chore(deps): update matrixdotorg/sygnal docker tag to v0.17.0

2026-04-10 16:15:04 +03:00 · 2026-02-17 08:48:02 +00:00
313 changed files with 6081 additions and 4223 deletions
--- a/.codespellrc
+++ b/.codespellrc
@@ -1,2 +1,2 @@
 [codespell]
-ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema,commet,Commet
+ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -9,37 +9,34 @@ name: Matrix CI
 on: [push, pull_request]  # yamllint disable-line rule:truthy
 permissions:
  contents: read
 jobs:
-  prek:
+  yamllint:
-    name: Run prek hooks
+    name: yamllint
    runs-on: ubuntu-latest
    steps:
      - name: Check out
        uses: actions/checkout@v6
      - name: Run yamllint
        uses: frenck/action-yamllint@v1.5.0
  ansible-lint:
    name: ansible-lint
    runs-on: ubuntu-latest
    container:
      image: docker.io/archlinux:base-devel
    steps:
      # git must be installed before checkout so it does a proper clone
      # (with .git directory) instead of a tarball download.
      - name: Install git
        run: pacman -Sy --noconfirm git
      - name: Check out
        uses: actions/checkout@v6
-      - name: Restore prek cache
+      - name: Run ansible-lint
-        uses: actions/cache@v5
+        uses: ansible/ansible-lint@v26.1.1
        with:
-          path: var/prek
+          args: "roles/custom"
-          key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }}
+          setup_python: "true"
-
+          working_directory: ""
-      - name: Install dependencies
+          requirements_file: requirements.yml
-        run: pacman -S --noconfirm --needed just mise python
+  precommit:
-
+    name: Run pre-commit
-      - name: Run prek hooks
+    runs-on: ubuntu-latest
-        run: |
+    steps:
-          # The checkout action sets safe.directory using its own bundled
+      - name: Checkout code
-          # git, which is separate from the pacman-installed git that prek uses.
+        uses: actions/checkout@v6
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+      - name: Run pre-commit
-          just prek-run-on-all
+        uses: pre-commit/action@v3.0.1
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,6 @@
 .python-version
 .idea/
 .direnv/
 /var/
 # ignore roles pulled by ansible-galaxy
 /roles/galaxy/*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,21 +1,22 @@
 ---
 default_install_hook_types: [pre-push]
-exclude: "^(LICENSES/|var/)"
+exclude: "LICENSES/"
 # See: https://pre-commit.com/hooks.html
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      # - id: check-executables-have-shebangs
      - id: check-added-large-files
      - id: check-case-conflict
      - id: check-json
      - id: check-shebang-scripts-are-executable
      - id: check-toml
      - id: trailing-whitespace
      - id: end-of-file-fixer
  - repo: https://github.com/codespell-project/codespell
-    rev: v2.4.2
+    rev: v2.4.1
    hooks:
      - id: codespell
        args: ["--skip=*.po,*.pot,i18n/"]
@@ -23,18 +24,3 @@ repos:
    rev: v6.2.0
    hooks:
      - id: reuse
  - repo: https://github.com/ansible/ansible-lint
    rev: v26.3.0
    hooks:
      - id: ansible-lint
        files: '^roles/custom/'
        args: ['roles/custom']
        pass_filenames: false
  - repo: local
    hooks:
      - id: check-examples-vars-migration-version
        name: Check examples/vars.yml migration version matches expected
        entry: bin/check-examples-vars-migration-version.sh
        language: script
        files: '(examples/vars\.yml|roles/custom/matrix_playbook_migration/defaults/main\.yml)'
        pass_filenames: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,146 +1,3 @@
 # 2026-03-23
 ## Migration validation system introduced
 Previously, when updating your setup, you had to remember to read the [CHANGELOG](CHANGELOG.md) file or risk breakage.
 Now, the playbook includes a migration validation system that ensures you're aware of breaking changes before they affect your deployment.
 You're now forced to acknowledge each breaking change, unless you wish to live dangerously (see below).
 A new `matrix_playbook_migration_validated_version` variable has been introduced.
 **New users** who started from the [example `vars.yml`](examples/vars.yml) file already have this variable set and do not need to do anything.
 **Existing users** will need to add the following to their `vars.yml` file after reviewing all changelog entries up to now:
 ```yml
 matrix_playbook_migration_validated_version: v2026.03.23.0
 ```
 Going forward, whenever a breaking change is introduced the playbook will:
 - bump its expected version value (`matrix_playbook_migration_expected_version`), causing a discrepancy with what you validated (`matrix_playbook_migration_validated_version`)
 - fail when you run it with a helpful message listing what changed and linking to the relevant changelog entries
 After reviewing and adapting your setup, you simply update the variable to the new version.
 If you'd like to live dangerously and skip these checks (not recommended), you can set this once and be done with it:
 ```yml
 matrix_playbook_migration_validated_version: "{{ matrix_playbook_migration_expected_version }}"
 ```
 # 2026-03-19
 ## Matrix Authentication Service now prefers UNIX sockets for playbook-managed Postgres
 When [Matrix Authentication Service](docs/configuring-playbook-matrix-authentication-service.md) (MAS) uses the playbook-managed Postgres service, it now connects to it via a [UNIX socket](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
 This follows the same approach [applied to Synapse](#synapse-now-prefers-unix-sockets-for-playbook-managed-postgres-and-valkey) and reduces unnecessary container-network wiring, keeping local IPC off the network stack.
 If you use an external Postgres server for MAS, this does not change your setup.
 If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
 ```yaml
 matrix_authentication_service_config_database_socket_enabled: false
 ```
 # 2026-03-17
 ## Synapse now prefers UNIX sockets for playbook-managed Postgres and Valkey
 When Synapse uses the playbook-managed Postgres and Valkey services, it now connects to them via [UNIX sockets](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
 This reduces unnecessary container-network wiring and keeps local IPC off the network stack, which is a bit simpler and slightly more secure.
 If you use an external Postgres server or external Redis/Valkey for Synapse, this does not change your setup.
 If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
 ```yaml
 matrix_synapse_database_socket_enabled: false
 matrix_synapse_redis_path_enabled: false
 ```
 # 2026-03-01
 ## (Potential BC Break) Synapse S3 media prefix is now applied consistently
 The `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` variable is now wired consistently for both:
 - the Synapse `s3_storage_provider` module configuration
 - the `matrix-synapse-s3-storage-provider-migrate` migration script (`s3_media_upload --prefix`)
 Previously, this variable could be set, but was not effectively applied by either of these paths.
 **Affects**: users of [synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) who have configured a non-empty `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` value.
 If your bucket data was uploaded without the prefix before this fix, enabling proper prefix usage can make existing objects appear missing until data is migrated/copied to the prefixed key namespace.
 # 2026-02-26
 ## Internal refactor: merged the Synapse reverse-proxy companion role into `matrix-synapse`
 The standalone `matrix-synapse-reverse-proxy-companion` role has been merged into the [matrix-synapse](roles/custom/matrix-synapse/) role.
 This is not a user-facing change and does not change variable names (`matrix_synapse_reverse_proxy_companion_*` remain the same). The split looked clean on paper, but in practice both parts are tightly coupled through worker routing, tags (`setup-synapse`/`install-synapse`), and lifecycle ordering, so keeping them separate added coordination overhead with little practical benefit.
 Compatibility note: existing companion-specific tags (`setup-synapse-reverse-proxy-companion` and `install-synapse-reverse-proxy-companion`) are still available.
 With this change, Synapse and its reverse-proxy companion are managed in one role (`matrix-synapse`) while still keeping companion logic in dedicated task/template subdirectories for maintainability.
 # 2026-02-21
 ## (BC Break) coturn is no longer auto-enabled by default
 By default, the [coturn](./docs/configuring-playbook-turn.md) TURN server component is no longer enabled for every deployment.
 This reduces resources and attach surface for deployments which:
 - either don't need calls at all
 - or use the modern [Matrix RTC](docs/configuring-playbook-matrix-rtc.md)/[Element Call](docs/configuring-playbook-element-call.md) stack.
 Coturn is still auto-enabled when [Jitsi](./docs/configuring-playbook-jitsi.md) is enabled (`jitsi_enabled: true`), because Jitsi still depends on TURN for legacy Matrix integration.
 Additionally, Coturn (when enabled) now defaults to using automatic IP detection of your server's external IP address, instead of assuming your Ansible inventory (`ansible_host`) points to a public address and using it for configuring `coturn_turn_external_ip_address`.
 To restore the old behavior (needed for legacy call setups), add the following configuration to your `vars.yml`:
 ```yml
 coturn_enabled: true
 # If you'd like explicit control over the external IP address (like before), keep this too.
 coturn_turn_external_ip_address: "{{ ansible_host }}"
 ```
 ## LiveKit TURN TLS is now automatically fronted by playbook-managed Traefik
 For deployments that use the playbook-managed Traefik reverse-proxy, LiveKit TURN over TCP is now SSL-terminated at Traefik and passed as plain TCP to LiveKit (`turn.external_tls = true`) by default.
 To disable this behavior, set `livekit_server_config_turn_external_tls: false` and the playbook will revert to the old behavior - using traefik-certs-dumper to extract SSL certificates out of Traefik and pass them to LiveKit for explicit SSL termination there.
 If you are using `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), this change does **not** switch behavior automatically. That mode remains using certificate files in the container (Traefik certificates dumper flow) unless you explicitly set the TURN-Traefik mode variables to opt in.
 # 2026-02-17
 ## (BC Break) prometheus-nginxlog-exporter role has been relocated and variable names need adjustments
 The role for prometheus-nginxlog-exporter has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
 Along with the relocation, the `matrix_prometheus_nginxlog_exporter_` prefix on its variable names has been renamed to `prometheus_nginxlog_exporter_`, so you need to adjust your `vars.yml` configuration.
 As always, the playbook would let you know about this and point out any variables you may have missed.
 ## synapse-auto-invite-accept has been removed from the playbook
 [synapse-auto-invite-accept](./docs/configuring-playbook-synapse-auto-accept-invite.md) has been removed from the playbook, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
 See [this section](./docs/configuring-playbook-synapse-auto-accept-invite.md#native-alternative) for details about how to enable the function on Synapse.
 If you're using any `matrix_synapse_ext_synapse_auto_accept_invite_*` variables, the playbook will let you know which one you'll need to remove from `vars.yml`.
 # 2026-02-16
 ## matrix-appservice-slack has been removed from the playbook
@@ -847,8 +704,8 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:
 ```yaml
-matrix_synapse_admin_container_image: "{{ matrix_synapse_admin_container_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
+matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
-matrix_synapse_admin_container_image_registry_prefix_upstream: docker.io/
+matrix_synapse_admin_docker_image_registry_prefix_upstream: docker.io/
 matrix_synapse_admin_version: 0.10.3
--- a/README.md
+++ b/README.md
@@ -64,7 +64,6 @@ Web clients for Matrix that you can host on your own domains.
 | [Element Web](https://github.com/element-hq/element-web) | ✅ | Default Matrix web client, configured to connect to your own Synapse server | [Link](docs/configuring-playbook-client-element-web.md) |
 | [Hydrogen](https://github.com/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
 | [Cinny](https://github.com/ajbura/cinny) |  ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
 | [Sable](https://github.com/7w1/sable) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-sable.md) |
 | [SchildiChat Web](https://schildi.chat/) | ❌ | Based on Element Web, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat-web.md) |
 | [FluffyChat Web](https://fluffychat.im/) | ❌ | The cutest messenger in Matrix | [Link](docs/configuring-playbook-client-fluffychat-web.md) |
@@ -75,12 +74,13 @@ Services that run on the server to make the various parts of your installation w
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
 | [PostgreSQL](https://www.postgresql.org/)| ✅ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
 | [coturn](https://github.com/coturn/coturn) | ✅ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [Traefik](https://doc.traefik.io/traefik/) | ✅ | Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. [Using your own webserver](docs/configuring-playbook-own-webserver.md) is also possible. | [Link](docs/configuring-playbook-traefik.md) |
 | [Let's Encrypt](https://letsencrypt.org/) | ✅ | Free SSL certificate, which secures the connection to all components | [Link](docs/configuring-playbook-ssl-certificates.md) |
 | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
 | [coturn](https://github.com/coturn/coturn) | ❌ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) |
-| Matrix RTC stack | ❌ | Supporting components ([LiveKit Server](docs/configuring-playbook-livekit-server.md) and [LiveKit JWT Service](docs/configuring-playbook-livekit-jwt-service.md)) for in-app audio/video calls for Matrix clients | [Link](docs/configuring-playbook-matrix-rtc.md) |
+| [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) |
 | [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) |
 ### Authentication
@@ -171,6 +171,7 @@ Various services that don't fit any other categories.
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
 | [synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite) | ❌ | Synapse module to automatically accept invites | [Link](docs/configuring-playbook-synapse-auto-accept-invite.md) |
 | [synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) | ❌ | Cli tool that automatically compresses `state_groups` database table in background | [Link](docs/configuring-playbook-synapse-auto-compressor.md) |
 | [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | ❌ | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
 | [Matrix.to](https://github.com/matrix-org/matrix.to) | ❌ | Simple URL redirection service for the Matrix ecosystem | [Link](docs/configuring-playbook-matrixto.md) |
--- a/bin/check-examples-vars-migration-version.sh
+++ b/bin/check-examples-vars-migration-version.sh
@@ -1,35 +0,0 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 # Ensures that the migration validated version in examples/vars.yml
 # matches the expected version in the matrix_playbook_migration role defaults.
 set -euo pipefail
 defaults_file="roles/custom/matrix_playbook_migration/defaults/main.yml"
 examples_file="examples/vars.yml"
 expected_version=$(grep -oP '^matrix_playbook_migration_expected_version:\s*"?\K[^"]+' "$defaults_file")
 examples_version=$(grep -oP '^matrix_playbook_migration_validated_version:\s*"?\K[^"]+' "$examples_file")
 if [ -z "$expected_version" ]; then
 	echo "ERROR: Could not extract matrix_playbook_migration_expected_version from $defaults_file"
 	exit 1
 fi
 if [ -z "$examples_version" ]; then
 	echo "ERROR: Could not extract matrix_playbook_migration_validated_version from $examples_file"
 	exit 1
 fi
 if [ "$expected_version" != "$examples_version" ]; then
 	echo "ERROR: Migration version mismatch!"
 	echo "  $defaults_file has expected version: $expected_version"
 	echo "  $examples_file has validated version: $examples_version"
 	echo ""
 	echo "Please update $examples_file to match."
 	exit 1
 fi
--- a/bin/rebuild-mautrix-meta-instagram.sh
+++ b/bin/rebuild-mautrix-meta-instagram.sh
--- a/docs/configuring-playbook-bot-baibot.md
+++ b/docs/configuring-playbook-bot-baibot.md
@@ -39,35 +39,16 @@ Depending on your current `vars.yml` file and desired configuration, **you may r
 To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 Authentication can be configured in one of two mutually-exclusive ways:
 - **Password authentication** (`matrix_bot_baibot_config_user_password`) - recommended for most playbook-managed setups, because it integrates with automatic user creation flow used by the playbook, and auto-creates the bot account
 - **Access-token authentication** (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) - useful for specific [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md)/OIDC setups where password authentication is not available or not desired
 Even when [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) is enabled, password authentication is still typically the best fit for baibot if you're using a playbook-managed bot account.
 For upstream details, see baibot's [🔐 Authentication](https://github.com/etkecc/baibot/blob/main/docs/configuration/authentication.md) documentation.
 ```yaml
 matrix_bot_baibot_enabled: true
 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_baibot_config_user_mxid_localpart: baibot
 # Authentication mode (choose exactly one):
 #
 # 1) Password authentication (recommended for most setups)
 # Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
 # If you'd like to change this password subsequently, see the details below.
 matrix_bot_baibot_config_user_password: 'PASSWORD_FOR_THE_BOT'
 # 2) Access-token authentication (for MAS/OIDC-enabled homeservers)
 # matrix_bot_baibot_config_user_access_token: 'YOUR_MAS_COMPATIBILITY_TOKEN_HERE'
 # matrix_bot_baibot_config_user_device_id: 'BAIBOT'
 #
 # You can generate a compatibility token for MAS with:
 # mas-cli manage issue-compatibility-token <username> [device_id]
 # An optional passphrase to use for backing up and recovering the bot's encryption keys.
 # You can create one with a command like `pwgen -s 64 1`.
 #
@@ -406,15 +387,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use
 **Notes**:
- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
 - If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable.
 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)
+- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password.
 ## Usage
--- a/docs/configuring-playbook-client-sable.md
+++ b/docs/configuring-playbook-client-sable.md
@@ -1,71 +0,0 @@
 <!--
 SPDX-FileCopyrightText: 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Setting up Sable (optional)
 The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you.
 Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others.
 ## Adjusting DNS records
 By default, this playbook installs Sable on the `sable.` subdomain (`sable.example.com`) and requires you to create a CNAME record for `sable`, which targets `matrix.example.com`.
 When setting, replace `example.com` with your own.
 ## Adjusting the playbook configuration
 To enable Sable, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 sable_enabled: true
 ```
 ### Adjusting the Sable URL (optional)
 By tweaking the `sable_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
 Example additional configuration for your `vars.yml` file:
 ```yaml
 # Switch to a different domain (`app.example.com`) than the default one (`sable.example.com`)
 sable_hostname: "app.{{ matrix_domain }}"
 # Expose under the /sable subpath
 # sable_path_prefix: /sable
 ```
 After changing the domain, **you may need to adjust your DNS** records to point the Sable domain to the Matrix server.
 **Note**: while there is a `sable_path_prefix` variable for changing the path where Sable is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Sable requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Sable at a dedicated subdomain.
 ### Extending the configuration
 There are some additional things you may wish to configure about the component.
 Take a look at:
 - `roles/galaxy/sable/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 - `roles/galaxy/sable/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `sable_configuration_extension_json` variable
 ## Installing
 After configuring the playbook and [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
 <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
 `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
 ## Troubleshooting
 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-sable`.
--- a/docs/configuring-playbook-continuwuity.md
+++ b/docs/configuring-playbook-continuwuity.md
@@ -58,14 +58,9 @@ matrix_continuwuity_environment_variables_extension: |
 Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.
-On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:
+If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
-```sh
+This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
 # Adjust the duration if necessary or remove the whole --since argument
 journalctl -u matrix-continuwuity.service --since="10 minutes ago"
 ```
 Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
 The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.
--- a/docs/configuring-playbook-email.md
+++ b/docs/configuring-playbook-email.md
@@ -17,16 +17,6 @@ The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online
 - 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
 ## Why use exim-relay?
 **Benefits of using exim-relay** instead of configuring SMTP directly in each service:
 1. **Final delivery capability**: Can deliver emails directly if you don't have an SMTP server
 2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component
 3. **Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable
 ## Firewall settings
 No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration).
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -18,9 +18,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 The playbook can install and configure the [Jitsi](https://jitsi.org/) video-conferencing platform for you.
 Because Jitsi still requires a TURN server, enabling Jitsi
 automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it.
 Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.
 💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.
--- a/docs/configuring-playbook-livekit-server.md
+++ b/docs/configuring-playbook-livekit-server.md
@@ -15,7 +15,7 @@ LiveKit Server is an open source project that provides scalable, multi-user conf
 The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
- 📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
+- 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
 ## Adjusting firewall rules
@@ -29,43 +29,10 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
 - `5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below.
- `30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server.
+💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
 💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly.
 ## TURN TLS handling
 When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled.
 - The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`.
 - `livekit_server_config_turn_external_tls` is automatically enabled for this setup.
 - Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode.
 To opt out and keep TURN TLS termination in LiveKit itself, set:
 ```yml
 livekit_server_config_turn_external_tls: false
 ```
 In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled.
 If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before.
 Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:
 ```yml
 livekit_server_config_turn_external_tls: true
 livekit_server_container_labels_turn_traefik_enabled: true
 livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-traffic-entrypoint>"
 ```
 and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.
 ## Limitations
-LiveKit Server's TURN listener behavior depends on where TLS is terminated:
+For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
- Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible.
+It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
 - With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit.
 It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
--- a/docs/configuring-playbook-matrix-rtc.md
+++ b/docs/configuring-playbook-matrix-rtc.md
@@ -17,8 +17,8 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
 - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
 - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
+- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
+- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
 - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
 > [!WARNING]
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -83,7 +83,7 @@ See the project's [documentation](https://github.com/martin-helmich/prometheus-n
 To enable it, add the following configuration to your `vars.yml` file:
 ```yaml
-prometheus_nginxlog_exporter_enabled: true
+matrix_prometheus_nginxlog_exporter_enabled: true
 ```
 If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be created.
@@ -95,8 +95,8 @@ If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be creat
 At the moment of writing only images for `amd64` and `arm64` architectures are available. The playbook currently does not support [self-building](./self-building.md) a container image on other architectures. You can however use a custom-build image by setting:
 ```yaml
-prometheus_nginxlog_exporter_container_image_arch_check_enabled: false
+matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
-prometheus_nginxlog_exporter_container_image: path/to/docker/image:tag
+matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
 ```
 ### Extending the configuration
@@ -106,7 +106,7 @@ There are some additional things you may wish to configure about Prometheus and
 Take a look at:
 - [Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `prometheus_configuration_extension_yaml` variable
- `roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 ## Adjusting the playbook configuration — Grafana
@@ -178,11 +178,11 @@ Name | Description
 `matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
 `matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
 `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
-`prometheus_node_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
+`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
-`prometheus_postgres_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
+`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
-`prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
+`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
-`prometheus_nginxlog_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
+`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
 ### Expose metrics of other services/roles
--- a/docs/configuring-playbook-synapse-auto-accept-invite.md
+++ b/docs/configuring-playbook-synapse-auto-accept-invite.md
@@ -1,26 +1,45 @@
 <!--
-SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2024 MDAD project contributors
-SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
 SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2023 Justin Croonenberghs
 SPDX-FileCopyrightText: 2023 Kuba Orlik
 SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
 SPDX-FileCopyrightText: 2023 Samuel Meenzen
 SPDX-FileCopyrightText: 2024 Fabio Bonelli
 SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
-# Setting up Synapse Auto Invite Accept (optional, removed)
+# Setting up Synapse Auto Invite Accept (optional)
-🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
+The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you.
 In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
 See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you.
 **Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.
 ## Adjusting the playbook configuration
 If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
 matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true
 ```
 ### Synapse worker deployments
 In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:
 ```yaml
 matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0'
 ```
 There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
 ## Native alternative
 Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse.
 Here's example configuration for using the **native** Synapse feature:
 ```yaml
--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -177,8 +177,6 @@ By default, we periodically ensure that all local files are uploaded to S3 and a
 - … invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
 - … triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00
 The same `migrate` script also prunes empty directories in the local media repository (`remote_content` and `remote_thumbnail`) after upload/delete operations.
 So… you don't need to perform any maintenance yourself.
 The schedule is defined in the format of systemd timer calendar. To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -76,33 +76,10 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and
 When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable.
-The `matrix-synapse` role also manages the `matrix-synapse-reverse-proxy-companion` component for load-balancing with workers. This component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.
+A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.
 In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/element-hq/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
 ### Limit joining heavy rooms on constrained hosts
 If your server is underpowered, joining heavy rooms can cause Synapse to consume a lot of resources and be unavailable for long (while it catches up).
 To avoid this, Synapse can be configured to reject joins for remote rooms that are too complex before users enter them.
 Complexity is computed as `current_state_events / 500` (Synapse state event count for current room state). When the resulting value is higher than `matrix_synapse_limit_remote_rooms_complexity` and `matrix_synapse_limit_remote_rooms_enabled` is `true`, Synapse blocks joining the room.
 We recommend using this as a guardrail on low-resource servers:
 ```yaml
 matrix_synapse_limit_remote_rooms_enabled: true
 # Tweak as necessary
 matrix_synapse_limit_remote_rooms_complexity: 1.0
 # Uncomment and tweak if necessary
 # matrix_synapse_limit_remote_rooms_complexity_error: "Your homeserver is unable to join rooms this large or complex. Please speak to your server administrator, or upgrade your instance to join this room."
 # If you'd like your admins to be exempt from this limit, uncomment the line below
 # matrix_synapse_limit_remote_rooms_admins_can_join: true
 ```
 ### Synapse + OpenID Connect for Single-Sign-On
 💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment.
--- a/docs/configuring-playbook-turn.md
+++ b/docs/configuring-playbook-turn.md
@@ -13,50 +13,34 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 # Configuring a TURN server (optional, advanced)
-By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default.
+By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document.
-If you explicitly need coturn while not using Jitsi, enable it with:
+If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it.
 ```yaml
 coturn_enabled: true
 ```
 and configure its IP-related settings in the section below.
 If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below.
 When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-matrix-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn.
 ## Adjusting firewall rules
 To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:
 - `3478/tcp`: STUN/TURN over TCP
 - `3478/udp`: STUN/TURN over UDP
 - `5349/tcp`: TURN over TCP
 - `5349/udp`: TURN over UDP
 - `49152-49172/udp`: TURN/UDP relay range
 If LiveKit's embedded TURN is enabled at the same time (for MatrixRTC/Element Call), keep the Coturn relay range distinct from LiveKit's relay range (`livekit_server_config_turn_relay_range_start`/`livekit_server_config_turn_relay_range_end`).
 💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself.
 ## Adjusting the playbook configuration
 ### Define public IP manually (optional)
-If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:
+In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn.
 If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server.
 ```yaml
-# You can define multiple IP addresses if your server has multiple external IP addresses
+coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
 coturn_turn_external_ip_addresses: ["YOUR_PUBLIC_IP"]
 ```
-If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
+If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
 >[!NOTE]
 > You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.
 If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
 ```yaml
 # Note: coturn_turn_external_ip_addresses is different than coturn_turn_external_ip_address
 coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
 ```
 ### Change the authentication mechanism (optional)
 The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better.
@@ -135,14 +119,14 @@ Take a look at:
 ## Disabling coturn
-Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it.
+If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:
 To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:
 ```yaml
 coturn_enabled: false
 ```
 In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail.
 ## Installing
 After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -87,8 +87,6 @@ Web clients for Matrix that you can host on your own domains.
 - [Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabled [Cinny](https://github.com/ajbura/cinny), a web client focusing primarily on simple, elegant and secure interface
 - [Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface
 - [Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks
 - [Setting up FluffyChat Web](configuring-playbook-client-fluffychat-web.md), if you've enabled [FluffyChat Web](https://github.com/krille-chan/fluffychat), a cute cross-platform messenger (web, iOS, Android) for Matrix written in [Flutter](https://flutter.dev/)
@@ -235,6 +233,8 @@ Various services that don't fit any other categories.
 - [Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)
 - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
 - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers
 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)
@@ -290,5 +290,3 @@ Various services that don't fit any other categories.
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))
 - [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))
 - [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -39,7 +39,6 @@ Web clients for Matrix that you can host on your own domains.
 | [Element Web](configuring-playbook-client-element-web.md) | [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) | ✅ | Default Matrix web client, configured to connect to your own Synapse server |
 | [Hydrogen](configuring-playbook-client-hydrogen.md) | [element-hq/hydrogen-web](https://ghcr.io/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support |
 | [Cinny](configuring-playbook-client-cinny.md) | [ajbura/cinny](https://hub.docker.com/r/ajbura/cinny) | ❌ | Simple, elegant and secure web client |
 | [Sable](configuring-playbook-client-sable.md) | [7w1/sable](https://ghcr.io/7w1/sable) | ❌ | Simple, elegant and secure web client |
 | [SchildiChat Web](configuring-playbook-client-schildichat-web.md) | [etke.cc/schildichat-web](https://ghcr.io/etkecc/schildichat-web) | ❌ | Based on Element Web, with a more traditional instant messaging experience |
 ## Server Components
@@ -150,6 +149,7 @@ Various services that don't fit any other categories.
 | Service | Container image | Default? | Description |
 | ------- | --------------- | -------- | ----------- |
 | [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
 | [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
 | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
 | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
@@ -185,4 +185,3 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
 | [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
 | [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
 | [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -305,23 +305,18 @@ See [Serving the base domain](configuring-playbook-base-domain-serving.md).
 ### How do I optimize this setup for a low-power server?
 For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md)).
 You can disable some not-so-important services to save on memory.
 ```yaml
 # Disabling this will prevent email-notifications and other such things from working.
 exim_relay_enabled: false
 ```
-If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
+# You can also disable this to save more RAM,
 # at the expense of audio/video calls being unreliable.
 coturn_enabled: false
-
+# This makes Synapse not keep track of who is online/offline.
-#### Synapse-specific optimizations
+#
 If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:
 ```yaml
 # Keeping track of this and announcing such online-status in federated rooms with
 # hundreds of servers inside is insanely heavy (https://github.com/matrix-org/synapse/issues/3971).
 #
@@ -329,14 +324,18 @@ If you're using [Synapse](configuring-playbook-synapse.md), you can also conside
 matrix_synapse_presence_enabled: false
 ```
-You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:
+You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:
 ```yaml
-# See: docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
+matrix_synapse_configuration_extension_yaml: |
-matrix_synapse_limit_remote_rooms_enabled: true
+  limit_remote_rooms:
-matrix_synapse_limit_remote_rooms_complexity: 1.0
+    enabled: true
    complexity: 1.0 # this limits joining complex (~large) rooms, can be
 					# increased, but larger values can require more RAM
 ```
 If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
 ### I already have Docker on my server. Can you stop installing Docker via the playbook?
 Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
--- a/docs/installing.md
+++ b/docs/installing.md
@@ -146,7 +146,6 @@ After completing the installation, you can:
 - or learn how to [maintain your server](faq.md#maintenance)
 - or join some Matrix rooms:
  * via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers.
    For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
  * or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
 - or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))
--- a/docs/maintenance-synapse.md
+++ b/docs/maintenance-synapse.md
@@ -83,8 +83,6 @@ You should then be able to browse the adminer database administration GUI at htt
 Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_presence_enabled: false` to your `vars.yml` file.
 On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
 If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).
 [Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -57,7 +57,12 @@ We will be using `example.com` as the domain in the following instruction. Pleas
  - `80/tcp`: HTTP webserver
  - `443/tcp` and `443/udp`: HTTPS webserver
  - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
  - `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
  - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
  - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
  - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
  - the range `49152-49172/udp`: TURN over UDP
  - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.
 ---------------------------------------------
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -30,7 +30,6 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-client-element`
 - `hydrogen`
 - `cinny`
 - `sable`
 - `matrix-registration`
 - `coturn`
 - `matrix-corporal`
--- a/examples/hosts
+++ b/examples/hosts
@@ -1,3 +1,6 @@
 # We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.
 # If you'd rather use a local IP here, make sure to set up `coturn_turn_external_ip_address`.
 #
 # To connect using a non-root user (and elevate to root with sudo later),
 # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
 # If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
@@ -15,4 +18,4 @@
 # to the host line below.
 [matrix_servers]
-matrix.example.com ansible_host=<your-server's domain name or IP address> ansible_ssh_user=root
+matrix.example.com ansible_host=<your-server's external IP address> ansible_ssh_user=root
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -1,9 +1,4 @@
 ---
 # This variable acknowledges that you've reviewed breaking changes up to this version.
 # The playbook will fail if this is outdated, guiding you through what changed.
 # See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
 matrix_playbook_migration_validated_version: v2026.03.23.0
 # The bare domain name which represents your Matrix identity.
 # Matrix user IDs for your server will be of the form (`@alice:example.com`).
 #
@@ -58,10 +53,18 @@ devture_systemd_docker_base_ipv6_enabled: true
 # The value used here must be shorter than 100 characters.
 postgres_connection_password: ''
-# You can limit heavy room joins on constrained hosts.
+# By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
-# See:
+# If this value is an external IP address, you can skip this section.
 # docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
 #
-# matrix_synapse_limit_remote_rooms_enabled: true
+# If `ansible_host` is not the server's external IP address, you have 2 choices:
-# matrix_synapse_limit_remote_rooms_complexity: 1.0
+# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
-# matrix_synapse_limit_remote_rooms_admins_can_join: false
+# 2. Uncomment and adjust the line below to specify an IP address manually
 #
 # By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
 # Default values for this are specified in `coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
 # (see `roles/galaxy/coturn/defaults/main.yml`).
 #
 # If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
 # Example: `coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
 #
 # coturn_turn_external_ip_address: ''
--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,6 @@
          devShells.default = mkShell {
            buildInputs = [
              just
              mise
              ansible
            ];
            shellHook = ''
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -1,13 +1,13 @@
 alabaster==1.0.0
 babel==2.18.0
-certifi==2026.2.25
+certifi==2026.1.4
-charset-normalizer==3.4.6
+charset-normalizer==3.4.4
 click==8.3.1
 docutils==0.22.4
 idna==3.11
-imagesize==2.0.0
+imagesize==1.4.1
 Jinja2==3.1.6
-linkify-it-py==2.1.0
+linkify-it-py==2.0.3
 markdown-it-py==4.0.0
 MarkupSafe==3.0.3
 mdit-py-plugins==0.5.0
@@ -17,17 +17,17 @@ packaging==26.0
 Pygments==2.19.2
 PyYAML==6.0.3
 requests==2.32.5
-setuptools==82.0.1
+setuptools==82.0.0
 snowballstemmer==3.0.1
 Sphinx==9.1.0
 sphinx-intl==2.3.2
-sphinx-markdown-builder==0.6.10
+sphinx-markdown-builder==0.6.9
 sphinxcontrib-applehelp==2.0.0
 sphinxcontrib-devhelp==2.0.0
 sphinxcontrib-htmlhelp==2.1.0
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
-tabulate==0.10.0
+tabulate==0.9.0
-uc-micro-py==2.0.0
+uc-micro-py==1.0.3
 urllib3==2.6.3
--- a/50
+++ b/50
@@ -4,11 +4,6 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 # mise (dev tool version manager)
 mise_data_dir := env("MISE_DATA_DIR", justfile_directory() / "var/mise")
 mise_trusted_config_paths := justfile_directory() / "mise.toml"
 prek_home := env("PREK_HOME", justfile_directory() / "var/prek")
 # Shows help
 default:
    @{{ just_executable() }} --list --justfile "{{ justfile() }}"
@@ -44,39 +39,9 @@ update-playbook-only:
    @git pull -q
    @-git stash pop -q
-# Invokes mise with the project-local data directory
+# Runs ansible-lint against all roles in the playbook
-mise *args: _ensure_mise_data_directory
+lint:
-    #!/bin/sh
+    ansible-lint
    export MISE_DATA_DIR="{{ mise_data_dir }}"
    export MISE_TRUSTED_CONFIG_PATHS="{{ mise_trusted_config_paths }}"
    export MISE_YES=1
    export PREK_HOME="{{ prek_home }}"
    mise {{ args }}
 # Runs prek (pre-commit hooks manager) with the given arguments
 prek *args: _ensure_mise_tools_installed
    @{{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek {{ args }}
 # Runs pre-commit hooks on staged files
 prek-run-on-staged *args: _ensure_mise_tools_installed
    @{{ just_executable() }} --justfile "{{ justfile() }}" prek run {{ args }}
 # Runs pre-commit hooks on all files
 prek-run-on-all *args: _ensure_mise_tools_installed
    @{{ just_executable() }} --justfile "{{ justfile() }}" prek run --all-files {{ args }}
 # Installs the git pre-commit hook
 prek-install-git-pre-commit-hook: _ensure_mise_tools_installed
    #!/usr/bin/env sh
    set -eu
    {{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek install
    hook="{{ justfile_directory() }}/.git/hooks/pre-commit"
    # The installed git hook runs later under Git, outside this just/mise environment.
    # Injecting PREK_HOME keeps prek's cache under var/prek instead of a global home dir,
    # which is more predictable and works better in sandboxed tools like Codex/OpenCode.
    if [ -f "$hook" ] && ! grep -q '^export PREK_HOME=' "$hook"; then
        sed -i '2iexport PREK_HOME="{{ prek_home }}"' "$hook"
    fi
 # Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
 install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
@@ -119,12 +84,3 @@ stop-group group *extra_args:
 # Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
 rebuild-mautrix-meta-instagram:
    /bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom"
 # Internal - ensures var/mise and var/prek directories exist
 _ensure_mise_data_directory:
    @mkdir -p "{{ mise_data_dir }}"
    @mkdir -p "{{ prek_home }}"
 # Internal - ensures mise tools are installed
 _ensure_mise_tools_installed: _ensure_mise_data_directory
    @{{ just_executable() }} --justfile "{{ justfile() }}" mise install --quiet
--- a/mise.toml
+++ b/mise.toml
@@ -1,9 +0,0 @@
 # SPDX-FileCopyrightText: 2026 Slavi Pantaleev
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 [tools]
 prek = "0.3.2"
 [settings]
 yes = true
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,20 +4,20 @@
  version: v1.0.0-6
  name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
-  version: v1.4.3-2.1.3-2
+  version: v1.4.3-2.1.1-0
  name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
-  version: v4.11.1-1
+  version: v4.10.3-0
  name: cinny
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
-  version: v0.4.2-4
+  version: v0.4.2-3
  name: container_socket_proxy
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git
-  version: v4.9.0-1
+  version: v4.8.0-1
  name: coturn
  activation_prefix: coturn_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ddclient.git
-  version: v4.0.0-2
+  version: v4.0.0-0
  name: ddclient
  activation_prefix: ddclient_
 - src: git+https://github.com/geerlingguy/ansible-role-docker
@@ -27,25 +27,25 @@
  version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
  name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.6.1-3
+  version: v2.6.1-0
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.99.1-r0-0-1
+  version: v4.98.1-r0-2-3
  name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.5-9
+  version: v11.6.5-6
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
-  version: v0.5.1-2
+  version: v0.5.1-0
  name: hydrogen
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10741-2
+  version: v10741-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.9.12-1
+  version: v1.9.11-1
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.19.2-1
+  version: v2.17.0-0
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: 8630e4f1749bcb659c412820f754473f09055052
@@ -57,41 +57,35 @@
  version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
  name: playbook_state_preserver
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
-  version: v18.3-1
+  version: v18.2-1
  name: postgres
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
-  version: v18-2
+  version: v18-0
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.10.0-1
+  version: v3.9.1-0
  name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
  version: v1.10.0-2
  name: prometheus_nginxlog_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.10.2-0
+  version: v1.9.1-13
  name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.19.1-3
+  version: v0.19.0-0
  name: prometheus_postgres_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
  version: v1.6.0-2
  name: sable
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
-  version: v1.5.0-0
+  version: v1.4.1-0
  name: systemd_docker_base
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
-  version: v3.2.0-0
+  version: v3.0.0-1
  name: systemd_service_manager
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.11-2
+  version: v3.6.8-4
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-5
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
-  version: v9.0.3-3
+  version: v9.0.2-0
  name: valkey
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2026.3.18
+matrix_alertmanager_receiver_version: 2026.2.11
 matrix_alertmanager_receiver_scheme: https
--- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
@@ -1,5 +1,5 @@
 # SPDX-FileCopyrightText: 2024 MDAD project contributors
-# SPDX-FileCopyrightText: 2024 - 2026 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 # SPDX-FileCopyrightText: 2024 Suguru Hirahara
 #
@@ -17,17 +17,16 @@ matrix_appservice_draupnir_for_all_version: "v2.9.0"
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
-matrix_appservice_draupnir_for_all_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream }}"
-matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}"
+matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
-matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "gnuxie/draupnir"
+matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
 matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}"
 matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
 matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config"
 matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data"
-matrix_appservice_draupnir_for_all_container_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
+matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
 matrix_appservice_draupnir_for_all_container_network: ""
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
@@ -22,15 +22,15 @@
    - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true}
    - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true}
    - {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure Draupnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
+    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_draupnir_for_all_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}"
  when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool"
  register: matrix_appservice_draupnir_for_all_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -40,8 +40,8 @@
 - name: Ensure Draupnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}"
-    dest: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
-    version: "{{ matrix_appservice_draupnir_for_all_container_image.split(':')[1] }}"
+    version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -50,12 +50,12 @@
 - name: Ensure Draupnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
+    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
    source: build
    force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
+      path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
      pull: true
  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
@@ -7,23 +7,6 @@
 ---
 - name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
    - {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image', 'new': 'matrix_appservice_draupnir_for_all_container_image'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_force_pull', 'new': 'matrix_appservice_draupnir_for_all_container_image_force_pull'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_appservice_draupnir_for_all_docker_src_files_path', 'new': 'matrix_appservice_draupnir_for_all_container_src_files_path'}
 - name: Fail if required matrix-bot-draupnir variables are undefined
  ansible.builtin.fail:
    msg: "The `{{ item }}` variable must be defined and have a non-null value."
@@ -31,3 +14,14 @@
    - "matrix_appservice_draupnir_for_all_config_adminRoom"
    - "matrix_bot_draupnir_container_network"
  when: "lookup('vars', item, default='') == '' or lookup('vars', item, default='') is none"
 - name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
    - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
    - {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}
--- a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
+++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_draupnir_for_all_container_image }} \
+			{{ matrix_appservice_draupnir_for_all_docker_image }} \
 			appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml
 {% for network in matrix_appservice_draupnir_for_all_container_additional_networks %}
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.13.0
+matrix_authentication_service_version: 1.11.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -300,15 +300,6 @@ matrix_authentication_service_config_database_idle_timeout: 600
 # Controls the `database.max_lifetime` configuration setting.
 matrix_authentication_service_config_database_max_lifetime: 1800
 # Controls whether the database connection is made via a UNIX socket.
 matrix_authentication_service_config_database_socket_enabled: false
 # The path to the Postgres socket's parent directory inside the MAS container.
 matrix_authentication_service_config_database_socket_path: "/run-postgres"
 # The path to the Postgres socket directory on the host (bind-mount source).
 matrix_authentication_service_config_database_socket_path_host: ""
 ########################################################################################
 #                                                                                      #
 # /Database configuration                                                              #
@@ -622,10 +613,6 @@ matrix_authentication_service_syn2mas_synapse_homeserver_config_path: ""
 matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}"
 matrix_authentication_service_syn2mas_synapse_database_socket_enabled: false
 matrix_authentication_service_syn2mas_synapse_database_socket_path: ""
 matrix_authentication_service_syn2mas_synapse_database_socket_path_host: ""
 # Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`).
 # Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options`
 #
--- a/roles/custom/matrix-authentication-service/tasks/install.yml
+++ b/roles/custom/matrix-authentication-service/tasks/install.yml
@@ -33,25 +33,6 @@
      loop_control:
        loop_var: private_key_definition
    # We intentionally do a single fixup pass here (instead of in `prepare_key.yml`)
    # so that we reconcile both newly generated keys and any pre-existing keys with
    # incorrect ownership/mode in one place.
    #
    # This primarily protects against setups where `become_user` is effectively not
    # honored (for example due to inventory misconfiguration such as `ansible_become=false`),
    # which can lead to host-side key generation creating root-owned files.
    #
    # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
    - name: Ensure Matrix Authentication Service private keys have correct ownership and mode
      ansible.builtin.file:
        path: "{{ matrix_authentication_service_data_keys_path }}/{{ item.key_file }}"
        state: file
        mode: '0600'
        owner: "{{ matrix_user_name }}"
        group: "{{ matrix_group_name }}"
      with_items: "{{ matrix_authentication_service_key_management_list }}"
      register: matrix_authentication_service_private_keys_result
 - name: Ensure Matrix Authentication Service configuration installed
  ansible.builtin.copy:
    content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
@@ -136,5 +117,4 @@
        or matrix_authentication_service_support_files_result.changed | default(false)
        or matrix_authentication_service_systemd_service_result.changed | default(false)
        or matrix_authentication_service_container_image_pull_result.changed | default(false)
        or matrix_authentication_service_private_keys_result.changed | default(false)
      }}
--- a/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
+++ b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
@@ -71,12 +71,6 @@
      --mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro
      --mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro
      --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro
      {% if matrix_authentication_service_config_database_socket_enabled %}
      --mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }}
      {% endif %}
      {% if matrix_authentication_service_syn2mas_synapse_database_socket_enabled and (not matrix_authentication_service_config_database_socket_enabled or matrix_authentication_service_syn2mas_synapse_database_socket_path != matrix_authentication_service_config_database_socket_path) %}
      --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_database_socket_path_host }},dst={{ matrix_authentication_service_syn2mas_synapse_database_socket_path }}
      {% endif %}
      {{ matrix_authentication_service_container_image }}
      syn2mas
      --synapse-config=/homeserver.yaml
--- a/roles/custom/matrix-authentication-service/tasks/validate_config.yml
+++ b/roles/custom/matrix-authentication-service/tasks/validate_config.yml
@@ -14,8 +14,7 @@
    - {'name': 'matrix_authentication_service_hostname', when: true}
    - {'name': 'matrix_authentication_service_config_database_username', when: true}
    - {'name': 'matrix_authentication_service_config_database_password', when: true}
-    - {'name': 'matrix_authentication_service_config_database_host', when: "{{ not matrix_authentication_service_config_database_socket_enabled }}"}
+    - {'name': 'matrix_authentication_service_config_database_host', when: true}
    - {'name': 'matrix_authentication_service_config_database_socket_path_host', when: "{{ matrix_authentication_service_config_database_socket_enabled }}"}
    - {'name': 'matrix_authentication_service_config_database_database', when: true}
    - {'name': 'matrix_authentication_service_config_secrets_encryption', when: true}
    - {'name': 'matrix_authentication_service_config_matrix_homeserver', when: true}
--- a/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2
+++ b/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2
@@ -28,9 +28,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--label-file={{ matrix_authentication_service_config_path }}/labels \
 			--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro \
 			--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro \
 			{% if matrix_authentication_service_config_database_socket_enabled %}
 			--mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }} \
 			{% endif %}
 			{% for arg in matrix_authentication_service_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -92,10 +92,6 @@ matrix_homeserver_enabled: true
 # Note that the homeserver implementation of a server will not be able to be changed without data loss.
 matrix_homeserver_implementation: synapse
 # The priority that the homeserver starts with (lower = starts earlier).
 # Related to the systemd_service_manager role and `devture_systemd_service_manager_services_list*` variables.
 matrix_homeserver_systemd_service_manager_priority: 1000
 # This contains a secret, which is used for generating various other secrets later on.
 matrix_homeserver_generic_secret_key: ''
@@ -116,9 +112,6 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
 # This is where you access the Cinny web client from (if enabled via cinny_enabled; disabled by default).
 matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
 # This is where you access the Sable web client from (if enabled via sable_enabled; disabled by default).
 matrix_server_fqn_sable: "sable.{{ matrix_domain }}"
 # This is where you access the SchildiChat Web from (if enabled via matrix_client_schildichat_enabled; disabled by default).
 matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
@@ -246,21 +239,6 @@ matrix_integration_manager_ui_url: ~
 matrix_homeserver_container_extra_arguments_auto: []
 matrix_homeserver_app_service_config_files_auto: []
 # These playbook-level helpers describe which managed services Synapse should be wired to.
 # They are meant for orchestration concerns like container networking and systemd ordering,
 # while `matrix_synapse_*` variables stay focused on actual connection parameters.
 # These likely get overridden elsewhere.
 matrix_playbook_synapse_uses_managed_postgres: false
 matrix_playbook_synapse_uses_managed_valkey: false
 matrix_playbook_synapse_auto_compressor_uses_managed_postgres: false
 # This playbook-level helper describes whether Matrix Authentication Service should be wired
 # to the playbook-managed Postgres instance.
 # It is meant for orchestration concerns like container networking, systemd ordering, and database creation,
 # while `matrix_authentication_service_*` variables stay focused on actual connection parameters.
 # This likely gets overridden elsewhere.
 matrix_playbook_matrix_authentication_service_uses_managed_postgres: false
 # Controls whether various services should expose metrics publicly.
 # If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
 matrix_metrics_exposure_enabled: false
@@ -415,22 +393,6 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition:
  host_bind_port: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port }}"
  config: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config }}"
 # Controls whether to enable an additional Traefik entrypoint for LiveKit TURN/TLS (TCP) traffic.
 matrix_playbook_livekit_turn_traefik_entrypoint_enabled: false
 matrix_playbook_livekit_turn_traefik_entrypoint_name: matrix-livekit-turn
 matrix_playbook_livekit_turn_traefik_entrypoint_port: 5350
 matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
 matrix_playbook_livekit_turn_traefik_entrypoint_config: "{{ (matrix_playbook_livekit_turn_traefik_entrypoint_config_default | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_auto)) | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_custom, recursive=True) }}"
 matrix_playbook_livekit_turn_traefik_entrypoint_config_default: {}
 matrix_playbook_livekit_turn_traefik_entrypoint_config_auto: {}
 matrix_playbook_livekit_turn_traefik_entrypoint_config_custom: {}
 matrix_playbook_livekit_turn_traefik_entrypoint_definition:
  name: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_name }}"
  port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
  host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port }}"
  config: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_config }}"
 # Variables to Control which parts of our roles run.
 run_postgres_import: true
 run_postgres_upgrade: true
--- a/roles/custom/matrix-bot-baibot/defaults/main.yml
+++ b/roles/custom/matrix-bot-baibot/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.16.0
+matrix_bot_baibot_version: v1.14.1
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -59,28 +59,8 @@ matrix_bot_baibot_config_homeserver_url: ""
 # so it can start fresh.
 matrix_bot_baibot_config_user_mxid_localpart: baibot
 # Authentication settings (`user.*` configuration keys).
 #
 # baibot supports 2 mutually-exclusive authentication modes.
 # Set EITHER:
 # - password authentication: `matrix_bot_baibot_config_user_password`
 # OR:
 # - access-token authentication: `matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`
 #
 # Password authentication is recommended for most playbook-managed deployments,
 # because it integrates with the `matrix-user-creator` role and can auto-create
 # the bot account (via the `ensure-matrix-users-created` playbook tag).
 # This remains true even on many MAS-enabled deployments where the bot account
 # is local and playbook-managed.
 # Controls the `user.password` configuration setting.
-matrix_bot_baibot_config_user_password: null
+matrix_bot_baibot_config_user_password: ''
 # Controls the `user.access_token` configuration setting.
 matrix_bot_baibot_config_user_access_token: null
 # Controls the `user.device_id` configuration setting.
 matrix_bot_baibot_config_user_device_id: null
 # Controls the `user.name` configuration setting.
 #
@@ -405,7 +385,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
 # For valid model choices, see: https://platform.openai.com/docs/models
-matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5.4
+matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5.2
 # The prompt text to use (can be null or empty to not use a prompt).
 # See: https://huggingface.co/docs/transformers/en/tasks/prompting
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
--- a/roles/custom/matrix-bot-baibot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-baibot/tasks/validate_config.yml
@@ -12,6 +12,7 @@
  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
  with_items:
    - {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true}
    - {'name': 'matrix_bot_baibot_config_user_password', when: true}
    - {'name': 'matrix_bot_baibot_container_network', when: true}
    - {'name': 'matrix_bot_baibot_config_homeserver_url', when: true}
@@ -25,58 +26,6 @@
    - {'name': 'matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key', when: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_enabled }}"}
 - name: Fail if baibot authentication mode is not configured
  ansible.builtin.fail:
    msg: >-
      You need to configure one baibot authentication mode:
      either `matrix_bot_baibot_config_user_password`
      or (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`).
  when: >-
    (
      matrix_bot_baibot_config_user_password | default('', true) | string | length == 0
    )
    and
    (
      matrix_bot_baibot_config_user_access_token | default('', true) | string | length == 0
      and matrix_bot_baibot_config_user_device_id | default('', true) | string | length == 0
    )
 - name: Fail if baibot authentication mode is configured ambiguously
  ansible.builtin.fail:
    msg: >-
      You need to configure exactly one baibot authentication mode.
      Set either `matrix_bot_baibot_config_user_password`,
      or (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) but not both.
  when: >-
    (
      matrix_bot_baibot_config_user_password | default('', true) | string | length > 0
    )
    and
    (
      matrix_bot_baibot_config_user_access_token | default('', true) | string | length > 0
      or matrix_bot_baibot_config_user_device_id | default('', true) | string | length > 0
    )
 - name: Fail if baibot access token authentication is incomplete
  ansible.builtin.fail:
    msg: >-
      Access-token authentication requires both
      `matrix_bot_baibot_config_user_access_token` and `matrix_bot_baibot_config_user_device_id`.
  when: >-
    (
      matrix_bot_baibot_config_user_password | default('', true) | string | length == 0
    )
    and
    (
      matrix_bot_baibot_config_user_access_token | default('', true) | string | length > 0
      or matrix_bot_baibot_config_user_device_id | default('', true) | string | length > 0
    )
    and
    (
      matrix_bot_baibot_config_user_access_token | default('', true) | string | length == 0
      or matrix_bot_baibot_config_user_device_id | default('', true) | string | length == 0
    )
 - name: Fail if admin patterns list is empty
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-bot-baibot/templates/config.yaml.j2
+++ b/roles/custom/matrix-bot-baibot/templates/config.yaml.j2
@@ -15,11 +15,7 @@ homeserver:
 user:
  mxid_localpart: {{ matrix_bot_baibot_config_user_mxid_localpart | to_json }}
  # Authentication: set EITHER password OR access_token + device_id.
  password: {{ matrix_bot_baibot_config_user_password | to_json }}
  access_token: {{ matrix_bot_baibot_config_user_access_token | to_json }}
  device_id: {{ matrix_bot_baibot_config_user_device_id | to_json }}
  # The name the bot uses as a display name and when it refers to itself.
  # Leave empty to use the default (baibot).
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
@@ -32,15 +32,15 @@ matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
 matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store"
 matrix_bot_buscarron_container_image_self_build: false
-matrix_bot_buscarron_container_repo: "https://github.com/etkecc/buscarron.git"
+matrix_bot_buscarron_docker_repo: "https://github.com/etkecc/buscarron.git"
-matrix_bot_buscarron_container_repo_version: "{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_container_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
+matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
-matrix_bot_buscarron_container_image: "{{ matrix_bot_buscarron_container_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_container_image_registry_prefix_upstream }}"
+matrix_bot_buscarron_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_docker_image_registry_prefix_upstream }}"
-matrix_bot_buscarron_container_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_container_image_registry_prefix_upstream_default }}"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_buscarron_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_buscarron_container_image_force_pull: "{{ matrix_bot_buscarron_container_image.endswith(':latest') }}"
+matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_bot_buscarron_container_network: matrix-bot-buscarron
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -45,7 +45,7 @@
    - {path: "{{ matrix_bot_buscarron_config_path }}", when: true}
    - {path: "{{ matrix_bot_buscarron_data_path }}", when: true}
    - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_buscarron_container_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
  when: "item.when | bool"
 - name: Ensure Buscarron support files installed
@@ -62,10 +62,10 @@
 - name: Ensure Buscarron image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_buscarron_container_image }}"
+    name: "{{ matrix_bot_buscarron_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_buscarron_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
  when: "not matrix_bot_buscarron_container_image_self_build | bool"
  register: matrix_bot_buscarron_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -74,9 +74,9 @@
 - name: Ensure Buscarron repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_buscarron_container_repo }}"
+    repo: "{{ matrix_bot_buscarron_docker_repo }}"
-    version: "{{ matrix_bot_buscarron_container_repo_version }}"
+    version: "{{ matrix_bot_buscarron_docker_repo_version }}"
-    dest: "{{ matrix_bot_buscarron_container_src_files_path }}"
+    dest: "{{ matrix_bot_buscarron_docker_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -85,13 +85,13 @@
 - name: Ensure Buscarron image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_buscarron_container_image }}"
+    name: "{{ matrix_bot_buscarron_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_buscarron_container_src_files_path }}"
+      path: "{{ matrix_bot_buscarron_docker_src_files_path }}"
      pull: true
  when: "matrix_bot_buscarron_container_image_self_build | bool"
--- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
@@ -17,14 +17,6 @@
    - {'old': 'matrix_bot_buscarron_spam_emails', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
    - {'old': 'matrix_bot_buscarron_spam_localparts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
    - {'old': 'matrix_bot_buscarron_container_image_name_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
    - {'old': 'matrix_bot_buscarron_docker_image', 'new': 'matrix_bot_buscarron_container_image'}
    - {'old': 'matrix_bot_buscarron_docker_image_force_pull', 'new': 'matrix_bot_buscarron_container_image_force_pull'}
    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_buscarron_docker_repo', 'new': 'matrix_bot_buscarron_container_repo'}
    - {'old': 'matrix_bot_buscarron_docker_repo_version', 'new': 'matrix_bot_buscarron_container_repo_version'}
    - {'old': 'matrix_bot_buscarron_docker_src_files_path', 'new': 'matrix_bot_buscarron_container_src_files_path'}
 - name: Fail if required Buscarron settings not defined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_buscarron_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_buscarron_container_image }}
+			{{ matrix_bot_buscarron_docker_image }}
 {% for network in matrix_bot_buscarron_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-buscarron
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@@ -1,5 +1,5 @@
 # SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
-# SPDX-FileCopyrightText: 2023 - 2026 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
 # SPDX-FileCopyrightText: 2023 Samuel Meenzen
 # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 #
@@ -17,17 +17,16 @@ matrix_bot_draupnir_version: "v2.9.0"
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
-matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}{{ matrix_bot_draupnir_container_image_registry_namespace_identifier }}:{{ matrix_bot_draupnir_version }}"
+matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
-matrix_bot_draupnir_container_image_registry_namespace_identifier: "gnuxie/draupnir"
+matrix_bot_draupnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_docker_image_registry_prefix_upstream }}"
-matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
 matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}"
 matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
 matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
-matrix_bot_draupnir_container_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
+matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
 matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"  # noqa var-naming
--- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
@@ -22,7 +22,7 @@
    - {path: "{{ matrix_bot_draupnir_base_path }}", when: true}
    - {path: "{{ matrix_bot_draupnir_config_path }}", when: true}
    - {path: "{{ matrix_bot_draupnir_data_path }}", when: true}
-    - {path: "{{ matrix_bot_draupnir_container_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure matrix-bot-draupnir support files installed
@@ -39,10 +39,10 @@
 - name: Ensure Draupnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_draupnir_container_image }}"
+    name: "{{ matrix_bot_draupnir_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_draupnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}"
  when: "not matrix_bot_draupnir_container_image_self_build | bool"
  register: matrix_bot_draupnir_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,8 +52,8 @@
 - name: Ensure Draupnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}"
-    dest: "{{ matrix_bot_draupnir_container_src_files_path }}"
+    dest: "{{ matrix_bot_draupnir_docker_src_files_path }}"
-    version: "{{ matrix_bot_draupnir_container_image.split(':')[1] }}"
+    version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -62,12 +62,12 @@
 - name: Ensure Draupnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_draupnir_container_image }}"
+    name: "{{ matrix_bot_draupnir_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_draupnir_container_src_files_path }}"
+      path: "{{ matrix_bot_draupnir_docker_src_files_path }}"
      pull: true
  when: "matrix_bot_draupnir_container_image_self_build | bool"
--- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
@@ -31,12 +31,6 @@
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_entrypoints', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints'}
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls'}
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls_certResolver', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver'}
    - {'old': 'matrix_bot_draupnir_docker_image', 'new': 'matrix_bot_draupnir_container_image'}
    - {'old': 'matrix_bot_draupnir_docker_image_force_pull', 'new': 'matrix_bot_draupnir_container_image_force_pull'}
    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_draupnir_docker_src_files_path', 'new': 'matrix_bot_draupnir_container_src_files_path'}
 - name: Fail if required matrix-bot-draupnir variables are undefined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
@@ -33,7 +33,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_draupnir_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_draupnir_container_image }} \
+			{{ matrix_bot_draupnir_docker_image }} \
 			bot --draupnir-config /data/config/production.yaml
 {% for network in matrix_bot_draupnir_container_additional_networks %}
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -25,17 +25,17 @@ matrix_bot_honoroit_path_prefix: /
 matrix_bot_honoroit_metrics_path: /metrics
 matrix_bot_honoroit_container_image_self_build: false
-matrix_bot_honoroit_container_repo: "https://github.com/etkecc/honoroit.git"
+matrix_bot_honoroit_docker_repo: "https://github.com/etkecc/honoroit.git"
-matrix_bot_honoroit_container_repo_version: "{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
-matrix_bot_honoroit_container_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
+matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
-matrix_bot_honoroit_version: v0.9.30
+matrix_bot_honoroit_version: v0.9.29
-matrix_bot_honoroit_container_image: "{{ matrix_bot_honoroit_container_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
-matrix_bot_honoroit_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_container_image_registry_prefix_upstream }}"
+matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
-matrix_bot_honoroit_container_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_container_image_registry_prefix_upstream_default }}"
+matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_honoroit_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_honoroit_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_honoroit_container_image_force_pull: "{{ matrix_bot_honoroit_container_image.endswith(':latest') }}"
+matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
 matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
 matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -47,7 +47,7 @@
    - {path: "{{ matrix_bot_honoroit_config_path }}", when: true}
    - {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
    - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_honoroit_container_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
  when: "item.when | bool"
 - name: Ensure Honoroit support files installed
@@ -64,10 +64,10 @@
 - name: Ensure Honoroit image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_honoroit_container_image }}"
+    name: "{{ matrix_bot_honoroit_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_honoroit_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
  when: "not matrix_bot_honoroit_container_image_self_build | bool"
  register: matrix_bot_honoroit_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -76,9 +76,9 @@
 - name: Ensure Honoroit repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_honoroit_container_repo }}"
+    repo: "{{ matrix_bot_honoroit_docker_repo }}"
-    version: "{{ matrix_bot_honoroit_container_repo_version }}"
+    version: "{{ matrix_bot_honoroit_docker_repo_version }}"
-    dest: "{{ matrix_bot_honoroit_container_src_files_path }}"
+    dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -87,13 +87,13 @@
 - name: Ensure Honoroit image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_honoroit_container_image }}"
+    name: "{{ matrix_bot_honoroit_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_self_build.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_honoroit_container_src_files_path }}"
+      path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
      pull: true
  when: "matrix_bot_honoroit_container_image_self_build | bool"
--- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
@@ -6,23 +6,6 @@
 ---
 - name: (Deprecation) Catch and report renamed Honoroit settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
    - {'old': 'matrix_bot_honoroit_docker_image', 'new': 'matrix_bot_honoroit_container_image'}
    - {'old': 'matrix_bot_honoroit_docker_image_force_pull', 'new': 'matrix_bot_honoroit_container_image_force_pull'}
    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_honoroit_docker_repo', 'new': 'matrix_bot_honoroit_container_repo'}
    - {'old': 'matrix_bot_honoroit_docker_repo_version', 'new': 'matrix_bot_honoroit_container_repo_version'}
    - {'old': 'matrix_bot_honoroit_docker_src_files_path', 'new': 'matrix_bot_honoroit_container_src_files_path'}
 - name: Fail if required Honoroit settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -33,3 +16,12 @@
    - {'name': 'matrix_bot_honoroit_password', when: true}
    - {'name': 'matrix_bot_honoroit_roomid', when: true}
    - {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"}
 - name: (Deprecation) Catch and report renamed Honoroit settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
+++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_honoroit_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_honoroit_container_image }}
+			{{ matrix_bot_honoroit_docker_image }}
 {% for network in matrix_bot_honoroit_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-honoroit
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@@ -14,19 +14,19 @@
 matrix_bot_matrix_registration_bot_enabled: true
 matrix_bot_matrix_registration_bot_container_image_self_build: false
-matrix_bot_matrix_registration_bot_container_repo: "https://github.com/moan0s/matrix-registration-bot.git"
+matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
-matrix_bot_matrix_registration_bot_container_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
+matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
-matrix_bot_matrix_registration_bot_container_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
+matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
 # renovate: datasource=docker depName=moanos/matrix-registration-bot
 matrix_bot_matrix_registration_bot_version: 1.3.0
-matrix_bot_matrix_registration_bot_container_iteration: 0
+matrix_bot_matrix_registration_bot_docker_iteration: 0
-matrix_bot_matrix_registration_bot_container_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_container_iteration }}"
+matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration }}"
-matrix_bot_matrix_registration_bot_container_image: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_container_tag }}"
+matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
-matrix_bot_matrix_registration_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream }}"
+matrix_bot_matrix_registration_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream }}"
-matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_matrix_registration_bot_container_image_force_pull: "{{ matrix_bot_matrix_registration_bot_container_image.endswith(':latest') }}"
+matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
 matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -18,7 +18,7 @@
  with_items:
    - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
-    - {path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure matrix-registration-bot configuration file created
@@ -32,10 +32,10 @@
 - name: Ensure matrix-registration-bot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
+    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_matrix_registration_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}"
  when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool"
  register: matrix_bot_matrix_registration_bot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -46,9 +46,9 @@
  block:
    - name: Ensure matrix-registration-bot repository is present on self-build
      ansible.builtin.git:
-        repo: "{{ matrix_bot_matrix_registration_bot_container_repo }}"
+        repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}"
-        version: "{{ matrix_bot_matrix_registration_bot_container_repo_version }}"
+        version: "{{ matrix_bot_matrix_registration_bot_docker_repo_version }}"
-        dest: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
+        dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
        force: "yes"
      become: true
      become_user: "{{ matrix_user_name }}"
@@ -56,13 +56,13 @@
    - name: Ensure matrix-registration-bot image is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
+        name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
        source: build
        force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
+          path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
          pull: true
 - name: Ensure matrix-registration-bot container network is created
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@@ -6,6 +6,15 @@
 ---
 - name: Fail if required settings not defined
  ansible.builtin.fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "lookup('vars', item, default='') == ''"
  with_items:
    - "matrix_bot_matrix_registration_bot_bot_password"
    - "matrix_bot_matrix_registration_bot_api_base_url"
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
@@ -15,22 +24,3 @@
  with_items:
    - {'old': 'matrix_bot_matrix_registration_bot_bot_access_token', 'new': '<removed>'}
    - {'old': 'matrix_bot_matrix_registration_bot_matrix_homeserver_url', 'new': 'matrix_bot_matrix_registration_bot_api_base_url'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_image', 'new': 'matrix_bot_matrix_registration_bot_container_image'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_registration_bot_container_image_force_pull'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_iteration', 'new': 'matrix_bot_matrix_registration_bot_container_iteration'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_repo', 'new': 'matrix_bot_matrix_registration_bot_container_repo'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_repo_version', 'new': 'matrix_bot_matrix_registration_bot_container_repo_version'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_registration_bot_container_src_files_path'}
    - {'old': 'matrix_bot_matrix_registration_bot_docker_tag', 'new': 'matrix_bot_matrix_registration_bot_container_tag'}
 - name: Fail if required settings not defined
  ansible.builtin.fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "lookup('vars', item, default='') == ''"
  with_items:
    - "matrix_bot_matrix_registration_bot_bot_password"
    - "matrix_bot_matrix_registration_bot_api_base_url"
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
 			--network={{ matrix_bot_matrix_registration_bot_container_network }} \
-			{{ matrix_bot_matrix_registration_bot_container_image }}
+			{{ matrix_bot_matrix_registration_bot_docker_image }}
 {% for network in matrix_bot_matrix_registration_bot_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-matrix-registration-bot
--- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
@@ -15,17 +15,17 @@
 matrix_bot_matrix_reminder_bot_enabled: true
 matrix_bot_matrix_reminder_bot_container_image_self_build: false
-matrix_bot_matrix_reminder_bot_container_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
+matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
-matrix_bot_matrix_reminder_bot_container_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
+matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
-matrix_bot_matrix_reminder_bot_container_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
+matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
 # renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot
 matrix_bot_matrix_reminder_bot_version: v0.4.0
-matrix_bot_matrix_reminder_bot_container_image: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
+matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
-matrix_bot_matrix_reminder_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream }}"
+matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}"
-matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_matrix_reminder_bot_container_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_container_image.endswith(':latest') }}"
+matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
 matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
 matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config"
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -49,15 +49,15 @@
    - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
  when: "item.when | bool"
 - name: Ensure matrix-reminder-bot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_matrix_reminder_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
  when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool"
  register: matrix_bot_matrix_reminder_bot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -66,9 +66,9 @@
 - name: Ensure matrix-reminder-bot repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_matrix_reminder_bot_container_repo }}"
+    repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}"
-    version: "{{ matrix_bot_matrix_reminder_bot_container_repo_version }}"
+    version: "{{ matrix_bot_matrix_reminder_bot_docker_repo_version }}"
-    dest: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
+    dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -77,13 +77,13 @@
 - name: Ensure matrix-reminder-bot image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_git_pull_results.changed }}"
    build:
      dockerfile: docker/Dockerfile
-      path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
+      path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
      pull: true
  when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool"
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
@@ -6,24 +6,6 @@
 ---
 - name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
    - {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image', 'new': 'matrix_bot_matrix_reminder_bot_container_image'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_reminder_bot_container_image_force_pull'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_repo', 'new': 'matrix_bot_matrix_reminder_bot_container_repo'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_repo_version', 'new': 'matrix_bot_matrix_reminder_bot_container_repo_version'}
    - {'old': 'matrix_bot_matrix_reminder_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_reminder_bot_container_src_files_path'}
 - name: Fail if required matrix-reminder-bot settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -35,3 +17,13 @@
    - {'name': 'matrix_bot_matrix_reminder_bot_container_network', when: true}
    - {'name': 'matrix_bot_matrix_reminder_bot_matrix_homeserver_url', when: true}
    - {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"}
 - name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
    - {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_matrix_reminder_bot_container_image }} \
+			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"
 {% for network in matrix_bot_matrix_reminder_bot_container_additional_networks %}
--- a/roles/custom/matrix-bot-maubot/defaults/main.yml
+++ b/roles/custom/matrix-bot-maubot/defaults/main.yml
@@ -26,37 +26,37 @@ matrix_bot_maubot_hostname: ''
 matrix_bot_maubot_path_prefix: /_matrix/maubot
 matrix_bot_maubot_container_image_self_build: false
-matrix_bot_maubot_container_repo: "https://mau.dev/maubot/maubot.git"
+matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
-matrix_bot_maubot_container_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
+matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/maubot/maubot
 matrix_bot_maubot_version: v0.6.0
-matrix_bot_maubot_container_image: "{{ matrix_bot_maubot_container_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
+matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
-matrix_bot_maubot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_container_image_registry_prefix_upstream }}"
+matrix_bot_maubot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_docker_image_registry_prefix_upstream }}"
-matrix_bot_maubot_container_image_registry_prefix_upstream: "{{ matrix_bot_maubot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_maubot_container_image_registry_prefix_upstream_default: "dock.mau.dev/"
+matrix_bot_maubot_docker_image_registry_prefix_upstream_default: "dock.mau.dev/"
-matrix_bot_maubot_container_image_force_pull: "{{ matrix_bot_maubot_container_image.endswith(':latest') }}"
+matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
-# matrix_bot_maubot_container_image_customized is the name of the locally built maubot image
+# matrix_bot_maubot_docker_image_customized is the name of the locally built maubot image
 # which adds various customizations on top of the original (upstream) maubot image.
-# This image will be based on the upstream `matrix_bot_maubot_container_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
+# This image will be based on the upstream `matrix_bot_maubot_docker_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
-matrix_bot_maubot_container_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"
+matrix_bot_maubot_docker_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"
-# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be force-built without layer caching enabled.
+# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be force-built without layer caching enabled.
-matrix_bot_maubot_container_image_customized_build_nocache: false
+matrix_bot_maubot_docker_image_customized_build_nocache: false
-# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be built, even if it already exists.
+# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be built, even if it already exists.
-# Related to: matrix_bot_maubot_container_image_customized_build_nocache
+# Related to: matrix_bot_maubot_docker_image_customized_build_nocache
-matrix_bot_maubot_container_image_customized_force_source: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"
+matrix_bot_maubot_docker_image_customized_force_source: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
-# matrix_bot_maubot_container_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
+# matrix_bot_maubot_docker_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
-matrix_bot_maubot_container_image_final: "{{ matrix_bot_maubot_container_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_container_image }} "
+matrix_bot_maubot_docker_image_final: "{{ matrix_bot_maubot_docker_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_docker_image }} "
 matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
 matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data"
 matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config"
-matrix_bot_maubot_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
+matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
-matrix_bot_maubot_customized_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
+matrix_bot_maubot_customized_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
 matrix_bot_maubot_bot_server_public_url: "{{ matrix_bot_maubot_scheme }}://{{ matrix_bot_maubot_hostname }}"
 matrix_bot_maubot_bot_server_base_path: "{{ matrix_bot_maubot_path_prefix }}/v1"
@@ -124,12 +124,12 @@ matrix_bot_maubot_container_additional_networks_custom: []
 # See:
 # - `roles/custom/matrix-bot-maubot/templates/maubot/customizations/Dockerfile.j2`
 # - `matrix_bot_maubot_container_image_customizations_dockerfile_body_custom`
-# - `matrix_bot_maubot_container_image_customized`
+# - `matrix_bot_maubot_docker_image_customized`
-# - `matrix_bot_maubot_container_image_final`
+# - `matrix_bot_maubot_docker_image_final`
 matrix_bot_maubot_container_image_customizations_enabled: false
 # matrix_bot_maubot_container_image_customizations_dockerfile_body contains your custom Dockerfile steps
-# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_container_image`).
+# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_docker_image`).
 # A `FROM …` clause is included automatically so you don't have to.
 #
 # For this to take effect, you need to enable customizations (`matrix_bot_maubot_container_image_customizations_enabled: true`).
--- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
@@ -23,8 +23,8 @@
    - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true}
-    - {path: "{{ matrix_bot_maubot_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
-    - {path: "{{ matrix_bot_maubot_customized_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
+    - {path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
  when: "item.when|bool"
 - name: Ensure maubot configuration file created
@@ -38,10 +38,10 @@
 - name: Ensure maubot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_maubot_container_image }}"
+    name: "{{ matrix_bot_maubot_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_maubot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}"
  when: "not matrix_bot_maubot_container_image_self_build|bool"
  register: matrix_bot_maubot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,9 +52,9 @@
  block:
    - name: Ensure maubot repository is present on self-build
      ansible.builtin.git:
-        repo: "{{ matrix_bot_maubot_container_repo }}"
+        repo: "{{ matrix_bot_maubot_docker_repo }}"
-        version: "{{ matrix_bot_maubot_container_repo_version }}"
+        version: "{{ matrix_bot_maubot_docker_repo_version }}"
-        dest: "{{ matrix_bot_maubot_container_src_files_path }}"
+        dest: "{{ matrix_bot_maubot_docker_src_files_path }}"
        force: "yes"
      become: true
      become_user: "{{ matrix_user_name }}"
@@ -62,13 +62,13 @@
    - name: Ensure maubot image is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_maubot_container_image }}"
+        name: "{{ matrix_bot_maubot_docker_image }}"
        source: build
        force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_maubot_container_src_files_path }}"
+          path: "{{ matrix_bot_maubot_docker_src_files_path }}"
          pull: true
 - when: "matrix_bot_maubot_container_image_customizations_enabled | bool"
@@ -76,7 +76,7 @@
    - name: Ensure customizations Dockerfile is created
      ansible.builtin.template:
        src: "{{ role_path }}/templates/customizations/Dockerfile.j2"
-        dest: "{{ matrix_bot_maubot_customized_container_src_files_path }}/Dockerfile"
+        dest: "{{ matrix_bot_maubot_customized_docker_src_files_path }}/Dockerfile"
        owner: "{{ matrix_user_name }}"
        group: "{{ matrix_group_name }}"
        mode: '0640'
@@ -84,13 +84,13 @@
    - name: Ensure customized Docker image for maubot is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_maubot_container_image_customized }}"
+        name: "{{ matrix_bot_maubot_docker_image_customized }}"
        source: build
-        force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_container_image_customized_force_source }}"
+        force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_docker_image_customized_force_source }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_maubot_customized_container_src_files_path }}"
+          path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}"
-          nocache: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"
+          nocache: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
 - name: Ensure maubot support files installed
  ansible.builtin.template:
--- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
@@ -18,19 +18,6 @@
    - {'old': 'matrix_bot_maubot_management_interface_http_bind_port', 'new': 'matrix_bot_maubot_container_management_interface_http_bind_port'}
    - {'old': 'matrix_bot_maubot_registration_shared_secret', 'new': 'matrix_bot_maubot_homeserver_secret'}
    - {'old': 'matrix_bot_maubot_container_image_name_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
    - {'old': 'matrix_bot_maubot_docker_image', 'new': 'matrix_bot_maubot_container_image'}
    - {'old': 'matrix_bot_maubot_docker_image_customized', 'new': 'matrix_bot_maubot_container_image_customized'}
    - {'old': 'matrix_bot_maubot_docker_image_customized_build_nocache', 'new': 'matrix_bot_maubot_container_image_customized_build_nocache'}
    - {'old': 'matrix_bot_maubot_docker_image_customized_force_source', 'new': 'matrix_bot_maubot_container_image_customized_force_source'}
    - {'old': 'matrix_bot_maubot_docker_image_final', 'new': 'matrix_bot_maubot_container_image_final'}
    - {'old': 'matrix_bot_maubot_docker_image_force_pull', 'new': 'matrix_bot_maubot_container_image_force_pull'}
    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_maubot_docker_repo', 'new': 'matrix_bot_maubot_container_repo'}
    - {'old': 'matrix_bot_maubot_docker_repo_version', 'new': 'matrix_bot_maubot_container_repo_version'}
    - {'old': 'matrix_bot_maubot_docker_src_files_path', 'new': 'matrix_bot_maubot_container_src_files_path'}
    - {'old': 'matrix_bot_maubot_customized_docker_src_files_path', 'new': 'matrix_bot_maubot_customized_container_src_files_path'}
 - name: Fail if required maubot settings not defined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
+++ b/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
@@ -1,4 +1,4 @@
 #jinja2: lstrip_blocks: True
-FROM {{ matrix_bot_maubot_container_image }}
+FROM {{ matrix_bot_maubot_docker_image }}
 {{ matrix_bot_maubot_container_image_customizations_dockerfile_body_custom }}
--- a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
+++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% if matrix_bot_maubot_container_management_interface_http_bind_port %}
 			-p {{ matrix_bot_maubot_container_management_interface_http_bind_port }}:{{ matrix_bot_maubot_server_port }} \
 			{% endif %}
-			{{ matrix_bot_maubot_container_image_final }} \
+			{{ matrix_bot_maubot_docker_image_final }} \
 			python3 -m maubot -c /config/config.yaml --no-update
 {% for network in matrix_bot_maubot_container_additional_networks %}
--- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
@@ -17,21 +17,21 @@
 matrix_bot_mjolnir_enabled: true
 # renovate: datasource=docker depName=matrixdotorg/mjolnir
-matrix_bot_mjolnir_version: "v1.12.1"
+matrix_bot_mjolnir_version: "v1.11.0"
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
-matrix_bot_mjolnir_container_image: "{{ matrix_bot_mjolnir_container_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
+matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
-matrix_bot_mjolnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_container_image_registry_prefix_upstream }}"
+matrix_bot_mjolnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_docker_image_registry_prefix_upstream }}"
-matrix_bot_mjolnir_container_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_container_image_registry_prefix_upstream_default }}"
+matrix_bot_mjolnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_mjolnir_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_mjolnir_container_image_force_pull: "{{ matrix_bot_mjolnir_container_image.endswith(':latest') }}"
+matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
 matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
 matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
 matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
-matrix_bot_mjolnir_container_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
+matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
 matrix_bot_mjolnir_container_network: ""
--- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
@@ -24,15 +24,15 @@
    - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true}
    - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true}
    - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true}
-    - {path: "{{ matrix_bot_mjolnir_container_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure mjolnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_mjolnir_container_image }}"
+    name: "{{ matrix_bot_mjolnir_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_mjolnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
  when: "not matrix_bot_mjolnir_container_image_self_build | bool"
  register: matrix_bot_mjolnir_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -42,8 +42,8 @@
 - name: Ensure mjolnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
-    dest: "{{ matrix_bot_mjolnir_container_src_files_path }}"
+    dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
-    version: "{{ matrix_bot_mjolnir_container_image.split(':')[1] }}"
+    version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -52,12 +52,12 @@
 - name: Ensure mjolnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_mjolnir_container_image }}"
+    name: "{{ matrix_bot_mjolnir_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_mjolnir_container_src_files_path }}"
+      path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
      pull: true
  when: "matrix_bot_mjolnir_container_image_self_build | bool"
--- a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
@@ -7,21 +7,6 @@
 ---
 - name: (Deprecation) Catch and report renamed Mjolnir settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
    - {'old': 'matrix_bot_mjolnir_docker_image', 'new': 'matrix_bot_mjolnir_container_image'}
    - {'old': 'matrix_bot_mjolnir_docker_image_force_pull', 'new': 'matrix_bot_mjolnir_container_image_force_pull'}
    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_bot_mjolnir_docker_src_files_path', 'new': 'matrix_bot_mjolnir_container_src_files_path'}
 - name: Fail if required matrix-bot-mjolnir variables are undefined
  ansible.builtin.fail:
    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
@@ -41,3 +26,12 @@
  with_items:
    - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
  when: "item.when | bool and not (lookup('vars', item.name, default='') == '' or lookup('vars', item.name, default='') is none)"
 - name: (Deprecation) Catch and report renamed Mjolnir settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
+++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_mjolnir_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_mjolnir_container_image }} \
+			{{ matrix_bot_mjolnir_docker_image }} \
 			bot --mjolnir-config /data/config/production.yaml
 {% for network in matrix_bot_mjolnir_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
@@ -20,11 +20,11 @@ matrix_appservice_discord_container_image_self_build: false
 # renovate: datasource=docker depName=ghcr.io/matrix-org/matrix-appservice-discord
 matrix_appservice_discord_version: v4.0.0
-matrix_appservice_discord_container_image: "{{ matrix_appservice_discord_container_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
+matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
-matrix_appservice_discord_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_container_image_registry_prefix_upstream }}"
+matrix_appservice_discord_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_docker_image_registry_prefix_upstream }}"
-matrix_appservice_discord_container_image_registry_prefix_upstream: "{{ matrix_appservice_discord_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_discord_docker_image_registry_prefix_upstream: "{{ matrix_appservice_discord_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_discord_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_appservice_discord_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_appservice_discord_container_image_force_pull: "{{ matrix_appservice_discord_container_image.endswith(':latest') }}"
+matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
 matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
 matrix_appservice_discord_config_path: "{{ matrix_base_data_path }}/appservice-discord/config"
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -42,10 +42,10 @@
 - name: Ensure Appservice Discord image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_discord_container_image }}"
+    name: "{{ matrix_appservice_discord_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_discord_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}"
  register: matrix_appservice_discord_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -115,7 +115,7 @@
    --cap-drop=ALL
    --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg
    -w /cfg
-    {{ matrix_appservice_discord_container_image }}
+    {{ matrix_appservice_discord_docker_image }}
    /bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link"
  changed_when: false
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
@@ -5,21 +5,6 @@
 ---
 - name: (Deprecation) Catch and report renamed appservice-discord variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
    - {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_discord_docker_image', 'new': 'matrix_appservice_discord_container_image'}
    - {'old': 'matrix_appservice_discord_docker_image_force_pull', 'new': 'matrix_appservice_discord_container_image_force_pull'}
    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream_default'}
 - name: Fail if required appservice-discord settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -34,6 +19,16 @@
    - {'name': 'matrix_appservice_discord_container_network', when: true}
    - {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"}
 - name: (Deprecation) Catch and report renamed appservice-discord variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
    - {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_docker_image_registry_prefix'}
 - name: Require a valid database engine
  ansible.builtin.fail:
    msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'"
--- a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
+++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_discord_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_discord_container_image }} \
+			{{ matrix_appservice_discord_docker_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
 {% for network in matrix_appservice_discord_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
@@ -26,20 +26,20 @@
 matrix_appservice_irc_enabled: true
 matrix_appservice_irc_container_image_self_build: false
-matrix_appservice_irc_container_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
+matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
-matrix_appservice_irc_container_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
+matrix_appservice_irc_docker_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
-matrix_appservice_irc_container_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
+matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
 # renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-irc
 matrix_appservice_irc_version: 4.0.0
-matrix_appservice_irc_container_image: "{{ matrix_appservice_irc_container_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_container_image_tag }}"
+matrix_appservice_irc_docker_image: "{{ matrix_appservice_irc_docker_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
-matrix_appservice_irc_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_container_image_registry_prefix_upstream }}"
+matrix_appservice_irc_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_docker_image_registry_prefix_upstream }}"
-matrix_appservice_irc_container_image_registry_prefix_upstream: "{{ matrix_appservice_irc_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_irc_docker_image_registry_prefix_upstream: "{{ matrix_appservice_irc_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_irc_container_image_registry_prefix_upstream_default: docker.io/
+matrix_appservice_irc_docker_image_registry_prefix_upstream_default: docker.io/
-matrix_appservice_irc_container_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
+matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
-matrix_appservice_irc_container_image_force_pull: "{{ matrix_appservice_irc_container_image.endswith(':latest') }}"
+matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
 matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
@@ -58,7 +58,7 @@
      {% endif %}
      --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
      --entrypoint=/bin/sh
-      {{ matrix_appservice_irc_container_image }}
+      {{ matrix_appservice_irc_docker_image }}
      -c
      '/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}'
  register: matrix_appservice_irc_import_nedb_to_postgres_result
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -29,7 +29,7 @@
    - {path: "{{ matrix_appservice_irc_base_path }}", when: true}
    - {path: "{{ matrix_appservice_irc_config_path }}", when: true}
    - {path: "{{ matrix_appservice_irc_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_irc_container_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
  when: item.when | bool
 - name: Check if an old passkey file already exists
@@ -81,10 +81,10 @@
 - name: Ensure Appservice IRC image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_irc_container_image }}"
+    name: "{{ matrix_appservice_irc_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_irc_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
  when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool"
  register: matrix_appservice_irc_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -93,9 +93,9 @@
 - name: Ensure matrix-appservice-irc repository is present when self-building
  ansible.builtin.git:
-    repo: "{{ matrix_appservice_irc_container_repo }}"
+    repo: "{{ matrix_appservice_irc_docker_repo }}"
-    version: "{{ matrix_appservice_irc_container_repo_version }}"
+    version: "{{ matrix_appservice_irc_docker_repo_version }}"
-    dest: "{{ matrix_appservice_irc_container_src_files_path }}"
+    dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -104,13 +104,13 @@
 - name: Ensure matrix-appservice-irc Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_irc_container_image }}"
+    name: "{{ matrix_appservice_irc_docker_image }}"
    source: build
    force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_irc_container_src_files_path }}"
+      path: "{{ matrix_appservice_irc_docker_src_files_path }}"
      pull: true
  when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool and matrix_appservice_irc_git_pull_results.changed"
@@ -149,7 +149,7 @@
    - name: Generate IRC appservice signing key for authenticated media
      community.docker.docker_container:
        name: "create-auth-media-jwk-key"
-        image: "{{ matrix_appservice_irc_container_image }}"
+        image: "{{ matrix_appservice_irc_docker_image }}"
        cleanup: true
        network_mode: none
        entrypoint: "/usr/local/bin/node"
@@ -210,7 +210,7 @@
    --mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config
    --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
    --entrypoint=/bin/bash
-    {{ matrix_appservice_irc_container_image }}
+    {{ matrix_appservice_irc_docker_image }}
    -c
    'node app.js
    -r
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
@@ -6,27 +6,6 @@
 ---
 - name: (Deprecation) Catch and report renamed appservice-irc variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
    - {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
    - {'old': 'matrix_appservice_irc_docker_image', 'new': 'matrix_appservice_irc_container_image'}
    - {'old': 'matrix_appservice_irc_docker_image_force_pull', 'new': 'matrix_appservice_irc_container_image_force_pull'}
    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_appservice_irc_docker_image_tag', 'new': 'matrix_appservice_irc_container_image_tag'}
    - {'old': 'matrix_appservice_irc_docker_repo', 'new': 'matrix_appservice_irc_container_repo'}
    - {'old': 'matrix_appservice_irc_docker_repo_version', 'new': 'matrix_appservice_irc_container_repo_version'}
    - {'old': 'matrix_appservice_irc_docker_src_files_path', 'new': 'matrix_appservice_irc_container_src_files_path'}
 - name: Fail if required appservice-irc settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -46,7 +25,6 @@
 # we'd fail generating the registration.yaml file with a non-helpful error.
 #
 # This is a safety check to ensure we fail earlier and in a nicer way.
 - name: Fail if no additional configuration provided
  ansible.builtin.fail:
    msg: >-
@@ -56,6 +34,18 @@
      Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
  when: "matrix_appservice_irc_configuration.ircService.servers | length == 0"
 - name: (Deprecation) Catch and report renamed appservice-irc variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
    - {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_docker_image_registry_prefix'}
    - {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
 - name: Fail if matrix_appservice_irc_ircService_mediaProxy_publicUrl_pathPrefix does not start with a slash
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@@ -36,7 +36,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{{ arg }} \
 			{% endfor %}
 			--entrypoint=/bin/bash \
-			{{ matrix_appservice_irc_container_image }} \
+			{{ matrix_appservice_irc_docker_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
 {% for network in matrix_appservice_irc_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
@@ -35,23 +35,23 @@ matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscwo
 matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}"
 matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}"
-matrix_appservice_kakaotalk_node_container_image: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
+matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
-matrix_appservice_kakaotalk_node_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream }}"
+matrix_appservice_kakaotalk_node_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream }}"
-matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default: ""
+matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default: ""
-matrix_appservice_kakaotalk_node_container_image_force_pull: "{{ matrix_appservice_kakaotalk_node_container_image.endswith(':latest') }}"
+matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}"
 matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e
-matrix_appservice_kakaotalk_container_image: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
+matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
-matrix_appservice_kakaotalk_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_container_image_registry_prefix_upstream }}"
+matrix_appservice_kakaotalk_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream }}"
-matrix_appservice_kakaotalk_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default: ""
+matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default: ""
-matrix_appservice_kakaotalk_container_image_force_pull: "{{ matrix_appservice_kakaotalk_container_image.endswith(':latest') }}"
+matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}"
 matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk"
 matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config"
 matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data"
-matrix_appservice_kakaotalk_container_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
+matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
 matrix_appservice_kakaotalk_command_prefix: "!kt"
@@ -225,13 +225,3 @@ matrix_appservice_kakaotalk_registration_yaml: |
  rate_limited: false
 matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}"
 # matrix_appservice_kakaotalk_restart_necessary controls whether the service
 # will be restarted (when true) or merely started (when false) by the
 # systemd service manager role (when conditional restart is enabled).
 #
 # This value is automatically computed during installation based on whether
 # any configuration files, the systemd service file, or the container image changed.
 # The default of `false` means "no restart needed" — appropriate when the role's
 # installation tasks haven't run (e.g., due to --tags skipping them).
 matrix_appservice_kakaotalk_restart_necessary: false
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
@@ -8,27 +8,27 @@
 - name: Ensure matrix-appservice-kakaotalk image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_container_image }}"
+    name: "{{ matrix_appservice_kakaotalk_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_kakaotalk_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}"
  when: not matrix_appservice_kakaotalk_container_image_self_build
-  register: matrix_appservice_kakaotalk_container_image_pull_result
+  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: matrix_appservice_kakaotalk_container_image_pull_result is not failed
+  until: result is not failed
 - name: Ensure matrix-appservice-kakaotalk-node image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
+    name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_kakaotalk_node_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}"
  when: not matrix_appservice_kakaotalk_container_image_self_build
-  register: matrix_appservice_kakaotalk_node_container_image_pull_result
+  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: matrix_appservice_kakaotalk_node_container_image_pull_result is not failed
+  until: result is not failed
 - name: Ensure matrix-appservice-kakaotalk paths exist
  ansible.builtin.file:
@@ -41,13 +41,13 @@
    - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true}
    - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true}
    - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
  when: item.when | bool
 - name: Ensure matrix-appservice-kakaotalk repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}"
-    dest: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
+    dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
    version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}"
    force: "yes"
  become: true
@@ -57,25 +57,25 @@
 - name: Ensure matrix-appservice-kakaotalk-node Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
+    name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
    source: build
    force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}/node"
+      path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node"
      pull: true
  when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
 - name: Ensure matrix-appservice-kakaotalk Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_container_image }}"
+    name: "{{ matrix_appservice_kakaotalk_docker_image }}"
    source: build
    force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
+      path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
      pull: true
  when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
@@ -86,7 +86,6 @@
    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_kakaotalk_node_config_result
 - name: Ensure matrix-appservice-kakaotalk config.yaml installed
  ansible.builtin.copy:
@@ -95,7 +94,6 @@
    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_kakaotalk_config_result
 - name: Ensure matrix-appservice-kakaotalk registration.yaml installed
  ansible.builtin.copy:
@@ -104,7 +102,6 @@
    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_kakaotalk_registration_result
 - name: Ensure matrix-appservice-kakaotalk container network is created
  community.general.docker_network:
@@ -125,17 +122,3 @@
    src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
    mode: '0644'
  register: matrix_appservice_kakaotalk_systemd_service_result
 - name: Determine whether matrix-appservice-kakaotalk needs a restart
  ansible.builtin.set_fact:
    matrix_appservice_kakaotalk_restart_necessary: >-
      {{
        matrix_appservice_kakaotalk_node_config_result.changed | default(false)
        or matrix_appservice_kakaotalk_config_result.changed | default(false)
        or matrix_appservice_kakaotalk_registration_result.changed | default(false)
        or matrix_appservice_kakaotalk_node_systemd_service_result.changed | default(false)
        or matrix_appservice_kakaotalk_systemd_service_result.changed | default(false)
        or matrix_appservice_kakaotalk_container_image_pull_result.changed | default(false)
        or matrix_appservice_kakaotalk_node_container_image_pull_result.changed | default(false)
      }}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
@@ -5,27 +5,6 @@
 ---
 - name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image', 'new': 'matrix_appservice_kakaotalk_container_image'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_container_image_force_pull'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_appservice_kakaotalk_docker_src_files_path', 'new': 'matrix_appservice_kakaotalk_container_src_files_path'}
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image', 'new': 'matrix_appservice_kakaotalk_node_container_image'}
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_node_container_image_force_pull'}
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default'}
 - name: Fail if required appservice-kakaotalk settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -37,3 +16,13 @@
    - {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true}
    - {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"}
    - {'name': 'matrix_appservice_kakaotalk_container_network', when: true}
 - name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix'}
    - {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_docker_image_registry_prefix'}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_kakaotalk_node_container_image }} \
+			{{ matrix_appservice_kakaotalk_node_docker_image }} \
 			node src/main.js --config /config.json
 {% for network in matrix_appservice_kakaotalk_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_kakaotalk_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_kakaotalk_container_image }} \
+			{{ matrix_appservice_kakaotalk_docker_image }} \
 			python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update
 {% for network in matrix_appservice_discord_container_additional_networks %}
--- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -19,12 +19,12 @@ matrix_beeper_linkedin_enabled: true
 matrix_beeper_linkedin_version: latest
 # See: https://github.com/beeper/linkedin/pkgs/container/linkedin
-matrix_beeper_linkedin_container_image: "{{ matrix_beeper_linkedin_container_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_container_image_tag }}"
+matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
-matrix_beeper_linkedin_container_image_force_pull: "{{ matrix_beeper_linkedin_container_image_tag.startswith('latest') }}"
+matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
-matrix_beeper_linkedin_container_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_container_image_registry_prefix_upstream }}"
+matrix_beeper_linkedin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_docker_image_registry_prefix_upstream }}"
-matrix_beeper_linkedin_container_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_container_image_registry_prefix_upstream_default }}"
+matrix_beeper_linkedin_docker_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default }}"
-matrix_beeper_linkedin_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_beeper_linkedin_container_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
+matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
 matrix_beeper_linkedin_container_image_self_build: false
 matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin"
@@ -33,7 +33,7 @@ matrix_beeper_linkedin_container_image_self_build_branch: "{{ 'master' if matrix
 matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
 matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
 matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
-matrix_beeper_linkedin_container_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
+matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
 matrix_beeper_linkedin_homeserver_address: ""
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
@@ -22,7 +22,7 @@
    - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true}
    - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true}
    - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true}
-    - {path: "{{ matrix_beeper_linkedin_container_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
+    - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
  when: "item.when | bool"
 - name: Ensure beeper-linkedin config.yaml installed
@@ -45,10 +45,10 @@
 - name: Ensure Beeper LinkedIn container image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_beeper_linkedin_container_image }}"
+    name: "{{ matrix_beeper_linkedin_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_beeper_linkedin_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
  when: "not matrix_beeper_linkedin_container_image_self_build | bool"
  register: matrix_beeper_linkedin_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -60,7 +60,7 @@
    - name: Ensure Beeper LinkedIn repository is present on self-build
      ansible.builtin.git:
        repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
-        dest: "{{ matrix_beeper_linkedin_container_src_files_path }}"
+        dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
        version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
        force: "yes"
      become: true
@@ -75,7 +75,7 @@
          {{ devture_systemd_docker_base_host_command_docker }} run
          --rm
          --entrypoint=/bin/sh
-          --mount type=bind,src={{ matrix_beeper_linkedin_container_src_files_path }},dst=/work
+          --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work
          -w /work
          docker.io/python:3.9.6-buster
          -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
@@ -84,13 +84,13 @@
    - name: Ensure Beeper LinkedIn container image is built
      community.docker.docker_image:
-        name: "{{ matrix_beeper_linkedin_container_image }}"
+        name: "{{ matrix_beeper_linkedin_docker_image }}"
        source: build
        force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_beeper_linkedin_container_src_files_path }}"
+          path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
          pull: true
          args:
            TARGETARCH: "{{ matrix_architecture }}"
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
@@ -7,23 +7,6 @@
 ---
 - name: (Deprecation) Catch and report renamed beeper-linkedin settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
    - {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
    - {'old': 'matrix_beeper_linkedin_docker_image', 'new': 'matrix_beeper_linkedin_container_image'}
    - {'old': 'matrix_beeper_linkedin_docker_image_force_pull', 'new': 'matrix_beeper_linkedin_container_image_force_pull'}
    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream_default'}
    - {'old': 'matrix_beeper_linkedin_docker_image_tag', 'new': 'matrix_beeper_linkedin_container_image_tag'}
    - {'old': 'matrix_beeper_linkedin_docker_src_files_path', 'new': 'matrix_beeper_linkedin_container_src_files_path'}
 - name: Fail if required beeper-linkedin settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -35,3 +18,13 @@
    - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
    - {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}
    - {'name': 'matrix_beeper_linkedin_container_network', when: true}
 - name: (Deprecation) Catch and report renamed beeper-linkedin settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
    - {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_docker_image_registry_prefix'}
--- a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
+++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_beeper_linkedin_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_beeper_linkedin_container_image }} \
+			{{ matrix_beeper_linkedin_docker_image }} \
 			python3 -m linkedin_matrix -c /config/config.yaml -r /config/registration.yaml --no-update
 {% for network in matrix_beeper_linkedin_container_additional_networks %}
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@@ -20,11 +20,11 @@ matrix_heisenbridge_path_prefix: "/heisenbridge"
 # renovate: datasource=docker depName=hif1/heisenbridge
 matrix_heisenbridge_version: 1.15.4
-matrix_heisenbridge_container_image: "{{ matrix_heisenbridge_container_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
+matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
-matrix_heisenbridge_container_image_registry_prefix: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream }}"
+matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
-matrix_heisenbridge_container_image_registry_prefix_upstream: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream_default }}"
+matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
-matrix_heisenbridge_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_heisenbridge_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_heisenbridge_container_image_force_pull: "{{ matrix_heisenbridge_container_image.endswith(':latest') }}"
+matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 # Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
 matrix_heisenbridge_owner: ""
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
@@ -12,10 +12,10 @@
 - name: Ensure Heisenbridge image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_heisenbridge_container_image }}"
+    name: "{{ matrix_heisenbridge_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_heisenbridge_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_container_image_force_pull }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}"
  register: matrix_heisenbridge_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml
@@ -5,20 +5,6 @@
 ---
 - name: (Deprecation) Catch and report renamed Heisenbridge settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
    - {'old': 'matrix_heisenbridge_docker_image', 'new': 'matrix_heisenbridge_container_image'}
    - {'old': 'matrix_heisenbridge_docker_image_force_pull', 'new': 'matrix_heisenbridge_container_image_force_pull'}
    - {'old': 'matrix_heisenbridge_docker_image_registry_prefix', 'new': 'matrix_heisenbridge_container_image_registry_prefix'}
    - {'old': 'matrix_heisenbridge_docker_image_registry_prefix_upstream', 'new': 'matrix_heisenbridge_container_image_registry_prefix_upstream'}
    - {'old': 'matrix_heisenbridge_docker_image_registry_prefix_upstream_default', 'new': 'matrix_heisenbridge_container_image_registry_prefix_upstream_default'}
 - name: Fail if required Heisenbridge settings not defined
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
+++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_heisenbridge_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_heisenbridge_container_image }} \
+			{{ matrix_heisenbridge_docker_image }} \
 			{% if matrix_heisenbridge_identd_enabled %}
 			--identd \
 			--identd-port 13113 \
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`[codespell]`	`[codespell]`
	`ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema,commet,Commet`	`ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema`