Update jeremiah-k/mmrelay Docker tag to v1.3.8

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

.github/workflows/update-translations.yml

@@ -32,7 +32,7 @@ jobs:
 
       # Setting up recommended prerequisites
       # See: i18n/README.md
-      - uses: astral-sh/setup-uv@v8.1.0
+      - uses: astral-sh/setup-uv@v8.2.0
       - uses: extractions/setup-just@v4
 
       # TODO: optimize when we start publishing translations and integrate a Weblate instance

CHANGELOG.md

@@ -1,3 +1,11 @@
+# 2026-05-24
+
+## matrix-ldap-registration-proxy has been removed from the playbook
+
+The [matrix-ldap-registration-proxy](./docs/configuring-playbook-matrix-ldap-registration-proxy.md) service has been removed from the playbook, as the source code and the container image have become unavailable.
+
+The playbook will let you know if you're using any `matrix_ldap_registration_proxy_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-matrix-ldap-registration-proxy.md#uninstalling-the-component-manually).
+
 # 2026-05-23
 
 ## Go-NEB has been removed from the playbook

README.md

@@ -65,7 +65,7 @@ Web clients for Matrix that you can host on your own domains.
 | [Element Web](https://github.com/element-hq/element-web) | ✅ | Default Matrix web client, configured to connect to your own Synapse server | [Link](docs/configuring-playbook-client-element-web.md) |
 | [Hydrogen](https://github.com/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
 | [Cinny](https://github.com/ajbura/cinny) |  ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
-| [Sable](https://github.com/7w1/sable) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-sable.md) |
+| [Sable](https://github.com/SableClient/Sable) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-sable.md) |
 | [SchildiChat Web](https://schildi.chat/) | ❌ | Based on Element Web, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat-web.md) |
 | [FluffyChat Web](https://fluffychat.im/) | ❌ | The cutest messenger in Matrix | [Link](docs/configuring-playbook-client-fluffychat-web.md) |
 
@@ -92,7 +92,6 @@ Extend and modify how users are authenticated on your homeserver.
 | [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | ❌ | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) |
 |[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | ❌ | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
 | [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | ❌ | LDAP Auth password provider module | [Link](docs/configuring-playbook-ldap-auth.md) |
-| [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
 | [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token | [Link](docs/configuring-playbook-user-verification-service.md) |
 | [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | ❌ | Spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |
 

docs/configuring-playbook-client-sable.md

@@ -8,7 +8,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 # Setting up Sable (optional)
 
-The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you.
+The playbook can install and configure the [Sable](https://github.com/SableClient/Sable) Matrix web client for you.
 
 Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others.
 

docs/configuring-playbook-ldap-auth.md

@@ -52,9 +52,3 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
 
 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-### Handling user registration
-
-If you wish for users to also be able to make new registrations against LDAP, you may **also** wish to [set up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md).

docs/configuring-playbook-matrix-ldap-registration-proxy.md

@@ -1,69 +1,32 @@
 <!--
-SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Edgars Voroboks
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Chris van Dijk
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2020 jens quade
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2022 Kim Brose
+SPDX-FileCopyrightText: 2022 Travis Ralston
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2022 Yan Minagawa
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 
-# Setting up matrix-ldap-registration-proxy (optional)
+# Setting up matrix-ldap-registration-proxy (optional, removed)
 
-The playbook can install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) for you.
+🪦 The playbook used to be able to install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy), but no longer includes this component, as it has become unavailable.
 
-This proxy handles Matrix registration requests and forwards them to LDAP.
+## Uninstalling the component manually
 
-See the project's [documentation](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/-/blob/main/README.md) to learn what it does and why it might be useful to you.
+If you still have matrix-ldap-registration-proxy installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:
 
-**Note**: This does support the full Matrix specification for registrations. It only provide a very coarse implementation of a basic password registration.
-
-## Adjusting the playbook configuration
-
-To enable the component, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):
-
-```yaml
-matrix_ldap_registration_proxy_enabled: true
-
-# LDAP credentials
-matrix_ldap_registration_proxy_ldap_uri: YOUR_URI_HERE
-matrix_ldap_registration_proxy_ldap_base_dn: YOUR_DN_HERE
-matrix_ldap_registration_proxy_ldap_user: YOUR_USER_HERE
-matrix_ldap_registration_proxy_ldap_password: YOUR_PASSWORD_HERE
-```
-
-If you already use the [synapse external password provider via LDAP](configuring-playbook-ldap-auth.md) (that is, you have `matrix_synapse_ext_password_provider_ldap_enabled: true` and other options in your configuration) you can use the following values as configuration:
-
-```yaml
-# Use the LDAP values specified for the synapse role to setup LDAP proxy
-matrix_ldap_registration_proxy_ldap_uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}"
-matrix_ldap_registration_proxy_ldap_base_dn: "{{ matrix_synapse_ext_password_provider_ldap_base }}"
-matrix_ldap_registration_proxy_ldap_user: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}"
-matrix_ldap_registration_proxy_ldap_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}"
-
-matrix_ldap_registration_proxy_systemd_wanted_services_list_custom:
-  - matrix-synapse.service
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the component.
-
-Take a look at:
-
-- `roles/custom/matrix-ldap-registration-proxy/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-ldap-registration-proxy.service
+
+rm -rf /matrix/matrix_ldap_registration_proxy
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-ldap-registration-proxy`.

docs/configuring-playbook.md

@@ -89,7 +89,7 @@ Web clients for Matrix that you can host on your own domains.
 
 - [Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabled [Cinny](https://github.com/ajbura/cinny), a web client focusing primarily on simple, elegant and secure interface
 
-- [Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface
+- [Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/SableClient/Sable), a web client focusing primarily on simple, elegant and secure interface
 
 - [Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks
 
@@ -112,8 +112,6 @@ Extend and modify how users are authenticated on your homeserver.
 
 - [Setting up the LDAP authentication password provider module](configuring-playbook-ldap-auth.md) (advanced)
 
-- [Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (advanced)
-
 - [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)
 
 - [Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)
@@ -279,6 +277,8 @@ Various services that don't fit any other categories.
 
 - [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))
 
+- [Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (removed; the repository of the source code has been removed)
+
 - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)
 
 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))

docs/container-images.md

@@ -67,7 +67,6 @@ Extend and modify how users are authenticated on your homeserver.
 | [matrix-synapse-rest-auth](configuring-playbook-rest-auth.md) | (N/A) | ❌ | REST authentication password provider module |
 | [matrix-synapse-shared-secret-auth](configuring-playbook-shared-secret-auth.md) | (N/A) | ❌ | Password provider module |
 | [matrix-synapse-ldap3](configuring-playbook-ldap-auth.md) (advanced) | (N/A) | ❌ | LDAP Auth password provider module |
-| [matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) | [activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP |
 | [Matrix User Verification Service](configuring-playbook-user-verification-service.md) | [matrixdotorg/matrix-user-verification-service](https://hub.docker.com/r/atrixdotorg/matrix-user-verification-service) | ❌ | Service to verify details of a user based on an Open ID token |
 | [synapse-simple-antispam](configuring-playbook-synapse-simple-antispam.md) (advanced) | (N/A) | ❌ | Spam checker module |
 
@@ -178,6 +177,7 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
 | [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
 | [matrix-chatgpt-bot](configuring-playbook-bot-chatgpt.md) | [matrixgpt/matrix-chatgpt-bot](https://ghcr.io/matrixgpt/matrix-chatgpt-bot) | ❌ | Accessing ChatGPT via your favourite Matrix client |
+| [matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) | [activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry) | ❌ | Proxy that handles Matrix registration requests and forwards them to LDAP |
 | [matrix-registration](configuring-playbook-matrix-registration.md) | [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) | ❌ | Simple python application to have a token based Matrix registration |
 | [mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md) | [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) | ❌ | Bridge to [Facebook](https://facebook.com/) |
 | [mautrix-instagram](configuring-playbook-bridge-mautrix-instagram.md) | [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) | ❌ | Bridge to [Instagram](https://instagram.com/) |

docs/howto-server-delegation.md

@@ -23,7 +23,7 @@ Both methods have their place and will continue to do so. You only need to use j
 
 For simplicity reasons, this playbook recommends you to set up server delegation via a `/.well-known/matrix/server` file. However, that method may have some downsides that are not to your liking. Hence this guide about alternative ways to set up Server Delegation.
 
-**Note**: as an alternative, it is possible to install the server such that it uses only the `matrix.example.com` domain (instead of identifying as the shorter base domain — `example.com`). This should be helpful if you are not in control of anything on the base domain (`example.com`). In this case, you would not need to configure server delegation, but you would need to add other configuration. For more information, see [How do I install on matrix.example.com without involving the base domain?](faq.md#how-do-i-install-on-matrix-example-com-without-involving-the-base-domain) on our FAQ.
+**Note**: as an alternative, it is possible to install the server such that it uses only the `matrix.example.com` domain (instead of identifying as the shorter base domain — `example.com`). This should be helpful if you are not in control of anything on the base domain (`example.com`). In this case, you would not need to configure server delegation, but you would need to add other configuration. For more information, see [How do I install on matrix.example.com without involving the base domain?](faq.md#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain) on our FAQ.
 
 ## Server Delegation via a well-known file
 

group_vars/matrix_servers

@@ -715,13 +715,6 @@ devture_systemd_service_manager_services_list_auto: |
       'groups': ['matrix', 'jitsi', 'jitsi-jvb'],
     }] if jitsi_enabled else [])
     +
-    ([{
-      'name': 'matrix-ldap-registration-proxy.service',
-      'priority': 2000,
-      'restart_necessary': (matrix_ldap_registration_proxy_restart_necessary | bool),
-      'groups': ['matrix', 'ldap-registration-proxy'],
-    }] if matrix_ldap_registration_proxy_enabled else [])
-    +
     ([{
       'name': (matrix_media_repo_identifier + '.service'),
       'priority': 4000,
@@ -3765,50 +3758,6 @@ jitsi_disable_gravatar: true
 #
 ######################################################################
 
-
-######################################################################
-#
-# matrix-ldap-registration-proxy
-#
-######################################################################
-
-# This is only for users with a specific LDAP setup
-matrix_ldap_registration_proxy_enabled: false
-
-matrix_ldap_registration_proxy_hostname: "{{ matrix_server_fqn_matrix }}"
-
-matrix_ldap_registration_proxy_matrix_server_url: "{{ matrix_addons_homeserver_client_api_url }}"
-
-matrix_ldap_registration_proxy_systemd_required_services_list_auto: |
-  {{
-    matrix_addons_homeserver_systemd_services_list
-  }}
-
-matrix_ldap_registration_proxy_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ldap_registration_proxy_container_image_registry_prefix_upstream_default }}"
-
-matrix_ldap_registration_proxy_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_ldap_registration_proxy_container_additional_networks_auto: |-
-  {{
-    (
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ldap_registration_proxy_container_labels_traefik_enabled) else [])
-    ) | unique
-  }}
-
-matrix_ldap_registration_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
-matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
-matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
-
-######################################################################
-#
-# /matrix-ldap-registration-proxy
-#
-######################################################################
-
-
 ########################################################################
 #                                                                      #
 # exim-relay                                                           #
@@ -6286,8 +6235,6 @@ matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ (matrix_homeser
 
 matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ (matrix_homeserver_generic_secret_key + ':lk.secret') | hash('sha512') | to_uuid }}"
 
-matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["{{ matrix_domain }}"]
-
 ########################################################################
 #                                                                      #
 # /matrix-livekit-jwt-service                                          #

i18n/requirements.txt

@@ -3,8 +3,8 @@ babel==2.18.0
 certifi==2026.5.20
 charset-normalizer==3.4.7
 click==8.4.1
-docutils==0.22.4
-idna==3.16
+docutils==0.23
+idna==3.18
 imagesize==2.0.0
 Jinja2==3.1.6
 linkify-it-py==2.1.0
@@ -18,7 +18,7 @@ Pygments==2.20.0
 PyYAML==6.0.3
 requests==2.34.2
 setuptools==82.0.1
-snowballstemmer==3.0.1
+snowballstemmer==3.1.1
 Sphinx==9.1.0
 sphinx-intl==2.3.2
 sphinx-markdown-builder==0.6.10

i18n/translation-templates/README.pot

@@ -257,7 +257,7 @@ msgid "[Link](docs/configuring-playbook-client-cinny.md)"
 msgstr ""
 
 #: ../../../README.md:0
-msgid "[Sable](https://github.com/7w1/sable)"
+msgid "[Sable](https://github.com/SableClient/Sable)"
 msgstr ""
 
 #: ../../../README.md:0

i18n/translation-templates/docs/configuring-playbook-client-sable.pot

@@ -21,7 +21,7 @@ msgid "Setting up Sable (optional)"
 msgstr ""
 
 #: ../../../docs/configuring-playbook-client-sable.md:11
-msgid "The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you."
+msgid "The playbook can install and configure the [Sable](https://github.com/SableClient/Sable) Matrix web client for you."
 msgstr ""
 
 #: ../../../docs/configuring-playbook-client-sable.md:13

i18n/translation-templates/docs/configuring-playbook.pot

@@ -173,7 +173,7 @@ msgid "[Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabl
 msgstr ""
 
 #: ../../../docs/configuring-playbook.md:92
-msgid "[Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface"
+msgid "[Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/SableClient/Sable), a web client focusing primarily on simple, elegant and secure interface"
 msgstr ""
 
 #: ../../../docs/configuring-playbook.md:94

mise.toml

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
 [tools]
-prek = "0.4.1"
+prek = "0.4.4"
 
 [settings]
 yes = true

requirements.yml

@@ -7,7 +7,7 @@
   version: v1.4.4-2.1.4-1
   name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
-  version: v4.12.1-0
+  version: v4.12.2-0
   name: cinny
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
   version: v0.4.2-5
@@ -45,7 +45,7 @@
   version: v1.12.0-0
   name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.22.0-1
+  version: v2.24.0-0
   name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4
@@ -63,7 +63,7 @@
   version: v18-3
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.11.3-1
+  version: v3.12.0-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
   version: v1.10.0-3
@@ -87,7 +87,7 @@
   version: v1.1.0-1
   name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.7.1-0
+  version: v3.7.4-0
   name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
   version: v2.10.0-7

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2026.5.20
+matrix_alertmanager_receiver_version: 2026.6.3
 
 matrix_alertmanager_receiver_scheme: https
 

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.17.0
+matrix_authentication_service_version: 1.18.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

roles/custom/matrix-bot-baibot/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.19.2
+matrix_bot_baibot_version: v1.21.1
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.2605.0
+matrix_mautrix_meta_instagram_version: v0.2605.1
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.2605.0
+matrix_mautrix_meta_messenger_version: v0.2605.1
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"

roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml

@@ -10,7 +10,7 @@
 matrix_meshtastic_relay_enabled: true
 
 # renovate: datasource=docker depName=jeremiah-k/mmrelay packageName=ghcr.io/jeremiah-k/mmrelay
-matrix_meshtastic_relay_version: 1.3.7
+matrix_meshtastic_relay_version: 1.3.8
 matrix_meshtastic_relay_container_image: "{{ matrix_meshtastic_relay_container_image_registry_prefix }}jeremiah-k/mmrelay:{{ matrix_meshtastic_relay_version }}"
 matrix_meshtastic_relay_container_image_registry_prefix: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream }}"
 matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-steam/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_steam_bridge_container_image_self_build_repo: "https://github.com/jasonla
 matrix_steam_bridge_container_image_self_build_repo_version: "{{ 'main' if matrix_steam_bridge_version == 'latest' else matrix_steam_bridge_version }}"
 
 # renovate: datasource=docker depName=ghcr.io/jasonlaguidice/matrix-steam-bridge
-matrix_steam_bridge_version: 1.1.0
+matrix_steam_bridge_version: 1.2.0
 matrix_steam_bridge_container_image: "{{ matrix_steam_bridge_container_image_registry_prefix }}jasonlaguidice/matrix-steam-bridge:{{ matrix_steam_bridge_version }}"
 matrix_steam_bridge_container_image_registry_prefix: "{{ 'localhost/' if matrix_steam_bridge_container_image_self_build else matrix_steam_bridge_container_image_registry_prefix_upstream }}"
 matrix_steam_bridge_container_image_registry_prefix_upstream: "{{ matrix_steam_bridge_container_image_registry_prefix_upstream_default }}"

roles/custom/matrix-client-element/defaults/main.yml

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.12.18
+matrix_client_element_version: v1.12.20
 
 matrix_client_element_container_image: "{{ matrix_client_element_container_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_container_image_registry_prefix_upstream }}"

roles/custom/matrix-element-call/defaults/main.yml

@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
 matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
-matrix_element_call_version: v0.19.4
+matrix_element_call_version: v0.20.0
 
 matrix_element_call_scheme: https
 

roles/custom/matrix-ldap-registration-proxy/defaults/main.yml

@@ -1,112 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-# SPDX-FileCopyrightText: 2022 MDAD project contributors
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-# matrix_ldap_registration_proxy - Want to build a large-scale Matrix server using external registration on LDAP?
-# Project source code URL: https://gitlab.com/activism.international/matrix_ldap_registration_proxy
-
-matrix_ldap_registration_proxy_enabled: true
-
-matrix_ldap_registration_proxy_hostname: ''
-
-matrix_ldap_registration_proxy_container_image: "{{ matrix_ldap_registration_proxy_container_image_registry_prefix }}matrix_ldap_registration_proxy"
-matrix_ldap_registration_proxy_container_image_registry_prefix: "{{ 'localhost/' if matrix_ldap_registration_proxy_container_image_self_build else matrix_ldap_registration_proxy_container_image_registry_prefix_upstream }}"
-matrix_ldap_registration_proxy_container_image_registry_prefix_upstream: "{{ matrix_ldap_registration_proxy_container_image_registry_prefix_upstream_default }}"
-matrix_ldap_registration_proxy_container_image_registry_prefix_upstream_default: ""
-
-matrix_ldap_registration_proxy_container_image_self_build: true
-matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git"
-matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}"
-
-matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873"
-
-matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy"
-# We need the docker src directory to be named matrix_ldap_registration_proxy.
-matrix_ldap_registration_proxy_container_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy"
-matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config"
-
-matrix_ldap_registration_proxy_ldap_uri: ""
-matrix_ldap_registration_proxy_ldap_base_dn: ""
-matrix_ldap_registration_proxy_ldap_user: ""
-matrix_ldap_registration_proxy_ldap_password: ""
-matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}"
-matrix_ldap_registration_proxy_matrix_server_url: ""
-
-# Controls whether the self-check feature should validate SSL certificates.
-matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true
-
-matrix_ldap_registration_listen_port: 8080
-
-# Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_listen_port }} in the container).
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.
-matrix_ldap_registration_proxy_container_http_host_bind_port: ''
-
-matrix_ldap_registration_proxy_container_network: ""
-
-matrix_ldap_registration_proxy_container_additional_networks: "{{ matrix_ldap_registration_proxy_container_additional_networks_auto + matrix_ldap_registration_proxy_container_additional_networks_custom }}"
-matrix_ldap_registration_proxy_container_additional_networks_auto: []
-matrix_ldap_registration_proxy_container_additional_networks_custom: []
-
-# matrix_ldap_registration_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
-# See `../templates/labels.j2` for details.
-#
-# To inject your own other container labels, see `matrix_ldap_registration_proxy_container_labels_additional_labels`.
-matrix_ldap_registration_proxy_container_labels_traefik_enabled: true
-matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_ldap_registration_proxy_container_network }}"
-matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: web-secure
-matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: default  # noqa var-naming
-
-# Controls whether labels will be added that expose ldap-registration-proxy's registration endpoint (matrix_ldap_registration_proxy_container_labels_registration_endpoint_path)
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled: true
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname: "{{ matrix_ldap_registration_proxy_hostname }}"
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_path: "/_matrix/client/{version:(r0|v3)}/register"
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule: "Host(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname }}`) && Path(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_path }}`)"
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority: 0
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints: "{{ matrix_ldap_registration_proxy_container_labels_traefik_entrypoints }}"
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls: "{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints != 'web' }}"
-matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver: "{{ matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
-# matrix_ldap_registration_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
-# See `../templates/labels.j2` for details.
-#
-# Example:
-# matrix_ldap_registration_proxy_container_labels_additional_labels: |
-#   my.label=1
-#   another.label="here"
-matrix_ldap_registration_proxy_container_labels_additional_labels: ''
-
-# A list of extra arguments to pass to the container
-matrix_ldap_registration_proxy_container_extra_arguments: []
-
-# List of systemd services that matrix-ldap-registration-proxy.service depends on.
-matrix_ldap_registration_proxy_systemd_required_services_list: "{{ matrix_ldap_registration_proxy_systemd_required_services_list_default + matrix_ldap_registration_proxy_systemd_required_services_list_auto + matrix_ldap_registration_proxy_systemd_required_services_list_custom }}"
-matrix_ldap_registration_proxy_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_ldap_registration_proxy_systemd_required_services_list_auto: []
-matrix_ldap_registration_proxy_systemd_required_services_list_custom: []
-
-# List of systemd services that matrix-ldap-registration-proxy.service wants
-matrix_ldap_registration_proxy_systemd_wanted_services_list: "{{ matrix_ldap_registration_proxy_systemd_wanted_services_list_default + matrix_ldap_registration_proxy_systemd_wanted_services_list_auto + matrix_ldap_registration_proxy_systemd_wanted_services_list_custom }}"
-matrix_ldap_registration_proxy_systemd_wanted_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_ldap_registration_proxy_systemd_wanted_services_list_auto: []
-matrix_ldap_registration_proxy_systemd_wanted_services_list_custom: []
-
-# Additional environment variables to pass to the LDAP proxy environment variables.
-#
-# Example:
-# matrix_ldap_registration_proxy_env_variables_extension: |
-#   KEY=value
-matrix_ldap_registration_proxy_env_variables_extension: ''
-
-# matrix_ldap_registration_proxy_restart_necessary controls whether the service
-# will be restarted (when true) or merely started (when false) by the
-# systemd service manager role (when conditional restart is enabled).
-#
-# This value is automatically computed during installation based on whether
-# any configuration files, the systemd service file, or the container image changed.
-# The default of `false` means "no restart needed" — appropriate when the role's
-# installation tasks haven't run (e.g., due to --tags skipping them).
-matrix_ldap_registration_proxy_restart_necessary: false

roles/custom/matrix-ldap-registration-proxy/tasks/main.yml

@@ -1,26 +0,0 @@
-# SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-# SPDX-FileCopyrightText: 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- tags:
-    - setup-all
-    - setup-matrix-ldap-registration-proxy
-    - install-all
-    - install-matrix-ldap-registration-proxy
-  block:
-    - when: matrix_ldap_registration_proxy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_ldap_registration_proxy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-
-- tags:
-    - setup-all
-    - setup-matrix-ldap-registration-proxy
-  block:
-    - when: not matrix_ldap_registration_proxy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml

@@ -1,85 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-# SPDX-FileCopyrightText: 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
-# SPDX-FileCopyrightText: 2024 David Mehren
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- name: Ensure matrix_ldap_registration_proxy paths exist
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: '0750'
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - {path: "{{ matrix_ldap_registration_proxy_config_path }}", when: true}
-    - {path: "{{ matrix_ldap_registration_proxy_container_src_files_path }}", when: true}
-  when: "item.when | bool"
-
-- name: Ensure matrix_ldap_registration_proxy repository is present on self-build
-  ansible.builtin.git:
-    repo: "{{ matrix_ldap_registration_proxy_container_image_self_build_repo }}"
-    dest: "{{ matrix_ldap_registration_proxy_container_src_files_path }}"
-    version: "{{ matrix_ldap_registration_proxy_container_image_self_build_branch }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_name }}"
-  register: matrix_ldap_registration_proxy_git_pull_results
-
-- name: Ensure matrix_ldap_registration_proxy Docker image is built
-  community.docker.docker_image_build:
-    name: "{{ matrix_ldap_registration_proxy_container_image }}"
-    dockerfile: Dockerfile
-    path: "{{ matrix_ldap_registration_proxy_container_src_files_path }}"
-    pull: true
-    rebuild: "{{ 'always' if matrix_ldap_registration_proxy_git_pull_results.changed | bool else 'never' }}"
-  when: true
-  register: matrix_ldap_registration_proxy_container_image_build_result
-
-- name: Ensure matrix_ldap_registration_proxy config installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/ldap-registration-proxy.env.j2"
-    dest: "{{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env"
-    mode: '0644'
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  register: matrix_ldap_registration_proxy_config_result
-
-- name: Ensure matrix-ldap-registration-proxy support files installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_ldap_registration_proxy_base_path }}/{{ item }}"
-    mode: '0640'
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - labels
-  register: matrix_ldap_registration_proxy_support_files_result
-
-- name: Ensure matrix-ldap-registration-proxy container network is created
-  community.general.docker_network:
-    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
-    name: "{{ matrix_ldap_registration_proxy_container_network }}"
-    driver: bridge
-    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
-
-- name: Ensure matrix-ldap-registration-proxy.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-ldap-registration-proxy.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
-    mode: '0644'
-  register: matrix_ldap_registration_proxy_systemd_service_result
-
-- name: Determine whether matrix-ldap-registration-proxy needs a restart
-  ansible.builtin.set_fact:
-    matrix_ldap_registration_proxy_restart_necessary: >-
-      {{
-        matrix_ldap_registration_proxy_config_result.changed | default(false)
-        or matrix_ldap_registration_proxy_support_files_result.changed | default(false)
-        or matrix_ldap_registration_proxy_systemd_service_result.changed | default(false)
-        or matrix_ldap_registration_proxy_container_image_build_result.changed | default(false)
-      }}

roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml

@@ -1,31 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2023 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- name: Check existence of matrix-matrix_ldap_registration_proxy service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
-  register: matrix_ldap_registration_proxy_service_stat
-
-- when: matrix_ldap_registration_proxy_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-matrix_ldap_registration_proxy is stopped
-      ansible.builtin.service:
-        name: matrix-ldap-registration-proxy
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-ldap-registration-proxy.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
-        state: absent
-
-    - name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist
-      ansible.builtin.file:
-        path: "{{ matrix_ldap_registration_proxy_base_path }}"
-        state: absent

roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml

@@ -1,38 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-# SPDX-FileCopyrightText: 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2025 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- name: (Deprecation) Catch and report renamed matrix-ldap-registration-proxy settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_ldap_registration_proxy_registration_addr_with_container', 'new': '<removed>'}
-    - {'old': 'matrix_ldap_registration_proxy_registration_addr_sans_container', 'new': '<removed>'}
-    - {'old': 'matrix_ldap_registration_proxy_container_port', 'new': 'matrix_ldap_registration_listen_port'}
-    - {'old': 'matrix_ldap_registration_proxy_registration_endpoint', 'new': 'matrix_ldap_registration_proxy_container_labels_registration_endpoint_path'}
-    - {'old': 'matrix_ldap_registration_proxy_docker_image', 'new': 'matrix_ldap_registration_proxy_container_image'}
-    - {'old': 'matrix_ldap_registration_proxy_docker_image_registry_prefix', 'new': 'matrix_ldap_registration_proxy_container_image_registry_prefix'}
-    - {'old': 'matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream', 'new': 'matrix_ldap_registration_proxy_container_image_registry_prefix_upstream'}
-    - {'old': 'matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream_default', 'new': 'matrix_ldap_registration_proxy_container_image_registry_prefix_upstream_default'}
-    - {'old': 'matrix_ldap_registration_proxy_docker_src_files_path', 'new': 'matrix_ldap_registration_proxy_container_src_files_path'}
-
-- name: Fail if required matrix-ldap-registration-proxy settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "lookup('vars', item, default='') == ''"
-  with_items:
-    - "matrix_ldap_registration_proxy_hostname"
-    - "matrix_ldap_registration_proxy_ldap_uri"
-    - "matrix_ldap_registration_proxy_ldap_base_dn"
-    - "matrix_ldap_registration_proxy_ldap_user"
-    - "matrix_ldap_registration_proxy_ldap_password"
-    - "matrix_ldap_registration_proxy_container_network"

roles/custom/matrix-ldap-registration-proxy/templates/labels.j2

@@ -1,51 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Slavi Pantaleev
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-{% if matrix_ldap_registration_proxy_container_labels_traefik_enabled %}
-traefik.enable=true
-
-{% if matrix_ldap_registration_proxy_container_labels_traefik_docker_network %}
-traefik.docker.network={{ matrix_ldap_registration_proxy_container_labels_traefik_docker_network }}
-{% endif %}
-
-{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled %}
-############################################################
-#                                                          #
-# Registration                                             #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-ldap-registration-proxy.loadbalancer.server.port={{ matrix_ldap_registration_listen_port }}
-
-traefik.http.middlewares.matrix-ldap-registration-proxy-registration-endpoint-replacepath.replacepath.path=/register
-
-traefik.http.routers.matrix-ldap-registration-proxy-registration.rule={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule }}
-
-traefik.http.routers.matrix-ldap-registration-proxy-registration.middlewares=matrix-ldap-registration-proxy-registration-endpoint-replacepath
-
-{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-ldap-registration-proxy-registration.priority={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-ldap-registration-proxy-registration.service=matrix-ldap-registration-proxy
-traefik.http.routers.matrix-ldap-registration-proxy-registration.entrypoints={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints }}
-
-traefik.http.routers.matrix-ldap-registration-proxy-registration.tls={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls | to_json }}
-{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls %}
-traefik.http.routers.matrix-ldap-registration-proxy-registration.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Registration                                            #
-#                                                          #
-############################################################
-{% endif %}
-
-
-{% endif %}
-
-{{ matrix_ldap_registration_proxy_container_labels_additional_labels }}

roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2

@@ -1,43 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-SPDX-FileCopyrightText: 2022 MDAD project contributors
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-# please specify the configuration here
-#
-# these settings are mandatory
-
-# The server to connect to. Please note it must be accessible from the Docker network
-# example: `ldap://127.0.0.1:389`
-LDAP_SERVER={{ matrix_ldap_registration_proxy_ldap_uri }}
-
-# the base DN used for user creation
-
-LDAP_BASE_DN={{ matrix_ldap_registration_proxy_ldap_base_dn }}
-
-# the privileged user used for user creation including it's DN
-# example: `uid=admin,cn=users,cn=accounts,dc=example,dc=org`
-
-LDAP_USER={{ matrix_ldap_registration_proxy_ldap_user }}
-
-# the password of the `LDAP_USER` used for authentication
-LDAP_PASSWORD={{ matrix_ldap_registration_proxy_ldap_password }}
-
-# the human-readable server name of your Matrix server as used in the Matrix ID
-# example: `example.org`
-MATRIX_SERVER_NAME={{ matrix_ldap_registration_proxy_matrix_server_name }}
-
-# the url to access the Matrix server API without trailing `/`
-# example: `https://matrix.example.org`
-MATRIX_SERVER_URL={{ matrix_ldap_registration_proxy_matrix_server_url }}
-
-# these settings are optional:
-
-# Specify the port to listen on. Default to 8080
-LISTEN_PORT={{ matrix_ldap_registration_listen_port }}
-
-# Use this to extend the configuration with custom variables
-{{ matrix_ldap_registration_proxy_env_variables_extension }}

roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2

@@ -1,52 +0,0 @@
-#jinja2: lstrip_blocks: True
-[Unit]
-Description=matrix_ldap_registration_proxy
-{% for service in matrix_ldap_registration_proxy_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_ldap_registration_proxy_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true'
-
-# matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
-# so /tmp needs to be mounted with an exec option.
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
-			--rm \
-			--name=matrix-ldap-registration-proxy \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--network={{ matrix_ldap_registration_proxy_container_network }} \
-			{% if matrix_ldap_registration_proxy_container_http_host_bind_port %}
-			-p {{ matrix_ldap_registration_proxy_container_http_host_bind_port }}:{{ matrix_ldap_registration_listen_port }} \
-			{% endif %}
-			--env-file {{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env \
-			--label-file={{ matrix_ldap_registration_proxy_base_path }}/labels \
-			{% for arg in matrix_ldap_registration_proxy_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_ldap_registration_proxy_container_image }}
-
-{% for network in matrix_ldap_registration_proxy_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ldap-registration-proxy
-{% endfor %}
-
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ldap-registration-proxy
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-ldap-registration-proxy
-
-[Install]
-WantedBy=multi-user.target

roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2.license

@@ -1,5 +0,0 @@
-SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2022 Julian-Samuel Gebühr
-SPDX-FileCopyrightText: 2022 MDAD project contributors
-
-SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-livekit-jwt-service/defaults/main.yml

@@ -1,6 +1,6 @@
 # SPDX-FileCopyrightText: 2022 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 wjbeckett
-# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -25,11 +25,11 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.4.4
+matrix_livekit_jwt_service_version: 0.5.0
 
 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
-matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + livekit_server_version) }}"
+matrix_livekit_jwt_service_container_repo_version: "{{ 'main' if matrix_livekit_jwt_service_version == 'latest' else ('v' + matrix_livekit_jwt_service_version) }}"
 matrix_livekit_jwt_service_container_src_files_path: "{{ matrix_livekit_jwt_service_base_path }}/container-src"
 
 matrix_livekit_jwt_service_container_image: "{{ matrix_livekit_jwt_service_container_image_registry_prefix }}element-hq/lk-jwt-service:{{ matrix_livekit_jwt_service_container_image_tag }}"
@@ -86,12 +86,20 @@ matrix_livekit_jwt_service_environment_variable_livekit_url: ""
 # Controls the LIVEKIT_SECRET environment variable
 matrix_livekit_jwt_service_environment_variable_livekit_secret: ""
 
-# Controls the LIVEKIT_FULL_ACCESS_HOMESERVERS environment variable
+# Controls the LIVEKIT_FULL_ACCESS_HOMESERVERS environment variable.
 # Comma-separated list of Matrix homeservers whose users are authorized with full access to LiveKit SFU features
-# (supports * as a wildcard to allow all homeservers).
+# (like creating rooms on the SFU).
+#
+# This is a required setting and the service refuses to start without it.
+# Setting it to `*` grants full access to any federated Matrix user, but listing only the homeserver(s)
+# you intend to serve is strongly recommended.
+#
+# To add additional homeservers, use `matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_custom`.
 matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers: "{{ matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list | join(',') }}"
-
-matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["*"]
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: "{{ matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_default + matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_auto + matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_custom }}"
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_default: ["{{ matrix_domain }}"]
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_auto: []
+matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list_custom: []
 
 # Additional environment variables to pass to the container.
 #

roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml

@@ -1,6 +1,6 @@
 # SPDX-FileCopyrightText: 2022 MDAD project contributors
 # SPDX-FileCopyrightText: 2024 wjbeckett
-# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -27,3 +27,4 @@
     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_key', when: true}
     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_url', when: true}
     - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_secret', when: true}
+    - {'name': 'matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers', when: true}

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.153.0
+matrix_synapse_version: v1.154.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -1473,6 +1473,14 @@ matrix_synapse_experimental_features_msc4306_enabled: false
 # See https://github.com/matrix-org/matrix-spec-proposals/pull/4354
 matrix_synapse_experimental_features_msc4354_enabled: false
 
+# Controls whether to enable the MSC4429 experimental feature (profile updates for legacy `/sync`).
+#
+# This allows servers to notify clients using the legacy `/sync` endpoint of profile changes
+# for other users, enabling features such as user status.
+#
+# See https://github.com/matrix-org/matrix-spec-proposals/pull/4429
+matrix_synapse_experimental_features_msc4429_enabled: false
+
 # Enable this to activate the REST auth password provider module.
 # See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
 matrix_synapse_ext_password_provider_rest_auth_enabled: false

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -3031,6 +3031,9 @@ experimental_features:
   {% if matrix_synapse_experimental_features_msc4354_enabled %}
   msc4354_enabled: true
   {% endif %}
+  {% if matrix_synapse_experimental_features_msc4429_enabled %}
+  msc4429_enabled: true
+  {% endif %}
 
 {% if matrix_synapse_experimental_features_msc4140_enabled %}
 max_event_delay_duration: {{ matrix_synapse_max_event_delay_duration | to_json }}

roles/custom/matrix-tuwunel/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_tuwunel_enabled: true
 matrix_tuwunel_hostname: ''
 
 # renovate: datasource=docker depName=ghcr.io/matrix-construct/tuwunel
-matrix_tuwunel_version: v1.7.0
+matrix_tuwunel_version: v1.7.1
 
 matrix_tuwunel_container_image: "{{ matrix_tuwunel_container_image_registry_prefix }}matrix-construct/tuwunel:{{ matrix_tuwunel_container_image_tag }}"
 matrix_tuwunel_container_image_tag: "{{ matrix_tuwunel_version }}"

roles/custom/matrix_playbook_migration/tasks/validate_config.yml

@@ -711,6 +711,18 @@
       The following variables in your configuration need to be renamed: {{ lookup('ansible.builtin.varnames', '^matrix_dynamic_dns_.+', wantlist=True) | join(', ') }}
   when: "lookup('ansible.builtin.varnames', '^matrix_dynamic_dns_.+', wantlist=True) | length > 0"
 
+- name: (Deprecation) Catch and report matrix-ldap-registration-proxy variables
+  ansible.builtin.fail:
+    msg: |-
+      matrix-ldap-registration-proxy was completely removed from the playbook in May 2026.
+
+      Please remove all `matrix_ldap_registration_proxy_*` variables from your configuration file (vars.yml).
+
+      You may also wish to uninstall the component manually. See `docs/configuring-playbook-matrix-ldap-registration-proxy.md` for more information.
+
+      The following variables in your configuration need to be removed: {{ lookup('ansible.builtin.varnames', '^matrix_ldap_registration_proxy_.+', wantlist=True) | join(', ') }}
+  when: "lookup('ansible.builtin.varnames', '^matrix_ldap_registration_proxy_.+', wantlist=True) | length > 0"
+
 - name: (Deprecation) Catch and report mautrix-facebook variables
   ansible.builtin.fail:
     msg: |-

setup.yml

@@ -114,7 +114,6 @@
     - custom/matrix-client-fluffychat
     - galaxy/jitsi
     - custom/matrix-user-verification-service
-    - custom/matrix-ldap-registration-proxy
     - galaxy/etherpad
     - custom/matrix-sygnal
     - galaxy/ntfy