chore(deps): update dock.mau.dev/mautrix/telegram docker tag to v0.2604.0

2026-05-02 10:12:22 +03:00 · 2026-04-18 21:13:33 +00:00
85 changed files with 3804 additions and 4345 deletions
@@ -1,26 +1,3 @@
-# 2026-04-24
-
-## Support for bridging to Meshtastic via meshtastic-matrix-relay
-
-Thanks to [luschmar](https://github.com/luschmar), the playbook now supports bridging to [Meshtastic](https://meshtastic.org/) mesh networks via [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) (mmrelay).
-
-To learn more, see our [Setting up a Matrix <-> Meshtastic bridge](./docs/configuring-playbook-bridge-meshtastic-relay.md) documentation page.
-
-## (BC Break) mautrix-telegram has been rewritten in Go (bridgev2)
-
-The [mautrix-telegram](./docs/configuring-playbook-bridge-mautrix-telegram.md) bridge has been [rewritten in Go](https://mau.fi/blog/2026-04-mautrix-release/) on top of the [bridgev2](https://docs.mau.fi/bridges/go/) architecture. See the [upstream v26.04 release notes](https://github.com/mautrix/telegram/releases/tag/v0.2604.0) for what changed in the bridge itself (shared-portal behavior, management-room state, new features, etc.).
-
-**Most users won't have to do anything.** If you use the playbook's integrated Postgres (the default) and haven't customized telegram-bridge variables beyond `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash`, just re-run the playbook; the bridge will migrate itself on first start. Taking a backup beforehand is still a good idea.
-
-⚠️ **SQLite users: do not upgrade yet.** Upstream v0.2604.0 has a [known bug in the legacy SQLite migration](https://github.com/mautrix/telegram/releases/tag/v0.2604.0) that can corrupt your data. The playbook detects this case and will refuse to proceed. Either switch to Postgres first (set `matrix_mautrix_telegram_database_engine: postgres`; the playbook handles the pgloader migration), or wait for the next upstream release.
-
-Playbook-specific things to know. The playbook will fail loudly if you're affected:
-
- Many `matrix_mautrix_telegram_*` variables have been **removed** (web-login endpoint, lottieconverter, username/alias/displayname templates, filter-mode, bot-token relaybot, Shared-Secret-Auth map). The deprecation check will tell you exactly what to rename or drop when you run the playbook.
- **Old-style relaybot users** (`matrix_mautrix_telegram_bot_token`): switch to the common [mautrix bridge relay mode](./docs/configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional) via `matrix_mautrix_telegram_bridge_relay_enabled: true`.
- **Shared-Secret-Auth double-puppeting users**: switch to [Appservice Double Puppet](./docs/configuring-playbook-appservice-double-puppet.md); the playbook wires it up automatically.
- **Custom `matrix_mautrix_telegram_bridge_permissions`**: map `relaybot` to `relay`, `puppeting` to `user`, `full` to `user`. Validated at playbook time.
-
 # 2026-04-03

 ## (BC Break) Synapse Admin (fork by etke.cc) is now Ketesa
@@ -132,7 +132,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
 | [matrix-wechat](https://github.com/duo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) | [Link](docs/configuring-playbook-bridge-wechat.md) |
 | [Heisenbridge](https://github.com/hifi/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
-| [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) | ❌ | Bridge to [Meshtastic](https://meshtastic.org/) mesh networks | [Link](docs/configuring-playbook-bridge-meshtastic-relay.md) |
 | [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
 | [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
 | [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |
@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2018 - 2026 Slavi Pantaleev
+SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2018 Hugues Morisset
 SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2021 Panagiotis Georgiadis
@@ -17,7 +17,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 The playbook can install and configure [mautrix-telegram](https://github.com/mautrix/telegram) for you.

-See the project's [documentation](https://docs.mau.fi/bridges/go/telegram/index.html) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://docs.mau.fi/bridges/python/telegram/index.html) to learn what it does and why it might be useful to you.

 ## Prerequisites

@@ -25,12 +25,18 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/telegram/index.

 To use the bridge, you'd need to obtain an API key from [https://my.telegram.org/apps](https://my.telegram.org/apps).

-### Enable Appservice Double Puppet (optional)
+### Enable Appservice Double Puppet or Shared Secret Auth (optional)

-If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
+If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.

 See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.

+**Notes**:
+
+- Double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future.
+
+- If you decided to enable Double Puppeting manually, send `login-matrix` to the bot in order to receive an instruction about how to send an access token to it.
+
 ## Adjusting the playbook configuration

 To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `YOUR_TELEGRAM_APP_ID` and `YOUR_TELEGRAM_API_HASH`.
@@ -43,16 +49,37 @@ matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH

 ### Relaying

-This bridge supports the common [mautrix bridge relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional). Once enabled, any authenticated user can be turned into a relaybot for a chat by sending `!tg set-relay` in that chat.
+### Enable relay-bot (optional)
+
+If you want to use the relay-bot feature ([relay bot documentation](https://docs.mau.fi/bridges/python/telegram/relay-bot.html)), which allows anonymous user to chat with telegram users, add the following configuration to your `vars.yml` file:
+
+```yaml
+matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN
+matrix_mautrix_telegram_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '*': relaybot
+```

 ### Configure a user as an administrator of the bridge (optional)

 You might also want to give permissions to a user to administrate the bot. See [this section](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional) on the common guide for details about it.

+More details about permissions in this example: https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410
+
+### Use the bridge for direct chats only (optional)
+
+If you want to exclude all groups from syncing and use the Telegram-Bridge only for direct chats, add the following configuration to your `vars.yml` file:
+
+```yaml
+matrix_mautrix_telegram_filter_mode: whitelist
+```
+
 ### Extending the configuration

 There are some additional things you may wish to configure about the bridge.

+<!-- NOTE: common relay mode is not supported for this bridge -->
 See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.

 ## Installing
@@ -72,9 +99,9 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju

 To use the bridge, you need to start a chat with `@telegrambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).

-You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/telegram/authentication.html).
+You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/telegram/authentication.html).

-After logging in, the bridge will create portal rooms for all of your Telegram groups and invite you to them.
+After logging in, the bridge will create portal rooms for all of your Telegram groups and invite you to them. Note that the bridge won't automatically create rooms for private chats.

 ## Troubleshooting

@@ -82,9 +109,8 @@ As with all other services, you can find the logs in [systemd-journald](https://

 ### Increase logging verbosity

-The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
+The default logging level for this component is `WARNING`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:

 ```yaml
-# Valid values: fatal, error, warn, info, debug, trace
-matrix_mautrix_telegram_logging_level: debug
+matrix_mautrix_telegram_logging_level: DEBUG
 ```
@@ -1,95 +0,0 @@
-<!--
-SPDX-FileCopyrightText: 2025 - 2026 luschmar
-SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-->
-
-# Setting up a Matrix <-> Meshtastic bridge (optional)
-
-The playbook can install and configure [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) (sometimes referred to as `mmrelay`) for you — a bridge between [Matrix](https://matrix.org/) and [Meshtastic](https://meshtastic.org/) mesh networks.
-
-See the [project's documentation](https://github.com/jeremiah-k/meshtastic-matrix-relay) to learn what it does and why it might be useful to you.
-
-## Prerequisites
-
-You need a Matrix account for the bot. You can either [register the bot account manually](registering-users.md) or let the playbook create it when running `ansible-playbook … --tags=ensure-matrix-users-created`. Either way, you'll need the account's **password** to configure the bridge — unlike most other bridges in this playbook, `mmrelay` authenticates with a password and creates its own session (optionally with End-to-End Encryption material).
-
-You also need access to a Meshtastic device, connected to the server via one of:
-
- **TCP**: the device is reachable on the network (e.g. a Meshtastic node running the TCP API),
- **Serial**: the device is plugged in via USB and available on the host (e.g. `/dev/ttyUSB0`),
- **BLE**: the device is reachable via Bluetooth Low Energy from the host.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_meshtastic_relay_enabled: true
-
-# Password for the bot's Matrix account.
-# On first startup, the bridge uses this to log in and persist credentials
-# (including End-to-End Encryption material) under its data directory.
-# After that, the password can be removed from this variable.
-matrix_meshtastic_relay_matrix_bot_password: "PASSWORD_FOR_THE_BOT"
-
-# How the bridge connects to your Meshtastic device.
-# One of: tcp, serial, ble
-matrix_meshtastic_relay_connection_type: tcp
-
-# For connection_type: tcp
-matrix_meshtastic_relay_tcp_host: "meshtastic.local"
-
-# For connection_type: serial
-# matrix_meshtastic_relay_serial_port: "/dev/ttyUSB0"
-
-# For connection_type: ble
-# matrix_meshtastic_relay_ble_address: "AA:BB:CC:DD:EE:FF"
-
-# Matrix rooms to bridge to Meshtastic channels.
-matrix_meshtastic_relay_matrix_rooms_list:
-  - id: "#meshtastic:{{ matrix_domain }}"
-    meshtastic_channel: "0"
-```
-
-By default, the bot's Matrix ID is `@meshtasticbot:{{ matrix_domain }}`. To change it, adjust `matrix_meshtastic_relay_matrix_bot_user_id`.
-
-### Bluetooth (BLE) connections
-
-When `matrix_meshtastic_relay_connection_type` is `ble`, the container runs with `--network=host` and bind-mounts the host's DBus socket — both are required for Bluetooth pairing/communication. Only use this connection type if you trust the playbook-managed host and are comfortable with these privileges.
-
-### Serial connections
-
-When `matrix_meshtastic_relay_connection_type` is `serial`, the host device referenced by `matrix_meshtastic_relay_serial_port` is passed through to the container. Make sure that `matrix_user_uid` / `matrix_user_gid` have read/write access to that device (e.g. by adding the matrix user to the `dialout` group, or adjusting udev rules).
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-Take a look at:
-
- `roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override individual `matrix_meshtastic_relay_*` variables, or make finer-grained adjustments via `matrix_meshtastic_relay_configuration_extension_yaml`.
-
-## Installing
-
-After configuring the playbook, run the playbook with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
-```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`.
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-Invite the bot to the Matrix rooms listed in `matrix_meshtastic_relay_matrix_rooms_list` and it will relay between Matrix and the corresponding Meshtastic channel. Messages sent on Meshtastic will appear in Matrix and vice versa.
-
-See the [project's wiki](https://github.com/jeremiah-k/meshtastic-matrix-relay/wiki) for details about commands, plugins and advanced usage.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-meshtastic-relay`.
@@ -24,14 +24,14 @@ matrix_synapse_federation_domain_whitelist:

 If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).

-## Controlling exposure of the room directory over federation
+## Exposing the room directory over federation

-By default, your server's public rooms directory is exposed to other servers via federation, so that public rooms hosted on your server can be discovered by users on other servers. This goes against the Synapse upstream default (which is `false`); see the [2023-10-23 changelog entry](../CHANGELOG.md#enabling-allow_public_rooms_over_federation-by-default-for-synapse) for the reasoning behind this choice.
+By default, your server's public rooms directory is not exposed to other servers via federation.

-To prevent your public rooms directory from being exposed over federation (restoring the Synapse upstream default), add the following configuration to your `vars.yml` file:
+To expose it, add the following configuration to your `vars.yml` file:

 ```yaml
-matrix_synapse_allow_public_rooms_over_federation: false
+matrix_synapse_allow_public_rooms_over_federation: true
 ```

 ## Disabling federation
@@ -38,12 +38,6 @@ matrix_rtc_enabled: true

 In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section.

-## Fronting the integrated reverse-proxy with another reverse-proxy
-
-If you're [fronting the integrated reverse-proxy webserver with another reverse-proxy](configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) (e.g. nginx), it needs to forward WebSocket traffic for [LiveKit Server](configuring-playbook-livekit-server.md) at the `/livekit-server/` path. Without that, Matrix RTC calls will not work.
-
-See [`examples/reverse-proxies/nginx/matrix.conf`](../examples/reverse-proxies/nginx/matrix.conf) for an nginx example.
-
 ## Installing

 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
@@ -182,8 +182,6 @@ Bridges can be used to connect your Matrix installation with third-party communi

 - [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md)

- [Setting up a Matrix <-> Meshtastic bridge](configuring-playbook-bridge-meshtastic-relay.md)
-
 - [Setting up WeChat bridging](configuring-playbook-bridge-wechat.md)

 ### Bots
@@ -19,7 +19,7 @@ services:
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      # - ./site:/var/www
-      # Other configurations …
+    # Other configurations …

 networks:
  # add this as well
@@ -22,27 +22,6 @@ server {
    # if you use e.g. Etherpad on etherpad.example.com, add etherpad.example.com to the server_name list
    server_name example.com matrix.example.com element.example.com;

-    # Required for Matrix RTC (WebSocket proxying to LiveKit Server).
-    # See: ../../../docs/configuring-playbook-matrix-rtc.md#fronting-the-integrated-reverse-proxy-with-another-reverse-proxy
-    location /livekit-server/ {
-        proxy_pass http://localhost:81/livekit-server/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-
-        # Long timeouts for persistent WebSocket connections
-        proxy_read_timeout 86400s;
-        proxy_send_timeout 86400s;
-        proxy_buffering off;
-
-        access_log /var/log/nginx/matrix.access.log;
-        error_log /var/log/nginx/matrix.error.log;
-    }
-
    location / {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise, nginx will canonicalise the URI and cause signature verification
@@ -2,7 +2,7 @@
 # This variable acknowledges that you've reviewed breaking changes up to this version.
 # The playbook will fail if this is outdated, guiding you through what changed.
 # See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
-matrix_playbook_migration_validated_version: v2026.04.24.0
+matrix_playbook_migration_validated_version: v2026.04.03.0

 # The bare domain name which represents your Matrix identity.
 # Matrix user IDs for your server will be of the form (`@alice:example.com`).
@@ -429,13 +429,6 @@ devture_systemd_service_manager_services_list_auto: |
      'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot'],
    }] if matrix_hookshot_enabled else [])
    +
-    ([{
-      'name': 'matrix-meshtastic-relay.service',
-      'priority': 2000,
-      'restart_necessary': (matrix_meshtastic_relay_restart_necessary | bool),
-      'groups': ['matrix', 'bridges', 'meshtastic-relay'],
-    }] if matrix_meshtastic_relay_enabled else [])
-    +
    ([{
      'name': 'matrix-mautrix-bluesky.service',
      'priority': 2000,
@@ -1124,7 +1117,7 @@ matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled
 matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}"
 matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}"

-matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled or matrix_ketesa_enabled }}"
+matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled }}"

 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"

@@ -1943,6 +1936,9 @@ matrix_mautrix_meta_instagram_database_password: "{{ ((matrix_homeserver_generic
 # We don't enable bridges by default.
 matrix_mautrix_telegram_enabled: false

+matrix_mautrix_telegram_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_mautrix_telegram_path_prefix: "/{{ (matrix_homeserver_generic_secret_key + ':telegram') | hash('sha512') | to_uuid }}"
+
 matrix_mautrix_telegram_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
@@ -1950,9 +1946,16 @@ matrix_mautrix_telegram_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else [])
  }}

+matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default }}"
+
 matrix_mautrix_telegram_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_container_image_registry_prefix_upstream_default }}"

+# Images are multi-arch (amd64 and arm64, but not arm32).
 matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+matrix_mautrix_telegram_lottieconverter_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
+
+matrix_mautrix_telegram_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9006') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

 matrix_mautrix_telegram_container_network: "{{ matrix_addons_container_network }}"

@@ -1983,15 +1986,17 @@ matrix_mautrix_telegram_homeserver_token: "{{ (matrix_homeserver_generic_secret_

 matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"

-matrix_mautrix_telegram_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.telegram.prov') | hash('sha512') | to_uuid }}"
-
-matrix_mautrix_telegram_double_puppet_secrets_auto: |-
+matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
  {{
-    {
+    ({
      matrix_mautrix_telegram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    }
+    })
    if matrix_appservice_double_puppet_enabled
-    else {}
+    else (
+      {matrix_mautrix_telegram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
+      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
+      else {}
+    )
  }}

 matrix_mautrix_telegram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
@@ -2496,39 +2501,6 @@ matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
 #
 ######################################################################

-######################################################################
-#
-# matrix-bridge-meshtastic-relay
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_meshtastic_relay_enabled: false
-
-matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"
-
-matrix_meshtastic_relay_matrix_host: "{{ matrix_domain }}"
-
-matrix_meshtastic_relay_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
-
-matrix_meshtastic_relay_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_meshtastic_relay_systemd_required_services_list_auto: |
-  {{
-    matrix_addons_homeserver_systemd_services_list
-  }}
-
-matrix_meshtastic_relay_container_additional_networks_auto: |
-  {{
-    ([] if matrix_addons_homeserver_container_network == '' or matrix_addons_homeserver_container_network == matrix_meshtastic_relay_container_network else [matrix_addons_homeserver_container_network])
-  }}
-
-######################################################################
-#
-# /matrix-bridge-meshtastic-relay
-#
-######################################################################
-
 ######################################################################
 #
 # matrix-bridge-mx-puppet-steam
@@ -3709,7 +3681,7 @@ ddclient_uid: "{{ matrix_user_uid }}"
 ddclient_gid: "{{ matrix_user_gid }}"

 ddclient_container_image_registry_prefix: "{{ 'localhost/' if ddclient_container_image_self_build else ddclient_container_image_registry_prefix_upstream }}"
-ddclient_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ddclient_container_image_registry_prefix_upstream_default }}"
+ddclient_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ddclient_docker_image_registry_prefix_upstream_default }}"

 ddclient_web: "https://cloudflare.com/cdn-cgi/trace"

@@ -5160,7 +5132,7 @@ matrix_ketesa_config_asManagedUsers_auto: |
    +
    ([
      '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
-      '^@telegram_(channel-)?[0-9]+:'+(matrix_domain | regex_escape)+'$',
+      '^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_telegram_enabled else [])
    +
    ([
@@ -1,10 +1,10 @@
 alabaster==1.0.0
 babel==2.18.0
-certifi==2026.4.22
+certifi==2026.2.25
 charset-normalizer==3.4.7
-click==8.3.3
+click==8.3.2
 docutils==0.22.4
-idna==3.13
+idna==3.11
 imagesize==2.0.0
 Jinja2==3.1.6
 linkify-it-py==2.1.0
@@ -13,7 +13,7 @@ MarkupSafe==3.0.3
 mdit-py-plugins==0.5.0
 mdurl==0.1.2
 myst-parser==5.0.0
-packaging==26.2
+packaging==26.1
 Pygments==2.20.0
 PyYAML==6.0.3
 requests==2.33.1
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,22 +16,242 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:12
+msgid "Setting up Appservice Slack bridging (optional)"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:14
+msgid "**Notes**:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:15
+msgid "Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:16
+msgid "Currently (as of November, 2024) **this component is not available for new installation unless you have already created a classic Slack application** (which the bridge makes use of in order to enable bridging between Slack and Matrix), because the creation of classic Slack applications has been discontinued since June 4 2024. The author of the bridge claims [here](https://github.com/matrix-org/matrix-appservice-slack/issues/789#issuecomment-2172947787) that he plans to support the modern Slack application and until then \"the best (and only) option for new installations is to use the webhook bridging\"."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:18
+msgid "The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:20
+msgid "See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you."
+msgstr ""
+
 #: ../../../docs/configuring-playbook-bridge-appservice-slack.md:22
-msgid "Setting up Appservice Slack bridging (optional, removed)"
+msgid "Prerequisites"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-appservice-slack.md:24
-msgid "🪦 The playbook used to be able to install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack), but no longer includes this component, as it had been unavailable for new installation since 2024, and was finally abandoned because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026."
+msgid "Create a Classic Slack App"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-appservice-slack.md:26
-msgid "**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook."
+msgid "First, you need to create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1)."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-appservice-slack.md:28
-msgid "Uninstalling the component manually"
+msgid "Name the app \"matrixbot\" (or anything else you'll remember). Select the team/workspace this app will belong to. Click on bot users and add a new bot user. We will use this account to bridge the the rooms."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-appservice-slack.md:30
-msgid "If you still have matrix-appservice-slack installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:"
+msgid "Then, click on Event Subscriptions and enable them and use the request url: `https://matrix.example.com/appservice-slack`."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:32
+msgid "Add the following events as `Bot User Events` and save:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:34
+msgid "team_domain_change"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:35
+msgid "message.channels"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:36
+msgid "message.groups (if you want to bridge private channels)"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:37
+msgid "reaction_added"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:38
+msgid "reaction_removed"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:40
+msgid "Next, click on \"OAuth & Permissions\" and add the following scopes:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:42
+msgid "chat:write:bot"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:43
+msgid "users:read"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:44
+msgid "reactions:write"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:45
+msgid "files:write:user (if you want to bridge files)"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:47
+msgid "**Note**: In order to make Slack files visible to Matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:49
+msgid "Click on \"Install App\" and \"Install App to Workspace\". Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:51
+msgid "Create an administration control room on Matrix"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:53
+msgid "Create a new Matrix room to act as the administration control room."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:55
+msgid "Note its internal room ID. This can be done in Element Web by sending a message, opening the options for that message and choosing \"view source\". The room ID will be displayed near the top."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:57
+msgid "Adjusting the playbook configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:59
+msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:75
+msgid "Extending the configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:77
+msgid "There are some additional things you may wish to configure about the bridge."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:79
+msgid "Take a look at:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:81
+msgid "`roles/custom/matrix-bridge-appservice-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:82
+msgid "`roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_slack_configuration_extension_yaml` variable"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:84
+msgid "For example, to change the bot's username from `slackbot`, add the following configuration to your `vars.yml` file. Replace `examplebot` with your own."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:91
+msgid "Installing"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:93
+msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:100
+msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:102
+msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:104
+msgid "Usage"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:106
+msgid "To use the bridge, you need to send `/invite @slackbot:example.com` to invite the bridge bot user into the admin room."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:108
+msgid "If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:110
+msgid "Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID — it will look something like `!qporfwt:example.com`."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:111
+msgid "Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for Slack and `/invite @slackbot:example.com` for Matrix."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:112
+msgid "Determine the \"channel ID\" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel ID>/details/`."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:113
+msgid "Issue a link command in the administration control room with these collected values as arguments:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:115
+msgid "with file bridging:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:121
+msgid "without file bridging:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:127
+msgid "These arguments can be shortened to single-letter forms:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:133
+msgid "Unlinking"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:135
+msgid "Channels can be unlinked again by sending this:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:141
+msgid "Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged Matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:143
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:145
+msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-appservice-slack`."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:147
+msgid "Linking: \"Room is now pending-name\""
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:149
+msgid "This typically means that you haven't used the correct Slack channel ID. Unlink the room and recheck 'Determine the \"channel ID\"' from above."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:151
+msgid "Messages work from Matrix to Slack, but not the other way around"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:153
+msgid "Check the logs, and if you find the message like below, unlink your room, reinvite the bot and re-link it again."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:155
+msgid "`WARN SlackEventHandler Ignoring message from unrecognised Slack channel ID : %s (%s) <the channel ID> <some other ID>`"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:157
+msgid "This may particularly hit you, if you tried to unsuccessfully link your room multiple times without unlinking it after each failed attempt."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,146 +28,130 @@ msgstr ""
 msgid "**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook."
 msgstr ""

+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:18
+msgid "For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing."
+msgstr ""
+
 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:19
-msgid "The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you."
+msgid "For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:21
-msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you."
+msgid "The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:23
-msgid "Prerequisites"
+msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:25
-msgid "There are 3 ways to login to discord using this bridge, either by [scanning a QR code](https://docs.mau.fi/bridges/go/discord/authentication.html#qr-login) using the Discord mobile app, by using a [Discord token](https://docs.mau.fi/bridges/go/discord/authentication.html#token-login), **or** by using a [Discord bot token](https://docs.mau.fi/bridges/go/discord/authentication.html#bot-token-login)."
+msgid "Prerequisites"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:27
-msgid "⚠️ QR code login is considered a self-bot and is forbidden by Discord. It can result in an account termination. See the [Discord policy](https://support.discord.com/hc/en-us/articles/115002192352-Automated-User-Accounts-Self-Bots)."
+msgid "There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended)."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:29
-msgid "Enable Appservice Double Puppet or Shared Secret Auth (optional)"
+msgid "If this is a dealbreaker for you, consider using [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). This comes with its own complexity and limitations, however, so we recommend that you proceed with this one if possible."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:31
-msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook."
+msgid "Enable Appservice Double Puppet or Shared Secret Auth (optional)"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:33
-msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
+msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:35
-msgid "**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future."
+msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:37
-msgid "Adjusting the playbook configuration"
+msgid "**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:39
+msgid "Adjusting the playbook configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:41
 msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:45
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:47
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:47
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:49
 msgid "There are some additional things you may wish to configure about the bridge."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:50
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:52
 msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:52
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:54
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:54
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:56
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:61
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:63
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:63
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:65
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:65
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:67
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:67
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:69
 msgid "To use the bridge, you need to start a chat with `@discordbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:69
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:71
 msgid "You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/discord/authentication.html)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:71
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:73
 msgid "After logging in, the bridge will create portal rooms for some recent direct messages."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:73
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:75
 msgid "Bridge guilds"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:75
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:77
 msgid "If you'd like to bridge guilds, send `guilds status` to see the list of guilds, then send `guilds bridge GUILD_ID_HERE` for each guild that you'd like bridged. Make sure to replace `GUILD_ID_HERE` with the guild's ID."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:77
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:79
 msgid "After bridging, spaces will be created automatically, and rooms will be created if necessary when messages are received. You can also pass `--entire` to the bridge command to immediately create all rooms."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:79
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:81
 msgid "If you want to manually bridge channels, invite the bot to the room you want to bridge, and run `!discord bridge CHANNEL_ID_HERE` to bridge the room. Make sure to replace `CHANNEL_ID_HERE` with the channel's ID."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:81
-msgid "Enable relay"
-msgstr ""
-
 #: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:83
-msgid "The bridge supports using Discord's webhook feature to relay messages from Matrix users who haven't logged into the bridge."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:85
-msgid "In a room that has already been bridged, run `!discord set-relay --create`. The bridge will then create a webhook in the bridged discord channel and begin relaying messages. If the discord user does not have access to manage webhooks, run `!discord set-relay --url <url>` with the url of an already created webhook. (See Discords [Intro to webhooks](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks))"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:87
-msgid "More information on relaying is available on the [official documentation](https://docs.mau.fi/bridges/go/discord/relay.html)."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:89
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:91
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:85
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-discord`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:93
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:87
 msgid "Increase logging verbosity"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:95
+#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:89
 msgid "The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
 msgstr ""
-
-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:102
-msgid "Command requires room admin rights when user is creator"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:104
-msgid "[MSC4289](https://github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/4289-privilege-creators.md), introduced in [room version 12](https://spec.matrix.org/unstable/rooms/v12/), gives creators an infinitley high powerlevel. At the time of implementation, mautrix-discord and similar applications may not identify creators as or above admins. Either a separate admin user will need to manage the bridge or the room version should be less than version 12."
-msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,105 +25,117 @@ msgid "<sup>Refer the common guide for configuring mautrix bridges: [Setting up
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:14
-msgid "The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you."
+msgid "**Note**: bridging to [Slack](https://slack.com/) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:15
+msgid "For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. Note that it is not available for new installation unless you have already created a classic Slack application, because the creation of classic Slack applications, which this bridge makes use of, has been discontinued."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:16
-msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you."
+msgid "For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:18
-msgid "See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information."
+msgid "The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:20
-msgid "Prerequisites"
+msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:22
-msgid "For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html)."
+msgid "See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:24
-msgid "Note that neither of these methods are officially supported by Slack."
+msgid "Prerequisites"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:26
-msgid "Enable Appservice Double Puppet (optional)"
+msgid "For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html)."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:28
-msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook."
+msgid "Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:30
-msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
+msgid "Enable Appservice Double Puppet (optional)"
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:32
-msgid "Adjusting the playbook configuration"
+msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook."
 msgstr ""

 #: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:34
+msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:36
+msgid "Adjusting the playbook configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:38
 msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:40
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:44
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:42
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:46
 msgid "There are some additional things you may wish to configure about the bridge."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:44
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:48
 msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:46
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:50
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:48
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:52
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:55
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:59
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:57
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:61
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:59
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:63
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:61
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:65
 msgid "To use the bridge, you need to start a chat with `@slackbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:63
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:67
 msgid "You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/slack/authentication.html)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:65
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:69
 msgid "If you authenticated using a token, the recent chats will be bridged automatically (depending on the `conversation_count` setting). Otherwise (i.e. logging with the Discord application), the chats the bot is in will be bridged automatically."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:67
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:71
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:69
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:73
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-slack`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:71
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:75
 msgid "Increase logging verbosity"
 msgstr ""

-#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:73
+#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:77
 msgid "The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
 msgstr ""
@@ -1,113 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
-# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: matrix-docker-ansible-deploy \n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: ../../../docs/configuring-playbook-client-sable.md:9
-msgid "Setting up Sable (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:11
-msgid "The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:13
-msgid "Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:15
-msgid "Adjusting DNS records"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:17
-msgid "By default, this playbook installs Sable on the `sable.` subdomain (`sable.example.com`) and requires you to create a CNAME record for `sable`, which targets `matrix.example.com`."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:19
-msgid "When setting, replace `example.com` with your own."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:21
-msgid "Adjusting the playbook configuration"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:23
-msgid "To enable Sable, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:29
-msgid "Adjusting the Sable URL (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:31
-msgid "By tweaking the `sable_hostname` variable, you can easily make the service available at a **different hostname** than the default one."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:33
-msgid "Example additional configuration for your `vars.yml` file:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:43
-msgid "After changing the domain, **you may need to adjust your DNS** records to point the Sable domain to the Matrix server."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:45
-msgid "**Note**: while there is a `sable_path_prefix` variable for changing the path where Sable is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Sable requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Sable at a dedicated subdomain."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:47
-msgid "Extending the configuration"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:49
-msgid "There are some additional things you may wish to configure about the component."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:51
-msgid "Take a look at:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:53
-msgid "`roles/galaxy/sable/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:54
-msgid "`roles/galaxy/sable/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `sable_configuration_extension_json` variable"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:56
-msgid "Installing"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:58
-msgid "After configuring the playbook and [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:65
-msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:67
-msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:69
-msgid "Troubleshooting"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-client-sable.md:71
-msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-sable`."
-msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,69 +93,69 @@ msgid "Unlike other homeserver implementations (like Synapse and Dendrite), cont
 msgstr ""

 #: ../../../docs/configuring-playbook-continuwuity.md:61
-msgid "On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:"
+msgid "If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:68
-msgid "Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
+#: ../../../docs/configuring-playbook-continuwuity.md:63
+msgid "This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:70
+#: ../../../docs/configuring-playbook-continuwuity.md:65
 msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:73
+#: ../../../docs/configuring-playbook-continuwuity.md:68
 msgid "Configuring bridges / appservices"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:75
+#: ../../../docs/configuring-playbook-continuwuity.md:70
 msgid "For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:77
+#: ../../../docs/configuring-playbook-continuwuity.md:72
 msgid "For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:79
+#: ../../../docs/configuring-playbook-continuwuity.md:74
 msgid "The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. Your first user account would already have been invited to an admin room with this bot."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:82
+#: ../../../docs/configuring-playbook-continuwuity.md:77
 msgid "Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:84
+#: ../../../docs/configuring-playbook-continuwuity.md:79
 msgid "Then, send its content to the existing admin room:"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:108
+#: ../../../docs/configuring-playbook-continuwuity.md:103
 msgid "Migrating from conduwuit"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:110
+#: ../../../docs/configuring-playbook-continuwuity.md:105
 msgid "Since Continuwuity is a drop-in replacement for [conduwuit](configuring-playbook-conduwuit.md), migration is possible."
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:112
+#: ../../../docs/configuring-playbook-continuwuity.md:107
 msgid "Make sure that Continuwuity is properly set up on your `vars.yml` as described above"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:114
+#: ../../../docs/configuring-playbook-continuwuity.md:109
 msgid "Make sure that Conduwuit references are removed from your `vars.yml` file"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:116
+#: ../../../docs/configuring-playbook-continuwuity.md:111
 msgid "Run the installation in a way that installs new services and uninstalls old ones (e.g. `just setup-all`)"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:118
+#: ../../../docs/configuring-playbook-continuwuity.md:113
 msgid "Run the playbook with the `continuwuity-migrate-from-conduwuit` tag (e.g. `just run-tags continuwuity-migrate-from-conduwuit`). This migrates data from `/matrix/conduwuit` to `/matrix/continuwuity`"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:120
+#: ../../../docs/configuring-playbook-continuwuity.md:115
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-continuwuity.md:122
+#: ../../../docs/configuring-playbook-continuwuity.md:117
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-continuwuity`."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -41,109 +41,89 @@ msgid "📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if
 msgstr ""

 #: ../../../docs/configuring-playbook-email.md:20
-msgid "Why use exim-relay?"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-email.md:22
-msgid "**Benefits of using exim-relay** instead of configuring SMTP directly in each service:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-email.md:24
-msgid "**Final delivery capability**: Can deliver emails directly if you don't have an SMTP server"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-email.md:26
-msgid "**Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-email.md:28
-msgid "**Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-email.md:30
 msgid "Firewall settings"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:32
+#: ../../../docs/configuring-playbook-email.md:22
 msgid "No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration)."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:34
+#: ../../../docs/configuring-playbook-email.md:24
 msgid "Docker automatically opens these ports in the server's firewall, so you likely don't need to do anything. If you use another firewall in front of the server, you may need to adjust it."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:36
+#: ../../../docs/configuring-playbook-email.md:26
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:38
+#: ../../../docs/configuring-playbook-email.md:28
 msgid "Enable DKIM authentication to improve deliverability (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:40
+#: ../../../docs/configuring-playbook-email.md:30
 msgid "By default, exim-relay attempts to deliver emails directly. This may or may not work, depending on your domain configuration."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:42
+#: ../../../docs/configuring-playbook-email.md:32
 msgid "To improve email deliverability, you can configure authentication methods such as DKIM (DomainKeys Identified Mail), SPF, and DMARC for your domain. Without setting any of these authentication methods, your outgoing email is most likely to be quarantined as spam at recipient's mail servers."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:44
+#: ../../../docs/configuring-playbook-email.md:34
 msgid "For details about configuring DKIM, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#enable-dkim-support-optional) on the role's documentation."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:46
+#: ../../../docs/configuring-playbook-email.md:36
 msgid "💡 If you cannot enable DKIM, SPF, or DMARC on your domain for some reason, we recommend relaying email through another SMTP server."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:48
+#: ../../../docs/configuring-playbook-email.md:38
 msgid "Relaying email through another SMTP server (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:50
+#: ../../../docs/configuring-playbook-email.md:40
 msgid "**On some cloud providers such as Google Cloud, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so sending email directly from your server is not possible.** In this case, you will need to relay email through another SMTP server."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:52
+#: ../../../docs/configuring-playbook-email.md:42
 msgid "For details about configuration, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#relaying-email-through-another-smtp-server) on the role's document."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:54
+#: ../../../docs/configuring-playbook-email.md:44
 msgid "Disable mail service (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:56
+#: ../../../docs/configuring-playbook-email.md:46
 msgid "For a low-power server you might probably want to disable exim-relay. To do so, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:62
+#: ../../../docs/configuring-playbook-email.md:52
 msgid "Note that disabling exim-relay will stop email-notifications and other similar functions from working."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:64
+#: ../../../docs/configuring-playbook-email.md:54
 msgid "See [this entry on the FAQ](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server) for other possible optimizations for a low-power server."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:66
+#: ../../../docs/configuring-playbook-email.md:56
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:68
+#: ../../../docs/configuring-playbook-email.md:58
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:75
+#: ../../../docs/configuring-playbook-email.md:65
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:77
+#: ../../../docs/configuring-playbook-email.md:67
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:79
+#: ../../../docs/configuring-playbook-email.md:69
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-email.md:81
+#: ../../../docs/configuring-playbook-email.md:71
 msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#troubleshooting) on the role's documentation for details."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,153 +25,149 @@ msgid "The playbook can install and configure the [Jitsi](https://jitsi.org/) vi
 msgstr ""

 #: ../../../docs/configuring-playbook-jitsi.md:21
-msgid "Because Jitsi still requires a TURN server, enabling Jitsi automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-jitsi.md:24
 msgid "Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:26
+#: ../../../docs/configuring-playbook-jitsi.md:23
 msgid "💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:28
+#: ../../../docs/configuring-playbook-jitsi.md:25
 msgid "The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via:"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:29
+#: ../../../docs/configuring-playbook-jitsi.md:26
 msgid "🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:30
+#: ../../../docs/configuring-playbook-jitsi.md:27
 msgid "📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:32
+#: ../../../docs/configuring-playbook-jitsi.md:29
 msgid "Prerequisites"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:34
+#: ../../../docs/configuring-playbook-jitsi.md:31
 msgid "Before proceeding, make sure to check server's requirements recommended by [the official deployment guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-requirements)."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:36
+#: ../../../docs/configuring-playbook-jitsi.md:33
 msgid "You may need to open some ports to your server, if you use another firewall in front of the server. Refer [the role's documentation](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#prerequisites) to check which ones to be configured."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:38
+#: ../../../docs/configuring-playbook-jitsi.md:35
 msgid "Adjusting DNS records"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:40
+#: ../../../docs/configuring-playbook-jitsi.md:37
 msgid "By default, this playbook installs Jitsi on the `jitsi.` subdomain (`jitsi.example.com`) and requires you to create a CNAME record for `jitsi`, which targets `matrix.example.com`."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:42
+#: ../../../docs/configuring-playbook-jitsi.md:39
 msgid "When setting, replace `example.com` with your own."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:44
+#: ../../../docs/configuring-playbook-jitsi.md:41
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:46
+#: ../../../docs/configuring-playbook-jitsi.md:43
 msgid "To enable Jitsi, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:64
+#: ../../../docs/configuring-playbook-jitsi.md:61
 msgid "As the most of the necessary settings for the role have been taken care of by the playbook, you can enable Jitsi on your Matrix server with this minimum configuration."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:66
+#: ../../../docs/configuring-playbook-jitsi.md:63
 msgid "However, **since Jitsi's performance heavily depends on server resource (bandwidth, RAM, and CPU), it is recommended to review settings and optimize them as necessary before deployment.** You can check [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#example-configurations) for an example set of configurations to set up a Jitsi instance, focusing on performance. If you will host a large conference, you probably might also want to consider to provision additional JVBs ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)). See [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#set-up-additional-jvbs-for-more-video-conferences-optional) for details about setting them up with the playbook."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:68
+#: ../../../docs/configuring-playbook-jitsi.md:65
 msgid "See the role's documentation for details about configuring Jitsi per your preference (such as setting [a custom hostname](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#set-the-hostname) and [the environment variable for running Jitsi in a LAN](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jvb_advertise_ips-for-running-behind-nat-or-on-a-lan-environment-optional))."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:70
+#: ../../../docs/configuring-playbook-jitsi.md:67
 msgid "Enable authentication and guests mode (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:72
+#: ../../../docs/configuring-playbook-jitsi.md:69
 msgid "By default the Jitsi Meet instance **does not require for anyone to log in, and is open to use without an account**."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:74
+#: ../../../docs/configuring-playbook-jitsi.md:71
 msgid "If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:76
+#: ../../../docs/configuring-playbook-jitsi.md:73
 msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:78
+#: ../../../docs/configuring-playbook-jitsi.md:75
 msgid "Enable Gravatar (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:80
+#: ../../../docs/configuring-playbook-jitsi.md:77
 msgid "In the default Jisti Meet configuration, `gravatar.com` is enabled as an avatar service."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:82
+#: ../../../docs/configuring-playbook-jitsi.md:79
 msgid "Since the Element clients send the URL of configured Matrix avatars to the Jitsi instance, our configuration has disabled the Gravatar service."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:84
+#: ../../../docs/configuring-playbook-jitsi.md:81
 msgid "To enable the Gravatar service nevertheless, add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:90
+#: ../../../docs/configuring-playbook-jitsi.md:87
 msgid "[!WARNING] This will result in third party request leaking data to the Gravatar Service (`gravatar.com`, unless configured otherwise). Besides metadata, the Matrix user_id and possibly the room ID (via `referrer` header) will be also sent to the third party."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:93
+#: ../../../docs/configuring-playbook-jitsi.md:90
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:95
+#: ../../../docs/configuring-playbook-jitsi.md:92
 msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:102
+#: ../../../docs/configuring-playbook-jitsi.md:99
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:104
+#: ../../../docs/configuring-playbook-jitsi.md:101
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:106
+#: ../../../docs/configuring-playbook-jitsi.md:103
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:108
+#: ../../../docs/configuring-playbook-jitsi.md:105
 msgid "You can use the self-hosted Jitsi server in multiple ways:"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:110
+#: ../../../docs/configuring-playbook-jitsi.md:107
 msgid "**by adding a widget to a room via Element Web** (the one configured by the playbook at `https://element.example.com`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:112
+#: ../../../docs/configuring-playbook-jitsi.md:109
 msgid "**directly (without any Matrix integration)**. Just go to `https://jitsi.example.com`, and you can start a videoconference."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:114
+#: ../../../docs/configuring-playbook-jitsi.md:111
 msgid "Note that you'll need to log in to your Jitsi's account to start a conference if you have configured authentication with `internal` auth."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:116
+#: ../../../docs/configuring-playbook-jitsi.md:113
 msgid "Check [the official user guide](https://jitsi.github.io/handbook/docs/category/user-guide) for details about how to use Jitsi."
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:118
+#: ../../../docs/configuring-playbook-jitsi.md:115
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-jitsi.md:120
+#: ../../../docs/configuring-playbook-jitsi.md:117
 msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#troubleshooting) on the role's documentation for details."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-04-03 12:02+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,7 +25,7 @@ msgid "The playbook can install and configure [Ketesa](https://github.com/etkecc
 msgstr ""

 #: ../../../docs/configuring-playbook-ketesa.md:18
-msgid "Ketesa is a fully-featured admin interface for Matrix homeservers — manage users, rooms, media, sessions, and more from one clean, responsive web UI. It is the evolution of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin): what began as a fork has grown into its own independent project with a redesigned interface, comprehensive Synapse and MAS API coverage, and multi-language support. See the [Ketesa v1.0.0 announcement](https://etke.cc/blog/introducing-ketesa/) for a full overview of what's new."
+msgid "Ketesa is a fully-featured admin interface for Matrix homeservers — manage users, rooms, media, sessions, and more from one clean, responsive web UI. It is the evolution of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin): what began as a fork has grown into its own independent project with a redesigned interface, comprehensive Synapse and MAS API coverage, and multi-language support."
 msgstr ""

 #: ../../../docs/configuring-playbook-ketesa.md:20
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -41,7 +41,7 @@ msgid "🌐 [the role's documentation at the MASH project](https://github.com/mo
 msgstr ""

 #: ../../../docs/configuring-playbook-livekit-server.md:18
-msgid "📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
+msgid "📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
 msgstr ""

 #: ../../../docs/configuring-playbook-livekit-server.md:20
@@ -69,69 +69,17 @@ msgid "`5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section be
 msgstr ""

 #: ../../../docs/configuring-playbook-livekit-server.md:32
-msgid "`30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server."
+msgid "💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly."
 msgstr ""

 #: ../../../docs/configuring-playbook-livekit-server.md:34
-msgid "💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:36
-msgid "TURN TLS handling"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:38
-msgid "When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:40
-msgid "The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:41
-msgid "`livekit_server_config_turn_external_tls` is automatically enabled for this setup."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:42
-msgid "Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:44
-msgid "To opt out and keep TURN TLS termination in LiveKit itself, set:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:50
-msgid "In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:52
-msgid "If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:54
-msgid "Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:62
-msgid "and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:64
 msgid "Limitations"
 msgstr ""

-#: ../../../docs/configuring-playbook-livekit-server.md:66
-msgid "LiveKit Server's TURN listener behavior depends on where TLS is terminated:"
+#: ../../../docs/configuring-playbook-livekit-server.md:36
+msgid "For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server."
 msgstr ""

-#: ../../../docs/configuring-playbook-livekit-server.md:68
-msgid "Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:69
-msgid "With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-livekit-server.md:71
-msgid "It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
+#: ../../../docs/configuring-playbook-livekit-server.md:38
+msgid "It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -45,11 +45,11 @@ msgid "Various experimental features for the Synapse homeserver which Element Ca
 msgstr ""

 #: ../../../docs/configuring-playbook-matrix-rtc.md:20
-msgid "A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
+msgid "A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
 msgstr ""

 #: ../../../docs/configuring-playbook-matrix-rtc.md:21
-msgid "The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
+msgid "The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
 msgstr ""

 #: ../../../docs/configuring-playbook-matrix-rtc.md:22
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -143,7 +143,7 @@ msgid "[Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-r
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:109
-msgid "`roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
+msgid "`roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:111
@@ -291,7 +291,7 @@ msgid "Set this to `true` to enable the node (general system stats) exporter (lo
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "`prometheus_node_exporter_container_labels_metrics_enabled`"
+msgid "`prometheus_node_exporter_container_labels_traefik_enabled`"
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
@@ -307,7 +307,7 @@ msgid "Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "`prometheus_postgres_exporter_container_labels_metrics_enabled`"
+msgid "`prometheus_postgres_exporter_container_labels_traefik_enabled`"
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
@@ -315,19 +315,19 @@ msgid "Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "`prometheus_nginxlog_exporter_enabled`"
+msgid "`matrix_prometheus_nginxlog_exporter_enabled`"
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network)."
+msgid "Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network)."
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "`prometheus_nginxlog_exporter_container_labels_metrics_enabled`"
+msgid "`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`"
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:0
-msgid "Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`."
+msgid "Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`."
 msgstr ""

 #: ../../../docs/configuring-playbook-prometheus-grafana.md:187
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,18 +16,54 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:18
-msgid "Setting up Synapse Auto Invite Accept (optional, removed)"
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:9
+msgid "Setting up Synapse Auto Invite Accept (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:20
-msgid "🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0)."
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:11
+msgid "The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you."
 msgstr ""

-#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:22
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:13
+msgid "In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:15
+msgid "See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:17
+msgid "**Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:19
+msgid "Adjusting the playbook configuration"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:21
+msgid "If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:29
+msgid "Synapse worker deployments"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:31
+msgid "In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:37
+msgid "There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18)."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:39
 msgid "Native alternative"
 msgstr ""

-#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:24
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:41
+msgid "Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:43
 msgid "Here's example configuration for using the **native** Synapse feature:"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -293,13 +293,9 @@ msgid "… triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` t
 msgstr ""

 #: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:180
-msgid "The same `migrate` script also prunes empty directories in the local media repository (`remote_content` and `remote_thumbnail`) after upload/delete operations."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:182
 msgid "So… you don't need to perform any maintenance yourself."
 msgstr ""

-#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:184
+#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:182
 msgid "The schedule is defined in the format of systemd timer calendar. To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -45,158 +45,142 @@ msgid "Enable Traefik Dashboard"
 msgstr ""

 #: ../../../docs/configuring-playbook-traefik.md:28
-msgid "To enable the Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.example.com/dashboard/` (note the trailing `/`), add the following configuration to your `vars.yml` file:"
+msgid "To enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.example.com/dashboard/` (note the trailing `/`), add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:37
-msgid "Choose a username and password for the dashboard, then generate the corresponding `htpasswd` entry with:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-traefik.md:43
-msgid "The command outputs the exact value to use for `traefik_dashboard_basicauth_htpasswd` — your username, a colon, and a hash of your chosen password:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-traefik.md:49
-msgid "Copy the full output line into `traefik_dashboard_basicauth_htpasswd`. After deploying, log in to the dashboard using the same username and password that you chose earlier."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-traefik.md:51
-msgid "The role also supports the legacy `traefik_dashboard_basicauth_user` / `traefik_dashboard_basicauth_password` convenience variables, but that path depends on the `passlib` Python library on the Ansible controller, may be affected by passlib/bcrypt compatibility issues, and generates non-deterministic hashes which can lead to unnecessary changes."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-traefik.md:53
+#: ../../../docs/configuring-playbook-traefik.md:38
 msgid "[!WARNING] Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:56
+#: ../../../docs/configuring-playbook-traefik.md:41
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:58
+#: ../../../docs/configuring-playbook-traefik.md:43
 msgid "There are some additional things you may wish to configure about the component."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:60
+#: ../../../docs/configuring-playbook-traefik.md:45
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:62
+#: ../../../docs/configuring-playbook-traefik.md:47
 msgid "[Traefik role](https://github.com/mother-of-all-self-hosting/ansible-role-traefik)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-traefik/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `traefik_configuration_extension_yaml` variable"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:64
+#: ../../../docs/configuring-playbook-traefik.md:49
 msgid "For example, to enable and secure the Dashboard, you can add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:66
+#: ../../../docs/configuring-playbook-traefik.md:51
 msgid "**Note**: this is a contrived example as you can enable and secure the Dashboard using the dedicated variables. See above for details."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:84
+#: ../../../docs/configuring-playbook-traefik.md:69
 msgid "Reverse-proxying another service behind Traefik"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:86
+#: ../../../docs/configuring-playbook-traefik.md:71
 msgid "The preferred way to reverse-proxy additional services behind Traefik would be to start the service as another container, configure the container with the corresponding Traefik [container labels](https://docs.docker.com/config/labels-custom-metadata/) (see [Traefik & Docker](https://doc.traefik.io/traefik/routing/providers/docker/)), and connect the service to the `traefik` network. Some services are also already available via the compatible [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook), but take a look at the minor [interoperability adjustments](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md)."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:88
+#: ../../../docs/configuring-playbook-traefik.md:73
 msgid "However, if your service does not run on a container or runs on another machine, the following configuration might be what you are looking for."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:90
+#: ../../../docs/configuring-playbook-traefik.md:75
 msgid "Reverse-proxying a remote HTTP/HTTPS service behind Traefik"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:92
+#: ../../../docs/configuring-playbook-traefik.md:77
 msgid "If you want to host another webserver would be reachable via `my-fancy-website.example.net` from the internet and via `https://<internal webserver IP address>:<internal port>` from inside your network, you can make the playbook's integrated Traefik instance reverse-proxy the traffic to the correct host."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:94
+#: ../../../docs/configuring-playbook-traefik.md:79
 msgid "Prerequisites: DNS and routing for the domain `my-fancy-website.example.net` need to be set up correctly. In this case, you'd be pointing the domain name to your Matrix server — `my-fancy-website.example.net` would be a CNAME going to `matrix.example.com`."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:96
+#: ../../../docs/configuring-playbook-traefik.md:81
 msgid "First, we have to adjust the static configuration of Traefik, so that we can add additional configuration files:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:110
+#: ../../../docs/configuring-playbook-traefik.md:95
 msgid "If you are using a self-signed certificate on your webserver, you can tell Traefik to trust your own backend servers by adding more configuration to the static configuration file. If you do so, bear in mind the security implications of disabling the certificate validity checks towards your back end."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:124
+#: ../../../docs/configuring-playbook-traefik.md:109
 msgid "Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:143
-#: ../../../docs/configuring-playbook-traefik.md:166
+#: ../../../docs/configuring-playbook-traefik.md:128
+#: ../../../docs/configuring-playbook-traefik.md:151
 msgid "Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:145
+#: ../../../docs/configuring-playbook-traefik.md:130
 msgid "Reverse-proxying another service behind Traefik without terminating SSL"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:147
+#: ../../../docs/configuring-playbook-traefik.md:132
 msgid "If you do not want to terminate SSL at the Traefik instance (for example, because you're already terminating SSL at other webserver), you need to adjust the static configuration in the same way as in the previous chapter in order to be able to add our own dynamic configuration files. Afterwards, you can add the following configuration to your `vars.yml` configuration file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:168
+#: ../../../docs/configuring-playbook-traefik.md:153
 msgid "With these changes, all TCP traffic will be reverse-proxied to the target system."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:170
+#: ../../../docs/configuring-playbook-traefik.md:155
 msgid "[!WARNING] This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:173
+#: ../../../docs/configuring-playbook-traefik.md:158
 msgid "Traefik behind a `proxy_protocol` reverse-proxy"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:175
+#: ../../../docs/configuring-playbook-traefik.md:160
 msgid "If you run a reverse-proxy which speaks `proxy_protocol`, add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:194
+#: ../../../docs/configuring-playbook-traefik.md:179
 msgid "Other configurations"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:196
+#: ../../../docs/configuring-playbook-traefik.md:181
 msgid "Adjusting SSL certificate retrieval"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:198
+#: ../../../docs/configuring-playbook-traefik.md:183
 msgid "See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) documentation page."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:200
+#: ../../../docs/configuring-playbook-traefik.md:185
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:202
+#: ../../../docs/configuring-playbook-traefik.md:187
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:209
+#: ../../../docs/configuring-playbook-traefik.md:194
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:211
+#: ../../../docs/configuring-playbook-traefik.md:196
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:213
+#: ../../../docs/configuring-playbook-traefik.md:198
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:215
+#: ../../../docs/configuring-playbook-traefik.md:200
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-traefik`."
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:217
+#: ../../../docs/configuring-playbook-traefik.md:202
 msgid "Increase logging verbosity"
 msgstr ""

-#: ../../../docs/configuring-playbook-traefik.md:219
+#: ../../../docs/configuring-playbook-traefik.md:204
 msgid "The default logging level for this component is `INFO`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -21,213 +21,173 @@ msgid "Configuring a TURN server (optional, advanced)"
 msgstr ""

 #: ../../../docs/configuring-playbook-turn.md:16
-msgid "By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default."
+msgid "By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document."
 msgstr ""

 #: ../../../docs/configuring-playbook-turn.md:18
-msgid "If you explicitly need coturn while not using Jitsi, enable it with:"
+msgid "If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:24
-msgid "and configure its IP-related settings in the section below."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:26
-msgid "If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:28
-msgid "When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-matrix-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:30
-msgid "Adjusting firewall rules"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:32
-msgid "To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:34
-msgid "`3478/tcp`: STUN/TURN over TCP"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:35
-msgid "`3478/udp`: STUN/TURN over UDP"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:36
-msgid "`5349/tcp`: TURN over TCP"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:37
-msgid "`5349/udp`: TURN over UDP"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:38
-msgid "`49152-49172/udp`: TURN/UDP relay range"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:40
-msgid "If LiveKit's embedded TURN is enabled at the same time (for MatrixRTC/Element Call), keep the Coturn relay range distinct from LiveKit's relay range (`livekit_server_config_turn_relay_range_start`/`livekit_server_config_turn_relay_range_end`)."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:42
-msgid "💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-turn.md:44
+#: ../../../docs/configuring-playbook-turn.md:20
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:46
+#: ../../../docs/configuring-playbook-turn.md:22
 msgid "Define public IP manually (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:48
-msgid "If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:"
+#: ../../../docs/configuring-playbook-turn.md:24
+msgid "In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:55
-msgid "If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable."
+#: ../../../docs/configuring-playbook-turn.md:26
+msgid "If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:57
+#: ../../../docs/configuring-playbook-turn.md:32
+msgid "If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable."
+msgstr ""
+
+#: ../../../docs/configuring-playbook-turn.md:34
 msgid "[!NOTE] You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:60
+#: ../../../docs/configuring-playbook-turn.md:37
+msgid "If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-turn.md:44
 msgid "Change the authentication mechanism (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:62
+#: ../../../docs/configuring-playbook-turn.md:46
 msgid "The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:64
+#: ../../../docs/configuring-playbook-turn.md:48
 msgid "To do so, add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:70
+#: ../../../docs/configuring-playbook-turn.md:54
 msgid "Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and coturn."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:72
+#: ../../../docs/configuring-playbook-turn.md:56
 msgid "If [Jitsi](configuring-playbook-jitsi.md) is installed, note that switching to `lt-cred-mech` will disable the integration between Jitsi and your coturn server, as Jitsi seems to support the `auth-secret` authentication method only."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:74
+#: ../../../docs/configuring-playbook-turn.md:58
 msgid "Customize the Coturn hostname (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:76
+#: ../../../docs/configuring-playbook-turn.md:60
 msgid "By default, Coturn uses the same hostname as your Matrix homeserver (the value of `matrix_server_fqn_matrix`, which is typically `matrix.example.com`)."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:78
+#: ../../../docs/configuring-playbook-turn.md:62
 msgid "If you'd like to use a custom subdomain for Coturn (e.g., `turn.example.com` or `t.matrix.example.com`), add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:84
+#: ../../../docs/configuring-playbook-turn.md:68
 msgid "The playbook will automatically:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:85
+#: ../../../docs/configuring-playbook-turn.md:69
 msgid "Configure Coturn to use this hostname"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:86
+#: ../../../docs/configuring-playbook-turn.md:70
 msgid "Obtain an SSL certificate for the custom domain via Traefik"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:87
+#: ../../../docs/configuring-playbook-turn.md:71
 msgid "Update all TURN URIs to point to the custom domain"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:89
+#: ../../../docs/configuring-playbook-turn.md:73
 msgid "**Note**: Make sure the custom hostname resolves to your server's IP address via DNS before running the playbook."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:91
+#: ../../../docs/configuring-playbook-turn.md:75
 msgid "Use your own external coturn server (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:93
+#: ../../../docs/configuring-playbook-turn.md:77
 msgid "If you'd like to use another TURN server (be it coturn or some other one), add the following configuration to your `vars.yml` file. Make sure to replace `HOSTNAME_OR_IP` with your own."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:107
+#: ../../../docs/configuring-playbook-turn.md:91
 msgid "If you have or want to enable Jitsi, you might want to enable the TURN server there too. If you do not do it, Jitsi will fall back to an upstream service."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:114
+#: ../../../docs/configuring-playbook-turn.md:98
 msgid "You can put multiple host/port combinations if you'd like to."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:116
+#: ../../../docs/configuring-playbook-turn.md:100
 msgid "Edit the reloading schedule (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:118
+#: ../../../docs/configuring-playbook-turn.md:102
 msgid "By default the service is reloaded on 6:30 a.m. every day based on the `coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:120
+#: ../../../docs/configuring-playbook-turn.md:104
 msgid "To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:126
+#: ../../../docs/configuring-playbook-turn.md:110
 msgid "**Note**: the actual job may run with a delay. See `coturn_reload_schedule_randomized_delay_sec` for its default value."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:128
+#: ../../../docs/configuring-playbook-turn.md:112
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:130
+#: ../../../docs/configuring-playbook-turn.md:114
 msgid "There are some additional things you may wish to configure about the TURN server."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:132
+#: ../../../docs/configuring-playbook-turn.md:116
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:134
+#: ../../../docs/configuring-playbook-turn.md:118
 msgid "`roles/galaxy/coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:136
+#: ../../../docs/configuring-playbook-turn.md:120
 msgid "Disabling coturn"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:138
-msgid "Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it."
+#: ../../../docs/configuring-playbook-turn.md:122
+msgid "If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:140
-msgid "To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:"
+#: ../../../docs/configuring-playbook-turn.md:128
+msgid "In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:146
+#: ../../../docs/configuring-playbook-turn.md:130
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:148
+#: ../../../docs/configuring-playbook-turn.md:132
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:155
+#: ../../../docs/configuring-playbook-turn.md:139
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:157
+#: ../../../docs/configuring-playbook-turn.md:141
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:159
+#: ../../../docs/configuring-playbook-turn.md:143
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-turn.md:161
+#: ../../../docs/configuring-playbook-turn.md:145
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-coturn`."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-04-03 11:56+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -809,7 +809,7 @@ msgid "OAuth 2.0 and OpenID Provider server"
 msgstr ""

 #: ../../../docs/container-images.md:0
-msgid "[Ketesa](configuring-playbook-ketesa.md)"
+msgid "[ketesa](configuring-playbook-ketesa.md)"
 msgstr ""

 #: ../../../docs/container-images.md:0
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -573,266 +573,254 @@ msgid "How do I optimize this setup for a low-power server?"
 msgstr ""

 #: ../../../docs/faq.md:308
-msgid "For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md))."
-msgstr ""
-
-#: ../../../docs/faq.md:310
 msgid "You can disable some not-so-important services to save on memory."
 msgstr ""

-#: ../../../docs/faq.md:317
+#: ../../../docs/faq.md:327
+msgid "You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:"
+msgstr ""
+
+#: ../../../docs/faq.md:337
 msgid "If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform."
 msgstr ""

-#: ../../../docs/faq.md:320
-msgid "Synapse-specific optimizations"
-msgstr ""
-
-#: ../../../docs/faq.md:322
-msgid "If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:"
-msgstr ""
-
-#: ../../../docs/faq.md:332
-msgid "You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:"
-msgstr ""
-
-#: ../../../docs/faq.md:340
+#: ../../../docs/faq.md:339
 msgid "I already have Docker on my server. Can you stop installing Docker via the playbook?"
 msgstr ""

-#: ../../../docs/faq.md:342
+#: ../../../docs/faq.md:341
 msgid "Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/faq.md:348
+#: ../../../docs/faq.md:347
 msgid "I run another webserver on the same server where I wish to install Matrix. What now?"
 msgstr ""

-#: ../../../docs/faq.md:350
+#: ../../../docs/faq.md:349
 msgid "By default, we install a webserver for you ([Traefik](https://doc.traefik.io/traefik/)), but you can also use [your own webserver](configuring-playbook-own-webserver.md)."
 msgstr ""

-#: ../../../docs/faq.md:352
+#: ../../../docs/faq.md:351
 msgid "How is the effective configuration determined?"
 msgstr ""

-#: ../../../docs/faq.md:354
+#: ../../../docs/faq.md:353
 msgid "Configuration variables are defined in multiple places in this playbook and are considered in this order:"
 msgstr ""

-#: ../../../docs/faq.md:356
+#: ../../../docs/faq.md:355
 msgid "there are defaults coming from each role's defaults file (`role/matrix*/defaults/main.yml`). These variable values aim to be good defaults for when the role is used standalone (outside of this collection of roles, also called playbook)."
 msgstr ""

-#: ../../../docs/faq.md:358
+#: ../../../docs/faq.md:357
 msgid "then, there are overrides in `group_vars/matrix_servers`, which aim to adjust these \"standalone role defaults\" to something which better fits the playbook in its entirety."
 msgstr ""

-#: ../../../docs/faq.md:360
+#: ../../../docs/faq.md:359
 msgid "finally, there's your `inventory/host_vars/matrix.example.com/vars.yml` file, which is the ultimate override"
 msgstr ""

-#: ../../../docs/faq.md:362
+#: ../../../docs/faq.md:361
 msgid "What configuration variables are available?"
 msgstr ""

-#: ../../../docs/faq.md:364
+#: ../../../docs/faq.md:363
 msgid "You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`)."
 msgstr ""

-#: ../../../docs/faq.md:366
+#: ../../../docs/faq.md:365
 msgid "As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`."
 msgstr ""

-#: ../../../docs/faq.md:368
+#: ../../../docs/faq.md:367
 msgid "Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features)."
 msgstr ""

-#: ../../../docs/faq.md:370
-#: ../../../docs/faq.md:382
+#: ../../../docs/faq.md:369
+#: ../../../docs/faq.md:381
 msgid "**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`) or `just update` (which automatically does `git pull` and `just roles`)."
 msgstr ""

-#: ../../../docs/faq.md:372
+#: ../../../docs/faq.md:371
 msgid "I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?"
 msgstr ""

-#: ../../../docs/faq.md:374
+#: ../../../docs/faq.md:373
 msgid "The playbook doesn't aim to expose all configuration settings for all services using variables. Doing so would amount to hundreds of variables that we have to create and maintain."
 msgstr ""

-#: ../../../docs/faq.md:376
+#: ../../../docs/faq.md:375
 msgid "Instead, we only try to make some important basics configurable using dedicated variables you can see in each role. See [What configuration variables are available?](#what-configuration-variables-are-available)."
 msgstr ""

-#: ../../../docs/faq.md:378
+#: ../../../docs/faq.md:377
 msgid "Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_configuration_extension_yaml` (or `matrix_SOME_COMPONENT_configuration_extension_json`) variable, which can be used to override the configuration."
 msgstr ""

-#: ../../../docs/faq.md:380
+#: ../../../docs/faq.md:379
 msgid "Check each role's `roles/*/*/defaults/main.yml` for the corresponding variable and an example for how use it."
 msgstr ""

-#: ../../../docs/faq.md:384
+#: ../../../docs/faq.md:383
 msgid "Installation"
 msgstr ""

-#: ../../../docs/faq.md:386
+#: ../../../docs/faq.md:385
 msgid "How do I run the installation?"
 msgstr ""

-#: ../../../docs/faq.md:388
+#: ../../../docs/faq.md:387
 msgid "See [Installing](installing.md) to learn how to use Ansible to install Matrix services."
 msgstr ""

-#: ../../../docs/faq.md:390
+#: ../../../docs/faq.md:389
 msgid "However, we recommend you to follow our installation guide, instead of jumping straight to installing."
 msgstr ""

-#: ../../../docs/faq.md:392
+#: ../../../docs/faq.md:391
 msgid "There are two guides available:"
 msgstr ""

-#: ../../../docs/faq.md:394
+#: ../../../docs/faq.md:393
 msgid "⚡ **[Quick start](quick-start.md)** (for beginners): this is recommended for those who do not have an existing Matrix server and want to start quickly with \"opinionated defaults\"."
 msgstr ""

-#: ../../../docs/faq.md:396
+#: ../../../docs/faq.md:395
 msgid "**Full installation guide (for advanced users)**: if you need to import an existing Matrix server's data into the new server or want to learn more while setting up the server, follow this guide by starting with the **[Prerequisites](prerequisites.md)** documentation page."
 msgstr ""

-#: ../../../docs/faq.md:398
+#: ../../../docs/faq.md:397
 msgid "I installed Synapse some other way. Can I migrate such a setup to the playbook?"
 msgstr ""

-#: ../../../docs/faq.md:400
+#: ../../../docs/faq.md:399
 msgid "Yes, you can."
 msgstr ""

-#: ../../../docs/faq.md:402
+#: ../../../docs/faq.md:401
 msgid "You generally need to do a playbook installation. It's recommended to follow the full installation guide (starting at the [Prerequisites](prerequisites.md) page), not the [Quick start](quick-start.md) guide. The full installation guide will tell you when it's time to import your existing data into the newly-prepared server."
 msgstr ""

-#: ../../../docs/faq.md:404
+#: ../../../docs/faq.md:403
 msgid "This Ansible playbook guides you into installing a server for `example.com` (user IDs are like this: `@alice:example.com`), while the server is at `matrix.example.com`. If your existing setup has a server name (`server_name` configuration setting in Synapse's `homeserver.yaml` file) other than the base `example.com`, you may need to tweak some additional variables. This FAQ entry may be of use if you're dealing with a more complicated setup — [How do I install on matrix.example.com without involving the base domain?](#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain)"
 msgstr ""

-#: ../../../docs/faq.md:406
+#: ../../../docs/faq.md:405
 msgid "After configuring the playbook and installing and **before starting** services (done with `ansible-playbook … --tags=start`) you'd import [your SQLite](importing-synapse-sqlite.md) (or [Postgres](importing-postgres.md)) database and also [import your media store](importing-synapse-media-store.md)."
 msgstr ""

-#: ../../../docs/faq.md:408
+#: ../../../docs/faq.md:407
 msgid "I've downloaded Ansible and the playbook on the server. It can't connect using SSH."
 msgstr ""

-#: ../../../docs/faq.md:410
+#: ../../../docs/faq.md:409
 msgid "If you're using the playbook directly on the server, then Ansible doesn't need to connect using SSH."
 msgstr ""

-#: ../../../docs/faq.md:412
+#: ../../../docs/faq.md:411
 msgid "It can perform a local connection instead. Just set `ansible_connection=local` at the end of the server line in `inventory/hosts` and re-run the playbook."
 msgstr ""

-#: ../../../docs/faq.md:414
+#: ../../../docs/faq.md:413
 msgid "If you're running Ansible from within a container (one of the possibilities we list on our [dedicated Ansible documentation page](ansible.md)), then using `ansible_connection=local` is not possible."
 msgstr ""

-#: ../../../docs/faq.md:416
+#: ../../../docs/faq.md:415
 msgid "Maintenance and Troubleshooting"
 msgstr ""

-#: ../../../docs/faq.md:418
+#: ../../../docs/faq.md:417
 msgid "💡 Also see this page for generic information about maintaining the services and troubleshooting: [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)"
 msgstr ""

-#: ../../../docs/faq.md:420
+#: ../../../docs/faq.md:419
 msgid "Do I need to do anything to keep my Matrix server updated?"
 msgstr ""

-#: ../../../docs/faq.md:422
+#: ../../../docs/faq.md:421
 msgid "Yes. We don't update anything for you automatically."
 msgstr ""

-#: ../../../docs/faq.md:424
+#: ../../../docs/faq.md:423
 msgid "See our [documentation page about upgrading services](maintenance-upgrading-services.md)."
 msgstr ""

-#: ../../../docs/faq.md:426
+#: ../../../docs/faq.md:425
 msgid "How do I move my existing installation to another (VM) server?"
 msgstr ""

-#: ../../../docs/faq.md:428
+#: ../../../docs/faq.md:427
 msgid "If you have an existing installation done using this Ansible playbook, you can easily migrate that to another server following [our dedicated server migration guide](maintenance-migrating.md)."
 msgstr ""

-#: ../../../docs/faq.md:430
+#: ../../../docs/faq.md:429
 msgid "If your previous installation is done in some other way (not using this Ansible playbook), see [I installed Synapse some other way. Can I migrate such a setup to the playbook?](#i-installed-synapse-some-other-way-can-i-migrate-such-a-setup-to-the-playbook)."
 msgstr ""

-#: ../../../docs/faq.md:432
+#: ../../../docs/faq.md:431
 msgid "What is this `/matrix/postgres/data-auto-upgrade-backup` directory that is taking up so much space?"
 msgstr ""

-#: ../../../docs/faq.md:434
+#: ../../../docs/faq.md:433
 msgid "When you [perform a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql), we save the the old data files in `/matrix/postgres/data-auto-upgrade-backup`, just so you could easily restore them should something have gone wrong."
 msgstr ""

-#: ../../../docs/faq.md:436
+#: ../../../docs/faq.md:435
 msgid "After verifying that everything still works after the Postgres upgrade, you can safely delete `/matrix/postgres/data-auto-upgrade-backup`"
 msgstr ""

-#: ../../../docs/faq.md:438
+#: ../../../docs/faq.md:437
 msgid "I get \"Error response from daemon: configured logging driver does not support reading\" when I run `docker logs matrix-synapse`. Why?"
 msgstr ""

-#: ../../../docs/faq.md:440
+#: ../../../docs/faq.md:439
 msgid "To prevent double-logging, Docker logging is disabled by explicitly passing `--log-driver=none` to all containers. Due to this, you cannot view logs using `docker logs matrix-*`."
 msgstr ""

-#: ../../../docs/faq.md:442
+#: ../../../docs/faq.md:441
 msgid "See [this section](maintenance-and-troubleshooting.md#how-to-see-the-logs) on the page for maintenance and troubleshooting for more details to see the logs."
 msgstr ""

-#: ../../../docs/faq.md:444
+#: ../../../docs/faq.md:443
 msgid "The server fails to start due to the `Unable to start service matrix-coturn.service` error. Why and how to solve it?"
 msgstr ""

-#: ../../../docs/faq.md:446
+#: ../../../docs/faq.md:445
 msgid "The error is most likely because Traefik cannot obtain SSL certificates due to certain reasons such as wrong domain name configuration or port 80 being unavailable due to other services."
 msgstr ""

-#: ../../../docs/faq.md:448
+#: ../../../docs/faq.md:447
 msgid "If Traefik fails to obtain an SSL certificate for domain names such as `matrix.`, Traefik Certs Dumper cannot extract the SSL certificate out of there, and coturn cannot be started and the error occurs. Refer to these comments for details:"
 msgstr ""

-#: ../../../docs/faq.md:450
+#: ../../../docs/faq.md:449
 msgid "<https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3957#issuecomment-2599590441>"
 msgstr ""

-#: ../../../docs/faq.md:451
+#: ../../../docs/faq.md:450
 msgid "<https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4570#issuecomment-3364111466>"
 msgstr ""

-#: ../../../docs/faq.md:453
+#: ../../../docs/faq.md:452
 msgid "If you are not sure what the problem is, at first make sure that you have set the \"base domain\" (`example.com`, **not `matrix.example.com`**) to `matrix_domain`. You should be able to find it at the top of your `vars.yml`."
 msgstr ""

-#: ../../../docs/faq.md:455
+#: ../../../docs/faq.md:454
 msgid "If it is correctly specified, look Traefik's logs (`journalctl -fu matrix-traefik.service`) for errors by Let's Encrypt for troubleshooting."
 msgstr ""

-#: ../../../docs/faq.md:457
+#: ../../../docs/faq.md:456
 msgid "Miscellaneous"
 msgstr ""

-#: ../../../docs/faq.md:459
+#: ../../../docs/faq.md:458
 msgid "I would like to see this favorite service of mine integrated and become available on my Matrix server. How can I request it?"
 msgstr ""

-#: ../../../docs/faq.md:461
+#: ../../../docs/faq.md:460
 msgid "You can freely create an issue for feature request on the repository at GitHub [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/new/choose). Note this is a community project with no financial backing, and there is not assurance that your request would be eventually picked up by others and the requested feature would become available. The easiest way to get a feature into this project is to just develop it yourself."
 msgstr ""

-#: ../../../docs/faq.md:463
+#: ../../../docs/faq.md:462
 msgid "Also, please note that this playbook intends to focus solely on Matrix and Matrix-related services. If your request is not specific to Matrix, you may as well to consider to submit it to the [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook), maintained by the members behind this matrix-docker-ansible-deploy project. [This document on the interoperability](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md) describes how to deploy services along with the Matrix services easily."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -249,61 +249,61 @@ msgid "or join some Matrix rooms:"
 msgstr ""

 #: ../../../docs/installing.md:148
-msgid "via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers. For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts)."
+msgid "via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers."
 msgstr ""

-#: ../../../docs/installing.md:150
+#: ../../../docs/installing.md:149
 msgid "or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting."
 msgstr ""

-#: ../../../docs/installing.md:151
+#: ../../../docs/installing.md:150
 msgid "or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))"
 msgstr ""

-#: ../../../docs/installing.md:153
+#: ../../../docs/installing.md:152
 msgid "⚠️ Keep the playbook and services up-to-date"
 msgstr ""

-#: ../../../docs/installing.md:155
+#: ../../../docs/installing.md:154
 msgid "While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**."
 msgstr ""

-#: ../../../docs/installing.md:157
+#: ../../../docs/installing.md:156
 msgid "The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities."
 msgstr ""

-#: ../../../docs/installing.md:159
+#: ../../../docs/installing.md:158
 msgid "Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date."
 msgstr ""

-#: ../../../docs/installing.md:161
+#: ../../../docs/installing.md:160
 msgid "Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook."
 msgstr ""

-#: ../../../docs/installing.md:163
+#: ../../../docs/installing.md:162
 msgid "For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)"
 msgstr ""

-#: ../../../docs/installing.md:165
+#: ../../../docs/installing.md:164
 msgid "Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match."
 msgstr ""

-#: ../../../docs/installing.md:171
+#: ../../../docs/installing.md:170
 msgid "**Note**: see [this page on the playbook tags](playbook-tags.md) for more information about those tags."
 msgstr ""

-#: ../../../docs/installing.md:173
+#: ../../../docs/installing.md:172
 msgid "Make full use of `just` shortcut commands"
 msgstr ""

-#: ../../../docs/installing.md:175
+#: ../../../docs/installing.md:174
 msgid "After you get familiar with reconfiguring and re-running the playbook to maintain the server, upgrade its services, etc., you probably would like to make use of `just` shortcut commands for faster input."
 msgstr ""

-#: ../../../docs/installing.md:177
+#: ../../../docs/installing.md:176
 msgid "For example, `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
 msgstr ""

-#: ../../../docs/installing.md:179
+#: ../../../docs/installing.md:178
 msgid "You can learn about the shortcut commands on this page: [Running `just` commands](just.md)"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -162,17 +162,17 @@ msgid "Conditional service restart"
 msgstr ""

 #: ../../../docs/just.md:49
-msgid "When running `install-all` or `install-service` (whether via `just` or raw `ansible-playbook`), only services whose configuration or container image actually changed during the playbook run will be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime."
+msgid "When using `just install-all` or `just install-service`, only services whose configuration or container image actually changed during the playbook run will be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime."
 msgstr ""

 #: ../../../docs/just.md:51
-msgid "When running with `setup-*` tags (e.g. `setup-all`, `setup-synapse`), all services are unconditionally restarted regardless of whether changes were detected. This is appropriate for setup's thorough \"full setup\" semantics."
+msgid "When using `just setup-all`, all services are unconditionally restarted regardless of whether changes were detected. This is appropriate for `setup-all`'s thorough \"full setup\" semantics."
 msgstr ""

 #: ../../../docs/just.md:53
-msgid "`start-all` and `start-group` always restart all targeted services, since no installation tasks run during these commands."
+msgid "`just start-all` and `just start-group` always restart all targeted services, since no installation tasks run during these commands."
 msgstr ""

 #: ../../../docs/just.md:55
-msgid "This behavior is automatically determined based on the playbook tags in use. It can be overridden with the `devture_systemd_service_manager_conditional_restart_enabled` variable. For example, to force unconditional restarts during installation: `just install-all --extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'`"
+msgid "This behavior is controlled by the `devture_systemd_service_manager_conditional_restart_enabled` variable (default: `true`). To force unconditional restarts during installation, pass: `just install-all --extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'`"
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -145,61 +145,57 @@ msgid "Synapse's presence feature which tracks which users are online and which
 msgstr ""

 #: ../../../docs/maintenance-synapse.md:86
-msgid "On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts)."
-msgstr ""
-
-#: ../../../docs/maintenance-synapse.md:88
 msgid "If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers)."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:90
+#: ../../../docs/maintenance-synapse.md:88
 msgid "[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:92
+#: ../../../docs/maintenance-synapse.md:90
 msgid "Tuning caches and cache autotuning"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:94
+#: ../../../docs/maintenance-synapse.md:92
 msgid "Tuning Synapse's cache factor is useful for performance increases but also as part of controlling Synapse's memory use. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor as part of this process."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:96
+#: ../../../docs/maintenance-synapse.md:94
 msgid "**The playbook defaults the global cache factor to a large value** (e.g. `10`). A smaller value (e.g. `0.5`) will decrease the amount used for caches, but will [not necessarily decrease RAM usage as a whole](https://github.com/matrix-org/synapse/issues/3939)."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:98
+#: ../../../docs/maintenance-synapse.md:96
 msgid "Tuning the cache factor is useful only to a limited degree (as its crude to do in isolation) and therefore users who are tuning their cache factor should likely look into tuning autotune variables as well (see below)."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:100
+#: ../../../docs/maintenance-synapse.md:98
 msgid "Cache autotuning is **enabled by default** and controlled via the following variables:"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:102
+#: ../../../docs/maintenance-synapse.md:100
 msgid "`matrix_synapse_cache_autotuning_max_cache_memory_usage` — defaults to 1/8 of total RAM with a cap of 2GB; values are specified in bytes"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:103
+#: ../../../docs/maintenance-synapse.md:101
 msgid "`matrix_synapse_cache_autotuning_target_cache_memory_usage` — defaults to 1/16 of total RAM with a cap of 1GB; values are specified in bytes"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:104
+#: ../../../docs/maintenance-synapse.md:102
 msgid "`matrix_synapse_cache_autotuning_min_cache_ttl` — defaults to `30s`"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:106
+#: ../../../docs/maintenance-synapse.md:104
 msgid "You can **learn more about cache-autotuning and the global cache factor settings** in the [Synapse's documentation on caches and associated values](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#caches-and-associated-values)."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:108
+#: ../../../docs/maintenance-synapse.md:106
 msgid "To **disable cache auto-tuning**, unset all values:"
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:116
+#: ../../../docs/maintenance-synapse.md:114
 msgid "Users who wish to lower Synapse's RAM footprint should look into lowering the global cache factor and tweaking the autotune variables (or disabling auto-tuning). If your cache factor is too low for a given auto tune setting your caches will not reach autotune thresholds and autotune won't be able to do its job. Therefore, when auto-tuning is enabled (which it is by default), it's recommended to have your cache factor be large."
 msgstr ""

-#: ../../../docs/maintenance-synapse.md:118
+#: ../../../docs/maintenance-synapse.md:116
 msgid "See also [How do I optimize this setup for a low-power server?](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server)."
 msgstr ""
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-15 09:10+0000\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -125,13 +125,33 @@ msgid "`443/tcp` and `443/udp`: HTTPS webserver"
 msgstr ""

 #: ../../../docs/prerequisites.md:60
-msgid "`8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**."
+msgid "`3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))"
 msgstr ""

 #: ../../../docs/prerequisites.md:61
-msgid "potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that."
+msgid "`3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))"
+msgstr ""
+
+#: ../../../docs/prerequisites.md:62
+msgid "`5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))"
+msgstr ""
+
+#: ../../../docs/prerequisites.md:63
+msgid "`5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))"
+msgstr ""
+
+#: ../../../docs/prerequisites.md:64
+msgid "`8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**."
 msgstr ""

 #: ../../../docs/prerequisites.md:65
+msgid "the range `49152-49172/udp`: TURN over UDP"
+msgstr ""
+
+#: ../../../docs/prerequisites.md:66
+msgid "potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that."
+msgstr ""
+
+#: ../../../docs/prerequisites.md:70
 msgid "[▶️](configuring-dns.md) When ready to proceed, continue with [Configuring DNS](configuring-dns.md)."
 msgstr ""
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later

 [tools]
-prek = "0.3.11"
+prek = "0.3.2"

 [settings]
 yes = true
@@ -27,7 +27,7 @@
  version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
  name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.7.2-0
+  version: v2.6.1-6
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
  version: v4.99.1-r0-2-0
@@ -42,10 +42,10 @@
  version: v10888-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.11.0-1
+  version: v1.11.0-0
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.22.0-0
+  version: v2.21.0-1
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4
@@ -63,7 +63,7 @@
  version: v18-2
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.11.3-0
+  version: v3.11.2-0
  name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
  version: v1.10.0-2
@@ -87,7 +87,7 @@
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.15-0
+  version: v3.6.13-0
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-5
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true

 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2026.4.29
+matrix_alertmanager_receiver_version: 2026.4.15

 matrix_alertmanager_receiver_scheme: https

@@ -100,16 +100,6 @@
    mode: '0644'
  register: matrix_appservice_draupnir_for_all_systemd_service_result

-# matrix-appservice-draupnir-for-all and matrix-bot-draupnir share the
-# same upstream container image. When both are enabled and force-pull is
-# on, the second role to run sees the image as already up-to-date (the
-# first role just pulled it), so its pull_result.changed is false and
-# conditional restart would skip it. To avoid that, we also treat
-# force-pull itself as a restart trigger for this role. The downside is
-# that both Draupnir services restart on every run when force-pull is
-# enabled (e.g. with rolling tags like `latest` or `main`), even when the
-# upstream image has not moved. That is wasteful but acceptable.
-# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5186
 - name: Determine whether Draupnir for All needs a restart
  ansible.builtin.set_fact:
    matrix_appservice_draupnir_for_all_restart_necessary: >-
@@ -120,7 +110,6 @@
        or matrix_appservice_draupnir_for_all_registration_config_result.changed | default(false)
        or matrix_appservice_draupnir_for_all_systemd_service_result.changed | default(false)
        or matrix_appservice_draupnir_for_all_container_image_pull_result.changed | default(false)
-        or matrix_appservice_draupnir_for_all_container_image_force_pull | bool
      }}

 - name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"

 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.16.0
+matrix_authentication_service_version: 1.15.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -137,15 +137,19 @@ matrix_bot_buscarron_database_sslmode: disable

 matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode={{ matrix_bot_buscarron_database_sslmode }}'

-matrix_bot_buscarron_storage_database: "{{ {
-    'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container,
-    'postgres': matrix_bot_buscarron_database_connection_string,
-}[matrix_bot_buscarron_database_engine] }}"
+matrix_bot_buscarron_storage_database: "{{
+	{
+		'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container,
+		'postgres': matrix_bot_buscarron_database_connection_string,
+	}[matrix_bot_buscarron_database_engine]
+}}"

-matrix_bot_buscarron_database_dialect: "{{ {
+matrix_bot_buscarron_database_dialect: "{{
+  {
    'sqlite': 'sqlite3',
    'postgres': 'postgres',
-}[matrix_bot_buscarron_database_engine] }}"
+  }[matrix_bot_buscarron_database_engine]
+}}"


 # The bot's username. This user needs to be created manually beforehand.
@@ -94,16 +94,6 @@
    mode: '0644'
  register: matrix_bot_draupnir_systemd_service_result

-# matrix-bot-draupnir and matrix-appservice-draupnir-for-all share the
-# same upstream container image. When both are enabled and force-pull is
-# on, the second role to run sees the image as already up-to-date (the
-# first role just pulled it), so its pull_result.changed is false and
-# conditional restart would skip it. To avoid that, we also treat
-# force-pull itself as a restart trigger for this role. The downside is
-# that both Draupnir services restart on every run when force-pull is
-# enabled (e.g. with rolling tags like `latest` or `main`), even when the
-# upstream image has not moved. That is wasteful but acceptable.
-# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5186
 - name: Determine whether Draupnir needs a restart
  ansible.builtin.set_fact:
    matrix_bot_draupnir_restart_necessary: >-
@@ -113,7 +103,6 @@
        or matrix_bot_draupnir_config_result.changed | default(false)
        or matrix_bot_draupnir_systemd_service_result.changed | default(false)
        or matrix_bot_draupnir_container_image_pull_result.changed | default(false)
-        or matrix_bot_draupnir_container_image_force_pull | bool
      }}

 - name: Ensure matrix-bot-draupnir.service restarted, if necessary
@@ -159,9 +159,11 @@ matrix_bot_go_neb_database_engine: 'sqlite3'
 matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
 matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"

-matrix_bot_go_neb_storage_database: "{{ {
-    'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
-}[matrix_bot_go_neb_database_engine] }}"
+matrix_bot_go_neb_storage_database: "{{
+	{
+		'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
+	}[matrix_bot_go_neb_database_engine]
+}}"

 # The bot's username(s). These users need to be created manually beforehand.
 # The access tokens that the bot uses to authenticate.
@@ -115,15 +115,19 @@ matrix_bot_honoroit_database_sslmode: disable

 matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode={{ matrix_bot_honoroit_database_sslmode }}'

-matrix_bot_honoroit_storage_database: "{{ {
-    'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
-    'postgres': matrix_bot_honoroit_database_connection_string,
-}[matrix_bot_honoroit_database_engine] }}"
+matrix_bot_honoroit_storage_database: "{{
+	{
+		'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
+		'postgres': matrix_bot_honoroit_database_connection_string,
+	}[matrix_bot_honoroit_database_engine]
+}}"

-matrix_bot_honoroit_database_dialect: "{{ {
+matrix_bot_honoroit_database_dialect: "{{
+  {
    'sqlite': 'sqlite3',
    'postgres': 'postgres',
-}[matrix_bot_honoroit_database_engine] }}"
+  }[matrix_bot_honoroit_database_engine]
+}}"


 # The bot's username. This user needs to be created manually beforehand.
@@ -72,10 +72,12 @@ matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot'

 matrix_bot_matrix_reminder_bot_database_connection_string: 'postgres://{{ matrix_bot_matrix_reminder_bot_database_username }}:{{ matrix_bot_matrix_reminder_bot_database_password }}@{{ matrix_bot_matrix_reminder_bot_database_hostname }}:{{ matrix_bot_matrix_reminder_bot_database_port }}/{{ matrix_bot_matrix_reminder_bot_database_name }}'

-matrix_bot_matrix_reminder_bot_storage_database: "{{ {
-    'sqlite': ('sqlite://' + matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container),
-    'postgres': matrix_bot_matrix_reminder_bot_database_connection_string,
-}[matrix_bot_matrix_reminder_bot_database_engine] }}"
+matrix_bot_matrix_reminder_bot_storage_database: "{{
+	{
+		'sqlite': ('sqlite://' + matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container),
+		'postgres': matrix_bot_matrix_reminder_bot_database_connection_string,
+	}[matrix_bot_matrix_reminder_bot_database_engine]
+}}"


 # The bot's username. This user needs to be created manually beforehand.
@@ -79,10 +79,12 @@ matrix_bot_maubot_database_sslmode: disable

 matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode={{ matrix_bot_maubot_database_sslmode }}

-matrix_bot_maubot_database_uri: "{{ {
-    'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container),
-    'postgres': matrix_bot_maubot_database_connection_string,
-}[matrix_bot_maubot_database_engine] }}"
+matrix_bot_maubot_database_uri: "{{
+ 	{
+ 		'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container),
+ 		'postgres': matrix_bot_maubot_database_connection_string,
+ 	}[matrix_bot_maubot_database_engine]
+    }}"

 # Defines the port number where the management interface is
 # To actually expose the management interface outside of the container, use `matrix_bot_maubot_container_management_interface_http_bind_port`
@@ -121,10 +121,12 @@ matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'

 matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}'

-matrix_appservice_kakaotalk_appservice_database: "{{ {
-    'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
-    'postgres': matrix_appservice_kakaotalk_database_connection_string,
-}[matrix_appservice_kakaotalk_database_engine] }}"
+matrix_appservice_kakaotalk_appservice_database: "{{
+	{
+		'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
+		'postgres': matrix_appservice_kakaotalk_database_connection_string,
+	}[matrix_appservice_kakaotalk_database_engine]
+}}"


 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
@@ -92,13 +92,17 @@ matrix_beeper_linkedin_database_sslmode: disable

 matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode={{ matrix_beeper_linkedin_database_sslmode }}'

-matrix_beeper_linkedin_appservice_database_type: "{{ {
-    'postgres': 'postgres',
-}[matrix_beeper_linkedin_database_engine] }}"
+matrix_beeper_linkedin_appservice_database_type: "{{
+	{
+		'postgres':'postgres',
+	}[matrix_beeper_linkedin_database_engine]
+}}"

-matrix_beeper_linkedin_appservice_database_uri: "{{ {
-    'postgres': matrix_beeper_linkedin_database_connection_string,
-}[matrix_beeper_linkedin_database_engine] }}"
+matrix_beeper_linkedin_appservice_database_uri: "{{
+	{
+		'postgres': matrix_beeper_linkedin_database_connection_string,
+	}[matrix_beeper_linkedin_database_engine]
+}}"

 matrix_beeper_linkedin_bridge_login_shared_secret_map: "{{ matrix_beeper_linkedin_bridge_login_shared_secret_map_auto | combine(matrix_beeper_linkedin_bridge_login_shared_secret_map_custom) }}"
 matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: {}
@@ -122,9 +122,11 @@ matrix_mautrix_bluesky_database_sslmode: disable

 matrix_mautrix_bluesky_database_connection_string: 'postgres://{{ matrix_mautrix_bluesky_database_username }}:{{ matrix_mautrix_bluesky_database_password }}@{{ matrix_mautrix_bluesky_database_hostname }}:{{ matrix_mautrix_bluesky_database_port }}/{{ matrix_mautrix_bluesky_database_name }}?sslmode={{ matrix_mautrix_bluesky_database_sslmode }}'

-matrix_mautrix_bluesky_database_uri: "{{ {
-    'postgres': matrix_mautrix_bluesky_database_connection_string,
-}[matrix_mautrix_bluesky_database_engine] }}"
+matrix_mautrix_bluesky_database_uri: "{{
+	{
+		'postgres': matrix_mautrix_bluesky_database_connection_string,
+	}[matrix_mautrix_bluesky_database_engine]
+}}"

 matrix_mautrix_bluesky_double_puppet_secrets: "{{ matrix_mautrix_bluesky_double_puppet_secrets_auto | combine(matrix_mautrix_bluesky_double_puppet_secrets_custom) }}"
 matrix_mautrix_bluesky_double_puppet_secrets_auto: {}
@@ -161,15 +161,19 @@ matrix_mautrix_discord_database_sslmode: disable

 matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode={{ matrix_mautrix_discord_database_sslmode }}'

-matrix_mautrix_discord_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3',
-    'postgres': 'postgres',
-}[matrix_mautrix_discord_database_engine] }}"
+matrix_mautrix_discord_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3',
+		'postgres':'postgres',
+	}[matrix_mautrix_discord_database_engine]
+}}"

-matrix_mautrix_discord_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_discord_database_connection_string,
-}[matrix_mautrix_discord_database_engine] }}"
+matrix_mautrix_discord_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_discord_database_connection_string,
+	}[matrix_mautrix_discord_database_engine]
+}}"

 matrix_mautrix_discord_bridge_login_shared_secret_map: "{{ matrix_mautrix_discord_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_discord_bridge_login_shared_secret_map_custom) }}"
 matrix_mautrix_discord_bridge_login_shared_secret_map_auto: {}
@@ -141,15 +141,19 @@ matrix_mautrix_gmessages_database_sslmode: disable

 matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode={{ matrix_mautrix_gmessages_database_sslmode }}'

-matrix_mautrix_gmessages_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3',
-    'postgres': 'postgres',
-}[matrix_mautrix_gmessages_database_engine] }}"
+matrix_mautrix_gmessages_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3',
+		'postgres':'postgres',
+	}[matrix_mautrix_gmessages_database_engine]
+}}"

-matrix_mautrix_gmessages_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_gmessages_database_connection_string,
-}[matrix_mautrix_gmessages_database_engine] }}"
+matrix_mautrix_gmessages_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_gmessages_database_connection_string,
+	}[matrix_mautrix_gmessages_database_engine]
+}}"

 matrix_mautrix_gmessages_double_puppet_secrets: "{{ matrix_mautrix_gmessages_double_puppet_secrets_auto | combine(matrix_mautrix_gmessages_double_puppet_secrets_custom) }}"
 matrix_mautrix_gmessages_double_puppet_secrets_auto: {}
@@ -146,10 +146,12 @@ matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'

 matrix_mautrix_googlechat_database_connection_string: 'postgres://{{ matrix_mautrix_googlechat_database_username }}:{{ matrix_mautrix_googlechat_database_password }}@{{ matrix_mautrix_googlechat_database_hostname }}:{{ matrix_mautrix_googlechat_database_port }}/{{ matrix_mautrix_googlechat_database_name }}'

-matrix_mautrix_googlechat_appservice_database: "{{ {
-    'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
-    'postgres': matrix_mautrix_googlechat_database_connection_string,
-}[matrix_mautrix_googlechat_database_engine] }}"
+matrix_mautrix_googlechat_appservice_database: "{{
+	{
+		'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
+		'postgres': matrix_mautrix_googlechat_database_connection_string,
+	}[matrix_mautrix_googlechat_database_engine]
+}}"


 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
@@ -172,15 +172,19 @@ matrix_mautrix_signal_database_sslmode: disable

 matrix_mautrix_signal_database_connection_string: 'postgresql://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}?sslmode={{ matrix_mautrix_signal_database_sslmode }}'

-matrix_mautrix_signal_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3-fk-wal',
-    'postgres': 'postgres',
-}[matrix_mautrix_signal_database_engine] }}"
+matrix_mautrix_signal_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3-fk-wal',
+		'postgres':'postgres',
+	}[matrix_mautrix_signal_database_engine]
+}}"

-matrix_mautrix_signal_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_signal_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_signal_database_connection_string,
-}[matrix_mautrix_signal_database_engine] }}"
+matrix_mautrix_signal_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_signal_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_signal_database_connection_string,
+	}[matrix_mautrix_signal_database_engine]
+}}"

 matrix_mautrix_signal_double_puppet_secrets: "{{ matrix_mautrix_signal_double_puppet_secrets_auto | combine(matrix_mautrix_signal_double_puppet_secrets_custom) }}"
 matrix_mautrix_signal_double_puppet_secrets_auto: {}
@@ -123,15 +123,19 @@ matrix_mautrix_slack_database_sslmode: disable

 matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode={{ matrix_mautrix_slack_database_sslmode }}'

-matrix_mautrix_slack_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3',
-    'postgres': 'postgres',
-}[matrix_mautrix_slack_database_engine] }}"
+matrix_mautrix_slack_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3',
+		'postgres':'postgres',
+	}[matrix_mautrix_slack_database_engine]
+}}"

-matrix_mautrix_slack_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_slack_database_connection_string,
-}[matrix_mautrix_slack_database_engine] }}"
+matrix_mautrix_slack_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_slack_database_connection_string,
+	}[matrix_mautrix_slack_database_engine]
+}}"

 matrix_mautrix_slack_double_puppet_secrets: "{{ matrix_mautrix_slack_double_puppet_secrets_auto | combine(matrix_mautrix_slack_double_puppet_secrets_custom) }}"
 matrix_mautrix_slack_double_puppet_secrets_auto: {}
@@ -1,5 +1,5 @@
 # SPDX-FileCopyrightText: 2019 - 2024 MDAD project contributors
-# SPDX-FileCopyrightText: 2019 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2020 Johanna Dorothea Reichmann
 # SPDX-FileCopyrightText: 2020 Marcel Partap
 # SPDX-FileCopyrightText: 2021 Aaron Raimist
@@ -21,13 +21,27 @@

 matrix_mautrix_telegram_enabled: true

+matrix_mautrix_telegram_scheme: https
+matrix_mautrix_telegram_hostname: ''
+matrix_mautrix_telegram_path_prefix: ''
+
+matrix_mautrix_telegram_lottieconverter_container_image_self_build: false
+matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
+matrix_mautrix_telegram_lottieconverter_container_repo: "https://mau.dev/tulir/lottieconverter.git"
+matrix_mautrix_telegram_lottieconverter_container_repo_version: "master"
+matrix_mautrix_telegram_lottieconverter_container_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
+matrix_mautrix_telegram_lottieconverter_container_image: "{{ matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix }}tulir/lottieconverter:alpine-3.16"  # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
+matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_lottieconverter_container_image_self_build else matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream }}"
+matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream: "{{ matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default }}"
+matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default: "dock.mau.dev/"
+
 matrix_mautrix_telegram_container_image_self_build: false
-matrix_mautrix_telegram_container_image_self_build_repo: "https://mau.dev/mautrix/telegram.git"
-matrix_mautrix_telegram_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
+matrix_mautrix_telegram_container_repo: "https://mau.dev/mautrix/telegram.git"
+matrix_mautrix_telegram_container_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
+matrix_mautrix_telegram_container_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
 matrix_mautrix_telegram_version: v0.2604.0
-
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_container_image: "{{ matrix_mautrix_telegram_container_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else matrix_mautrix_telegram_container_image_registry_prefix_upstream }}"
@@ -38,7 +52,30 @@ matrix_mautrix_telegram_container_image_force_pull: "{{ matrix_mautrix_telegram_
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
 matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config"
 matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data"
-matrix_mautrix_telegram_container_src_files_path: "{{ matrix_mautrix_telegram_base_path }}/docker-src"
+
+matrix_mautrix_telegram_command_prefix: "!tg"
+
+matrix_mautrix_telegram_bridge_permissions: |
+  {{
+    {'*': 'relaybot', matrix_mautrix_telegram_homeserver_domain: 'full'}
+    | combine({matrix_admin: 'admin'} if matrix_admin else {})
+  }}
+
+# Get your own API keys at https://my.telegram.org/apps
+matrix_mautrix_telegram_api_id: ''
+matrix_mautrix_telegram_api_hash: ''
+matrix_mautrix_telegram_bot_token: disabled
+
+# Define the filter-mode
+matrix_mautrix_telegram_filter_mode: "blacklist"
+
+# Whether or not the public-facing endpoints should be enabled (web-based login)
+matrix_mautrix_telegram_appservice_public_enabled: true
+
+# Mautrix telegram public endpoint to log in to telegram
+# Use an uuid so it's not easily discoverable.
+# Example: /741a0483-ba17-4682-9900-30bd7269f1cc
+matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix }}"

 matrix_mautrix_telegram_homeserver_address: ""
 matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
@@ -46,15 +83,23 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
 # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
 matrix_mautrix_telegram_homeserver_async_media: false
 matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
+matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}'
+
+matrix_mautrix_telegram_appservice_bot_username: telegrambot

 matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
-matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"

-matrix_mautrix_telegram_command_prefix: "!tg"
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_telegram_logging_level: WARNING

-# Get your own API keys at https://my.telegram.org/apps
-matrix_mautrix_telegram_api_id: ''
-matrix_mautrix_telegram_api_hash: ''
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_telegram_federate_rooms: true
+
+# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
+matrix_mautrix_telegram_container_http_host_bind_port: ''

 matrix_mautrix_telegram_container_network: ""

@@ -71,6 +116,16 @@ matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_maut
 matrix_mautrix_telegram_container_labels_traefik_entrypoints: web-secure
 matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: default  # noqa var-naming

+# Controls whether labels will be added that expose mautrix-telegram's public endpoint
+matrix_mautrix_telegram_container_labels_public_endpoint_enabled: "{{ matrix_mautrix_telegram_appservice_public_enabled }}"
+matrix_mautrix_telegram_container_labels_public_endpoint_hostname: "{{ matrix_mautrix_telegram_hostname }}"
+matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix: "{{ matrix_mautrix_telegram_path_prefix }}"
+matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule: "Host(`{{ matrix_mautrix_telegram_container_labels_public_endpoint_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix }}`)"
+matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority: 0
+matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints: "{{ matrix_mautrix_telegram_container_labels_traefik_entrypoints }}"
+matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls: "{{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints != 'web' }}"
+matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver: "{{ matrix_mautrix_telegram_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # Controls whether labels will be added that expose mautrix-telegram's metrics
 matrix_mautrix_telegram_container_labels_metrics_enabled: "{{ matrix_mautrix_telegram_metrics_enabled and matrix_mautrix_telegram_metrics_proxying_enabled }}"
 matrix_mautrix_telegram_container_labels_metrics_traefik_rule: "Host(`{{ matrix_mautrix_telegram_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_metrics_proxying_path_prefix }}`)"
@@ -106,22 +161,14 @@ matrix_mautrix_telegram_systemd_wanted_services_list: []
 matrix_mautrix_telegram_appservice_token: ''
 matrix_mautrix_telegram_homeserver_token: ''

-matrix_mautrix_telegram_appservice_bot_username: telegrambot
-
-# Minimum severity of journal log messages.
-# Valid values: fatal, error, warn, info, debug, trace
-matrix_mautrix_telegram_logging_level: 'warn'
-
-# Whether or not created rooms should have federation enabled.
-# If false, created portal rooms will never be federated.
-matrix_mautrix_telegram_federate_rooms: true
+matrix_mautrix_telegram_provisioning_shared_secret: disable

 # Whether or not metrics endpoint should be enabled.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
 # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_telegram_metrics_proxying_enabled`.
 matrix_mautrix_telegram_metrics_enabled: false

-# Controls whether metrics should be proxied (exposed) on a public URL
+# Controls whether metrics should be exposed on a public URL.
 matrix_mautrix_telegram_metrics_proxying_enabled: false
 matrix_mautrix_telegram_metrics_proxying_hostname: ''
 matrix_mautrix_telegram_metrics_proxying_path_prefix: ''
@@ -143,67 +190,21 @@ matrix_mautrix_telegram_database_password: 'some-password'
 matrix_mautrix_telegram_database_hostname: ''
 matrix_mautrix_telegram_database_port: 5432
 matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram'
-matrix_mautrix_telegram_database_sslmode: disable

-matrix_mautrix_telegram_database_connection_string: 'postgresql://{{ matrix_mautrix_telegram_database_username }}:{{ matrix_mautrix_telegram_database_password }}@{{ matrix_mautrix_telegram_database_hostname }}:{{ matrix_mautrix_telegram_database_port }}/{{ matrix_mautrix_telegram_database_name }}?sslmode={{ matrix_mautrix_telegram_database_sslmode }}'
+matrix_mautrix_telegram_database_connection_string: 'postgres://{{ matrix_mautrix_telegram_database_username }}:{{ matrix_mautrix_telegram_database_password }}@{{ matrix_mautrix_telegram_database_hostname }}:{{ matrix_mautrix_telegram_database_port }}/{{ matrix_mautrix_telegram_database_name }}'

-matrix_mautrix_telegram_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3-fk-wal',
-    'postgres': 'postgres',
-}[matrix_mautrix_telegram_database_engine] }}"
+matrix_mautrix_telegram_appservice_database: "{{
+	{
+		'sqlite': ('sqlite:///' + matrix_mautrix_telegram_sqlite_database_path_in_container),
+		'postgres': matrix_mautrix_telegram_database_connection_string,
+	}[matrix_mautrix_telegram_database_engine]
+}}"

-matrix_mautrix_telegram_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_telegram_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_telegram_database_connection_string,
-}[matrix_mautrix_telegram_database_engine] }}"
+matrix_mautrix_telegram_bridge_login_shared_secret_map: "{{ matrix_mautrix_telegram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_telegram_bridge_login_shared_secret_map_custom) }}"
+matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: {}
+matrix_mautrix_telegram_bridge_login_shared_secret_map_custom: {}

-matrix_mautrix_telegram_double_puppet_secrets: "{{ matrix_mautrix_telegram_double_puppet_secrets_auto | combine(matrix_mautrix_telegram_double_puppet_secrets_custom) }}"
-matrix_mautrix_telegram_double_puppet_secrets_auto: {}
-matrix_mautrix_telegram_double_puppet_secrets_custom: {}
-
-# Displayname template for Telegram users.
-# Available variables:
-#   {{ .FullName }}  - the full name of the Telegram user
-#   {{ .FirstName }} - the first name of the Telegram user
-#   {{ .LastName }}  - the last name of the Telegram user
-#   {{ .Username }}  - the primary username of the Telegram user, if the user has one
-#   {{ .UserID }}    - the internal user ID of the Telegram user
-#   {{ .Deleted }}   - true if the user has been deleted, false otherwise
-matrix_mautrix_telegram_network_displayname_template: '{% raw %}{{ if .Deleted }}Deleted account {{ .UserID }}{{ else }}{{ .FullName }}{{ end }}{% endraw %}'
-
-# Enable End-to-bridge encryption
-matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
-matrix_mautrix_telegram_bridge_encryption_require: false
-matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
-# This pickle key value is backward-compatible with the legacy (Python) bridge.
-# See: https://mau.dev/mautrix/telegram/-/blob/v0.2604.0/cmd/mautrix-telegram/legacymigrate.go
-matrix_mautrix_telegram_bridge_encryption_pickle_key: mautrix.bridge.e2ee
-
-matrix_mautrix_telegram_bridge_personal_filtering_spaces: true
-
-matrix_mautrix_telegram_provisioning_shared_secret: ''
-matrix_mautrix_telegram_public_media_signing_key: ''
-
-matrix_mautrix_telegram_bridge_permissions: |
-  {{
-    {'*': 'relay', matrix_mautrix_telegram_homeserver_domain: 'user'}
-    | combine({matrix_admin: 'admin'} if matrix_admin else {})
-  }}
-
-# Enable bridge relay functionality
-matrix_mautrix_telegram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
-
-# Only allow admins on this home server to set themselves as a relay user
-matrix_mautrix_telegram_bridge_relay_admin_only: true
-
-# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
-matrix_mautrix_telegram_bridge_relay_default_relays: []
-
-# Controls whether to do backfilling at all.
-matrix_mautrix_telegram_backfill_enabled: true
-
-# Default mautrix-telegram configuration template which covers the generic use case.
+# Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
@@ -227,24 +228,37 @@ matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration

 matrix_mautrix_telegram_registration_yaml: |
  id: telegram
-  url: {{ matrix_mautrix_telegram_appservice_address }}
  as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
  hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
-  # See https://github.com/mautrix/signal/issues/43
-  sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
-  rate_limited: false
  namespaces:
      users:
      - exclusive: true
-        regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
+        regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
      - exclusive: true
        regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
+      aliases:
+      - exclusive: true
+        regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
+  # See https://github.com/mautrix/signal/issues/43
+  sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
+  url: {{ matrix_mautrix_telegram_appservice_address }}
+  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
  receive_ephemeral: true
  io.element.msc4190: {{ matrix_mautrix_telegram_msc4190_enabled | to_json }}

 matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"

+# Templates for defining MXID's and displaynames for users and rooms.
+matrix_mautrix_telegram_username_template: 'telegram_{userid}'
+matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
+matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
+
+# Enable End-to-bridge encryption
+matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
+matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
+
 # matrix_mautrix_telegram_restart_necessary controls whether the service
 # will be restarted (when true) or merely started (when false) by the
 # systemd service manager role (when conditional restart is enabled).
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2018 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2018 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2018 Hugues Morisset
 # SPDX-FileCopyrightText: 2019 Aaron Raimist
 # SPDX-FileCopyrightText: 2019 Dan Arnfield
@@ -20,40 +20,6 @@
 - ansible.builtin.set_fact:
    matrix_mautrix_telegram_migration_requires_restart: false

-# The legacy Python bridge stored its SQLite DB at `{base_path}/mautrix-telegram.db` (the role's
-# root). Later, we started relocating it to `{base_path}/data/mautrix-telegram.db`. The sqlite→
-# postgres migration below only knows about the new path, so if the DB is still at the legacy
-# location, move it to the new location first — otherwise users who follow the changelog and
-# switch to Postgres wouldn't actually get their data imported before the service starts.
- name: Check if a legacy-location SQLite database exists
-  ansible.builtin.stat:
-    path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
-  register: matrix_mautrix_telegram_stat_database_legacy_location
-
- when: matrix_mautrix_telegram_stat_database_legacy_location.stat.exists | bool
-  block:
-    - name: Ensure matrix-mautrix-telegram.service is stopped before relocating legacy SQLite DB
-      ansible.builtin.service:
-        name: matrix-mautrix-telegram
-        state: stopped
-        enabled: false
-        daemon_reload: true
-      failed_when: false
-
-    - name: Ensure data directory exists for legacy SQLite DB relocation
-      ansible.builtin.file:
-        path: "{{ matrix_mautrix_telegram_data_path }}"
-        state: directory
-        mode: '0750'
-        owner: "{{ matrix_user_name }}"
-        group: "{{ matrix_group_name }}"
-
-    - name: (Data relocation) Move mautrix-telegram SQLite DB from legacy location to data directory
-      ansible.builtin.command:
-        cmd: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
-        creates: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
-        removes: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
-
 - when: "matrix_mautrix_telegram_database_engine == 'postgres'"
  block:
    - name: Check if an SQLite database already exists
@@ -74,7 +40,6 @@
              engine_variable_name: 'matrix_mautrix_telegram_database_engine'
              engine_old: 'sqlite'
              systemd_services_to_stop: ['matrix-mautrix-telegram.service']
-              pgloader_options: ['--with "quote identifiers"']

        - ansible.builtin.set_fact:
            matrix_mautrix_telegram_migration_requires_restart: true
@@ -105,18 +70,41 @@
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: matrix_mautrix_telegram_container_image_pull_result is not failed

- name: Ensure Mautrix Telegram repository is present on self-build
+- name: Ensure lottieconverter is present when self-building
  ansible.builtin.git:
-    repo: "{{ matrix_mautrix_telegram_container_image_self_build_repo }}"
+    repo: "{{ matrix_mautrix_telegram_lottieconverter_container_repo }}"
+    version: "{{ matrix_mautrix_telegram_lottieconverter_container_repo_version }}"
+    dest: "{{ matrix_mautrix_telegram_lottieconverter_container_src_files_path }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_name }}"
+  register: matrix_mautrix_telegram_lottieconverter_git_pull_results
+  when: "matrix_mautrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool"
+
+- name: Ensure lottieconverter Docker image is built
+  community.docker.docker_image:
+    name: "{{ matrix_mautrix_telegram_lottieconverter_container_image }}"
+    source: build
+    force_source: "{{ matrix_mautrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_lottieconverter_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_telegram_lottieconverter_container_src_files_path }}"
+      pull: true
+  when: "matrix_mautrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build | bool"
+
+- name: Ensure matrix-mautrix-telegram repository is present when self-building
+  ansible.builtin.git:
+    repo: "{{ matrix_mautrix_telegram_container_repo }}"
+    version: "{{ matrix_mautrix_telegram_container_repo_version }}"
    dest: "{{ matrix_mautrix_telegram_container_src_files_path }}"
-    version: "{{ matrix_mautrix_telegram_container_image_self_build_branch }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
  register: matrix_mautrix_telegram_git_pull_results
  when: "matrix_mautrix_telegram_container_image_self_build | bool"

- name: Ensure Mautrix Telegram Docker image is built
+- name: Ensure matrix-mautrix-telegram Docker image is built
  community.docker.docker_image:
    name: "{{ matrix_mautrix_telegram_container_image }}"
    source: build
@@ -125,8 +113,31 @@
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mautrix_telegram_container_src_files_path }}"
-      pull: true
-  when: "matrix_mautrix_telegram_container_image_self_build | bool"
+      pull: "{{ not matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch | bool }}"
+      args:
+        TARGETARCH: ""
+  when: "matrix_mautrix_telegram_container_image_self_build | bool and matrix_mautrix_telegram_git_pull_results.changed"
+
+- name: Check if an old database file already exists
+  ansible.builtin.stat:
+    path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
+  register: matrix_mautrix_telegram_stat_database
+
+- name: (Data relocation) Ensure matrix-mautrix-telegram.service is stopped
+  ansible.builtin.service:
+    name: matrix-mautrix-telegram
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  failed_when: false
+  when: "matrix_mautrix_telegram_stat_database.stat.exists"
+
+- name: (Data relocation) Move mautrix-telegram database file to ./data directory
+  ansible.builtin.command:
+    cmd: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
+    creates: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
+    removes: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
+  when: "matrix_mautrix_telegram_stat_database.stat.exists"

 - name: Ensure mautrix-telegram config.yaml installed
  ansible.builtin.copy:
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2019 - 2026 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2022 MDAD project contributors
 # SPDX-FileCopyrightText: 2025 Suguru Hirahara
 #
@@ -13,72 +13,34 @@
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
-    - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
+    - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_telegram_container_http_host_bind_port>'}
    - {'old': 'matrix_mautrix_telegram_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build_mask_arch', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch'}
    - {'old': 'matrix_mautrix_telegram_login_shared_secret', 'new': '<removed>'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_name_prefix', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix'}
    - {'old': 'matrix_mautrix_telegram_docker_image_name_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
-    - {'old': 'matrix_mautrix_telegram_docker_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
-    - {'old': 'matrix_mautrix_telegram_docker_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
+    - {'old': 'matrix_telegram_lottieconverter_container_image_self_build', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build'}
+    - {'old': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch'}
+    - {'old': 'matrix_telegram_lottieconverter_docker_repo', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo'}
+    - {'old': 'matrix_telegram_lottieconverter_docker_repo_version', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo_version'}
+    - {'old': 'matrix_telegram_lottieconverter_docker_src_files_path', 'new': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path'}
+    - {'old': 'matrix_telegram_lottieconverter_docker_image', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image'}
+    - {'old': 'matrix_mautrix_telegram_docker_repo', 'new': 'matrix_mautrix_telegram_container_repo'}
+    - {'old': 'matrix_mautrix_telegram_docker_repo_version', 'new': 'matrix_mautrix_telegram_container_repo_version'}
    - {'old': 'matrix_mautrix_telegram_docker_src_files_path', 'new': 'matrix_mautrix_telegram_container_src_files_path'}
    - {'old': 'matrix_mautrix_telegram_docker_image', 'new': 'matrix_mautrix_telegram_container_image'}
    - {'old': 'matrix_mautrix_telegram_docker_image_force_pull', 'new': 'matrix_mautrix_telegram_container_image_force_pull'}
    - {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
    - {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream_default', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream_default'}
-    - {'old': 'matrix_mautrix_telegram_container_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
-    - {'old': 'matrix_mautrix_telegram_container_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
-    # Variables removed in the bridgev2 (Go) rewrite — mautrix-telegram no longer has a Python runtime,
-    # a separate lottieconverter container or a web-based login endpoint.
-    - {'old': 'matrix_mautrix_telegram_scheme', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_public_endpoint', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_appservice_public_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_appservice_public_external', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_container_http_host_bind_port', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
-    - {'old': 'matrix_mautrix_telegram_filter_mode', 'new': '<removed (not available in the bridgev2 rewrite of mautrix-telegram)>'}
-    - {'old': 'matrix_mautrix_telegram_bot_token', 'new': '<removed; the old-style relaybot is gone — use the common bridge relay mode (matrix_mautrix_telegram_bridge_relay_enabled) instead>'}
-    - {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets>'}
-    - {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_auto', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_auto>'}
-    - {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_custom>'}
-    - {'old': 'matrix_mautrix_telegram_username_template', 'new': '<removed (no longer configurable via a single variable; use matrix_mautrix_telegram_configuration_extension_yaml if needed)>'}
-    - {'old': 'matrix_mautrix_telegram_alias_template', 'new': '<removed (room aliases are no longer created by the bridgev2 rewrite of mautrix-telegram)>'}
-    - {'old': 'matrix_mautrix_telegram_displayname_template', 'new': '<superseded by matrix_mautrix_telegram_network_displayname_template (note: the syntax has changed to Go templates)>'}
-    - {'old': 'matrix_mautrix_telegram_appservice_database', 'new': '<superseded by matrix_mautrix_telegram_appservice_database_uri>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    # Historical lottieconverter aliases from before the _docker_ → _container_ rename:
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_name_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    # Even older aliases (no `_mautrix` infix):
-    - {'old': 'matrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
-    - {'old': 'matrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo_version', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo_version'}
+    - {'old': 'matrix_mautrix_telegram_lottieconverter_docker_src_files_path', 'new': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path'}

 - name: Fail if required mautrix-telegram settings not defined
  ansible.builtin.fail:
@@ -86,8 +48,11 @@
      You need to define a required configuration setting (`{{ item.name }}`).
  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
  with_items:
+    - {'name': 'matrix_mautrix_telegram_hostname', when: true}
+    - {'name': 'matrix_mautrix_telegram_path_prefix', when: true}
    - {'name': 'matrix_mautrix_telegram_api_id', when: true}
    - {'name': 'matrix_mautrix_telegram_api_hash', when: true}
+    - {'name': 'matrix_mautrix_telegram_public_endpoint', when: true}
    - {'name': 'matrix_mautrix_telegram_appservice_token', when: true}
    - {'name': 'matrix_mautrix_telegram_homeserver_address', when: true}
    - {'name': 'matrix_mautrix_telegram_homeserver_token', when: true}
@@ -95,47 +60,3 @@
    - {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"}
    - {'name': 'matrix_mautrix_telegram_metrics_proxying_hostname', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
    - {'name': 'matrix_mautrix_telegram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
-
-# Temporary workaround for an upstream SQLite legacy-migration bug in mautrix-telegram v0.2604.0.
-# See the separate task file for details; the whole file (and this include) can be deleted once
-# upstream ships a release that fixes the bug.
- name: Guard against the upstream mautrix-telegram v0.2604.0 SQLite legacy-migration bug
-  ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config_sqlite_legacy_migration_bug.yml"
-  when:
-    - "matrix_mautrix_telegram_database_engine == 'sqlite'"
-    - "not (matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed | default(false) | bool)"
-
-# Bridgev2 permission values are: block, relay, commands, user, admin.
-# The old Python bridge had different levels (relaybot, user, puppeting, full, admin).
-# `user` and `admin` still exist in both but with different semantics (the new `user` is
-# equivalent to the old `full`/`puppeting`). `relaybot`, `puppeting` and `full` don't exist
-# in bridgev2 and will cause the bridge to reject its config at startup.
-#
-# We check the fully-merged configuration (not just `matrix_mautrix_telegram_bridge_permissions`)
-# because users commonly override permissions via `matrix_mautrix_telegram_configuration_extension_yaml`,
-# and those overrides would otherwise slip through validation.
- name: Fail if bridge permissions still reference legacy Python-bridge permission levels
-  ansible.builtin.fail:
-    msg: |-
-      Your final mautrix-telegram configuration contains a `bridge.permissions` entry with
-      value `{{ item.value }}` (for `{{ item.key }}`). This was a permission level in the legacy
-      (Python) mautrix-telegram bridge but is not valid in the bridgev2 rewrite shipped in v0.2604.0
-      — the bridge would reject this at startup.
-
-      Valid values are: `relay`, `commands`, `user`, `admin` (plus `block`).
-
-      Rough mapping from the old levels:
-
-        relaybot  -> relay
-        user      -> user (semantics changed: this now grants full puppeting, like the old `full`)
-        puppeting -> user
-        full      -> user
-        admin     -> admin
-
-      See https://docs.mau.fi/bridges/general/permissions.html and the bridge's example config
-      for details. Update either `matrix_mautrix_telegram_bridge_permissions` or the `bridge.permissions`
-      section inside `matrix_mautrix_telegram_configuration_extension_yaml` — whichever you use.
-  when: "item.value in ['relaybot', 'puppeting', 'full']"
-  loop: "{{ (matrix_mautrix_telegram_configuration.bridge.permissions | default({})) | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
@@ -1,99 +0,0 @@
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
-# ###########################################################################
-# TEMPORARY — delete this file (and its include in `validate_config.yml`)
-# once upstream mautrix-telegram ships a release that fixes the SQLite
-# legacy-migration bug introduced in v0.2604.0.
-#
-# Upstream warning:
-#   "Migration of SQLite databases has a known bug. If you're upgrading a
-#    legacy bridge that uses SQLite, use the main branch or wait for the
-#    next release"
-#   — https://github.com/mautrix/telegram/releases/tag/v0.2604.0
-#
-# We specifically want to block upgrades of the *legacy* Python-bridge
-# SQLite databases; fresh bridgev2 SQLite databases (or already-migrated
-# ones) must still be allowed.
-#
-# The cheapest reliable signature of a legacy Python-bridge DB is the
-# presence of the `telethon_sessions` table (the Python bridge's
-# Telethon-session store, which upstream's legacymigrate.sql renames to
-# `telethon_sessions_old` as part of the bridgev2 migration).
-#
-# Users can bypass this via `matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed: true`.
-# ###########################################################################
-
- name: Check for an existing mautrix-telegram SQLite database (legacy location)
-  ansible.builtin.stat:
-    path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
-  register: matrix_mautrix_telegram_sqlite_legacy_path_stat
-
- name: Check for an existing mautrix-telegram SQLite database (data path)
-  ansible.builtin.stat:
-    path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
-  register: matrix_mautrix_telegram_sqlite_data_path_stat
-
- name: Inspect SQLite database for the legacy Python-bridge schema signature
-  ansible.builtin.command:
-    argv:
-      - python3
-      - -c
-      - |
-        import sqlite3, sys
-        try:
-            conn = sqlite3.connect("file:" + sys.argv[1] + "?mode=ro", uri=True)
-            cur = conn.execute(
-                "SELECT name FROM sqlite_master "
-                "WHERE type='table' AND name='telethon_sessions'"
-            )
-            sys.exit(1 if cur.fetchone() else 0)
-        except Exception:
-            sys.exit(0)
-      - "{{ matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.path if matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists else matrix_mautrix_telegram_sqlite_data_path_stat.stat.path }}"
-  register: matrix_mautrix_telegram_sqlite_legacy_check
-  changed_when: false
-  failed_when: false
-  when: >-
-    matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists
-    or matrix_mautrix_telegram_sqlite_data_path_stat.stat.exists
-
- name: Fail if upgrading a legacy SQLite install (upstream has a known migration bug)
-  ansible.builtin.fail:
-    msg: |-
-      A legacy Python mautrix-telegram SQLite database was detected at
-      `{{ matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.path if matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists else matrix_mautrix_telegram_sqlite_data_path_stat.stat.path }}`
-      (it contains the `telethon_sessions` table from the Python bridge).
-
-      Upstream mautrix-telegram v0.2604.0 has a **known bug** in the legacy SQLite
-      database migration (see the warning on the release page:
-      https://github.com/mautrix/telegram/releases/tag/v0.2604.0).
-      Running this upgrade against a legacy SQLite database is very likely to corrupt your data.
-
-      Recommended options:
-
-      1. Switch to Postgres before upgrading. If you're using the playbook-managed Postgres
-         service (`postgres_enabled: true`), just set:
-
-             matrix_mautrix_telegram_database_engine: postgres
-
-         and re-run the playbook. The playbook will migrate your SQLite data into Postgres
-         first (via pgloader), and upstream's bridgev2 migration path is known to work on
-         Postgres.
-
-      2. Wait for the next upstream mautrix-telegram release, which is expected to fix the
-         SQLite migration bug.
-
-      If you're sure you want to proceed anyway (for example because you have a separate
-      backup), you can bypass this check by setting:
-
-          matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed: true
-
-      in your vars.yml. Only use the override if you know what you're doing.
-  when: >-
-    (matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists
-      or matrix_mautrix_telegram_sqlite_data_path_stat.stat.exists)
-    and (matrix_mautrix_telegram_sqlite_legacy_check.rc | default(0)) == 1
@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev

 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -11,7 +11,36 @@ traefik.enable=true
 traefik.docker.network={{ matrix_mautrix_telegram_container_labels_traefik_docker_network }}
 {% endif %}

-traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8001
+{% if matrix_mautrix_telegram_container_labels_public_endpoint_enabled %}
+############################################################
+#                                                          #
+# Public                                                   #
+#                                                          #
+############################################################
+
+traefik.http.services.matrix-mautrix-telegram-appservice.loadbalancer.server.port=8080
+
+traefik.http.routers.matrix-mautrix-telegram-public.rule={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule }}
+
+{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-mautrix-telegram-public.priority={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-mautrix-telegram-public.service=matrix-mautrix-telegram-appservice
+traefik.http.routers.matrix-mautrix-telegram-public.entrypoints={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints }}
+
+traefik.http.routers.matrix-mautrix-telegram-public.tls={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls | to_json }}
+{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls %}
+traefik.http.routers.matrix-mautrix-telegram-public.tls.certResolver={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Public                                                  #
+#                                                          #
+############################################################
+{% endif %}
+

 {% if matrix_mautrix_telegram_container_labels_metrics_enabled %}
 ############################################################
@@ -20,6 +49,8 @@ traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8
 #                                                          #
 ############################################################

+traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8000
+
 {% if matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled %}
 traefik.http.middlewares.matrix-mautrix-telegram-metrics-basic-auth.basicauth.users={{ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users }}
 traefik.http.routers.matrix-mautrix-telegram-metrics.middlewares=matrix-mautrix-telegram-metrics-basic-auth
@@ -23,15 +23,17 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_mautrix_telegram_container_network }} \
+			{% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %}
+			-p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \
+			{% endif %}
 			--mount type=bind,src={{ matrix_mautrix_telegram_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_mautrix_telegram_data_path }},dst=/data \
 			--label-file={{ matrix_mautrix_telegram_base_path }}/labels \
-			--workdir=/data \
 			{% for arg in matrix_mautrix_telegram_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_telegram_container_image }} \
-			/usr/bin/mautrix-telegram -c /config/config.yaml -r /config/registration.yaml --no-update
+			python3 -m mautrix_telegram -c /config/config.yaml --no-update

 {% for network in matrix_mautrix_telegram_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-telegram
@@ -130,9 +130,11 @@ matrix_mautrix_twitter_database_sslmode: disable

 matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}?sslmode={{ matrix_mautrix_twitter_database_sslmode }}'

-matrix_mautrix_twitter_database_uri: "{{ {
-    'postgres': matrix_mautrix_twitter_database_connection_string,
-}[matrix_mautrix_twitter_database_engine] }}"
+matrix_mautrix_twitter_database_uri: "{{
+	{
+		'postgres': matrix_mautrix_twitter_database_connection_string,
+	}[matrix_mautrix_twitter_database_engine]
+}}"

 matrix_mautrix_twitter_double_puppet_secrets: "{{ matrix_mautrix_twitter_double_puppet_secrets_auto | combine(matrix_mautrix_twitter_double_puppet_secrets_custom) }}"
 matrix_mautrix_twitter_double_puppet_secrets_auto: {}
@@ -147,15 +147,19 @@ matrix_mautrix_whatsapp_database_sslmode: disable

 matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode={{ matrix_mautrix_whatsapp_database_sslmode }}'

-matrix_mautrix_whatsapp_appservice_database_type: "{{ {
-    'sqlite': 'sqlite3-fk-wal',
-    'postgres': 'postgres',
-}[matrix_mautrix_whatsapp_database_engine] }}"
+matrix_mautrix_whatsapp_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3-fk-wal',
+		'postgres':'postgres',
+	}[matrix_mautrix_whatsapp_database_engine]
+}}"

-matrix_mautrix_whatsapp_appservice_database_uri: "{{ {
-    'sqlite': matrix_mautrix_whatsapp_sqlite_database_path_in_container,
-    'postgres': matrix_mautrix_whatsapp_database_connection_string,
-}[matrix_mautrix_whatsapp_database_engine] }}"
+matrix_mautrix_whatsapp_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_whatsapp_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_whatsapp_database_connection_string,
+	}[matrix_mautrix_whatsapp_database_engine]
+}}"

 matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_double_puppet_secrets_auto | combine(matrix_mautrix_whatsapp_double_puppet_secrets_custom) }}"
 matrix_mautrix_whatsapp_double_puppet_secrets_auto: {}
@@ -1,202 +0,0 @@
-# SPDX-FileCopyrightText: 2025 - 2026 luschmar
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-# matrix-meshtastic-relay is a Matrix <-> Meshtastic bridge.
-# Project source code URL: https://github.com/jeremiah-k/meshtastic-matrix-relay
-
-matrix_meshtastic_relay_enabled: true
-
-# renovate: datasource=docker depName=jeremiah-k/mmrelay packageName=ghcr.io/jeremiah-k/mmrelay
-matrix_meshtastic_relay_version: 1.3.6
-matrix_meshtastic_relay_container_image: "{{ matrix_meshtastic_relay_container_image_registry_prefix }}jeremiah-k/mmrelay:{{ matrix_meshtastic_relay_version }}"
-matrix_meshtastic_relay_container_image_registry_prefix: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream }}"
-matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"
-matrix_meshtastic_relay_container_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_meshtastic_relay_container_image_force_pull: "{{ matrix_meshtastic_relay_container_image.endswith(':latest') }}"
-
-matrix_meshtastic_relay_base_path: "{{ matrix_base_data_path }}/meshtastic-relay"
-
-# Holds the Ansible-managed `config.yaml`. Mounted read-only at `/config` in the
-# container; mmrelay is pointed at `/config/config.yaml` via the `--config` CLI flag.
-matrix_meshtastic_relay_config_path: "{{ matrix_meshtastic_relay_base_path }}/config"
-
-# Runtime data directory. Mounted read-write at `/data` (MMRELAY_HOME) in the container.
-# mmrelay auto-creates `database/`, `logs/`, `matrix/` (credentials + E2EE store)
-# and `plugins/` subdirectories underneath as needed.
-matrix_meshtastic_relay_data_path: "{{ matrix_meshtastic_relay_base_path }}/data"
-
-matrix_meshtastic_relay_container_network: ""
-
-matrix_meshtastic_relay_container_additional_networks: "{{ matrix_meshtastic_relay_container_additional_networks_auto + matrix_meshtastic_relay_container_additional_networks_custom }}"
-matrix_meshtastic_relay_container_additional_networks_auto: []
-matrix_meshtastic_relay_container_additional_networks_custom: []
-
-# A list of extra arguments to pass to the container
-matrix_meshtastic_relay_container_extra_arguments: []
-
-# List of systemd services that matrix-meshtastic-relay.service depends on.
-matrix_meshtastic_relay_systemd_required_services_list: "{{ matrix_meshtastic_relay_systemd_required_services_list_default + matrix_meshtastic_relay_systemd_required_services_list_auto + matrix_meshtastic_relay_systemd_required_services_list_custom }}"
-matrix_meshtastic_relay_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_meshtastic_relay_systemd_required_services_list_auto: []
-matrix_meshtastic_relay_systemd_required_services_list_custom: []
-
-# List of systemd services that matrix-meshtastic-relay.service wants
-matrix_meshtastic_relay_systemd_wanted_services_list: []
-
-# Hostname of the Matrix homeserver the bot connects to.
-matrix_meshtastic_relay_matrix_host: ""
-
-# URL of the Matrix homeserver the bot connects to.
-matrix_meshtastic_relay_matrix_homeserver_url: "https://{{ matrix_meshtastic_relay_matrix_host }}"
-
-# Fully-qualified Matrix ID of the bot user.
-matrix_meshtastic_relay_matrix_bot_user_id: "@meshtasticbot:{{ matrix_meshtastic_relay_matrix_host }}"
-
-# Password for the bot's Matrix account.
-# On first startup, mmrelay uses this to log in and persist credentials (including E2EE
-# material) under `{{ matrix_meshtastic_relay_data_path }}/matrix/` on the host. After
-# that, the password can (and should) be cleared from configuration.
-matrix_meshtastic_relay_matrix_bot_password: ""
-
-# Controls whether End-to-End Encryption is enabled.
-# Requires password-based login on first start so that mmrelay can create `credentials.json`.
-matrix_meshtastic_relay_e2ee_enabled: true
-
-# Connection type to the Meshtastic device. One of: "tcp", "serial", "ble".
-matrix_meshtastic_relay_connection_type: ""
-
-# For `tcp` connection type: hostname/IP of the Meshtastic device to connect to.
-matrix_meshtastic_relay_tcp_host: "meshtastic.local"
-
-# For `serial` connection type: path of the serial device to connect to.
-# This device is passed through to the container. The host must have it available.
-matrix_meshtastic_relay_serial_port: "/dev/ttyUSB0"
-
-# For `ble` connection type: BLE MAC address of the Meshtastic device to connect to.
-# BLE requires `--network=host` and a DBus bind-mount (see the systemd service template).
-matrix_meshtastic_relay_ble_address: "AA:BB:CC:DD:EE:FF"
-
-# Display name of the Meshtastic network.
-matrix_meshtastic_relay_meshnet_name: "MediumFast"
-
-# Whether relaying from Matrix to Meshtastic is enabled.
-matrix_meshtastic_relay_meshtastic_broadcast_enabled: true
-
-# Matrix rooms to bridge to Meshtastic channels.
-# Each entry should have an `id` (Matrix room alias or room ID) and a `meshtastic_channel`.
-matrix_meshtastic_relay_matrix_rooms_list:
-  - id: "#meshtastic:{{ matrix_meshtastic_relay_matrix_host }}"
-    meshtastic_channel: "0"
-
-# Whether plugins should only respond when the bot is explicitly mentioned.
-matrix_meshtastic_relay_plugin_global_require_bot_mention: true
-
-# Enabled built-in ("core") plugins.
-# See: https://github.com/jeremiah-k/meshtastic-matrix-relay/wiki/Core-Plugins
-matrix_meshtastic_relay_plugins_ping_enabled: true
-matrix_meshtastic_relay_plugins_health_enabled: true
-matrix_meshtastic_relay_plugins_weather_enabled: true
-matrix_meshtastic_relay_plugins_weather_units: metric
-matrix_meshtastic_relay_plugins_telemetry_enabled: true
-matrix_meshtastic_relay_plugins_map_enabled: true
-matrix_meshtastic_relay_plugins_nodes_enabled: true
-
-# Default configuration passed to the bridge via config.yaml.
-# See `../templates/config.yaml.j2` for what's rendered.
-# Use `matrix_meshtastic_relay_configuration_extension_yaml` to override
-# specific values or add/remove keys without having to maintain a full copy here.
-matrix_meshtastic_relay_configuration_default:
-  matrix:
-    homeserver: "{{ matrix_meshtastic_relay_matrix_homeserver_url }}"
-    password: "{{ matrix_meshtastic_relay_matrix_bot_password }}"
-    bot_user_id: "{{ matrix_meshtastic_relay_matrix_bot_user_id }}"
-    e2ee:
-      enabled: "{{ matrix_meshtastic_relay_e2ee_enabled }}"
-  matrix_rooms: "{{ matrix_meshtastic_relay_matrix_rooms_list }}"
-  meshtastic: "{{ matrix_meshtastic_relay_meshtastic_configuration }}"
-  logging:
-    level: info
-    log_to_file: false
-  database:
-    enable_wal: true
-    busy_timeout_ms: 5000
-    pragmas:
-      synchronous: NORMAL
-      temp_store: MEMORY
-    msg_map:
-      msgs_to_keep: 500
-      wipe_on_restart: true
-  plugins:
-    require_bot_mention: "{{ matrix_meshtastic_relay_plugin_global_require_bot_mention }}"
-    ping:
-      active: "{{ matrix_meshtastic_relay_plugins_ping_enabled }}"
-    health:
-      active: "{{ matrix_meshtastic_relay_plugins_health_enabled }}"
-    weather:
-      active: "{{ matrix_meshtastic_relay_plugins_weather_enabled }}"
-      units: "{{ matrix_meshtastic_relay_plugins_weather_units }}"
-    telemetry:
-      active: "{{ matrix_meshtastic_relay_plugins_telemetry_enabled }}"
-    map:
-      active: "{{ matrix_meshtastic_relay_plugins_map_enabled }}"
-    nodes:
-      active: "{{ matrix_meshtastic_relay_plugins_nodes_enabled }}"
-
-# Connection-type-specific `meshtastic` configuration block used by
-# `matrix_meshtastic_relay_configuration_default`.
-matrix_meshtastic_relay_meshtastic_configuration: |
-  {{
-    (
-      {'connection_type': 'tcp', 'host': matrix_meshtastic_relay_tcp_host}
-      if matrix_meshtastic_relay_connection_type == 'tcp' else
-      (
-        {'connection_type': 'serial', 'serial_port': matrix_meshtastic_relay_serial_port}
-        if matrix_meshtastic_relay_connection_type == 'serial' else
-        (
-          {'connection_type': 'ble', 'ble_address': matrix_meshtastic_relay_ble_address}
-          if matrix_meshtastic_relay_connection_type == 'ble' else {}
-        )
-      )
-    ) | combine({
-      'meshnet_name': matrix_meshtastic_relay_meshnet_name,
-      'broadcast_enabled': matrix_meshtastic_relay_meshtastic_broadcast_enabled,
-      'message_interactions': {
-        'reactions': false,
-        'replies': false,
-      },
-    })
-  }}
-
-# Holds additional configuration values that get merged into the default
-# configuration (see `matrix_meshtastic_relay_configuration_default`).
-#
-# If you need something more special, you can take full control by changing
-# `matrix_meshtastic_relay_configuration` directly.
-matrix_meshtastic_relay_configuration_extension_yaml: |
-  # Your custom YAML configuration goes here.
-  # This configuration extends the default starting configuration (`matrix_meshtastic_relay_configuration_default`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # redefining `matrix_meshtastic_relay_configuration` directly.
-
-matrix_meshtastic_relay_configuration_extension: "{{ matrix_meshtastic_relay_configuration_extension_yaml | from_yaml if matrix_meshtastic_relay_configuration_extension_yaml | from_yaml is mapping else {} }}"
-
-# Holds the final configuration rendered to `config.yaml`.
-# Normally, you don't need to change this variable — use
-# `matrix_meshtastic_relay_configuration_extension_yaml` instead.
-matrix_meshtastic_relay_configuration: "{{ matrix_meshtastic_relay_configuration_default | combine(matrix_meshtastic_relay_configuration_extension, recursive=True) }}"
-
-# matrix_meshtastic_relay_restart_necessary controls whether the service
-# will be restarted (when true) or merely started (when false) by the
-# systemd service manager role (when conditional restart is enabled).
-#
-# This value is automatically computed during installation based on whether
-# any configuration files, the systemd service file, or the container image changed.
-# The default of `false` means "no restart needed" — appropriate when the role's
-# installation tasks haven't run (e.g., due to --tags skipping them).
-matrix_meshtastic_relay_restart_necessary: false
@@ -1,25 +0,0 @@
-# SPDX-FileCopyrightText: 2025 - 2026 luschmar
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- tags:
-    - setup-all
-    - setup-meshtastic-relay
-    - install-all
-    - install-meshtastic-relay
-  block:
-    - when: matrix_meshtastic_relay_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_meshtastic_relay_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-
- tags:
-    - setup-all
-    - setup-meshtastic-relay
-  block:
-    - when: not matrix_meshtastic_relay_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
@@ -1,62 +0,0 @@
-# SPDX-FileCopyrightText: 2025 - 2026 luschmar
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Ensure matrix-meshtastic-relay image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_meshtastic_relay_container_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_meshtastic_relay_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_meshtastic_relay_container_image_force_pull }}"
-  register: matrix_meshtastic_relay_container_image_pull_result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: matrix_meshtastic_relay_container_image_pull_result is not failed
-
- name: Ensure matrix-meshtastic-relay paths exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: '0750'
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - "{{ matrix_meshtastic_relay_base_path }}"
-    - "{{ matrix_meshtastic_relay_config_path }}"
-    - "{{ matrix_meshtastic_relay_data_path }}"
-
- name: Ensure matrix-meshtastic-relay config.yaml is installed
-  ansible.builtin.copy:
-    content: "{{ matrix_meshtastic_relay_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_meshtastic_relay_config_path }}/config.yaml"
-    mode: '0600'
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  register: matrix_meshtastic_relay_config_result
-
- name: Ensure matrix-meshtastic-relay container network is created
-  community.general.docker_network:
-    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
-    name: "{{ matrix_meshtastic_relay_container_network }}"
-    driver: bridge
-    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
-  when: "matrix_meshtastic_relay_connection_type != 'ble'"
-
- name: Ensure matrix-meshtastic-relay.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-meshtastic-relay.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
-    mode: '0644'
-  register: matrix_meshtastic_relay_systemd_service_result
-
- name: Determine whether matrix-meshtastic-relay needs a restart
-  ansible.builtin.set_fact:
-    matrix_meshtastic_relay_restart_necessary: >-
-      {{
-        matrix_meshtastic_relay_config_result.changed | default(false)
-        or matrix_meshtastic_relay_systemd_service_result.changed | default(false)
-        or matrix_meshtastic_relay_container_image_pull_result.changed | default(false)
-      }}
@@ -1,25 +0,0 @@
-# SPDX-FileCopyrightText: 2025 - 2026 luschmar
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Check existence of matrix-meshtastic-relay service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
-  register: matrix_meshtastic_relay_service_stat
-
- when: matrix_meshtastic_relay_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-meshtastic-relay is stopped
-      ansible.builtin.service:
-        name: matrix-meshtastic-relay
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-meshtastic-relay.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
-        state: absent
@@ -1,23 +0,0 @@
-# SPDX-FileCopyrightText: 2025 - 2026 luschmar
-# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Fail if required matrix-meshtastic-relay settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item.name }}`).
-  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
-  with_items:
-    - {'name': 'matrix_meshtastic_relay_matrix_host', when: true}
-    - {'name': 'matrix_meshtastic_relay_matrix_bot_password', when: true}
-    - {'name': 'matrix_meshtastic_relay_connection_type', when: true}
-
- name: Fail if matrix_meshtastic_relay_connection_type is invalid
-  ansible.builtin.fail:
-    msg: >-
-      `matrix_meshtastic_relay_connection_type` must be one of: `tcp`, `serial`, `ble`.
-      Got: `{{ matrix_meshtastic_relay_connection_type }}`.
-  when: "matrix_meshtastic_relay_connection_type not in ['tcp', 'serial', 'ble']"
@@ -1,59 +0,0 @@
-#jinja2: lstrip_blocks: True
-[Unit]
-Description=Matrix <-> Meshtastic bridge
-{% for service in matrix_meshtastic_relay_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_meshtastic_relay_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-meshtastic-relay
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-meshtastic-relay
-
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
-			--rm \
-			--name=matrix-meshtastic-relay \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--tmpfs=/tmp:rw,noexec,nosuid,size=50m \
-			--tmpfs=/.cache:rw,noexec,nosuid,size=50m \
-			--mount type=bind,src={{ matrix_meshtastic_relay_config_path }},dst=/config,ro \
-			--mount type=bind,src={{ matrix_meshtastic_relay_data_path }},dst=/data \
-			{% if matrix_meshtastic_relay_connection_type == 'ble' %}
-			--network=host \
-			--security-opt apparmor=unconfined \
-			--mount type=bind,src=/var/run/dbus,dst=/var/run/dbus,ro \
-			{% else %}
-			--network={{ matrix_meshtastic_relay_container_network }} \
-			{% endif %}
-			{% if matrix_meshtastic_relay_connection_type == 'serial' %}
-			--device={{ matrix_meshtastic_relay_serial_port }} \
-			{% endif %}
-			{% for arg in matrix_meshtastic_relay_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_meshtastic_relay_container_image }} \
-			mmrelay --config /config/config.yaml
-
-{% for network in matrix_meshtastic_relay_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-meshtastic-relay
-{% endfor %}
-
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-meshtastic-relay
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-meshtastic-relay
-ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-meshtastic-relay
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-meshtastic-relay
-
-[Install]
-WantedBy=multi-user.target
@@ -1,4 +0,0 @@
-SPDX-FileCopyrightText: 2025 - 2026 luschmar
-SPDX-FileCopyrightText: 2026 Slavi Pantaleev
-
-SPDX-License-Identifier: AGPL-3.0-or-later
@@ -18,7 +18,7 @@ matrix_postmoogle_container_repo_version: "{{ 'main' if matrix_postmoogle_versio
 matrix_postmoogle_container_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"

 # renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
-matrix_postmoogle_version: v0.9.31
+matrix_postmoogle_version: v0.9.29
 matrix_postmoogle_container_image: "{{ matrix_postmoogle_container_image_registry_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}"
 matrix_postmoogle_container_image_registry_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else matrix_postmoogle_container_image_registry_prefix_upstream }}"
 matrix_postmoogle_container_image_registry_prefix_upstream: "{{ matrix_postmoogle_container_image_registry_prefix_upstream_default }}"
@@ -68,15 +68,19 @@ matrix_postmoogle_database_sslmode: disable

 matrix_postmoogle_database_connection_string: 'postgres://{{ matrix_postmoogle_database_username }}:{{ matrix_postmoogle_database_password }}@{{ matrix_postmoogle_database_hostname }}:{{ matrix_postmoogle_database_port }}/{{ matrix_postmoogle_database_name }}?sslmode={{ matrix_postmoogle_database_sslmode }}'

-matrix_postmoogle_storage_database: "{{ {
-    'sqlite': matrix_postmoogle_sqlite_database_path_in_container,
-    'postgres': matrix_postmoogle_database_connection_string,
-}[matrix_postmoogle_database_engine] }}"
+matrix_postmoogle_storage_database: "{{
+	{
+		'sqlite': matrix_postmoogle_sqlite_database_path_in_container,
+		'postgres': matrix_postmoogle_database_connection_string,
+	}[matrix_postmoogle_database_engine]
+}}"

-matrix_postmoogle_database_dialect: "{{ {
+matrix_postmoogle_database_dialect: "{{
+  {
    'sqlite': 'sqlite3',
    'postgres': 'postgres',
-}[matrix_postmoogle_database_engine] }}"
+  }[matrix_postmoogle_database_engine]
+}}"


 # The bot's username. This user needs to be created manually beforehand.
@@ -164,9 +164,11 @@ matrix_steam_bridge_database_sslmode: disable

 matrix_steam_bridge_database_connection_string: 'postgres://{{ matrix_steam_bridge_database_username }}:{{ matrix_steam_bridge_database_password }}@{{ matrix_steam_bridge_database_hostname }}:{{ matrix_steam_bridge_database_port }}/{{ matrix_steam_bridge_database_name }}?sslmode={{ matrix_steam_bridge_database_sslmode }}'

-matrix_steam_bridge_database_uri: "{{ {
-    'postgres': matrix_steam_bridge_database_connection_string,
-}[matrix_steam_bridge_database_engine] }}"
+matrix_steam_bridge_database_uri: "{{
+	{
+		'postgres': matrix_steam_bridge_database_connection_string,
+	}[matrix_steam_bridge_database_engine]
+}}"

 matrix_steam_bridge_double_puppet_secrets: "{{ matrix_steam_bridge_double_puppet_secrets_auto | combine(matrix_steam_bridge_double_puppet_secrets_custom) }}"
 matrix_steam_bridge_double_puppet_secrets_auto: {}
@@ -30,7 +30,6 @@ matrix_client_commet_container_image_self_build_repo: "https://github.com/commet
 matrix_client_commet_container_image_self_build_git_hash: ""
 matrix_client_commet_container_image_self_build_version_tag: "{{ matrix_client_commet_version }}"
 matrix_client_commet_container_image: "localhost/matrix-client-commet:{{ matrix_client_commet_version }}"
-matrix_client_commet_container_image_force_pull: "{{ matrix_client_commet_container_image.endswith(':latest') or matrix_client_commet_container_image.endswith(':main') }}"

 # The in-container port nginx listens on
 matrix_client_commet_container_port: 8080
@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"

 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.12.17
+matrix_client_element_version: v1.12.15

 matrix_client_element_container_image: "{{ matrix_client_element_container_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_container_image_registry_prefix_upstream }}"
@@ -13,7 +13,7 @@ matrix_continuwuity_enabled: true
 matrix_continuwuity_hostname: ''

 # renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity
-matrix_continuwuity_version: v0.5.8
+matrix_continuwuity_version: v0.5.7

 matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}"
 matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}"
@@ -1909,14 +1909,6 @@ foci = [
 #
 #uri = ""

-# StartTLS for LDAP connections.
-#
-#use_starttls = false
-
-# Skip TLS certificate verification, possibly dangerous.
-#
-#disable_tls_verification = false
-
 # Root of the searches.
 #
 # example: "ou=users,dc=example,dc=org"
@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
 matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"

 # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
-matrix_element_call_version: v0.19.2
+matrix_element_call_version: v0.19.1

 matrix_element_call_scheme: https

@@ -27,7 +27,7 @@ matrix_ketesa_container_image_self_build: false
 matrix_ketesa_container_image_self_build_repo: "https://github.com/etkecc/ketesa.git"

 # renovate: datasource=docker depName=ghcr.io/etkecc/ketesa
-matrix_ketesa_version: v1.2.1
+matrix_ketesa_version: v1.2.0
 matrix_ketesa_container_image: "{{ matrix_ketesa_container_image_registry_prefix }}etkecc/ketesa:{{ matrix_ketesa_version }}"
 matrix_ketesa_container_image_registry_prefix: "{{ 'localhost/' if matrix_ketesa_container_image_self_build else matrix_ketesa_container_image_registry_prefix_upstream }}"
 matrix_ketesa_container_image_registry_prefix_upstream: "{{ matrix_ketesa_container_image_registry_prefix_upstream_default }}"
@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []

 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.4.4
+matrix_livekit_jwt_service_version: 0.4.3

 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
@@ -112,10 +112,12 @@ matrix_registration_database_connection_string: 'postgresql://{{ matrix_registra

 # For some reason, matrix-registraiton expects the `db` field to be like this: `sqlite:////data/db.sqlite3`.
 # (seems like one too many slashes, but..)
-matrix_registration_db: "{{ {
-    'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
-    'postgres': matrix_registration_database_connection_string,
-}[matrix_registration_database_engine] }}"
+matrix_registration_db: "{{
+	{
+		'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
+		'postgres': matrix_registration_database_connection_string,
+	}[matrix_registration_database_engine]
+}}"

 matrix_registration_base_url: "{{ matrix_registration_path_prefix }}"

@@ -208,7 +208,7 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enab

 # Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file.
 # See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled`
-matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto + matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom }}"
+matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto+ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom }}"
 matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: []
 matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: []

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse

 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.152.0
+matrix_synapse_version: v1.151.0

 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -950,7 +950,6 @@ matrix_synapse_workers_presets:
    # Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
    # and disabled in upstream Synapse unless explicitly opted in.
    stream_writer_thread_subscriptions_stream_workers_count: 0
-    stream_writer_quarantined_media_changes_stream_workers_count: 0
  one-of-each:
    room_workers_count: 0
    sync_workers_count: 0
@@ -974,7 +973,6 @@ matrix_synapse_workers_presets:
    # Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
    # and disabled in upstream Synapse unless explicitly opted in.
    stream_writer_thread_subscriptions_stream_workers_count: 0
-    stream_writer_quarantined_media_changes_stream_workers_count: 1
  specialized-workers:
    room_workers_count: 1
    sync_workers_count: 1
@@ -998,7 +996,6 @@ matrix_synapse_workers_presets:
    # Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
    # and disabled in upstream Synapse unless explicitly opted in.
    stream_writer_thread_subscriptions_stream_workers_count: 0
-    stream_writer_quarantined_media_changes_stream_workers_count: 1

 # Controls whether the matrix-synapse container exposes the various worker ports
 # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container.
@@ -1105,10 +1102,6 @@ matrix_synapse_workers_stream_writer_device_lists_stream_workers_count: "{{ matr
 # More than 1 worker is also supported of this type.
 matrix_synapse_workers_stream_writer_thread_subscriptions_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_thread_subscriptions_stream_workers_count'] }}"

-# matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_workers_count controls how many stream writers that handle the `quarantined_media_changes` stream to spawn.
-# More than 1 worker is also supported of this type.
-matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_quarantined_media_changes_stream_workers_count'] }}"
-
 # A list of stream writer workers to enable. This list is built automatically based on other variables.
 # You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually.
 matrix_synapse_workers_stream_writers: |
@@ -1132,8 +1125,6 @@ matrix_synapse_workers_stream_writers: |
    ([{'stream': 'device_lists'}] * matrix_synapse_workers_stream_writer_device_lists_stream_workers_count | int)
    +
    ([{'stream': 'thread_subscriptions'}] * matrix_synapse_workers_stream_writer_thread_subscriptions_stream_workers_count | int)
-    +
-    ([{'stream': 'quarantined_media_changes'}] * matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_workers_count | int)
  }}

 matrix_synapse_workers_stream_writers_container_arguments: []
@@ -2114,7 +2105,6 @@ matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_wor
 matrix_synapse_reverse_proxy_companion_synapse_stream_writer_push_rules_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_push_rules_stream_worker_client_server_endpoints }}"
 matrix_synapse_reverse_proxy_companion_synapse_stream_writer_device_lists_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_device_lists_stream_worker_client_server_endpoints }}"
 matrix_synapse_reverse_proxy_companion_synapse_stream_writer_thread_subscriptions_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_thread_subscriptions_stream_worker_client_server_endpoints }}"
-matrix_synapse_reverse_proxy_companion_synapse_stream_writer_quarantined_media_changes_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_worker_client_server_endpoints }}"
 matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{ matrix_synapse_workers_media_repository_endpoints | default([]) }}"
 matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints | default([]) }}"
 matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register)
@@ -13,7 +13,6 @@
 {% set stream_writer_push_rules_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'push_rules') | list %}
 {% set stream_writer_device_lists_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'device_lists') | list %}
 {% set stream_writer_thread_subscriptions_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'thread_subscriptions') | list %}
-{% set stream_writer_quarantined_media_changes_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'quarantined_media_changes') | list %}
 {% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
 {% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
 {% set stream_writer_client_server_routes = [
@@ -65,12 +64,6 @@
 		'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_thread_subscriptions_stream_worker_client_server_locations,
 		'upstream': 'stream_writer_thread_subscriptions_stream_workers_upstream',
 	},
-	{
-		'doc_url': 'https://element-hq.github.io/synapse/latest/workers.html#the-quarantined_media_changes-stream',
-		'workers': stream_writer_quarantined_media_changes_stream_workers,
-		'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_quarantined_media_changes_stream_worker_client_server_locations,
-		'upstream': 'stream_writer_quarantined_media_changes_stream_workers_upstream',
-	},
 ] %}

 {% macro render_worker_upstream(name, workers, load_balance) %}
@@ -140,13 +140,6 @@ matrix_synapse_workers_stream_writer_thread_subscriptions_stream_worker_client_s
  - ^/_matrix/client/unstable/io.element.msc4306/rooms/.*/thread/.*/subscription$
  - ^/_matrix/client/unstable/io.element.msc4308/thread_subscriptions$

-# matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_worker_client_server_endpoints contains the endpoints serviced by the `quarantined_media_changes` stream writer.
-# Since Synapse v1.152, deployments which route `/_synapse/admin/v1/quarantine_media/` to a worker (rather than the main process) must declare those workers as
-# `quarantined_media_changes` stream writers, otherwise quarantining media will not work.
-# See: https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11520
-matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_worker_client_server_endpoints:
-  - ^/_synapse/admin/v1/quarantine_media/.*$
-
 # matrix_synapse_workers_user_dir_worker_client_server_endpoints contains the endpoints serviced by the `type = user_dir` (`app = generic_worker`) worker.
 # See: https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
 matrix_synapse_workers_user_dir_worker_client_server_endpoints:
@@ -155,11 +148,11 @@ matrix_synapse_workers_user_dir_worker_client_server_endpoints:
 # matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes.
 # This is used for validation purposes. If adding support for a new type, besides adding it to this list,
 # don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc).
-matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions', 'quarantined_media_changes']
+matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions']

 # matrix_synapse_workers_webserving_stream_writer_types contains a list of stream writer types that serve web (client) requests.
 # Not all stream writers serve web requests. Some just perform background tasks.
-matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions', 'quarantined_media_changes']
+matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions']

 # matrix_synapse_workers_systemd_services_list contains a list of systemd services (one for each worker systemd service which serves web requests).
 # This list is built during runtime.
@@ -345,10 +338,8 @@ matrix_synapse_workers_media_repository_endpoints:
  - ^/_synapse/admin/v1/room/.*/media.*$
  - ^/_synapse/admin/v1/user/.*/media.*$
  - ^/_synapse/admin/v1/media/.*$
+  - ^/_synapse/admin/v1/quarantine_media/.*$
  - ^/_synapse/admin/v1/users/.*/media$
-  # `^/_synapse/admin/v1/quarantine_media/.*$` is intentionally not listed here:
-  # Synapse v1.152+ requires its worker to also be a `quarantined_media_changes` stream writer,
-  # so it's now handled by `matrix_synapse_workers_stream_writer_quarantined_media_changes_stream_worker_client_server_endpoints` instead.

 matrix_synapse_workers_user_dir_endpoints:
  # Handles searches in the user directory. It can handle REST endpoints matching
@@ -14,13 +14,10 @@ matrix_playbook_migration_validated_version: ''
 # The version that the playbook expects the user to have validated against.
 # This is bumped whenever a breaking change is introduced.
 # The value configured here needs to exist in `matrix_playbook_migration_breaking_changes` as well.
-matrix_playbook_migration_expected_version: "v2026.04.24.0"
+matrix_playbook_migration_expected_version: "v2026.04.03.0"

 # A list of breaking changes, used to inform users what changed between their validated version and the expected version.
 matrix_playbook_migration_breaking_changes:
-  - version: "v2026.04.24.0"
-    summary: "(BC Break) mautrix-telegram has been rewritten in Go (bridgev2) — the web-based login endpoint, old-style relaybot and several variables have been removed"
-    changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-24"
  - version: "v2026.04.03.0"
    summary: "(BC Break) Synapse Admin is now Ketesa — role renamed and all variables changed from matrix_synapse_admin_* to matrix_ketesa_*"
    changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-03"
@@ -78,7 +78,6 @@
    - custom/matrix-bridge-steam
    - custom/matrix-bridge-heisenbridge
    - custom/matrix-bridge-hookshot
-    - custom/matrix-bridge-meshtastic-relay
    - custom/matrix-bot-matrix-reminder-bot
    - custom/matrix-bot-matrix-registration-bot
    - custom/matrix-bot-maubot