's provisioning endpoint
+# Controls whether labels will be added that expose Hookshot's metrics endpoint
 matrix_hookshot_container_labels_provisioning_enabled: "{{ matrix_hookshot_provisioning_enabled }}"
 matrix_hookshot_container_labels_provisioning_traefik_rule: "Host(`{{ matrix_hookshot_provisioning_hostname }}`) && PathPrefix(`{{ matrix_hookshot_provisioning_endpoint }}`)"
 matrix_hookshot_container_labels_provisioning_traefik_priority: 0
 matrix_hookshot_container_labels_provisioning_traefik_entrypoints: "{{ matrix_hookshot_container_labels_traefik_entrypoints }}"
 matrix_hookshot_container_labels_provisioning_traefik_tls: "{{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints != 'web' }}"
 matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # Controls whether labels will be added that expose Hookshot's provisioning endpoint
 matrix_hookshot_container_labels_metrics_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_hookshot_metrics_proxying_enabled }}"
 matrix_hookshot_container_labels_metrics_traefik_rule: "Host(`{{ matrix_hookshot_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_hookshot_metrics_proxying_path_prefix }}`)"
 matrix_hookshot_container_labels_metrics_traefik_priority: 0
--- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
@ -39,6 +39,13 @@
    - {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'}
    - {'old': 'matrix_hookshot_experimental_encryption_enabled', 'new': 'matrix_hookshot_encryption_enabled'}
    - {'old': 'matrix_hookshot_docker_image_name_prefix', 'new': 'matrix_hookshot_docker_image_registry_prefix'}
    - {'old': 'matrix_hookshot_provisioning_enabled', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_provisioning_port', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_provisioning_secret', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_provisioning_internal', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_provisioning_hostname', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_provisioning_endpoint', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
    - {'old': 'matrix_hookshot_container_labels_provisioning_enabled', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
 - name: Fail if required Hookshot settings not defined
  ansible.builtin.fail:
@ -92,14 +99,6 @@
      You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma.
  when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0"
 - name: Fail if required provisioning settings not defined
  ansible.builtin.fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`) to enable provisioning.
  when: "matrix_hookshot_provisioning_enabled and vars[item] == ''"
  with_items:
    - "matrix_hookshot_provisioning_secret"
 - name: Fail if no Redis queue enabled when Hookshot encryption is enabled
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2
@ -89,12 +89,6 @@ feeds:
  pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
  pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
 {% endif %}
 {% if matrix_hookshot_provisioning_enabled %}
 provisioning:
  # (Optional) Provisioning API for integration managers
  #
  secret: {{ matrix_hookshot_provisioning_secret | to_json }}
 {% endif %}
 passFile:
  # A passkey used to encrypt tokens stored inside the bridge.
  # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
@ -143,7 +137,7 @@ permissions: {{ matrix_hookshot_permissions | to_json }}
 listeners:
  # (Optional) HTTP Listener configuration.
  # Bind resource endpoints to ports and addresses.
-  # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
+  # 'resources' may be any of webhooks, widgets, metrics
  #
 {# always enabled since all services need it #}
  - port: {{ matrix_hookshot_webhook_port }}
@ -156,12 +150,6 @@ listeners:
    resources:
      - metrics
 {% endif %}
 {% if matrix_hookshot_provisioning_enabled %}
  - port: {{ matrix_hookshot_provisioning_port }}
    bindAddress: 0.0.0.0
    resources:
      - provisioning
 {% endif %}
 {% if matrix_hookshot_widgets_enabled %}
  - port: {{ matrix_hookshot_widgets_port }}
    bindAddress: 0.0.0.0
--- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2
@ -14,7 +14,6 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ
 traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }}
 traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }}
 traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }}
 traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }}
 traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }}
 {% if matrix_hookshot_container_labels_webhooks_enabled %}
@ -118,37 +117,6 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot
 ############################################################
 {% endif %}
 {% if matrix_hookshot_container_labels_provisioning_enabled %}
 ############################################################
 #                                                          #
 # Provisioning                                             #
 #                                                          #
 ############################################################
 traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }}
 traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }}
 traefik.http.routers.matrix-hookshot-provisioning.middlewares=matrix-hookshot-provisioning-strip-prefix
 {% if matrix_hookshot_container_labels_provisioning_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-hookshot-provisioning.priority={{ matrix_hookshot_container_labels_provisioning_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-hookshot-provisioning.service=matrix-hookshot-provisioning
 traefik.http.routers.matrix-hookshot-provisioning.entrypoints={{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints }}
 traefik.http.routers.matrix-hookshot-provisioning.tls={{ matrix_hookshot_container_labels_provisioning_traefik_tls | to_json }}
 {% if matrix_hookshot_container_labels_provisioning_traefik_tls %}
 traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver }}
 {% endif %}
 ############################################################
 #                                                          #
 # /Provisioning                                            #
 #                                                          #
 ############################################################
 {% endif %}
 {% if matrix_hookshot_container_labels_metrics_enabled %}
 ############################################################
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@ -21,7 +21,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
-matrix_mautrix_discord_version: v0.7.3
+matrix_mautrix_discord_version: v0.7.4
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_registry_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@ -39,6 +39,8 @@ matrix_mautrix_discord_homeserver_address: ""
 matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080"
 matrix_mautrix_discord_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_discord_bridge_command_prefix: "!discord"
 # Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode.
@ -225,6 +227,7 @@ matrix_mautrix_discord_registration_yaml: |
        regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
  receive_ephemeral: true
  io.element.msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
 matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
@ -268,6 +268,11 @@ bridge:
        appservice: {{ matrix_mautrix_discord_bridge_encryption_appservice | to_json}}
        # Require encryption, drop any unencrypted messages.
        require: {{ matrix_mautrix_discord_bridge_encryption_require | to_json }}
        # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
        # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
        # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
        # Changing this option requires updating the appservice registration file.
        msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
        # You must use a client that supports requesting keys from other users to use this feature.
        allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.6.1
+matrix_mautrix_gmessages_version: v0.6.3
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.4.6
+matrix_mautrix_meta_instagram_version: v0.5.1
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.4.6
+matrix_mautrix_meta_messenger_version: v0.5.1
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.8.2
+matrix_mautrix_signal_version: v0.8.4
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
--- a/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml
@ -22,7 +22,7 @@
  when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('')
  ansible.builtin.fail:
    msg: |
-      The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit.
+      The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflict.
      To resolve the conflict, make one of these components use a different username.
      Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
      We recommend that you change the username for the newly-added (and yet unused) component.
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@ -223,6 +223,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
 matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
 matrix_mautrix_telegram_sender_localpart: "telegrambot"
 matrix_mautrix_telegram_registration_yaml: |
  id: telegram
  as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.4.0
+matrix_mautrix_twitter_version: v0.4.2
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.12.0
+matrix_mautrix_whatsapp_version: v0.12.2
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
--- a/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
@ -70,7 +70,7 @@ namePatterns:
  #
  # name: username of the user
  # discriminator: hashtag of the user (ex. #1234)
-  user: :name
+  user: ":name (#:discriminator) (via Discord)"
  # A user's guild-specific displayname - if they've set a custom nick in
  # a guild
@ -82,7 +82,7 @@ namePatterns:
  # displayname: the user's custom group-specific nick
  # channel: the name of the channel
  # guild: the name of the guild
-  userOverride: :name
+  userOverride: ":displayname (:name#:discriminator) (via Discord)"
  # Room names for bridged Discord channels
  #
@ -90,7 +90,7 @@ namePatterns:
  #
  # name: name of the channel
  # guild: name of the guild
-  room: :name
+  room: "#:name (:guild on Discord)"
  # Group names for bridged Discord servers
  #
--- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml
+++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml
@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.36.1
+matrix_cactus_comments_client_version: 2.37.0
 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-client-cinny/defaults/main.yml
+++ b/roles/custom/matrix-client-cinny/defaults/main.yml
@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 # renovate: datasource=docker depName=ajbura/cinny
-matrix_client_cinny_version: v4.6.0
+matrix_client_cinny_version: v4.8.1
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}"
 matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.11.100
+matrix_client_element_version: v1.11.104
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-client-element/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-element/tasks/setup_install.yml
@ -101,6 +101,19 @@
    - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
  when: "item.src is not none"
 - name: Copy Element costum files
  copy:
    src: "{{ item.src }}"
    dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
    - {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
  when: false
    #when: "matrix_client_element_enabled|bool and item.src is not none"
 - name: Ensure Element Web nginx.conf file is removed
  ansible.builtin.file:
    path: "{{ matrix_client_element_data_path }}/nginx.conf"
--- a/roles/custom/matrix-client-element/templates/welcome.html.j2
+++ b/roles/custom/matrix-client-element/templates/welcome.html.j2
@ -33,7 +33,7 @@ h1::after {
 }
 .mx_Logo {
-    height: 54px;
+    height: 92px;
    margin-top: 2px;
 }
--- a/roles/custom/matrix-client-fluffychat/defaults/main.yml
+++ b/roles/custom/matrix-client-fluffychat/defaults/main.yml
@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
 matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
 # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
-matrix_client_fluffychat_version: v1.26.0
+matrix_client_fluffychat_version: v2.0.0
 matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
 matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}"
 matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-client-schildichat/defaults/main.yml
+++ b/roles/custom/matrix-client-schildichat/defaults/main.yml
@ -19,7 +19,7 @@ matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matr
 matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 # renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
-matrix_client_schildichat_version: 1.11.86-sc.0.test.0
+matrix_client_schildichat_version: 1.11.103-sc.0.test.0
 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_registry_prefix }}etkecc/schildichat-web:{{ matrix_client_schildichat_version }}"
 matrix_client_schildichat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else matrix_client_schildichat_docker_image_registry_prefix_upstream }}"
 matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg
 matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}"
 matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/
 # renovate: datasource=docker depName=matrixconduit/matrix-conduit
-matrix_conduit_docker_image_tag: "v0.9.0"
+matrix_conduit_docker_image_tag: "v0.10.4"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"
--- a/roles/custom/matrix-conduwuit/defaults/main.yml
+++ b/roles/custom/matrix-conduwuit/defaults/main.yml
@ -13,7 +13,6 @@ matrix_conduwuit_enabled: true
 matrix_conduwuit_hostname: ''
 matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"
 # renovate: datasource=docker depName=ghcr.io/girlbossceo/conduwuit
 matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4
 matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"
 matrix_conduwuit_docker_image_registry_prefix: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
+++ b/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
@ -586,7 +586,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
 # specifically on room joins. This option limits the exposure to a
 # compromised trusted server to room joins only. The join operation
 # requires gathering keys from many origin servers which can cause
-# significant delays. Therefor this defaults to true to mitigate
+# significant delays. Therefore this defaults to true to mitigate
 # unexpected delays out-of-the-box. The security-paranoid or those willing
 # to tolerate delays are advised to set this to false. Note that setting
 # query_trusted_key_servers_first to true causes this option to be
@ -597,7 +597,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
 # Only query trusted servers for keys and never the origin server. This is
 # intended for clusters or custom deployments using their trusted_servers
 # as forwarding-agents to cache and deduplicate requests. Notary servers
-# do not act as forwarding-agents by default, therefor do not enable this
+# do not act as forwarding-agents by default, therefore do not enable this
 # unless you know exactly what you are doing.
 #
 #only_query_trusted_key_servers = false
--- a/roles/custom/matrix-continuwuity/defaults/main.yml
+++ b/roles/custom/matrix-continuwuity/defaults/main.yml
@ -193,3 +193,6 @@ matrix_continuwuity_self_check_validate_certificates: true
 #   continuwuity_MAX_REQUEST_SIZE=50000000
 #   continuwuity_REQUEST_TIMEOUT=60
 matrix_continuwuity_environment_variables_extension: ''
 matrix_continuwuity_forbidden_remote_server_names: []
 matrix_continuwuity_forbidden_remote_room_directory_server_names: []
--- a/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
+++ b/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
@ -586,7 +586,7 @@ trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }}
 # specifically on room joins. This option limits the exposure to a
 # compromised trusted server to room joins only. The join operation
 # requires gathering keys from many origin servers which can cause
-# significant delays. Therefor this defaults to true to mitigate
+# significant delays. Therefore this defaults to true to mitigate
 # unexpected delays out-of-the-box. The security-paranoid or those willing
 # to tolerate delays are advised to set this to false. Note that setting
 # query_trusted_key_servers_first to true causes this option to be
@ -597,7 +597,7 @@ trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }}
 # Only query trusted servers for keys and never the origin server. This is
 # intended for clusters or custom deployments using their trusted_servers
 # as forwarding-agents to cache and deduplicate requests. Notary servers
-# do not act as forwarding-agents by default, therefor do not enable this
+# do not act as forwarding-agents by default, therefore do not enable this
 # unless you know exactly what you are doing.
 #
 #only_query_trusted_key_servers = false
@ -1164,13 +1164,13 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
 #
 # Basically "global" ACLs.
 #
-#forbidden_remote_server_names = []
+forbidden_remote_server_names = {{ matrix_continuwuity_forbidden_remote_server_names | to_json }}
 # List of forbidden server names that we will block all outgoing federated
 # room directory requests for. Useful for preventing our users from
 # wandering into bad servers or spaces.
 #
-#forbidden_remote_room_directory_server_names = []
+forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_remote_room_directory_server_names | to_json }}
 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 # do not want continuwuity to send outbound requests to. Defaults to
--- a/roles/custom/matrix-coturn/defaults/main.yml
+++ b/roles/custom/matrix-coturn/defaults/main.yml
@ -34,7 +34,7 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
 # The Docker network that coturn would be put into.
 #
 # Because coturn relays traffic to unvalidated IP addresses,
-# using a dedicated network, isolated from other Docker (and local) services is preferrable.
+# using a dedicated network, isolated from other Docker (and local) services is preferable.
 #
 # Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
 # possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@ -355,7 +355,7 @@ matrix_dendrite_user_api_auto_join_rooms: []
 # name, number of active users and some information on your deployment config.
 matrix_dendrite_report_stats: false
-# Contorls whether thumbnails for media content are generated dynamically
+# Controls whether thumbnails for media content are generated dynamically
 matrix_dendrite_media_api_dynamic_thumbnails: false
 matrix_dendrite_media_api_max_thumbnail_generators: 10
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@ -36,7 +36,7 @@ matrix_dynamic_dns_container_additional_networks: "{{ matrix_dynamic_dns_contain
 matrix_dynamic_dns_container_additional_networks_auto: []
 matrix_dynamic_dns_container_additional_networks_custom: []
-# List of extra arguments to pass to the ontainer mode
+# List of extra arguments to pass to the container mode
 matrix_dynamic_dns_container_extra_arguments: []
 # List of wanted services when running in mode
--- a/roles/custom/matrix-element-call/defaults/main.yml
+++ b/roles/custom/matrix-element-call/defaults/main.yml
@ -21,7 +21,7 @@ matrix_element_call_enabled: false
 matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
-matrix_element_call_version: v0.10.0
+matrix_element_call_version: v0.12.2
 matrix_element_call_scheme: https
--- a/roles/custom/matrix-ma1sd/defaults/main.yml
+++ b/roles/custom/matrix-ma1sd/defaults/main.yml
@ -150,7 +150,7 @@ matrix_ma1sd_database_name: 'matrix_ma1sd'
 matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}'
-# ma1sd has serveral supported identity stores.
+# ma1sd has several supported identity stores.
 # One of them is storing identities directly in Synapse's database.
 # Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
 matrix_ma1sd_synapsesql_enabled: false
--- a/roles/custom/matrix-media-repo/templates/grafana/media-repo.json
+++ b/roles/custom/matrix-media-repo/templates/grafana/media-repo.json
@ -131,7 +131,7 @@
          "refId": "B"
        }
      ],
-      "title": "HTTP Requsts",
+      "title": "HTTP Requests",
      "type": "timeseries"
    },
    {
--- a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
@ -16,7 +16,7 @@
    - {'old': 'matrix_prometheus_nginxlog_exporter_container_hostname', 'new': 'matrix_prometheus_nginxlog_exporter_identifier'}
    - {'old': 'matrix_prometheus_nginxlog_exporter_docker_image_name_prefix', 'new': 'matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix'}
- name: Fail if docker image not availble for arch
+- name: Fail if docker image not available for arch
  ansible.builtin.fail:
    msg: >
      'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'.
--- a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
@ -13,7 +13,7 @@ listen:
 namespaces:
  - name: matrix
    metrics_override:
-      preffix: "myprefix"
+      prefix: "myprefix"
    namespace_label: "namespace"
    format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""
    # enable to print to console
--- a/roles/custom/matrix-static-files/defaults/main.yml
+++ b/roles/custom/matrix-static-files/defaults/main.yml
@ -13,7 +13,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.36.1
+matrix_static_files_version: 2.37.0
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
 # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
-matrix_synapse_admin_version: v0.10.3-etke39
+matrix_synapse_admin_version: v0.11.1-etke44
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}"
 matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.129.0
+matrix_synapse_version: v1.132.0
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@ -501,7 +501,7 @@ matrix_synapse_tls_federation_listener_enabled: true
 matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
 matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
-# Resource names used by the unsecure HTTP listener. Here only the Client API
+# Resource names used by the insecure HTTP listener. Here only the Client API
 # is defined, see the homeserver config for a full list of valid resource
 # names.
 matrix_synapse_http_listener_resource_names: ["client"]
@ -835,7 +835,7 @@ matrix_synapse_workers_enabled: false
 # Specifies worker configuration that should be used when workers are enabled.
 #
-# The posible values (as seen in `matrix_synapse_workers_presets`) are:
+# The possible values (as seen in `matrix_synapse_workers_presets`) are:
 # - "little-federation-helper" - a very minimal worker configuration to improve federation performance
 # - "one-of-each" - one worker of each supported type + a generic worker
 # - "specialized-workers" - one worker of each supported type + specialized workers
@ -1386,7 +1386,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve
 matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
 matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
 # renovate: datasource=docker depName=matrixdotorg/mjolnir
-matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.9.2"
+matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.10.0"
 matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
 # Flag messages sent by servers/users in the ban lists as spam. Currently
 # this means that spammy messages will appear as empty to users. Default
@ -1412,6 +1412,38 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config:
  ban_lists: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}"
  message_max_length: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length }}"
 # Enable this to activate the synapse-http-antispam module.
 # See: github.com/maunium/synapse-http-antispam
 matrix_synapse_ext_synapse_http_antispam_enabled: false
 matrix_synapse_ext_synapse_http_antispam_git_repository_url: "https://github.com/maunium/synapse-http-antispam"
 # renovate: datasource=github-releases depName=maunium/synapse-http-antispam
 matrix_synapse_ext_synapse_http_antispam_git_version: "v0.4.0"
 # Where Synapse can locate the consumer of the antispam API. Currently
 # Draupnir is the only consumer of this API that is playbook supported.
 # But https://github.com/maunium/meowlnir also supports the API.
 matrix_synapse_ext_synapse_http_antispam_config_base_url: ''
 # This is a shared secret that is established between the consumer and the
 # homeserver a lot like how AS authentication is done. This is fully managed
 # the same way AS authentication is by the playbook.
 matrix_synapse_ext_synapse_http_antispam_config_authorization: ''
 # This controls what callbacks are activated. This list is fully dependent on what consumer is in play.
 # And what capabilities said consumer should or shouldn't have. There are also performance implications
 # to these choices.
 matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: []
 # Controls if a loss of connectivity to the consumer results in fail open or closed.
 # As in if failure results in events getting flagged automatically as spam or not.
 matrix_synapse_ext_synapse_http_antispam_config_fail_open: {}
 # Controls if the checking is blocking or not. This allows the homeserver to skip waiting for a consumer response.
 matrix_synapse_ext_synapse_http_antispam_config_async: {}
 # Actual configuration passed to the synapse-http-antispam module
 matrix_synapse_ext_synapse_http_antispam_config: "{{ matrix_synapse_ext_synapse_http_antispam_config_yaml | from_yaml }}"
 matrix_synapse_ext_synapse_http_antispam_config_yaml: |
  base_url: {{ matrix_synapse_ext_synapse_http_antispam_config_base_url | to_json }}
  authorization: {{ matrix_synapse_ext_synapse_http_antispam_config_authorization | to_json }}
  enabled_callbacks: {{ matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks | to_json }}
  fail_open: {{ matrix_synapse_ext_synapse_http_antispam_config_fail_open | to_json }}
  async: {{ matrix_synapse_ext_synapse_http_antispam_config_async | to_json }}
 # Enable this to activate the E2EE disabling Synapse module.
 # See: https://github.com/digitalentity/matrix_encryption_disabler
 matrix_synapse_ext_encryption_disabler_enabled: false
@ -1426,7 +1458,7 @@ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix
 # Specifies whether the power levels event (setting) provided during room creation should be patched.
 # This makes it impossible for anybody (locally or over federation) from enabling room encryption
 # for the lifetime of rooms created while this setting is enabled (irreversible).
-# Enabling this may have incompatiblity consequences with servers / clients.
+# Enabling this may have incompatibility consequences with servers / clients.
 # Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler
 matrix_synapse_ext_encryption_disabler_patch_power_levels: false
 matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml | from_yaml }}"
@ -1530,7 +1562,7 @@ matrix_synapse_room_list_publication_rules:
    room_id: "*"
    action: allow
-matrix_synapse_default_room_version: "10"
+matrix_synapse_default_room_version: "11"
 # Controls whether leaving a room will automatically forget it.
 # The upstream default is `false`, but we try to make Synapse less wasteful of resources, so we do things differently.
--- a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
@ -66,6 +66,19 @@
    - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
 # synapse-http-antispam
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_synapse_http_antispam_enabled  | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-http-antispam/validate_config.yml"
    - when: matrix_synapse_ext_synapse_http_antispam_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-http-antispam/setup_install.yml"
 # s3-storage-provider
 - tags:
    - setup-all
--- a/roles/custom/matrix-synapse/tasks/ext/synapse-http-antispam/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/synapse-http-antispam/setup_install.yml
@ -0,0 +1,37 @@
 # SPDX-FileCopyrightText: 2025 MDAD project contributors
 # SPDX-FileCopyrightText: 2025 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 ---
 - name: Ensure git installed
  ansible.builtin.package:
    name: git
    state: present
 - name: Clone synapse-http-antispam git repository
  ansible.builtin.git:
    repo: "{{ matrix_synapse_ext_synapse_http_antispam_git_repository_url }}"
    version: "{{ matrix_synapse_ext_synapse_http_antispam_git_version }}"
    dest: "{{ matrix_synapse_ext_path }}/synapse-http-antispam"
  become: true
  become_user: "{{ matrix_synapse_username }}"
 - ansible.builtin.set_fact:
    matrix_synapse_modules: >
      {{
        matrix_synapse_modules | default([])
        +
        [{
          "module": "synapse_http_antispam.HTTPAntispam",
          "config": matrix_synapse_ext_synapse_http_antispam_config,
        }]
      }}
    matrix_synapse_container_extra_arguments: >
      {{
        matrix_synapse_container_extra_arguments | default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-http-antispam/synapse_http_antispam.py,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_http_antispam.py,ro"]
      }}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
transcaffeine	feef6db8c7	meta: move inventory structure to be more usable	2025-06-22 12:28:34 +02:00
jdreichmann	3c6eff7d60	meta: add own inventory, add vault-unlock with GPG	2025-06-21 14:45:24 +02:00
renovate[bot]	185f9b5765	Update ghcr.io/etkecc/fluffychat-web Docker tag to v2	2025-06-21 05:17:02 +03:00
renovate[bot]	9289859673	Update dependency urllib3 to v2.5.0	2025-06-19 05:48:36 +03:00
Slavi Pantaleev	279de764c8	Update Prerequisites to mention why `sudo` is required in all cases	2025-06-18 08:08:03 +03:00
Slavi Pantaleev	cb2586f8b4	Upgrade Traefik (v3.4.1-0 -> v3.4.1-1)	2025-06-18 06:58:43 +03:00
renovate[bot]	b046292c10	Update ghcr.io/element-hq/matrix-authentication-service Docker tag to v0.17.1	2025-06-17 22:57:26 +03:00
renovate[bot]	8f0ac84721	Update ghcr.io/element-hq/element-web Docker tag to v1.11.104	2025-06-17 22:49:37 +03:00
Slavi Pantaleev	aada2d255f	Upgrade Synapse (v1.131.0 -> v1.132.0)	2025-06-17 19:02:43 +03:00
renovate[bot]	3b425908da	Update dependency grafana to v11.6.3-0	2025-06-17 15:42:54 +03:00
renovate[bot]	3092037a7e	Update dock.mau.dev/mautrix/meta Docker tag to v0.5.1	2025-06-17 00:12:23 +03:00
renovate[bot]	048b8eb918	Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.12.2	2025-06-17 00:12:06 +03:00
renovate[bot]	779eb0fc9a	Update dock.mau.dev/mautrix/twitter Docker tag to v0.4.2	2025-06-17 00:11:51 +03:00
renovate[bot]	6a1ebe6e91	Update dock.mau.dev/mautrix/signal Docker tag to v0.8.4	2025-06-16 23:12:35 +03:00
renovate[bot]	30875764c5	Update dock.mau.dev/mautrix/gmessages Docker tag to v0.6.3	2025-06-16 23:12:17 +03:00
Benjamin Blacher	15ed07d970	Update mautrix-discord, add support for msc4190	2025-06-16 22:59:55 +03:00
renovate[bot]	13d22af9db	Update dependency certifi to v2025.6.15	2025-06-15 07:56:39 +03:00
Suguru Hirahara	5742800329	Fix looking up docker package error with Renovate Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-12 18:24:45 +09:00
renovate[bot]	3508c87aee	Update dependency valkey to v8.1.2-0	2025-06-12 10:34:03 +03:00
Aine	868ee4d688	Synapse Admin v0.11.1-etke44	2025-06-11 15:16:04 +03:00
Aine	eb9af8fe32	SchildiChat v1.11.103-sc.0.test.0	2025-06-11 10:26:59 +03:00
renovate[bot]	27c0fa55f4	Update ajbura/cinny Docker tag to v4.8.1	2025-06-10 23:23:04 +03:00
Slavi Pantaleev	e76b50a0b7	Upgrade baibot (v1.7.3 -> v1.7.4)	2025-06-10 16:40:02 +03:00
Slavi Pantaleev	db8bee548d	Update OpenAI model in sample baibot config (gpt-4o -> gpt-4.1) Related to `69d6111354`	2025-06-10 15:36:14 +03:00
Slavi Pantaleev	adef970239	Upgrade baibot (v1.7.2 -> v1.7.3)	2025-06-10 15:35:07 +03:00
renovate[bot]	20e98fbb33	Update ghcr.io/element-hq/element-web Docker tag to v1.11.103	2025-06-10 15:31:43 +03:00
Catalan Lover	5dcdf8e9e2	Update default room version to 11 in line with the specification.	2025-06-10 15:31:03 +03:00
renovate[bot]	7aca61c5dd	Update dependency requests to v2.32.4 [SECURITY]	2025-06-10 15:30:28 +03:00
Aine	5def3b176f	make hookshot honor the matrix_bridges_encryption_enabled var	2025-06-07 13:22:27 +03:00
Aine	01c8b55c6f	FluffyChat v1.27.0	2025-06-06 14:46:01 +03:00
renovate[bot]	9b8dab89df	Update ghcr.io/element-hq/element-call Docker tag to v0.12.2	2025-06-06 08:26:08 +03:00
adam-kress	5701ce5054	Upgrade Jitsi (v10184-0 → v10314-0)	2025-06-06 08:15:09 +03:00
renovate[bot]	cabedeae73	Update dependency livekit_server to v1.9.0-0	2025-06-05 14:32:58 +03:00
renovate[bot]	3edad9d8d4	Update joseluisq/static-web-server Docker tag to v2.37.0	2025-06-04 07:51:29 +03:00
Aine	2935d6a1a4	Merge pull request #4353 from spantaleev/renovate/ghcr.io-element-hq-synapse-1.x Update ghcr.io/element-hq/synapse Docker tag to v1.131.0	2025-06-03 19:51:03 +00:00
Aine	0941953889	Merge pull request #4354 from spantaleev/renovate/ghcr.io-element-hq-element-web-1.x Update ghcr.io/element-hq/element-web Docker tag to v1.11.102	2025-06-03 19:49:50 +00:00
renovate[bot]	f9f5182919	Update ghcr.io/element-hq/element-web Docker tag to v1.11.102	2025-06-03 18:45:33 +00:00
renovate[bot]	25c20f16d4	Update ghcr.io/element-hq/synapse Docker tag to v1.131.0	2025-06-03 15:16:17 +00:00
Suguru Hirahara	95f6347974	Revert "register" to "registr" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
Suguru Hirahara	c9dfb1c877	Replace "proxies" with "proxy's" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
Suguru Hirahara	3653f9f89b	Run codespell --write-changes Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
Suguru Hirahara	0152758f5d	Replace PostgresSQL with PostgreSQL Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
Suguru Hirahara	05caaab302	Replace preffix with prefix Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
Suguru Hirahara	17e14a4b89	Enable pre-commit Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-06-03 10:36:00 +03:00
renovate[bot]	cb7db82fe9	Update dependency prometheus to v3.4.1-0	2025-06-01 10:40:17 +03:00
Suguru Hirahara	f4e13a380d	Update configuring-playbook-s3.md: Storj introducing minimum charge See: https://storj.dev/dcs/pricing#minimum-monthly-billing Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2025-05-31 17:52:43 +09:00
renovate[bot]	312b4826f0	Update matrixconduit/matrix-conduit Docker tag to v0.10.4	2025-05-31 00:07:41 +03:00
Catalan Lover	a2ddbb8169	Update Draupnir config template to v2.3.1 template Also removes the FIX ME for Polling as well it being broken in the playbook is no longer true.	2025-05-30 13:02:25 +03:00
renovate[bot]	2c9aa1af9c	Update gnuxie/draupnir Docker tag to v2.3.1	2025-05-30 00:19:40 +03:00
renovate[bot]	1dc404dc5f	Update gnuxie/draupnir Docker tag to v2.3.0	2025-05-29 22:34:47 +03:00
renovate[bot]	2087c13a4e	Update ghcr.io/element-hq/element-call Docker tag to v0.12.0	2025-05-28 17:06:43 +03:00
renovate[bot]	1c335da420	Update dependency traefik to v3.4.1-0	2025-05-27 23:24:41 +03:00
renovate[bot]	3ef1726a40	Update dependency setuptools to v80.9.0	2025-05-27 07:47:08 +03:00
renovate[bot]	d3172f0f32	Update ajbura/cinny Docker tag to v4.8.0	2025-05-24 23:40:52 +03:00
renovate[bot]	c97bb125c6	Update dependency grafana to v11.6.2-0	2025-05-23 10:29:12 +03:00
Virkkunen	f36c776bc3	Add variables to control Continuwuity forbidden servers (#4339 )	2025-05-22 10:56:25 +03:00
renovate[bot]	e16a644fa2	Update ajbura/cinny Docker tag to v4.7.1	2025-05-21 21:37:50 +03:00
renovate[bot]	777882b40f	Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.5.21	2025-05-21 14:33:52 +03:00
renovate[bot]	8c9b95d68c	Update dependency click to v8.2.1	2025-05-21 09:13:10 +03:00
renovate[bot]	429bbc1c7d	Migrate config .github/renovate.json	2025-05-20 23:35:54 +03:00
renovate[bot]	5d0b0c98ae	Update ghcr.io/element-hq/synapse Docker tag to v1.130.0	2025-05-20 23:35:33 +03:00
renovate[bot]	571b14eaf8	Update dependency setuptools to v80.8.0	2025-05-20 20:47:53 +03:00
renovate[bot]	d5d7adf4b5	Update ghcr.io/element-hq/element-web Docker tag to v1.11.101	2025-05-20 20:47:38 +03:00
renovate[bot]	3c08f008bc	Update ghcr.io/element-hq/element-call Docker tag to v0.11.1	2025-05-19 15:42:30 +03:00
Aine	e818bbb373	Synapse Admin v0.10.4-etke41	2025-05-19 11:23:13 +03:00
renovate[bot]	0bd29b938a	Update ajbura/cinny Docker tag to v4.7.0	2025-05-18 13:10:39 +03:00
Kim Brose	a3c13c5786	Typo	2025-05-17 21:58:30 +03:00
renovate[bot]	b9121e7105	Update dependency prometheus to v3.4.0-1	2025-05-17 21:57:52 +03:00
Slavi Pantaleev	978d24aa32	Upgrade Hookshot (6.0.3 -> 7.0.0) and remove provisioning API and integration with Dimension Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4326 - https://github.com/matrix-org/matrix-hookshot/releases/tag/7.0.0 - https://github.com/matrix-org/matrix-hookshot/pull/931 Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4326	2025-05-16 22:46:12 +03:00
renovate[bot]	1fdb3dd990	Update dependency maunium/synapse-http-antispam to v0.4.0	2025-05-16 19:07:34 +03:00
renovate[bot]	31effafc08	Update ghcr.io/element-hq/element-call Docker tag to v0.11.0	2025-05-16 19:06:57 +03:00
renovate[bot]	ecb7ccf8cc	Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.12.1	2025-05-16 15:12:18 +03:00
renovate[bot]	14d4a58583	Update dock.mau.dev/mautrix/twitter Docker tag to v0.4.1	2025-05-16 15:12:07 +03:00
renovate[bot]	fa35c3802d	Update dock.mau.dev/mautrix/signal Docker tag to v0.8.3	2025-05-16 09:10:04 +03:00
renovate[bot]	ef5be1d138	Update dock.mau.dev/mautrix/gmessages Docker tag to v0.6.2	2025-05-16 09:09:51 +03:00
renovate[bot]	37a35c039e	Update dependency setuptools to v80.7.1	2025-05-15 08:40:44 +03:00
renovate[bot]	477bd98b15	Update dependency setuptools to v80.6.0	2025-05-15 08:36:51 +03:00
renovate[bot]	eb67e08d98	Update matrixconduit/matrix-conduit Docker tag to v0.10.3	2025-05-13 07:43:41 +03:00
renovate[bot]	757527bbd2	Update matrixdotorg/mjolnir Docker tag to v1.10.0	2025-05-13 07:43:12 +03:00
Slavi Pantaleev	b3cd3910a9	Default `matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size` to `null` Ref: `91986a129c/CHANGELOG.md (2025-05-11-version-172)`	2025-05-11 23:22:02 +03:00
Slavi Pantaleev	89599d464a	Upgrade baibot (v1.7.1 -> v1.7.2)	2025-05-11 23:21:52 +03:00
Slavi Pantaleev	8e5de2dc31	Upgrade baibot (v1.7.0 -> v1.7.1)	2025-05-11 22:26:01 +03:00
renovate[bot]	0c8137220d	Update matrixconduit/matrix-conduit Docker tag to v0.10.2	2025-05-11 18:47:21 +03:00
renovate[bot]	90dcdf5261	Update dependency click to v8.2.0	2025-05-11 07:35:49 +03:00
Aine	3cb67f23ee	FluffyChat v1.26.1	2025-05-10 14:21:02 +03:00
Slavi Pantaleev	09ae8750d8	Default OpenAI provider for baibot to use `gpt-image-1` instead of `dall-e-3` Ref: - `d2660be33c/CHANGELOG.md (2025-05-10-version-170)` - https://openai.com/index/image-generation-api/	2025-05-10 12:33:08 +03:00
Slavi Pantaleev	34b2dd3dd0	Upgrade baibot (v1.6.0 -> v1.7.0) Ref: `d2660be33c/CHANGELOG.md (2025-05-10-version-170)`	2025-05-10 12:31:25 +03:00
Slavi Pantaleev	9adc5be572	Add `atrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality`	2025-05-10 12:29:02 +03:00
renovate[bot]	15e453039c	Update dependency setuptools to v80.4.0	2025-05-10 07:24:27 +03:00
Aine	7afaba64f0	Synapse Admin v0.10.4-etke40	2025-05-09 23:39:14 +03:00
renovate[bot]	96f4670887	Update dependency snowballstemmer to v3.0.1	2025-05-09 22:32:05 +03:00
renovate[bot]	3d25bd70f8	Update matrixconduit/matrix-conduit Docker tag to v0.10.1	2025-05-09 22:31:54 +03:00
renovate[bot]	1fa2a2a615	Update matrixconduit/matrix-conduit Docker tag to v0.10.0	2025-05-09 17:42:34 +03:00
renovate[bot]	94d5182f4d	Update dependency snowballstemmer to v3.0.0.1	2025-05-08 19:46:04 +03:00
renovate[bot]	14be193d20	Update dependency snowballstemmer to v3	2025-05-08 12:41:41 +03:00
Catalan Lover	4e0f031ebd	Fix Synapse-HTTP-Antispam configuration error in Draupnir	2025-05-08 12:39:30 +03:00
Slavi Pantaleev	360ee544a9	Make indentation level in `roles/custom/matrix-bot-draupnir/defaults/main.yml` consistent	2025-05-08 10:06:17 +03:00
Slavi Pantaleev	465df3a949	Add support for synapse-http-antispam and integrate it with Draupnir Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4284	2025-05-08 10:03:53 +03:00
		`@ -0,0 +1,2 @@`
							`[codespell]`
							`ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr`