Update links to mx-puppet-steam

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

.github/workflows/close-stale-issues.yml

@@ -19,7 +19,7 @@ jobs:
     if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           ######################################################################
           # Issues/PRs

.github/workflows/matrix.yml

@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Run ansible-lint
-        uses: ansible/ansible-lint@v25.8.1
+        uses: ansible/ansible-lint@v25.9.2
         with:
           args: "roles/custom"
           setup_python: "true"

.pre-commit-config.yaml

@@ -21,6 +21,6 @@ repos:
       - id: codespell
         args: ["--skip=*.po,*.pot,i18n/"]
   - repo: https://github.com/fsfe/reuse-tool  # https://reuse.software/dev/#pre-commit-hook
-    rev: v5.0.2
+    rev: v6.2.0
     hooks:
       - id: reuse

CHANGELOG.md

@@ -1,3 +1,22 @@
+# 2025-11-04
+
+## The Go Skype bridge has been removed from the playbook
+
+The [go-skype-bridge](./docs/configuring-playbook-bridge-go-skype-bridge.md) has been removed from the playbook, as Skype has been discontinued since the May 2025.
+
+The playbook will let you know if you're using any `matrix_go_skype_bridge_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the bridge manually](./docs/configuring-playbook-bridge-go-skype-bridge.md#uninstalling-the-bridge-manually).
+
+# 2025-10-02
+
+## Element Admin support
+
+The playbook now supports [Element Admin](./docs/configuring-playbook-element-admin.md) - a new web-based administration panel for Synapse and [Matrix Authentication Service](./docs/configuring-playbook-matrix-authentication-service.md).
+
+Deployments based on Matrix Authentication Service may find it useful to run both Synapse Admin and Element Admin at the same time.
+
+Deployments that don't rely on Matrix Authentication Service are unlikely to find anything useful in Element Admin right now (it's too basic in its current form).
+
+
 # 2025-04-26
 
 ## Continuwuity support
@@ -2814,7 +2833,7 @@ See our [Migrating to Element Web](docs/configuring-playbook-riot-web.md#migrati
 
 ## Steam bridging support via mx-puppet-steam
 
-Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
+Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
 
 
 # 2020-07-01

README.md

@@ -132,15 +132,15 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
 | [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) | ❌ | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
 | [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | ❌ | Bridge to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
+| [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
 | [matrix-wechat](https://github.com/duo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) | [Link](docs/configuring-playbook-bridge-wechat.md) |
 | [Heisenbridge](https://github.com/hifi/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
-| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | ❌ | Bridge to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
 | [mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack) | ❌ | Bridge to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
 | [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | ❌ | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) |
 | [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) |
 | [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
 | [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
-| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
+| [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
 | [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |
 
 ### Bots

docs/ansible.md

@@ -20,10 +20,13 @@ To manually check which version of Ansible you're on, run: `ansible --version`.
 
 For the **best experience**, we recommend getting the **latest version of Ansible available**.
 
-We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
+We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`).
 
 If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).
 
+> [!WARNING]
+> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory.
+
 ## Upgrading Ansible
 
 Depending on your distribution, you may be able to upgrade Ansible in a few different ways:

docs/configuring-playbook-bot-draupnir.md

@@ -242,9 +242,12 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
 
 We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
 
-Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
+Policy lists are maintained in Matrix rooms. Popular ones maintained in the public are:
 
-You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
+- `#community-moderation-effort-bl:neko.dev`
+- `#huginn-muninn-active-threats:feline.support`
+
+You can tell Draupnir to subscribe to each of these by sending the following command to the Management Room: `!draupnir watch POLICY_LIST_ADDRESS_HERE` (e.g. `!draupnir watch #community-moderation-effort-bl:neko.dev`)
 
 #### Creating your own policy lists and rules
 
@@ -270,14 +273,14 @@ You can undo bans with the [unban command](https://the-draupnir-project.github.i
 
 ### Enabling built-in protections
 
-You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
+You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuitProtection` ("If X amount of users join in Y time, set the room to invite-only").
 
 To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
 
-To **see the configuration options for a given protection**, send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuit`).
+To [**see the configuration options for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#displaying-the-protection-settings), send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuitProtection`).
 
-To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
+To [**set a specific option for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#changing-protection-settings), send a command like this: `!draupnir protections config set PROTECTION_NAME OPTION VALUE` (e.g. `!draupnir protections config set JoinWaveShortCircuitProtection timescaleMinutes 30`).
 
-To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
+To [**enable a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/block-invitations-on-server-protection#enabling-the-protection), send a command like this: `!draupnir protections enable PROTECTION_NAME` (e.g. `!draupnir protections enable JoinWaveShortCircuitProtection`).
 
-To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).
+To **disable a given protection**, send a command like this: `!draupnir protections disable PROTECTION_NAME` (e.g. `!draupnir protections disable JoinWaveShortCircuitProtection`).

docs/configuring-playbook-bot-matrix-registration-bot.md

@@ -37,6 +37,10 @@ matrix_synapse_enable_registration: true
 
 # Restrict registration to users with a token
 matrix_synapse_registration_requires_token: true
+
+# Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace.
+# Example: "!regbot "
+matrix_bot_matrix_registration_bot_bot_prefix: ""
 ```
 
 The bot account will be created automatically.

docs/configuring-playbook-bridge-go-skype-bridge.md

@@ -1,68 +1,26 @@
 <!--
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2021 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 
-# Setting up Go Skype Bridge bridging (optional)
+# Setting up Go Skype Bridge bridging (optional, removed)
 
-The playbook can install and configure [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you, for bridging to [Skype](https://www.skype.com/). This bridge was created based on [mautrix-whatsapp](https://github.com/mautrix/whatsapp) and can be configured in a similar way to it.
+🪦 The playbook used to be able to install and configure [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge), but no longer includes this component, as Skype has been discontinued since May 2025.
 
-See the project's [documentation](https://github.com/kelaresg/go-skype-bridge/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually
 
-## Prerequisite (optional)
+If you still have the Go Skype bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:
 
-### Enable Shared Secret Auth
-
-If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.
-
-**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_go_skype_bridge_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
-
-**Note**: when following the guide to configure the bridge, make sure to replace `_mautrix_SERVICENAME_` in the variable names with `_go_skype_bridge_`.
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `@skypebridgebot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-go-skype-bridge`.
-
-### Increase logging verbosity
-
-The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-# Valid values: fatal, error, warn, info, debug
-matrix_go_skype_bridge_log_level: 'info'
+systemctl disable --now matrix-go-skype-bridge.service
+
+rm -rf /matrix/go-skype-bridge
+
+/matrix/postgres/bin/cli-non-interactive 'DROP DATABASE matrix_go_skype_bridge;'
 ```

docs/configuring-playbook-bridge-hookshot.md

@@ -35,7 +35,7 @@ matrix_hookshot_enabled: true
 
 # Uncomment to enable end-to-bridge encryption.
 # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
-# matrix_hookshot_experimental_encryption_enabled: true
+# matrix_hookshot_encryption_enabled: true
 
 # Uncomment and paste the contents of GitHub app private key to enable GitHub bridge.
 # Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section.

docs/configuring-playbook-bridge-mautrix-slack.md

@@ -45,8 +45,7 @@ matrix_mautrix_slack_enabled: true
 
 There are some additional things you may wish to configure about the bridge.
 
-<!-- NOTE: relay mode is not supported for this bridge -->
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
+See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
 
 ## Installing
 

docs/configuring-playbook-bridge-mx-puppet-skype.md

@@ -10,4 +10,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 🪦 The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintained for a long time.
 
-Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook.
+The playbook used to be able to install and configure [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) as alternative to this bridge, but no longer includes this component, because Skype has been discontinued since May 2025.

docs/configuring-playbook-bridge-mx-puppet-steam.md

@@ -7,11 +7,13 @@ SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 
-# Setting up MX Puppet Steam bridging (optional)
+# Setting up MX Puppet Steam bridging (optional, deprecated)
 
-The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.
+**Note**: This bridge has been deprecated in favor of the [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) bridge for Steam, which can be [installed using this playbook](configuring-playbook-bridge-steam.md). Consider using that bridge instead of this one.
 
-See the project's [documentation](https://github.com/icewind1991/mx-puppet-steam/blob/master/README.md) to learn what it does and why it might be useful to you.
+The playbook can install and configure [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) for you.
+
+See the project's [documentation](https://codeberg.org/icewind/mx-puppet-steam/blob/master/README.md) to learn what it does and why it might be useful to you.
 
 ## Adjusting the playbook configuration
 
@@ -38,7 +40,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 
 To use the bridge, you need to start a chat with `Steam Puppet Bridge` with the handle `@_steampuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
 
-Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam) for more information about how to configure the bridge.
+Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-steam [documentation](https://codeberg.org/icewind/mx-puppet-steam) for more information about how to configure the bridge.
 
 Once logged in, send `list` to the bot user to list the available rooms.
 

docs/configuring-playbook-bridge-steam.md

@@ -0,0 +1,48 @@
+<!--
+SPDX-FileCopyrightText: 2025 Jason LaGuidice
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Steam bridging (optional)
+
+The playbook can install and configure [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) for you.
+
+See the project's [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge/blob/main/README.md) to learn what it does and why it might be useful to you.
+
+## Adjusting the playbook configuration
+
+To enable the [Steam](https://steampowered.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_steam_bridge_enabled: true
+```
+
+## Installing
+
+After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` and `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+
+The tag for `just` commands for this bridge is `matrix-steam-bridge` - for example: `just install-service matrix-steam-bridge`
+
+## Usage
+
+To use the bridge, you need to start a chat with `Steam bridge bot` with the handle `@steambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
+
+The bridge supports QR code and password-based login as well as SteamGuard codes via app, SMS, or e-mail. See matrix-steam-bridge [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge) for more information about how to configure the bridge.
+
+To login, send `login [flow ID]` where possible flow IDs are `password` or `qr`
+
+Once logged in, send `search [name]` to search through recognized Steam friends. You can send a user name, display name, or all forms of Steam ID. Send `start-chat [identifier]` to request the bridge bot to open a chat room with a user.
+
+Chat rooms will automatically be opened as new messages are received.
+
+Send `help` to the bot to see the available commands.

docs/configuring-playbook-element-admin.md

@@ -0,0 +1,67 @@
+<!--
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Element Admin (optional)
+
+The playbook can install and configure [Element Admin](https://github.com/element-hq/element-admin) for you.
+
+Element Admin is a web-based administration panel for Synapse and [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
+
+See the project's [documentation](https://github.com/element-hq/element-admin) to learn more.
+
+💡 **Note**: This project is still very young and doesn't have many features. For now, it's recommended to use [Synapse Admin](./configuring-playbook-synapse-admin.md) instead. Deployments that use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) can use Element Admin for user-management (something that Synapse Admin can't do), while continuing to use Synapse Admin for all other purposes.
+
+## Prerequisites
+
+- A [Synapse](configuring-playbook-synapse.md) homeserver with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
+- [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
+
+## Decide on a domain and path
+
+By default, the Element Admin is configured to be served on the `admin.element.example.com` domain.
+
+If you'd like to run Element Admin on another hostname, see the [Adjusting the Element Admin URL](#adjusting-the-element-admin-url-optional) section below.
+
+## Adjusting DNS records (optional)
+
+By default, this playbook installs Element Admin on the `admin.element.` subdomain (`admin.element.example.com`) and requires you to create a `CNAME` record for `admin.element`, which targets `matrix.example.com`.
+
+When setting these values, replace `example.com` with your own.
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_element_admin_enabled: true
+```
+
+### Adjusting the Element Admin URL (optional)
+
+By tweaking the `matrix_element_admin_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
+
+Example additional configuration for your `vars.yml` file:
+
+```yaml
+matrix_element_admin_hostname: element-admin.example.com
+```
+
+> [!WARNING]
+> A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**.
+
+## Installing
+
+After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

docs/configuring-playbook-matrix-authentication-service.md

@@ -51,7 +51,7 @@ This section details what you can expect when switching to the Matrix Authentica
 
 - ❌ **Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md).
 
-- ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet.
+- ❌ Certain **tools like [Synapse Admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. Synapse Admin already supports OIDC auth, browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which Synapse Admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes.
 
 - ❌ **Some services experience issues when authenticating via MAS**:
 

docs/configuring-playbook-matrix-rtc.md

@@ -16,7 +16,6 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
 ## Prerequisites
 
 - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
-- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
 - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
 - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
 - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))

docs/configuring-playbook-synapse-admin.md

@@ -18,6 +18,8 @@ synapse-admin is a web UI tool you can use to **administrate users, rooms, media
 
 💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
 
+💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
+
 ## Adjusting DNS records (optional)
 
 By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.
@@ -39,9 +41,6 @@ matrix_synapse_admin_enabled: true
 
 By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable.
 
-> [!WARNING]
-> If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all.
-
 ### Adjusting the Synapse Admin URL (optional)
 
 By tweaking the `matrix_synapse_admin_hostname` and `matrix_synapse_admin_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.

docs/configuring-playbook.md

@@ -184,9 +184,9 @@ Bridges can be used to connect your Matrix installation with third-party communi
 
 - [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)
 
-- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)
+- [Setting up Steam bridging](configuring-playbook-bridge-steam.md)
 
-- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)
+- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)
 
 - [Setting up Postmoogle email bridging](configuring-playbook-bridge-postmoogle.md)
 
@@ -279,6 +279,8 @@ Various services that don't fit any other categories.
 
 - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (unmaintained; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))
 
+- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (removed; Skype has been discontinued since May 2025)
+
 - [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))
 
 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))

docs/container-images.md

@@ -108,12 +108,12 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-sms-bridge](configuring-playbook-bridge-matrix-bridge-sms.md) | [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) | ❌ | Bridge to SMS |
 | [matrix-wechat](configuring-playbook-bridge-wechat.md) | [lxduo/matrix-wechat](https://hub.docker.com/r/lxduo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) |
 | [Heisenbridge](configuring-playbook-bridge-heisenbridge.md) | [hif1/heisenbridge](https://hub.docker.com/r/hif1/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) |
-| [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) | [nodefyme/go-skype-bridge](https://hub.docker.com/r/nodefyme/go-skype-bridge) | ❌ | Bridge to [Skype](https://www.skype.com) |
 | [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
 | [mx-puppet-instagram](configuring-playbook-bridge-mx-puppet-instagram.md) | [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) | ❌ | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) |
 | [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
 | [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
 | [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) |
+| [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) |
 | [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) |
 | [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge |
 
@@ -158,7 +158,7 @@ Various services that don't fit any other categories.
 | ------- | --------------- | -------- | ----------- |
 | [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
 | [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
-| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [etke.cc/rust-synapse-compress-state](https://gitlab.com/etke.cc/rust-synapse-compress-state/container_registry) | ❌ | Cli tool that automatically compresses `state_groups` database table in background |
+| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
 | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
 | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
 | [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI |

docs/maintenance-postgres.md

@@ -104,12 +104,12 @@ To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense
 
 PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
 
-The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
+The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_default` variable.
 
 Most users should be fine with the automatically-done tuning. However, you may wish to:
 
-- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
+- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_default` variable
 
-- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
+- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_default: []`
 
-- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration
+- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_default` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration

examples/reverse-proxies/apache/matrix-domain.conf

@@ -33,6 +33,12 @@
 	ProxyRequests Off
 	ProxyVia On
 	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+	ProxyTimeout 86400
+
+	RewriteEngine On
+	RewriteCond %{HTTP:Connection} Upgrade [NC]
+	RewriteCond %{HTTP:Upgrade} websocket [NC]
+	RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]
 
 	AllowEncodedSlashes NoDecode
 	ProxyPass / http://127.0.0.1:81/ retry=0 nocanon

group_vars/matrix_servers

@@ -110,8 +110,6 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
     +
-    (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
-    +
     (['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
@@ -162,6 +160,8 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
     +
+    (['--mount type=bind,src=' + matrix_steam_bridge_config_path + '/registration.yaml,dst=/matrix-steam-bridge-registration.yaml,ro'] if matrix_steam_bridge_enabled else [])
+    +
     (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
   }}
 
@@ -183,8 +183,6 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
     +
-    (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
-    +
     (['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else [])
     +
     (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
@@ -236,6 +234,8 @@ matrix_homeserver_app_service_config_files_auto: |
     (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
     +
     (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+    +
+    (['/matrix-steam-bridge-registration.yaml'] if matrix_steam_bridge_enabled else [])
   }}
 
 matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
@@ -325,8 +325,6 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
     +
-    ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
-    +
     ([{'name': 'matrix-wechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
     +
     ([{'name': 'matrix-wechat-agent.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
@@ -381,6 +379,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
     +
+    ([{'name': 'matrix-steam-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'matrix-steam-bridge']}] if matrix_steam_bridge_enabled else [])
+    +
     ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
     +
     ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
@@ -447,6 +447,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
     +
+    ([{'name': 'matrix-element-admin.service', 'priority': 4000, 'groups': ['matrix', 'element-admin']}] if matrix_element_admin_enabled else [])
+    +
     ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
     +
     ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
@@ -666,26 +668,18 @@ matrix_authentication_service_config_passwords_schemes:
   - version: 1
     secret: "{{ matrix_synapse_password_config_pepper }}"
     algorithm: bcrypt
+    unicode_normalization: true
   - version: 2
     algorithm: argon2id
 
-matrix_authentication_service_config_clients_auto: |-
-  {{
-    ([
-      {
-        'client_id': matrix_synapse_experimental_features_msc3861_client_id,
-        'client_auth_method': matrix_synapse_experimental_features_msc3861_client_auth_method,
-        'client_secret': matrix_synapse_experimental_features_msc3861_client_secret,
-      }
-    ] if matrix_synapse_experimental_features_msc3861_enabled else [])
-  }}
-
 matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}"
 matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
 matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}"
 matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}"
 matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}"
 
+matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled }}"
+
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 
 matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -997,6 +991,8 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve
 matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
 
+matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
@@ -1046,6 +1042,8 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |-
   {{
     ({
@@ -1070,56 +1068,6 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge
 #
 ######################################################################
 
-
-######################################################################
-#
-# matrix-bridge-go-skype-bridge
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_go_skype_bridge_enabled: false
-
-matrix_go_skype_bridge_systemd_required_services_list_auto: |
-  {{
-    matrix_addons_homeserver_systemd_services_list
-    +
-    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else [])
-  }}
-
-matrix_go_skype_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_go_skype_bridge_docker_image_registry_prefix_upstream_default }}"
-
-matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
-
-matrix_go_skype_bridge_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_go_skype_bridge_container_additional_networks_auto: |-
-  {{
-    (
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      ([postgres_container_network] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname and matrix_go_skype_bridge_container_network != postgres_container_network) else [])
-    ) | unique
-  }}
-
-matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
-
-matrix_go_skype_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
-matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
-
-matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-
-# Postgres is the default, except if not using internal Postgres server
-matrix_go_skype_bridge_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
-matrix_go_skype_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
-matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
-
-######################################################################
-#
-# /matrix-bridge-go-skype-bridge
-#
-######################################################################
-
 ######################################################################
 #
 # matrix-bridge-mautrix-bluesky
@@ -1166,6 +1114,8 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_bluesky_double_puppet_secrets_auto: |-
@@ -1235,6 +1185,8 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}"
@@ -1301,6 +1253,8 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener
 matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_slack_double_puppet_secrets_auto: |-
   {{
     {
@@ -1374,6 +1328,8 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_
 
 matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_facebook_appservice_public_enabled: true
 matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
@@ -1594,6 +1550,8 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_signal_double_puppet_secrets_auto: |-
@@ -1672,6 +1630,8 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c
 
 matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |-
   {{
     {
@@ -1748,6 +1708,8 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c
 
 matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |-
   {{
     {
@@ -1833,6 +1795,8 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
   {{
     ({
@@ -1909,6 +1873,8 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_twitter_double_puppet_secrets_auto: |-
@@ -1981,6 +1947,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g
 matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
   {{
     {
@@ -2099,6 +2067,8 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr
 matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"
@@ -2160,6 +2130,8 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
 
+matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
 matrix_mautrix_whatsapp_double_puppet_secrets_auto: |-
   {{
     {
@@ -2749,6 +2721,82 @@ matrix_postmoogle_container_additional_networks_auto: |-
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-steam
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_steam_bridge_enabled: false
+
+matrix_steam_bridge_systemd_required_services_list_auto: |
+  {{
+    matrix_addons_homeserver_systemd_services_list
+    +
+    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+  }}
+
+matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
+
+matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
+matrix_steam_bridge_container_network: "{{ matrix_addons_container_network }}"
+
+matrix_steam_bridge_container_additional_networks_auto: |-
+  {{
+    (
+      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+      +
+      ([postgres_container_network] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname and matrix_steam_bridge_container_network != postgres_container_network) else [])
+      +
+      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_steam_bridge_container_labels_traefik_enabled else [])
+    ) | unique
+  }}
+
+matrix_steam_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_steam_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+matrix_steam_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+
+matrix_steam_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.as.token', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
+matrix_steam_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
+matrix_steam_bridge_public_media_signing_key: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.pub.key', rounds=655555) | to_uuid) if matrix_steam_bridge_public_media_enabled else '' }}"
+
+matrix_steam_bridge_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.prov', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_double_puppet_secrets_auto: |-
+  {{
+    ({
+      matrix_steam_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
+    })
+    if matrix_appservice_double_puppet_enabled
+    else {}
+  }}
+
+matrix_steam_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
+
+matrix_steam_bridge_metrics_proxying_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}"
+matrix_steam_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
+matrix_steam_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/matrix-steam-bridge"
+
+matrix_steam_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
+matrix_steam_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-bridge-steam
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bot-matrix-reminder-bot
@@ -3693,10 +3741,10 @@ etherpad_systemd_required_services_list_auto: |
     ([postgres_identifier ~ '.service'] if postgres_enabled else [])
   }}
 
-etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
+etherpad_database_postgres_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 etherpad_database_name: matrix_etherpad
-etherpad_database_username: matrix_etherpad
-etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
+etherpad_database_postgres_username: matrix_etherpad
+etherpad_database_postgres_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -4099,6 +4147,8 @@ postgres_base_path: "{{ matrix_base_data_path }}/postgres"
 postgres_uid: "{{ matrix_user_uid }}"
 postgres_gid: "{{ matrix_user_gid }}"
 
+postgres_allowed_versions_auto: "{{ backup_borg_supported_postgres_versions | map('int') if backup_borg_enabled | default(false) and backup_borg_postgresql_enabled | default(false) else [] }}"
+
 postgres_connection_username: matrix
 postgres_db_name: matrix
 
@@ -4246,12 +4296,6 @@ postgres_managed_databases_auto: |
       'password': matrix_beeper_linkedin_database_password,
     }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else [])
     +
-    ([{
-      'name': matrix_go_skype_bridge_database_name,
-      'username': matrix_go_skype_bridge_database_username,
-      'password': matrix_go_skype_bridge_database_password,
-    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else [])
-    +
     ([{
       'name': matrix_wechat_database_name,
       'username': matrix_wechat_database_username,
@@ -4378,6 +4422,12 @@ postgres_managed_databases_auto: |
       'password': matrix_mx_puppet_groupme_database_password,
     }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
     +
+    ([{
+      'name': matrix_steam_bridge_database_name,
+      'username': matrix_steam_bridge_database_username,
+      'password': matrix_steam_bridge_database_password,
+    }] if (matrix_steam_bridge_enabled and matrix_steam_bridge_database_engine == 'postgres' and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+    +
     ([{
       'name': matrix_dimension_database_name,
       'username': matrix_dimension_database_username,
@@ -4386,9 +4436,9 @@ postgres_managed_databases_auto: |
     +
     ([{
       'name': etherpad_database_name,
-      'username': etherpad_database_username,
-      'password': etherpad_database_password,
-    }] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else [])
+      'username': etherpad_database_postgres_username,
+      'password': etherpad_database_postgres_password,
+    }] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_postgres_hostname == postgres_connection_hostname) else [])
     +
     ([{
       'name': prometheus_postgres_exporter_database_name,
@@ -4854,7 +4904,7 @@ matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_wo
 matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
 matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
 
-matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_element_admin_enabled }}"
 matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}"
 matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 
@@ -4882,7 +4932,7 @@ matrix_synapse_tls_federation_listener_enabled: false
 matrix_synapse_tls_certificate_path: ~
 matrix_synapse_tls_private_key_path: ~
 
-matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
+matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}"
 
 matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -4911,7 +4961,7 @@ matrix_synapse_systemd_required_services_list_auto: |
     +
     (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
     +
-    (['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else [])
+    (['matrix-authentication-service.service'] if (matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_matrix_authentication_service_endpoint == matrix_authentication_service_http_base_container_url) else [])
   }}
 
 matrix_synapse_systemd_wanted_services_list_auto: |
@@ -4945,11 +4995,9 @@ matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exp
 
 matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}"
 
-matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
-matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
-matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}"
-matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
-matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
+matrix_synapse_matrix_authentication_service_enabled: "{{ matrix_authentication_service_enabled }}"
+matrix_synapse_matrix_authentication_service_endpoint: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
+matrix_synapse_matrix_authentication_service_secret: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
 
 matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
 
@@ -4961,7 +5009,7 @@ matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_rtc_enabled }}"
 # Unless this is done, Synapse fails on startup with:
 # > Error in configuration at 'password_config.enabled':
 # > Password auth cannot be enabled when OAuth delegation is enabled
-matrix_synapse_password_config_enabled: "{{ not matrix_synapse_experimental_features_msc3861_enabled }}"
+matrix_synapse_password_config_enabled: "{{ not matrix_synapse_matrix_authentication_service_enabled }}"
 
 matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user"
 
@@ -4988,7 +5036,7 @@ matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_u
 
 matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}"
 
-matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
 
@@ -5108,6 +5156,8 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo
 matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 
+matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}"
+
 matrix_synapse_admin_config_asManagedUsers_auto: |
   {{
     ([
@@ -5173,11 +5223,6 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
       '^@linkedin_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
     ] if matrix_beeper_linkedin_enabled else [])
     +
-    ([
-      '^@'+(matrix_go_skype_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
-      '^@skype_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
-    ] if matrix_go_skype_bridge_enabled else [])
-    +
     ([
       '^@heisenbridge:'+(matrix_domain | regex_escape)+'$',
       '^@hbirc_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
@@ -5243,7 +5288,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
     +
     ([
       '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
-      '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
+      '^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$',
     ] if matrix_mautrix_telegram_enabled else [])
     +
     ([
@@ -5295,6 +5340,11 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
       '^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
       '^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
     ] if matrix_wechat_enabled else [])
+    +
+    ([
+      '^@'+(matrix_steam_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
+      '^@steam_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
+    ] if matrix_steam_bridge_enabled else [])
   }}
 
 ######################################################################
@@ -6326,6 +6376,45 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai
 #                                                                      #
 ########################################################################
 
+########################################################################
+#                                                                      #
+# matrix-element-admin                                                 #
+#                                                                      #
+########################################################################
+
+# We don't enable this by default.
+matrix_element_admin_enabled: false
+
+matrix_element_admin_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
+matrix_element_admin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_admin_container_image_registry_prefix_upstream_default }}"
+
+matrix_element_admin_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
+matrix_element_admin_container_network: "{{ matrix_addons_container_network }}"
+
+matrix_element_admin_container_additional_networks_auto: |-
+  {{
+    (
+      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+      +
+      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_element_admin_container_labels_traefik_enabled) else [])
+    ) | unique
+  }}
+
+matrix_element_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_element_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_element_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+matrix_element_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+
+matrix_element_admin_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
+
+######################################################################
+#                                                                     #
+# /matrix-element-admin                                               #
+#                                                                     #
+######################################################################
+
 
 ########################################################################
 #                                                                      #

i18n/requirements.txt

@@ -1,22 +1,22 @@
 alabaster==1.0.0
 babel==2.17.0
-certifi==2025.8.3
-charset-normalizer==3.4.3
-click==8.2.2
-docutils==0.22
-idna==3.10
+certifi==2025.10.5
+charset-normalizer==3.4.4
+click==8.3.0
+docutils==0.22.2
+idna==3.11
 imagesize==1.4.1
 Jinja2==3.1.6
 linkify-it-py==2.0.3
 markdown-it-py==4.0.0
-MarkupSafe==3.0.2
+MarkupSafe==3.0.3
 mdit-py-plugins==0.5.0
 mdurl==0.1.2
 myst-parser==4.0.1
 packaging==25.0
 Pygments==2.19.2
-PyYAML==6.0.2
-requests==2.32.4
+PyYAML==6.0.3
+requests==2.32.5
 setuptools==80.9.0
 snowballstemmer==3.0.1
 Sphinx==8.2.3

justfile

@@ -6,7 +6,7 @@
 
 # Shows help
 default:
-    @{{ just_executable() }} --list --justfile {{ justfile() }}
+    @{{ just_executable() }} --list --justfile "{{ justfile() }}"
 
 # Pulls external Ansible roles
 roles:
@@ -48,7 +48,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star
 
 # Runs installation tasks for a single service
 install-service service *extra_args:
-    {{ just_executable() }} --justfile {{ justfile() }} run \
+    {{ just_executable() }} --justfile "{{ justfile() }}" run \
     --tags=install-{{ service }},start-group \
     --extra-vars=group={{ service }} \
     --extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
@@ -62,7 +62,7 @@ run +extra_args:
 
 # Runs the playbook with the given list of comma-separated tags and optional arguments
 run-tags tags *extra_args:
-    {{ just_executable() }} --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
+    {{ just_executable() }} --justfile "{{ justfile() }}" run --tags={{ tags }} {{ extra_args }}
 
 # Runs the playbook in user-registration mode
 register-user username password admin_yes_or_no *extra_args:
@@ -73,15 +73,15 @@ start-all *extra_args: (run-tags "start-all" extra_args)
 
 # Starts a specific service group
 start-group group *extra_args:
-    @{{ just_executable() }} --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
+    @{{ just_executable() }} --justfile "{{ justfile() }}" run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
 
 # Stops all services
 stop-all *extra_args: (run-tags "stop-all" extra_args)
 
 # Stops a specific service group
 stop-group group *extra_args:
-    @{{ just_executable() }} --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
+    @{{ just_executable() }} --justfile "{{ justfile() }}" run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
 
 # Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
 rebuild-mautrix-meta-instagram:
-    /bin/bash {{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh {{ justfile_directory() }}/roles/custom
+    /bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom"

requirements.yml

@@ -4,34 +4,34 @@
   version: v1.0.0-5
   name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
-  version: v1.4.1-1.9.14-1
+  version: v1.4.2-2.0.11-0
   name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
-  version: v0.3.0-7
+  version: v0.4.1-2
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.4.7
+  version: 7.8.0
   name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.4.2-0
+  version: v2.5.2-1
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.98.1-r0-2-1
+  version: v4.98.1-r0-2-2
   name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.4-1
+  version: v11.6.5-4
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10431-1
+  version: v10590-0
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.9.0-5
+  version: v1.9.3-0
   name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.14.0-0
+  version: v2.14.0-3
   name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: 7663e3114513e56f28d3ed762059b445c678a71a
@@ -43,19 +43,19 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
   name: playbook_state_preserver
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
-  version: v17.5-5
+  version: v18.0-1
   name: postgres
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
-  version: v17-7
+  version: v18-0
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.5.0-1
+  version: v3.7.3-1
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.9.1-11
+  version: v1.9.1-12
   name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.17.1-8
+  version: v0.18.1-1
   name: prometheus_postgres_exporter
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
   version: v1.4.1-0
@@ -64,14 +64,14 @@
   version: v1.0.0-4
   name: systemd_service_manager
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
-  version: v1.0.0-0
+  version: v1.1.0-0
   name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.5.0-2
+  version: v3.5.4-1
   name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
   version: v2.10.0-2
   name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
-  version: v8.1.3-1
+  version: v9-0
   name: valkey

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.8.6
+matrix_alertmanager_receiver_version: 2025.10.22
 
 matrix_alertmanager_receiver_scheme: https
 
@@ -159,30 +159,20 @@ matrix_alertmanager_receiver_config_templating_external_url_mapping: {}
 #   "http://prometheus:8081": https://another.prometheus.example.com
 matrix_alertmanager_receiver_config_templating_generator_url_mapping: {}
 
-# Controls the `templating.computed-values` configuration setting.
-matrix_alertmanager_receiver_config_templating_computed_values: "{{ matrix_alertmanager_receiver_config_templating_computed_values_default + matrix_alertmanager_receiver_config_templating_computed_values_auto + matrix_alertmanager_receiver_config_templating_computed_values_custom }}"
-matrix_alertmanager_receiver_config_templating_computed_values_default:
-  - values:  # always set 'color' to 'yellow'
-      color: yellow
-  - values:  # set 'color' to 'orange' when alert label 'severity' is 'warning'
-      color: orange
-    when-matching-labels:
-      severity: warning
-  - values:  # set 'color' to 'red' when alert label 'severity' is 'critical'
-      color: red
-    when-matching-labels:
-      severity: critical
-  - values:  # set 'color' to 'green' when alert status is 'resolved'
-      color: green
-    when-matching-status: resolved
-matrix_alertmanager_receiver_config_templating_computed_values_auto: []
-matrix_alertmanager_receiver_config_templating_computed_values_custom: []
-
 # Controls the `templating.firing-template` configuration setting.
 matrix_alertmanager_receiver_config_templating_firing_template: |-
   {% raw %}
+  {{ $color := "yellow" }}
+  {{ if eq .Alert.Labels.severity "warning" }}
+  {{ $color = "orange" }}
+  {{ else if eq .Alert.Labels.severity "critical" }}
+  {{ $color = "red" }}
+  {{ end }}
+  {{ if eq .Alert.Status "resolved" }}
+  {{ $color = "green" }}
+  {{ end }}
   <p>
-    <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
+    <strong><font color="{{ $color }}">{{ .Alert.Status | ToUpper }}</font></strong>
     {{ if .Alert.Labels.name }}
       {{ .Alert.Labels.name }}
     {{ else if .Alert.Labels.alertname }}
@@ -211,7 +201,7 @@ matrix_alertmanager_receiver_config_templating_firing_template: |-
 # Controls the `templating.resolved-template` configuration setting.
 matrix_alertmanager_receiver_config_templating_resolved_template: |-
   {% raw %}
-  <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
+  <strong><font color="green">{{ .Alert.Status | ToUpper }}</font></strong>
   {{ if .Alert.Labels.name }}
     {{ .Alert.Labels.name }}
   {{ else if .Alert.Labels.alertname }}

roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml

@@ -24,3 +24,6 @@
   when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
   with_items:
     - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'}
+    - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
+    - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_auto', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
+    - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_custom', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}

roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2

@@ -26,10 +26,6 @@ templating:
   # value is the mapped value which will be available as '.GeneratorURL' in templates
   generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }}
 
-  # computation of arbitrary values based on matching alert annotations, labels, or status
-  # values will be evaluated top to bottom, last entry wins
-  computed-values: {{ matrix_alertmanager_receiver_config_templating_computed_values | to_json }}
-
   # template for alerts in status 'firing'
   firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }}
 

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -12,7 +12,7 @@
 matrix_appservice_draupnir_for_all_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_appservice_draupnir_for_all_version: "v2.6.0"
+matrix_appservice_draupnir_for_all_version: "v2.7.1"
 
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.0.0
+matrix_authentication_service_version: 1.5.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -219,6 +219,11 @@ matrix_authentication_service_config_account_displayname_change_allowed: true
 # This has no effect if password login is disabled.
 matrix_authentication_service_config_account_password_registration_enabled: false
 
+# Controls the `account.password_registration_email_required` configuration setting.
+#
+# Whether self-service password registrations require a valid email.
+matrix_authentication_service_config_account_password_registration_email_required: true
+
 # Controls the `account.password_change_allowed` configuration setting.
 #
 # Whether users are allowed to change their passwords.
@@ -231,6 +236,24 @@ matrix_authentication_service_config_account_password_change_allowed: true
 # This has no effect if password login is disabled.
 matrix_authentication_service_config_account_password_recovery_enabled: false
 
+# Controls the `account.account_deactivation_allowed` configuration setting.
+#
+# Whether users are allowed to delete their own account
+matrix_authentication_service_config_account_account_deactivation_allowed: true
+
+# Controls the `account.login_with_email_allowed` configuration setting.
+#
+# Whether users can log in with their email address.
+# This has no effect if password login is disabled.
+matrix_authentication_service_config_account_login_with_email_allowed: false
+
+# Controls the `account.registration_token_required` configuration setting.
+#
+# Whether registration tokens are required for password registrations.
+# When enabled, users must provide a valid registration token during password
+# registration. This has no effect if password registration is disabled.
+matrix_authentication_service_config_account_registration_token_required: false
+
 ########################################################################################
 #                                                                                      #
 # /Account configuration                                                               #
@@ -314,6 +337,24 @@ matrix_authentication_service_config_secrets_keys: |-
 #                                                                                      #
 ########################################################################################
 
+# Controls the resources exposed by the `web` HTTP listener.
+matrix_authentication_service_config_http_listener_web_resources: "{{ matrix_authentication_service_config_http_listener_web_resources_default + matrix_authentication_service_config_http_listener_web_resources_auto + matrix_authentication_service_config_http_listener_web_resources_custom }}"
+matrix_authentication_service_config_http_listener_web_resources_default: |-
+  {{
+    [
+      {'name': 'discovery'},
+      {'name': 'human'},
+      {'name': 'oauth'},
+      {'name': 'compat'},
+      {'name': 'graphql'},
+      {'name': 'assets'},
+    ]
+    +
+    ([{'name': 'adminapi'}] if matrix_authentication_service_admin_api_enabled else [])
+  }}
+matrix_authentication_service_config_http_listener_web_resources_auto: []
+matrix_authentication_service_config_http_listener_web_resources_custom: []
+
 # Controls the `http.public_base` configuration setting.
 matrix_authentication_service_config_http_public_base: "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}"
 
@@ -609,6 +650,10 @@ matrix_authentication_service_syn2mas_subcommand_extra_options: []
 # - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.)
 matrix_authentication_service_migration_in_progress: false
 
+# Controls whether the admin API is enabled.
+# Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api
+matrix_authentication_service_admin_api_enabled: false
+
 ########################################################################################
 #                                                                                      #
 # /Misc                                                                                #

roles/custom/matrix-authentication-service/templates/config.yaml.j2

@@ -2,13 +2,7 @@
 http:
   listeners:
   - name: web
-    resources:
-    - name: discovery
-    - name: human
-    - name: oauth
-    - name: compat
-    - name: graphql
-    - name: assets
+    resources: {{ matrix_authentication_service_config_http_listener_web_resources | to_json }}
     binds:
     - address: '[::]:8080'
     proxy_protocol: false
@@ -71,8 +65,12 @@ account:
   email_change_allowed: {{ matrix_authentication_service_config_account_email_change_allowed | to_json }}
   displayname_change_allowed: {{ matrix_authentication_service_config_account_displayname_change_allowed | to_json }}
   password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }}
+  password_registration_email_required: {{ matrix_authentication_service_config_account_password_registration_email_required | to_json }}
   password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }}
   password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }}
+  account_deactivation_allowed: {{ matrix_authentication_service_config_account_account_deactivation_allowed | to_json }}
+  login_with_email_allowed: {{ matrix_authentication_service_config_account_login_with_email_allowed | to_json }}
+  registration_token_required: {{ matrix_authentication_service_config_account_registration_token_required | to_json }}
 
 clients: {{ matrix_authentication_service_config_clients | to_json }}
 

roles/custom/matrix-base/defaults/main.yml

@@ -48,8 +48,11 @@ matrix_bridges_encryption_enabled: false
 # Global var to make encryption default/optional across all bridges with encryption support
 matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"
 
-# Global var for enabling msc4190 ( On supported bridges)
-matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}"
+# Global var for enabling msc4190 (On supported bridges)
+matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled }}"
+
+# Global var for enabling bridge self-signing ( On supported bridges)
+matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 
 # Global var to enable/disable relay mode across all bridges with relay mode support
 matrix_bridges_relay_enabled: false
@@ -161,7 +164,7 @@ matrix_federation_traefik_entrypoint_tls: true
 # Recognized values by us are 'amd64', 'arm32' and 'arm64'.
 # Not all architectures support all services, so your experience (on non-amd64) may vary.
 # See docs/alternative-architectures.md
-matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
+matrix_architecture: "{{ 'amd64' if ansible_facts.architecture == 'x86_64' else ('arm64' if ansible_facts.architecture == 'aarch64' else ('arm32' if ansible_facts.architecture.startswith('armv') else '')) }}"
 
 # The architecture for Debian packages.
 # See: https://wiki.debian.org/SupportedArchitectures

roles/custom/matrix-base/tasks/ensure_fuse_installed.yml

@@ -6,11 +6,11 @@
 
 # This is for both RedHat 7 and 8
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml"
-  when: ansible_os_family == 'RedHat'
+  when: ansible_facts.os_family == 'RedHat'
 
 # This is for both Debian and Raspbian
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml"
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts.os_family == 'Debian'
 
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml"
-  when: ansible_os_family == 'Archlinux'
+  when: ansible_facts.os_family == 'Archlinux'

roles/custom/matrix-base/tasks/validate_config.yml

@@ -31,6 +31,8 @@
     - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
+    - {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
+    - {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
     - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
     - {'old': 'matrix_user_username', 'new': 'matrix_user_name'}
     - {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'}
@@ -64,7 +66,7 @@
 
 - name: Fail if matrix_architecture is set incorrectly
   ansible.builtin.fail:
-    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_facts.architecture }}."
   when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
 
 - name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly

roles/custom/matrix-bot-baibot/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.7.6
+matrix_bot_baibot_version: v1.8.1
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -12,7 +12,7 @@
 matrix_bot_draupnir_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v2.6.0"
+matrix_bot_draupnir_version: "v2.7.1"
 
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

roles/custom/matrix-bot-honoroit/defaults/main.yml

@@ -30,7 +30,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
-matrix_bot_honoroit_version: v0.9.28
+matrix_bot_honoroit_version: v0.9.29
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
 matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -43,6 +43,9 @@ matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_regist
 # The bot's password (can also be used to login via a client like Element Web)
 matrix_bot_matrix_registration_bot_bot_password: ''
 
+# Optional bot command prefix
+matrix_bot_matrix_registration_bot_bot_prefix: ""
+
 # Homeserver base URL
 matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}"
 

roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2

@@ -10,6 +10,7 @@ bot:
   server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
   username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
   password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
+  prefix: {{ matrix_bot_matrix_registration_bot_bot_prefix|to_json }}
 
 api:
   # API endpoint of the registration tokens

roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_m
 matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
 
 # renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot
-matrix_bot_matrix_reminder_bot_version: v0.3.0
+matrix_bot_matrix_reminder_bot_version: v0.4.0
 matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
 matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}"
 matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml

@@ -57,6 +57,9 @@ matrix_appservice_kakaotalk_command_prefix: "!kt"
 
 matrix_appservice_kakaotalk_homeserver_address: ""
 matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}'
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_appservice_kakaotalk_homeserver_async_media: false
 matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115'
 
 

roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2

@@ -21,7 +21,7 @@ homeserver:
     message_send_checkpoint_endpoint: null
     # Whether asynchronous uploads via MSC2246 should be enabled for media.
     # Requires a media repo that supports MSC2246.
-    async_media: false
+    async_media: {{ matrix_appservice_kakaotalk_homeserver_async_media | to_json }}
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.

roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -37,6 +37,9 @@ matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_pa
 
 matrix_beeper_linkedin_homeserver_address: ""
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_beeper_linkedin_homeserver_async_media: false
 matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
 
 matrix_beeper_linkedin_bridge_presence: true

roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -21,7 +21,7 @@ homeserver:
     message_send_checkpoint_endpoint: null
     # Whether asynchronous uploads via MSC2246 should be enabled for media.
     # Requires a media repo that supports MSC2246.
-    async_media: false
+    async_media: {{ matrix_beeper_linkedin_homeserver_async_media | to_json }}
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.

roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml

@@ -1,164 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2023 Nikita Chernyi
-# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 - 2025 MDAD project contributors
-# SPDX-FileCopyrightText: 2022 Arthur Brugière
-# SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-# SPDX-FileCopyrightText: 2023 Samuel Meenzen
-# SPDX-FileCopyrightText: 2024 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-# Go Skype Bridge is a Matrix <-> Skype bridge
-# Project source code URL: https://github.com/kelaresg/go-skype-bridge
-
-matrix_go_skype_bridge_enabled: true
-
-matrix_go_skype_bridge_container_image_self_build: false
-matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git"
-matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}"
-
-# renovate: datasource=docker depName=nodefyme/go-skype-bridge
-matrix_go_skype_bridge_version: latest
-matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_registry_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}"
-matrix_go_skype_bridge_docker_image_registry_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_go_skype_bridge_docker_image_registry_prefix_upstream }}"
-matrix_go_skype_bridge_docker_image_registry_prefix_upstream: "{{ matrix_go_skype_bridge_docker_image_registry_prefix_upstream_default }}"
-matrix_go_skype_bridge_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}"
-
-matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge"
-matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config"
-matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data"
-matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src"
-
-matrix_go_skype_bridge_homeserver_address: ""
-matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}"
-matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080'
-
-matrix_go_skype_bridge_container_network: ""
-
-matrix_go_skype_bridge_container_additional_networks: "{{ matrix_go_skype_bridge_container_additional_networks_auto + matrix_go_skype_bridge_container_additional_networks_custom }}"
-matrix_go_skype_bridge_container_additional_networks_auto: []
-matrix_go_skype_bridge_container_additional_networks_custom: []
-
-# A list of extra arguments to pass to the container
-matrix_go_skype_bridge_container_extra_arguments: []
-
-# List of systemd services that matrix-go-skype-bridge.service depends on.
-matrix_go_skype_bridge_systemd_required_services_list: "{{ matrix_go_skype_bridge_systemd_required_services_list_default + matrix_go_skype_bridge_systemd_required_services_list_auto + matrix_go_skype_bridge_systemd_required_services_list_custom }}"
-matrix_go_skype_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_go_skype_bridge_systemd_required_services_list_auto: []
-matrix_go_skype_bridge_systemd_required_services_list_custom: []
-
-# List of systemd services that matrix-go-skype-bridge.service wants
-matrix_go_skype_bridge_systemd_wanted_services_list: []
-
-matrix_go_skype_bridge_appservice_token: ''
-matrix_go_skype_bridge_homeserver_token: ''
-
-matrix_go_skype_bridge_appservice_bot_username: skypebridgebot
-
-matrix_go_skype_bridge_command_prefix: "!skype"
-
-# Whether or not created rooms should have federation enabled.
-# If false, created portal rooms will never be federated.
-matrix_go_skype_bridge_federate_rooms: true
-
-# Database-related configuration fields.
-#
-# To use SQLite, stick to these defaults.
-#
-# To use Postgres:
-# - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables
-matrix_go_skype_bridge_database_engine: 'sqlite'
-
-matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
-matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db"
-
-matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge'
-matrix_go_skype_bridge_database_password: 'some-password'
-matrix_go_skype_bridge_database_hostname: ''
-matrix_go_skype_bridge_database_port: 5432
-matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge'
-matrix_go_skype_bridge_database_sslmode: disable
-
-matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode={{ matrix_go_skype_bridge_database_sslmode }}'
-
-matrix_go_skype_bridge_appservice_database_type: "{{
-	{
-		'sqlite': 'sqlite3',
-		'postgres':'postgres',
-	}[matrix_go_skype_bridge_database_engine]
-}}"
-
-matrix_go_skype_bridge_appservice_database_uri: "{{
-	{
-		'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container,
-		'postgres': matrix_go_skype_bridge_database_connection_string,
-	}[matrix_go_skype_bridge_database_engine]
-}}"
-
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
-matrix_go_skype_bridge_login_shared_secret: ''
-matrix_go_skype_bridge_bridge_login_shared_secret_map:
-  "{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}"
-
-# Servers to always allow double puppeting from
-matrix_go_skype_bridge_bridge_double_puppet_server_map:
-  "{{ matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_homeserver_address }}"
-
-# Enable End-to-bridge encryption
-matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
-
-# Minimum severity of journal log messages.
-# Valid values: fatal, error, warn, info, debug
-matrix_go_skype_bridge_log_level: 'warn'
-
-matrix_go_skype_bridge_bridge_permissions: |
-  {{
-    {matrix_go_skype_bridge_homeserver_domain: 'user'}
-    | combine({matrix_admin: 'admin'} if matrix_admin else {})
-  }}
-
-# Default go-skype-bridge configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`)
-# or completely replace this variable with your own template.
-matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
-
-matrix_go_skype_bridge_configuration_extension_yaml: |
-  # Your custom YAML configuration goes here.
-  # This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_go_skype_bridge_configuration_yaml`.
-
-matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml | from_yaml if matrix_go_skype_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}"
-
-# Holds the final configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`.
-matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml | from_yaml | combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}"
-
-matrix_go_skype_bridge_registration_yaml: |
-  id: skype
-  url: {{ matrix_go_skype_bridge_appservice_address }}
-  as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
-  hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
-  # See https://github.com/mautrix/signal/issues/43
-  sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }}
-  rate_limited: false
-  namespaces:
-      users:
-      - regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain | regex_escape }}$'
-        exclusive: true
-      - exclusive: true
-        regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username | regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain | regex_escape }}$'
-  de.sorunome.msc2409.push_ephemeral: true
-  receive_ephemeral: true
-
-matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}"

roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml

@@ -1,155 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
-# SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-# SPDX-FileCopyrightText: 2024 David Mehren
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- ansible.builtin.set_fact:
-    matrix_go_skype_bridge_requires_restart: false
-
-- when: "matrix_go_skype_bridge_database_engine == 'postgres'"
-  block:
-    - name: Check if an SQLite database already exists
-      ansible.builtin.stat:
-        path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
-      register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result
-
-    - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
-      block:
-        - ansible.builtin.include_role:
-            name: galaxy/postgres
-            tasks_from: migrate_db_to_postgres
-          vars:
-            postgres_db_migration_request:
-              src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
-              dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
-              caller: "{{ role_path | basename }}"
-              engine_variable_name: 'matrix_go_skype_bridge_database_engine'
-              engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-go-skype-bridge.service']
-              pgloader_options: ['--with "quote identifiers"']
-
-        - ansible.builtin.set_fact:
-            matrix_go_skype_bridge_requires_restart: true
-
-- name: Ensure Go Skype Bridge paths exists
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true}
-    - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true}
-    - {path: "{{ matrix_go_skype_bridge_data_path }}", when: true}
-    - {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"}
-  when: item.when | bool
-
-- name: Ensure Go Skype Bridge image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_go_skype_bridge_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}"
-  when: not matrix_go_skype_bridge_container_image_self_build
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure Go Skype Bridge repository is present on self-build
-  ansible.builtin.git:
-    repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}"
-    dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
-    version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_name }}"
-  register: matrix_go_skype_bridge_git_pull_results
-  when: "matrix_go_skype_bridge_container_image_self_build | bool"
-
-- name: Ensure Go Skype Bridge Docker image is built
-  community.docker.docker_image:
-    name: "{{ matrix_go_skype_bridge_docker_image }}"
-    source: build
-    force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
-      pull: true
-  when: "matrix_go_skype_bridge_container_image_self_build | bool"
-
-- name: Check if an old database file exists
-  ansible.builtin.stat:
-    path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db"
-  register: matrix_go_skype_bridge_stat_database
-
-- name: Check if an old Matrix state file exists
-  ansible.builtin.stat:
-    path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json"
-  register: matrix_go_skype_bridge_stat_mx_state
-
-- name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped
-  ansible.builtin.service:
-    name: matrix-go-skype-bridge
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  failed_when: false
-  when: "matrix_go_skype_bridge_stat_database.stat.exists"
-
-- name: (Data relocation) Move go-skype-bridge database file to ./data directory
-  ansible.builtin.command:
-    cmd: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
-    creates: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
-    removes: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db"
-  when: "matrix_go_skype_bridge_stat_database.stat.exists"
-
-- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory
-  ansible.builtin.command:
-    cmd: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json"
-    creates: "{{ matrix_go_skype_bridge_data_path }}/mx-state.json"
-    removes: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json"
-  when: "matrix_go_skype_bridge_stat_mx_state.stat.exists"
-
-- name: Ensure go-skype-bridge config.yaml installed
-  ansible.builtin.copy:
-    content: "{{ matrix_go_skype_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-
-- name: Ensure go-skype-bridge registration.yaml installed
-  ansible.builtin.copy:
-    content: "{{ matrix_go_skype_bridge_registration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-
-- name: Ensure matrix-go-skype-bridge container network is created
-  community.general.docker_network:
-    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
-    name: "{{ matrix_go_skype_bridge_container_network }}"
-    driver: bridge
-    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
-
-- name: Ensure matrix-go-skype-bridge.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-go-skype-bridge.service"
-    mode: 0644
-  register: matrix_go_skype_bridge_systemd_service_result
-
-- name: Ensure matrix-go-skype-bridge.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-go-skype-bridge.service"
-    state: restarted
-    daemon_reload: true
-  when: "matrix_go_skype_bridge_requires_restart | bool"

roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml

@@ -1,25 +0,0 @@
-# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- name: Check existence of matrix-go-skype-bridge service
-  ansible.builtin.stat:
-    path: "/etc/systemd/system/matrix-go-skype-bridge.service"
-  register: matrix_go_skype_bridge_service_stat
-
-- when: matrix_go_skype_bridge_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-go-skype-bridge is stopped
-      ansible.builtin.service:
-        name: matrix-go-skype-bridge
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-go-skype-bridge.service doesn't exist
-      ansible.builtin.file:
-        path: "/etc/systemd/system/matrix-go-skype-bridge.service"
-        state: absent

roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml

@@ -1,28 +0,0 @@
-# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-# SPDX-FileCopyrightText: 2025 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
----
-
-- name: Fail if required go-skype-bridge settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item.name }}`).
-  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
-  with_items:
-    - {'name': 'matrix_go_skype_bridge_appservice_token', when: true}
-    - {'name': 'matrix_go_skype_bridge_homeserver_address', when: true}
-    - {'name': 'matrix_go_skype_bridge_homeserver_token', when: true}
-    - {'name': 'matrix_go_skype_bridge_database_hostname', when: "{{ matrix_go_skype_bridge_database_engine == 'postgres' }}"}
-    - {'name': 'matrix_go_skype_bridge_container_network', when: true}
-
-- name: (Deprecation) Catch and report renamed go-skype-bridge variables
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_go_skype_bridge_docker_image_name_prefix', 'new': 'matrix_go_skype_bridge_docker_image_registry_prefix'}

roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2

@@ -1,237 +0,0 @@
-#jinja2: lstrip_blocks: True
-# Homeserver details.
-homeserver:
-    # The address that this appservice can use to connect to the homeserver.
-    address: {{ matrix_go_skype_bridge_homeserver_address }}
-    # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_go_skype_bridge_homeserver_domain }}
-    # If you don’t know what this is, no need to modify(for parse "mention user/reply message, etc")
-    server_name: matrix.to
-
-# Application service host/registration related details.
-# Changing these values requires regeneration of the registration.
-appservice:
-    # The address that the homeserver can use to connect to this appservice.
-    address: {{ matrix_go_skype_bridge_appservice_address }}
-
-    # The hostname and port where this appservice should listen.
-    hostname: 0.0.0.0
-    port: 8080
-
-    # Database config.
-    database:
-        # The database type. "sqlite3" and "postgres" are supported.
-        type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }}
-        # The database URI.
-        #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
-        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
-        uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }}
-        # Maximum number of connections. Mostly relevant for Postgres.
-        max_open_conns: 20
-        max_idle_conns: 2
-
-    # Settings for provisioning API
-    provisioning:
-        # Prefix for the provisioning API paths.
-        prefix: /_matrix/provision/v1
-        # Shared secret for authentication. If set to "disable", the provisioning API will be disabled.
-        shared_secret: disable
-
-    # The unique ID of this appservice.
-    id: skype
-    # Appservice bot details.
-    bot:
-        # Username of the appservice bot.
-        username: skypebridgebot
-        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
-        # to leave display name/avatar as-is.
-        displayname: Skype bridge bot
-        avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC
-
-    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
-    as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
-    hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
-
-# Bridge config
-bridge:
-    # Localpart template of MXIDs for Skype users.
-    # {{ '{{.}}' }} is replaced with the phone number of the Skype user.
-    username_template: {{ 'skype-{{.}}' }}
-    # Displayname template for Skype users.
-    # {{ '{{.Notify}}' }} - nickname set by the Skype user
-    # {{ '{{.Jid}}' }}    - phone number (international format)
-    # The following variables are also available, but will cause problems on multi-user instances:
-    # {{ '{{.Name}}' }}   - display name from contact list
-    # {{ '{{.Short}}' }}  - short display name from contact list
-    # To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example:
-    # "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)"
-    displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)"
-    # Localpart template for per-user room grouping community IDs.
-    # On startup, the bridge will try to create these communities, add all of the specific user's
-    # portals to the community, and invite the Matrix user to it.
-    # (Note that, by default, non-admins might not have your homeserver's permission to create
-    #  communities.)
-    # {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user.
-    community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }}
-
-    # Skype connection timeout in seconds.
-    connection_timeout: 20
-    # If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message
-    # to see if it was actually bridged? Use this if you have problems with sends timing out but actually
-    # succeeding.
-    fetch_message_on_timeout: false
-    # Whether or not the bridge should send a read receipt from the bridge bot when a message has been
-    # sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will
-    # trigger a read receipt too.
-    delivery_receipts: false
-    # Number of times to regenerate QR code when logging in.
-    # The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds)
-    login_qr_regen_count: 2
-    # Maximum number of times to retry connecting on connection error.
-    max_connection_attempts: 3
-    # Number of seconds to wait between connection attempts.
-    # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
-    connection_retry_delay: -1
-    # Whether or not the bridge should send a notice to the user's management room when it retries connecting.
-    # If false, it will only report when it stops retrying.
-    report_connection_retry: true
-    # Maximum number of seconds to wait for chats to be sent at startup.
-    # If this is too low and you have lots of chats, it could cause backfilling to fail.
-    chat_list_wait: 30
-    # Maximum number of seconds to wait to sync portals before force unlocking message processing.
-    # If this is too low and you have lots of chats, it could cause backfilling to fail.
-    portal_sync_wait: 600
-
-    # Whether or not to send call start/end notices to Matrix.
-    call_notices:
-        start: true
-        end: true
-
-    # Number of chats to sync for new users.
-    # Since some of the obtained conversations are not the conversations that the user needs to see,
-    # the actual number of conversations displayed on the Matrix client will be slightly less than the set value
-    initial_chat_sync_count: 10
-    # Number of old messages to fill when creating new portal rooms.
-    initial_history_fill_count: 20
-    # Whether or not notifications should be turned off while filling initial history.
-    # Only applicable when using double puppeting.
-    initial_history_disable_notifications: false
-    # Maximum number of chats to sync when recovering from downtime.
-    # Set to -1 to sync all new chats during downtime.
-    recovery_chat_sync_limit: -1
-    # Whether or not to sync history when recovering from downtime.
-    recovery_history_backfill: true
-    # Maximum number of seconds since last message in chat to skip
-    # syncing the chat in any case. This setting will take priority
-    # over both recovery_chat_sync_limit and initial_chat_sync_count.
-    # Default is 3 days = 259200 seconds
-    sync_max_chat_age: 259200
-
-    # sync contact, Non-martix-standard parameter, defaults to false
-    sync_contact: false
-
-    # Whether or not to sync with custom puppets to receive EDUs that
-    # are not normally sent to appservices.
-    sync_with_custom_puppets: true
-
-    # Servers to always allow double puppeting from
-    double_puppet_server_map:
-        "{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }}
-    # Allow using double puppeting from any server with a valid client .well-known file.
-    double_puppet_allow_discovery: false
-    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
-    #
-    # If set, custom puppets will be enabled automatically for local users
-    # instead of users having to find an access token and run `login-matrix`
-    # manually.
-    login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }}
-
-    # Whether or not to invite own Skype user's Matrix puppet into private
-    # chat portals when backfilling if needed.
-    # This always uses the default puppet instead of custom puppets due to
-    # rate limits and timestamp massaging.
-    invite_own_puppet_for_backfilling: true
-    # Whether or not to explicitly set the avatar and room name for private
-    # chat portal rooms. This can be useful if the previous field works fine,
-    # but causes room avatar/name bugs.
-    private_chat_portal_meta: true
-
-    # Whether or not thumbnails from Skype should be sent.
-    # They're disabled by default due to very low resolution.
-    Skype_thumbnail: false
-
-    # Allow invite permission for user. User can invite any bots to room with Skype
-    # users (private chat and groups)
-    allow_user_invite: false
-
-    # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}"
-
-    # End-to-bridge encryption support options. This requires login_shared_secret to be configured
-    # in order to get a device for the bridge bot.
-    #
-    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
-    # application service.
-    encryption:
-        # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }}
-        # Default to encryption, force-enable encryption in all portals the bridge creates
-        # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        # It is recommended to also set private_chat_portal_meta to true when using this.
-        default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }}
-
-        puppet_id:
-            # when set to true, the matrixid of the contact (puppet) from the bridge to the Matrix will be encrypted into another string
-            allow: false
-            # 8 characters
-            key: '12dsf323'
-            # Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors)
-            username_template_prefix: 'skype-'
-
-    # Permissions for using the bridge.
-    # Permitted values:
-    # relaybot - Talk through the relaybot (if enabled), no access otherwise
-    #     user - Access to use the bridge to chat with a Skype account.
-    #    admin - User level and some additional administration tools
-    # Permitted keys:
-    #        * - All Matrix users
-    #   domain - All users on that homeserver
-    #     mxid - Specific user
-    permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }}
-
-    relaybot:
-        # Whether or not relaybot support is enabled.
-        enabled: false
-        # The management room for the bot. This is where all status notifications are posted and
-        # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
-        # the command prefix completely like in user management rooms is not possible.
-        management: '!qporfwt:example.com'
-        # List of users to invite to all created rooms that include the relaybot.
-        invites: []
-        # The formats to use when sending messages to Skype via the relaybot.
-        message_formats:
-            m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
-            m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
-            m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
-            m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
-            m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
-            m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
-            m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
-            m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
-
-# Logging config.
-logging:
-    # The directory for log files. Will be created if not found.
-    directory: ./logs
-    # Available variables: .Date for the file date and .Index for different log files on the same day.
-    # empty/null = journal logging only
-    file_name_format:
-    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
-    file_date_format: "2006-01-02"
-    # Log file permissions.
-    file_mode: 0600
-    # Timestamp format for log entries in the Go time format.
-    timestamp_format: "Jan _2, 2006 15:04:05"
-    # Minimum severity for log messages.
-    # Options: debug, info, warn, error, fatal
-    print_level: {{ matrix_go_skype_bridge_log_level }}

roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2.license

@@ -1,6 +0,0 @@
-SPDX-FileCopyrightText: 2022 MDAD project contributors
-SPDX-FileCopyrightText: 2022 Nikita Chernyi
-SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-SPDX-FileCopyrightText: 2024 Suguru Hirahara
-
-SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2.license

@@ -1,4 +0,0 @@
-SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
-SPDX-FileCopyrightText: 2022 Vladimir Panteleev
-
-SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bridge-heisenbridge/defaults/main.yml

@@ -19,7 +19,7 @@ matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_heisenbridge_path_prefix: "/heisenbridge"
 
 # renovate: datasource=docker depName=hif1/heisenbridge
-matrix_heisenbridge_version: 1.15.3
+matrix_heisenbridge_version: 1.15.4
 matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
 matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-hookshot/defaults/main.yml

@@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 7.0.0
+matrix_hookshot_version: 7.2.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}"
@@ -181,6 +181,9 @@ matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hoo
 matrix_hookshot_generic_userIdPrefix: '_webhooks_'  # noqa var-naming
 matrix_hookshot_generic_allowJsTransformationFunctions: false  # noqa var-naming
 matrix_hookshot_generic_waitForComplete: false  # noqa var-naming
+matrix_hookshot_generic_sendExpiryNotice: false  # noqa var-naming
+matrix_hookshot_generic_requireExpiryTime: false  # noqa var-naming
+matrix_hookshot_generic_maxExpiryTime: "30d"  # noqa var-naming
 
 
 matrix_hookshot_feeds_enabled: true

roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2

@@ -80,6 +80,9 @@ generic:
   userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
   allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
   waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }}
+  sendExpiryNotice: {{ matrix_hookshot_generic_sendExpiryNotice | to_json }}
+  requireExpiryTime: {{ matrix_hookshot_generic_requireExpiryTime | to_json }}
+  maxExpiryTime: {{ matrix_hookshot_generic_maxExpiryTime | to_json }}
 {% endif %}
 {% if matrix_hookshot_feeds_enabled %}
 feeds:

roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_mautrix_bluesky_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_bluesky_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_bluesky_version == 'latest' else matrix_mautrix_bluesky_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/bluesky
-matrix_mautrix_bluesky_version: v0.1.2
+matrix_mautrix_bluesky_version: v0.2510.0
 # See: https://mau.dev/tulir/mautrix-bluesky/container_registry
 matrix_mautrix_bluesky_docker_image: "{{ matrix_mautrix_bluesky_docker_image_registry_prefix }}mautrix/bluesky:{{ matrix_mautrix_bluesky_version }}"
 matrix_mautrix_bluesky_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_bluesky_container_image_self_build else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream }}"
@@ -28,10 +28,14 @@ matrix_mautrix_bluesky_data_path: "{{ matrix_mautrix_bluesky_base_path }}/data"
 matrix_mautrix_bluesky_docker_src_files_path: "{{ matrix_mautrix_bluesky_base_path }}/docker-src"
 
 matrix_mautrix_bluesky_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_bluesky_homeserver_async_media: false
 matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'
 
 matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_bluesky_appservice_public_address: ''

roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2

@@ -164,7 +164,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_bluesky_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -359,6 +359,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_bluesky_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_bluesky_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -36,6 +36,9 @@ matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data"
 matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src"
 
 matrix_mautrix_discord_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_discord_homeserver_async_media: false
 matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080"
 
@@ -56,7 +59,7 @@ matrix_mautrix_discord_bridge_avatar_proxy_key: ''
 matrix_mautrix_discord_bridge_username_template: "{% raw %}discord_{{.}}{% endraw %}"
 
 # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
-matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{% endraw %}"
+matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}} (Discord){% endraw %}"
 
 # Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
 matrix_mautrix_discord_bridge_channel_name_template: "{% raw %}{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}{% endraw %}"

roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2

@@ -16,7 +16,7 @@ homeserver:
     # Endpoint for reporting per-message status.
     message_send_checkpoint_endpoint: null
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_discord_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -37,6 +37,9 @@ matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_
 matrix_mautrix_facebook_command_prefix: "!fb"
 
 matrix_mautrix_facebook_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_facebook_homeserver_async_media: false
 matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
 
 # Whether or not the public-facing endpoints should be enabled (web-based login)

roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -14,7 +14,7 @@ homeserver:
     asmux: false
     # Whether asynchronous uploads via MSC2246 should be enabled for media.
     # Requires a media repo that supports MSC2246.
-    async_media: false
+    async_media: {{ matrix_mautrix_facebook_homeserver_async_media | to_json }}
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.6.4
+matrix_mautrix_gmessages_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -33,10 +33,14 @@ matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/da
 matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src"
 
 matrix_mautrix_gmessages_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_gmessages_homeserver_async_media: false
 matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
 
 matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_gmessages_backfill_enabled: true
 matrix_mautrix_gmessages_backfill_max_initial_messages: 50
@@ -164,7 +168,7 @@ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix
 # For compatibility with the older Gmessages bridge, you may wish to set the pickle key to: "go.mau.fi/mautrix-gmessages"
 matrix_mautrix_gmessages_bridge_encryption_pickle_key: mautrix.bridge.e2ee
 
-matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}"
+matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}} (GMessages){% endraw %}"
 matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}"
 
 matrix_mautrix_gmessages_public_media_signing_key: ''

roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2

@@ -2,9 +2,6 @@
 # Network-specific config options
 network:
     # Displayname template for SMS users.
-    # {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone
-    # {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone
-    # {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone
     displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }}
     # Settings for how the bridge appears to the phone.
     device_meta:
@@ -168,7 +165,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_gmessages_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -359,6 +356,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_gmessages_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2

@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_gmessages_docker_image }} \
-			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml
+			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml --no-update
 
 {% for network in matrix_mautrix_gmessages_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-gmessages

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.5.2
+matrix_mautrix_meta_instagram_version: v0.2510.0
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -116,6 +116,9 @@ matrix_mautrix_meta_instagram_database_sslmode: disable
 matrix_mautrix_meta_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_meta_instagram_database_username }}:{{ matrix_mautrix_meta_instagram_database_password }}@{{ matrix_mautrix_meta_instagram_database_hostname }}:{{ matrix_mautrix_meta_instagram_database_port }}/{{ matrix_mautrix_meta_instagram_database_name }}?sslmode={{ matrix_mautrix_meta_instagram_database_sslmode }}'
 
 matrix_mautrix_meta_instagram_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_meta_instagram_homeserver_async_media: false
 matrix_mautrix_meta_instagram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_meta_instagram_homeserver_token: ''
 
@@ -124,6 +127,7 @@ matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta
 matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"
 
 matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_meta_instagram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2

@@ -181,7 +181,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_meta_instagram_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -372,6 +372,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_meta_instagram_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.5.2
+matrix_mautrix_meta_messenger_version: v0.2510.0
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -117,6 +117,9 @@ matrix_mautrix_meta_messenger_database_connection_string: 'postgres://{{ matrix_
 
 matrix_mautrix_meta_messenger_homeserver_address: ""
 matrix_mautrix_meta_messenger_homeserver_domain: '{{ matrix_domain }}'
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_meta_messenger_homeserver_async_media: false
 matrix_mautrix_meta_messenger_homeserver_token: ''
 
 matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319"
@@ -124,6 +127,7 @@ matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta
 matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"
 
 matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_meta_messenger_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2

@@ -181,7 +181,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_meta_messenger_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -372,6 +372,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_meta_messenger_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.8.5
+matrix_mautrix_signal_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@@ -42,9 +42,13 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_mautrix_signal_base_path
 
 matrix_mautrix_signal_homeserver_address: ""
 matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_signal_homeserver_async_media: false
 matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
 
 matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_signal_command_prefix: "!signal"
 
@@ -54,7 +58,7 @@ matrix_mautrix_signal_command_prefix: "!signal"
 # {{.PhoneNumber}} - The phone number of the user.
 # {{.UUID}} - The UUID of the Signal user.
 # {{.AboutEmoji}} - The emoji set by the user in their profile.
-matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}"
+matrix_mautrix_signal_network_displayname_template: '{% raw %}{{or .ProfileName .PhoneNumber "Unknown user"}} (Signal){% endraw %}'
 
 matrix_mautrix_signal_bridge_permissions: |
   {{

roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -2,13 +2,6 @@
 # Network-specific config options
 network:
     # Displayname template for Signal users.
-    # {% raw %}
-    # {{.ProfileName}} - The Signal profile name set by the user.
-    # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances.
-    # {{.PhoneNumber}} - The phone number of the user.
-    # {{.UUID}} - The UUID of the Signal user.
-    # {{.AboutEmoji}} - The emoji set by the user in their profile.
-    # {% endraw %}
     displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }}
     # Should avatars from the user's contact list be used? This is not safe on multi-user instances.
     use_contact_avatars: false
@@ -159,7 +152,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint: null
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_signal_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -339,6 +332,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_signal_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
 matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
-matrix_mautrix_slack_version: v0.2.2
+matrix_mautrix_slack_version: v0.2510.0
 # See: https://mau.dev/mautrix/slack/container_registry
 matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
 matrix_mautrix_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_docker_image_registry_prefix_upstream }}"
@@ -32,9 +32,13 @@ matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path }
 
 matrix_mautrix_slack_homeserver_address: ""
 matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_slack_homeserver_async_media: false
 matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
 
 matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_slack_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # Displayname template for Slack users. Available variables:
 #  .Name - The username of the user
@@ -191,7 +195,7 @@ matrix_mautrix_slack_provisioning_shared_secret: ''
 matrix_mautrix_slack_public_media_signing_key: ''
 
 # Controls whether relay mode is enabled
-matrix_mautrix_slack_bridge_relay_enabled: false
+matrix_mautrix_slack_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
 
 # Controls whether only admins can set themselves as relay users
 matrix_mautrix_slack_bridge_relay_admin_only: true

roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2

@@ -197,7 +197,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_slack_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -376,6 +376,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_slack_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -79,6 +79,9 @@ matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix
 
 matrix_mautrix_telegram_homeserver_address: ""
 matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_telegram_homeserver_async_media: false
 matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
 matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}'
 
@@ -230,12 +233,12 @@ matrix_mautrix_telegram_registration_yaml: |
   namespaces:
       users:
       - exclusive: true
-        regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
+        regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
       - exclusive: true
         regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
       aliases:
       - exclusive: true
-        regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
+        regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
   # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
   url: {{ matrix_mautrix_telegram_appservice_address }}

roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -21,7 +21,7 @@ homeserver:
     message_send_checkpoint_endpoint: null
     # Whether asynchronous uploads via MSC2246 should be enabled for media.
     # Requires a media repo that supports MSC2246.
-    async_media: false
+    async_media: {{ matrix_mautrix_telegram_homeserver_async_media | to_json }}
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.4.3
+matrix_mautrix_twitter_version: v0.2510.0
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"
@@ -36,10 +36,14 @@ matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data"
 matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src"
 
 matrix_mautrix_twitter_homeserver_address: ""
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_twitter_homeserver_async_media: false
 matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
 
 matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_twitter_appservice_public_address: ''
@@ -47,7 +51,7 @@ matrix_mautrix_twitter_appservice_public_address: ''
 # Displayname template for Twitter users.
 # {{ .DisplayName }} is replaced with the display name of the Twitter user.
 # {{ .Username }} is replaced with the username of the Twitter user.
-matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"
+matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }} (Twitter){% endraw %}"
 
 matrix_mautrix_twitter_bridge_command_prefix: "!tw"
 

roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -7,10 +7,6 @@ network:
     get_proxy_url: null
 
     # Displayname template for Twitter users.
-    # {% raw %}
-    # {{ .DisplayName }} is replaced with the display name of the Twitter user.
-    # {{ .Username }} is replaced with the username of the Twitter user.
-    # {% endraw %}
     displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }}
 
     # Maximum number of conversations to sync on startup
@@ -164,7 +160,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_twitter_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -209,11 +205,6 @@ appservice:
     # However, messages will not be guaranteed to be bridged in the same order they were sent in.
     # This value doesn't affect the registration file.
     async_transactions: false
-    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
-    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
-    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
-    # Changing this option requires updating the appservice registration file.
-    msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }}
 
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }}
@@ -359,6 +350,14 @@ encryption:
     # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
     # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
     appservice: {{ matrix_mautrix_twitter_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_twitter_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.12.3
+matrix_mautrix_whatsapp_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -44,9 +44,13 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_
 
 matrix_mautrix_whatsapp_homeserver_address: ""
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_mautrix_whatsapp_homeserver_async_media: false
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
 
 matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_whatsapp_extev_polls: false
 

roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -16,12 +16,6 @@ network:
     proxy_only_login: false
 
     # Displayname template for WhatsApp users.
-    # {% raw %}
-    # {{.PushName}}     - nickname set by the WhatsApp user
-    # {{.BusinessName}} - validated WhatsApp business name
-    # {{.Phone}}        - phone number (international format)
-    # {{.FullName}}     - Name you set in the contacts list
-    # {% endraw %}
     displayname_template: {{ matrix_mautrix_whatsapp_network_displayname_template | to_json }}
 
     # Should incoming calls send a message to the Matrix room?
@@ -255,7 +249,7 @@ homeserver:
     # The bridge will use the appservice as_token to authorize requests.
     message_send_checkpoint_endpoint:
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_mautrix_whatsapp_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
@@ -450,6 +444,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_whatsapp_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2

@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_whatsapp_docker_image }} \
-			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
+			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml --no-update
 
 {% for network in matrix_mautrix_whatsapp_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-whatsapp

roles/custom/matrix-bridge-postmoogle/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_postmoogle_docker_repo_version: "{{ 'main' if matrix_postmoogle_version =
 matrix_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
-matrix_postmoogle_version: v0.9.26
+matrix_postmoogle_version: v0.9.27
 matrix_postmoogle_docker_image: "{{ matrix_postmoogle_docker_image_registry_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}"
 matrix_postmoogle_docker_image_registry_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else matrix_postmoogle_docker_image_registry_prefix_upstream }}"
 matrix_postmoogle_docker_image_registry_prefix_upstream: "{{ matrix_postmoogle_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-sms/defaults/main.yml

@@ -15,7 +15,7 @@
 matrix_sms_bridge_enabled: true
 
 # renovate: datasource=docker depName=folivonet/matrix-sms-bridge
-matrix_sms_bridge_version: 0.5.9
+matrix_sms_bridge_version: 0.5.13
 matrix_sms_bridge_docker_image: "{{ matrix_sms_bridge_docker_image_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_docker_image_tag }}"
 matrix_sms_bridge_docker_image_registry_prefix: "{{ matrix_sms_bridge_docker_image_registry_prefix_upstream }}"
 matrix_sms_bridge_docker_image_registry_prefix_upstream: "{{ matrix_sms_bridge_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-steam/defaults/main.yml

@@ -0,0 +1,249 @@
+# SPDX-FileCopyrightText: 2025 Jason LaGuidice
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+# matrix-steam-bridge is a Matrix <-> Steam bridge
+# See: https://github.com/jasonlaguidice/matrix-steam-bridge
+
+matrix_steam_bridge_enabled: true
+
+matrix_steam_bridge_container_image_self_build: false
+matrix_steam_bridge_container_image_self_build_repo: "https://github.com/jasonlaguidice/matrix-steam-bridge.git"
+matrix_steam_bridge_container_image_self_build_repo_version: "{{ 'main' if matrix_steam_bridge_version == 'latest' else matrix_steam_bridge_version }}"
+
+# renovate: datasource=docker depName=ghcr.io/jasonlaguidice/matrix-steam-bridge
+matrix_steam_bridge_version: 1.0.7
+matrix_steam_bridge_docker_image: "{{ matrix_steam_bridge_docker_image_registry_prefix }}jasonlaguidice/matrix-steam-bridge:{{ matrix_steam_bridge_version }}"
+matrix_steam_bridge_docker_image_registry_prefix: "{{ 'localhost/' if matrix_steam_bridge_container_image_self_build else matrix_steam_bridge_docker_image_registry_prefix_upstream }}"
+matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
+matrix_steam_bridge_docker_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_steam_bridge_docker_image_tag: "{{ matrix_steam_bridge_version }}"
+matrix_steam_bridge_docker_image_force_pull: "{{ matrix_steam_bridge_docker_image.endswith(':latest') }}"
+
+matrix_steam_bridge_base_path: "{{ matrix_base_data_path }}/matrix-steam-bridge"
+matrix_steam_bridge_config_path: "{{ matrix_steam_bridge_base_path }}/config"
+matrix_steam_bridge_data_path: "{{ matrix_steam_bridge_base_path }}/data"
+matrix_steam_bridge_docker_src_files_path: "{{ matrix_steam_bridge_base_path }}/docker-src"
+
+matrix_steam_bridge_homeserver_address: ""
+matrix_steam_bridge_homeserver_domain: "{{ matrix_domain }}"
+matrix_steam_bridge_appservice_address: "http://matrix-steam-bridge:{{ matrix_steam_bridge_appservice_port }}"
+matrix_steam_bridge_appservice_port: "8080"
+
+matrix_steam_bridge_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_steam_bridge_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
+
+# matrix -> steam presence
+matrix_steam_bridge_network_presence_enabled: true
+# Default inactivity state
+# This is what the bridge sets it's status to after some time of no user interaction
+matrix_steam_bridge_network_presence_inactivity_status: 'invisible'
+
+# A public address that external services can use to reach this appservice
+matrix_steam_bridge_appservice_public_address: "https://{{ matrix_server_fqn_matrix }}"
+
+# Public media configuration for external access to bridge media
+matrix_steam_bridge_public_media_enabled: true
+# A key for signing public media URLs. If set to "generate", a random key will be generated.
+# This will be auto-generated deterministically if matrix_homeserver_generic_secret_key is set.
+matrix_steam_bridge_public_media_signing_key: ''
+# Number of seconds that public media URLs are valid for. If set to 0, URLs will never expire.
+matrix_steam_bridge_public_media_expiry: 0
+matrix_steam_bridge_public_media_hash_length: 32
+
+# Displayname template for Steam users
+# {{ .DisplayName }} is replaced with the display name of the Steam user
+# {{ .Username }} is replaced with the username of the Steam user
+matrix_steam_bridge_network_displayname_template: "{% raw %}{{ .DisplayName }} (Steam){% endraw %}"
+
+matrix_steam_bridge_command_prefix: "!steam"
+
+matrix_steam_bridge_bridge_permissions: |
+  {{
+    {matrix_steam_bridge_homeserver_domain: 'user'}
+    | combine ({matrix_admin: 'admin'} if matrix_admin else {})
+  }}
+
+# TODO: May need to set network for public media?
+matrix_steam_bridge_container_network: ""
+
+matrix_steam_bridge_container_additional_networks: "{{ matrix_steam_bridge_container_additional_networks_auto + matrix_steam_bridge_container_additional_networks_custom }}"
+matrix_steam_bridge_container_additional_networks_auto: []
+matrix_steam_bridge_container_additional_networks_custom: []
+
+# matrix_steam_bridge_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_steam_bridge_container_labels_additional_labels`.
+matrix_steam_bridge_container_labels_traefik_enabled: true
+matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_steam_bridge_container_network }}"
+matrix_steam_bridge_container_labels_traefik_entrypoints: web-secure
+matrix_steam_bridge_container_labels_traefik_tls: "{{ matrix_steam_bridge_container_labels_traefik_entrypoints != 'web' }}"
+matrix_steam_bridge_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls whether labels will be added that expose mautrix-instagram's metrics
+matrix_steam_bridge_container_labels_metrics_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_steam_bridge_metrics_proxying_enabled }}"
+matrix_steam_bridge_container_labels_metrics_traefik_rule: "Host(`{{ matrix_steam_bridge_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_steam_bridge_metrics_proxying_path_prefix }}`)"
+matrix_steam_bridge_container_labels_metrics_traefik_priority: 0
+matrix_steam_bridge_container_labels_metrics_traefik_entrypoints: "{{ matrix_steam_bridge_container_labels_traefik_entrypoints }}"
+matrix_steam_bridge_container_labels_metrics_traefik_tls: "{{ matrix_steam_bridge_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_steam_bridge_container_labels_metrics_traefik_tls_certResolver: "{{ matrix_steam_bridge_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: false
+# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: ''
+
+# matrix_steam_bridge_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_steam_bridge_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_steam_bridge_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_steam_bridge_container_extra_arguments: []
+
+# List of systemd services that matrix_steam_bridge.service depends on.
+matrix_steam_bridge_systemd_required_services_list: "{{ matrix_steam_bridge_systemd_required_services_list_default + matrix_steam_bridge_systemd_required_services_list_auto + matrix_steam_bridge_systemd_required_services_list_custom }}"
+matrix_steam_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_steam_bridge_systemd_required_services_list_auto: []
+matrix_steam_bridge_systemd_required_services_list_custom: []
+
+# List of systemd services that matrix_steam_bridge.service wants
+matrix_steam_bridge_systemd_wanted_services_list: []
+
+matrix_steam_bridge_appservice_token: ''
+matrix_steam_bridge_homeserver_token: ''
+
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_steam_bridge_matrix_federate_rooms: false
+
+# Bridge configuration options
+# Should every user have their own portals rather than sharing them?
+matrix_steam_bridge_bridge_split_portals: false
+
+# Cleanup on logout configuration
+matrix_steam_bridge_bridge_cleanup_on_logout_enabled: false
+# Valid values for cleanup actions: nothing, kick, unbridge, delete
+#   nothing - Do nothing, let the user stay in the portals
+#   kick - Remove the user from the portal rooms, but don't delete them
+#   unbridge - Remove all ghosts in the room and disassociate it from the remote chat
+#   delete - Remove all ghosts and users from the room (i.e. delete it)
+matrix_steam_bridge_bridge_cleanup_on_logout_manual_private: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_manual_relayed: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_no_users: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_has_users: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_private: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_relayed: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_no_users: nothing
+matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_has_users: nothing
+
+# Homeserver configuration options
+# Does the homeserver support MSC2246 (async media uploads)?
+matrix_steam_bridge_homeserver_async_media: false
+
+# Database-related configuration fields.
+#
+# To use Postgres:
+# - adjust your database credentials via the `matrix_steam_bridge_postgres_*` variables
+matrix_steam_bridge_database_engine: 'postgres'
+
+matrix_steam_bridge_database_username: 'matrix_steam_bridge'
+matrix_steam_bridge_database_password: 'some-password'
+matrix_steam_bridge_database_hostname: ''
+matrix_steam_bridge_database_port: 5432
+matrix_steam_bridge_database_name: 'matrix_steam_bridge'
+matrix_steam_bridge_database_sslmode: disable
+
+matrix_steam_bridge_database_connection_string: 'postgres://{{ matrix_steam_bridge_database_username }}:{{ matrix_steam_bridge_database_password }}@{{ matrix_steam_bridge_database_hostname }}:{{ matrix_steam_bridge_database_port }}/{{ matrix_steam_bridge_database_name }}?sslmode={{ matrix_steam_bridge_database_sslmode }}'
+
+matrix_steam_bridge_database_uri: "{{
+	{
+		'postgres': matrix_steam_bridge_database_connection_string,
+	}[matrix_steam_bridge_database_engine]
+}}"
+
+matrix_steam_bridge_double_puppet_secrets: "{{ matrix_steam_bridge_double_puppet_secrets_auto | combine(matrix_steam_bridge_double_puppet_secrets_custom) }}"
+matrix_steam_bridge_double_puppet_secrets_auto: {}
+matrix_steam_bridge_double_puppet_secrets_custom: {}
+
+matrix_steam_bridge_appservice_bot_username: steambot
+matrix_steam_bridge_appservice_bot_displayname: Steam bridge bot
+matrix_steam_bridge_appservice_bot_avatar: mxc://shadowdrake.org/EeNKAcrmByNubPwoyceQsBaN
+
+matrix_steam_bridge_backfill_enabled: true
+# Maximum number of messages to backfill in empty rooms
+matrix_steam_bridge_backfill_max_initial_messages: 50
+
+# Maximum number of missed messages to backfill after bridge restarts
+matrix_steam_bridge_backfill_max_catchup_messages: 500
+
+# Shared secret for authentication of provisioning API requests.
+# If set to "disable", the provisioning API will be disabled.
+matrix_steam_bridge_provisioning_shared_secret: disable
+
+# Minimum severity of journal log messages.
+# Valid values: fatal, error, warn, info, debug, trace
+matrix_steam_bridge_logging_level: 'warn'
+
+# Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_steam_bridge_metrics_proxying_enabled`.
+matrix_steam_bridge_metrics_enabled: false
+
+# Controls whether metrics should be exposed on a public URL.
+matrix_steam_bridge_metrics_proxying_enabled: false
+matrix_steam_bridge_metrics_proxying_hostname: ''
+matrix_steam_bridge_metrics_proxying_path_prefix: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_steam_bridge_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_steam_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_steam_bridge_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_steam_bridge_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_steam_bridge_configuration_yaml`.
+
+matrix_steam_bridge_configuration_extension: "{{ matrix_steam_bridge_configuration_extension_yaml | from_yaml if matrix_steam_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_steam_bridge_configuration_yaml`.
+matrix_steam_bridge_configuration: "{{ matrix_steam_bridge_configuration_yaml | from_yaml | combine(matrix_steam_bridge_configuration_extension, recursive=True) }}"
+
+matrix_steam_bridge_registration_yaml: |
+  id: steam
+  as_token: "{{ matrix_steam_bridge_appservice_token }}"
+  hs_token: "{{ matrix_steam_bridge_homeserver_token }}"
+  namespaces:
+    users:
+    - exclusive: true
+      regex: '^@steam_.+:{{ matrix_steam_bridge_homeserver_domain | regex_escape }}$'
+    - exclusive: true
+      regex: '^@{{ matrix_steam_bridge_appservice_bot_username | regex_escape }}:{{ matrix_steam_bridge_homeserver_domain | regex_escape }}$'
+  url: {{ matrix_steam_bridge_appservice_address }}
+  sender_localpart: _bot_{{ matrix_steam_bridge_appservice_bot_username }}
+  rate_limited: false
+  de.sorunome.msc2409.push_ephemeral: true
+  receive_ephemeral: true
+  io.element.msc4190: {{ matrix_steam_bridge_msc4190_enabled | to_json }}
+
+matrix_steam_bridge_registration: "{{ matrix_steam_bridge_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_steam_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_steam_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
+matrix_steam_bridge_bridge_encryption_require: false
+matrix_steam_bridge_bridge_encryption_appservice: false
+matrix_steam_bridge_bridge_encryption_key_sharing_allow: "{{ matrix_steam_bridge_bridge_encryption_allow }}"
+matrix_steam_bridge_bridge_encryption_pickle_key: mautrix.bridge.e2ee

roles/custom/matrix-bridge-steam/tasks/main.yml

@@ -1,5 +1,4 @@
-# SPDX-FileCopyrightText: 2019 - 2023 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -7,19 +6,19 @@
 
 - tags:
     - setup-all
-    - setup-go-skype-bridge
+    - setup-matrix-steam-bridge
     - install-all
-    - install-go-skype-bridge
+    - install-matrix-steam-bridge
   block:
-    - when: matrix_go_skype_bridge_enabled | bool
+    - when: matrix_steam_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-    - when: matrix_go_skype_bridge_enabled | bool
+    - when: matrix_steam_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
 - tags:
     - setup-all
-    - setup-go-skype-bridge
+    - setup-matrix-steam-bridge
   block:
-    - when: not matrix_go_skype_bridge_enabled | bool
+    - when: not matrix_steam_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

roles/custom/matrix-bridge-steam/tasks/setup_install.yml

@@ -0,0 +1,102 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- ansible.builtin.set_fact:
+    matrix_steam_bridge_requires_restart: false
+
+- name: Ensure Steam bridge image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_steam_bridge_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_steam_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_steam_bridge_docker_image_force_pull }}"
+  when: matrix_steam_bridge_enabled | bool and not matrix_steam_bridge_container_image_self_build
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Steam bridge paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - {path: "{{ matrix_steam_bridge_base_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_config_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_data_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_docker_src_files_path }}", when: "{{ matrix_steam_bridge_container_image_self_build }}"}
+  when: item.when | bool
+
+- name: Ensure Steam bridge repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_steam_bridge_container_image_self_build_repo }}"
+    version: "{{ matrix_steam_bridge_container_image_self_build_repo_version }}"
+    dest: "{{ matrix_steam_bridge_docker_src_files_path }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_name }}"
+  register: matrix_steam_bridge_git_pull_results
+  when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build"
+
+- name: Ensure Steam bridge Docker image is built
+  community.docker.docker_image:
+    name: "{{ matrix_steam_bridge_docker_image }}"
+    source: build
+    force_source: "{{ matrix_steam_bridge_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_steam_bridge_docker_src_files_path }}"
+      pull: true
+  when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build | bool"
+
+- name: Ensure matrix-steam-bridge config.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_steam_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_steam_bridge_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+
+- name: Ensure matrix-steam-bridge registration.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_steam_bridge_registration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_steam_bridge_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+
+- name: Ensure matrix-steam-bridge support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_steam_bridge_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - labels
+
+- name: Ensure matrix-steam-bridge container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_steam_bridge_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure matrix-steam-bridge.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-steam-bridge.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+    mode: 0644
+
+- name: Ensure matrix-steam-bridge.service restarted, if necessary
+  ansible.builtin.service:
+    name: "matrix-steam-bridge.service"
+    state: restarted
+    daemon_reload: true
+  when: "matrix_steam_bridge_requires_restart | bool"

roles/custom/matrix-bridge-steam/tasks/setup_uninstall.yml

@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-steam-bridge service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+  register: matrix_steam_bridge_service_stat
+
+- when: matrix_steam_bridge_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-steam-bridge is stopped
+      ansible.builtin.service:
+        name: matrix-steam-bridge
+        state: stopped
+        daemon_reload: true
+
+    - name: Ensure matrix-steam-bridge.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+        state: absent

roles/custom/matrix-bridge-steam/tasks/validate_config.yml

@@ -0,0 +1,29 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if required matrix_steam_bridge settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
+  with_items:
+    - {'name': 'matrix_steam_bridge_appservice_token', when: true}
+    - {'name': 'matrix_steam_bridge_homeserver_address', when: true}
+    - {'name': 'matrix_steam_bridge_homeserver_token', when: true}
+    - {'name': 'matrix_steam_bridge_database_hostname', when: "{{ matrix_steam_bridge_database_engine == 'postgres' }}"}
+    - {'name': 'matrix_steam_bridge_container_network', when: true}
+    - {'name': 'matrix_steam_bridge_metrics_proxying_hostname', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_steam_bridge_metrics_proxying_path_prefix', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"}
+# TODO: Confirm additional config isn't mandatory for public_media
+
+- name: (Deprecation) Catch and report renamed matrix-steam-bridge variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_steam_bridge_docker_image_name_prefix', 'new': 'matrix_steam_bridge_docker_image_registry_prefix'}

roles/custom/matrix-bridge-steam/templates/config.yaml.j2

@@ -0,0 +1,475 @@
+#jinja2: lstrip_blocks: True
+# Network-specific config options
+network:
+    # Proxy to use for all Steam connections.
+    proxy: null
+    # Alternative to proxy: an HTTP endpoint that returns the proxy URL to use for Steam connections.
+    get_proxy_url: null
+
+    # Displayname template for Steam users.
+    displayname_template: {{ matrix_steam_bridge_network_displayname_template | to_json }}
+
+    # Maximum number of conversations to sync on startup
+    conversation_sync_limit: 20
+
+    steam_bridge_path: ./
+    steam_bridge_address: localhost:50051
+    steam_bridge_auto_start: true
+    steam_bridge_startup_timeout: 30
+
+    # Presence synchronization settings
+    presence:
+        # Enable presence tracking from Matrix to Steam
+        # When enabled, your Steam status will automatically change based on
+        # your Matrix presence and activity
+        enabled: {{ matrix_steam_bridge_network_presence_enabled | to_json }}
+
+        # Inactivity timeout in minutes before changing Steam status
+        # This is used as a fallback when your Matrix server doesn't support
+        # presence tracking. After this many minutes without Matrix activity,
+        # your Steam status will change (see inactivity_status below)
+        # Set to 0 to disable automatic away
+        inactivity_timeout: 15
+
+        # Status to set after inactivity timeout
+        # Valid values: "snooze" (appear away/idle) or "invisible" (appear offline)
+        inactivity_status: {{ matrix_steam_bridge_network_presence_inactivity_status | to_json }}
+        # Whether typing events in Matrix should reset the inactivity timer
+        # When true, typing will count as activity and keep you marked as online
+        typing_resets_presence: true
+
+        # Whether sending read receipts in Matrix should reset the inactivity timer
+        # When true, reading messages will count as activity and keep you marked as online
+        read_receipts_reset_presence: false
+
+
+# Config options that affect the central bridge module.
+bridge:
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: {{ matrix_steam_bridge_command_prefix | to_json }}
+    # Should the bridge create a space for each login containing the rooms that account is in?
+    personal_filtering_spaces: true
+    # Whether the bridge should set names and avatars explicitly for DM portals.
+    # This is only necessary when using clients that don't support MSC4171.
+    private_chat_portal_meta: true
+    # Should events be handled asynchronously within portal rooms?
+    # If true, events may end up being out of order, but slow events won't block other ones.
+    # This is not yet safe to use.
+    async_events: false
+    # Should every user have their own portals rather than sharing them?
+    # By default, users who are in the same group on the remote network will be
+    # in the same Matrix room bridged to that group. If this is set to true,
+    # every user will get their own Matrix room instead.
+    split_portals: {{ matrix_steam_bridge_bridge_split_portals | to_json }}
+    # Should the bridge resend `m.bridge` events to all portals on startup?
+    resend_bridge_info: false
+    # Should `m.bridge` events be sent without a state key?
+    # By default, the bridge uses a unique key that won't conflict with other bridges.
+    no_bridge_info_state_key: false
+    # Should bridge connection status be sent to the management room as `m.notice` events?
+    # These contain the same data that can be posted to an external HTTP server using homeserver -> status_endpoint.
+    # Allowed values: none, errors, all
+    bridge_status_notices: errors
+    # How long after an unknown error should the bridge attempt a full reconnect?
+    # Must be at least 1 minute. The bridge will add an extra ±20% jitter to this value.
+    unknown_error_auto_reconnect: null
+
+    # Should leaving Matrix rooms be bridged as leaving groups on the remote network?
+    bridge_matrix_leave: false
+    # Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
+    # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
+    tag_only_on_create: true
+    # List of tags to allow bridging. If empty, no tags will be bridged.
+    only_bridge_tags: [m.favourite, m.lowpriority]
+    # Should room mute status only be synced when creating the portal?
+    # Like tags, mutes can't currently be synced back to the remote network.
+    mute_only_on_create: true
+    # Should the bridge check the db to ensure that incoming events haven't been handled before
+    deduplicate_matrix_messages: false
+    # Should cross-room reply metadata be bridged?
+    # Most Matrix clients don't support this and servers may reject such messages too.
+    cross_room_replies: false
+
+
+    # What should be done to portal rooms when a user logs out or is logged out?
+    # Permitted values:
+    #   nothing - Do nothing, let the user stay in the portals
+    #   kick - Remove the user from the portal rooms, but don't delete them
+    #   unbridge - Remove all ghosts in the room and disassociate it from the remote chat
+    #   delete - Remove all ghosts and users from the room (i.e. delete it)
+    cleanup_on_logout:
+        # Should cleanup on logout be enabled at all?
+        enabled: {{ matrix_steam_bridge_bridge_cleanup_on_logout_enabled | to_json }}
+        # Settings for manual logouts (explicitly initiated by the Matrix user)
+        manual:
+            # Action for private portals which will never be shared with other Matrix users.
+            private: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_private | to_json }}
+            # Action for portals with a relay user configured.
+            relayed: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_relayed | to_json }}
+            # Action for portals which may be shared, but don't currently have any other Matrix users.
+            shared_no_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_no_users | to_json }}
+            # Action for portals which have other logged-in Matrix users.
+            shared_has_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_has_users | to_json }}
+        # Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
+        # Keys have the same meanings as in the manual section.
+        bad_credentials:
+            private: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_private | to_json }}
+            relayed: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_relayed | to_json }}
+            shared_no_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_no_users | to_json }}
+            shared_has_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_has_users | to_json }}
+
+    # Settings for relay mode
+    relay:
+        # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
+        # authenticated user into a relaybot for that chat.
+        enabled: false
+        # Should only admins be allowed to set themselves as relay users?
+        # If true, non-admins can only set users listed in default_relays as relays in a room.
+        admin_only: true
+        # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
+        default_relays: []
+        # The formats to use when sending messages via the relaybot.
+        # Available variables:
+        #   .Sender.UserID - The Matrix user ID of the sender.
+        #   .Sender.Displayname - The display name of the sender (if set).
+        #   .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
+        #   .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
+        #                               plus the user ID in parentheses if the displayname is not unique.
+        #                               If the displayname is not set, this is just the user ID.
+        #   .Message - The `formatted_body` field of the message.
+        #   .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
+        #   .FileName - The name of the file being sent.
+        message_formats:
+            m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
+            m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+        # For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
+        # This has all the Sender variables available under message_formats (but without the .Sender prefix).
+        # Note that you need to manually remove the displayname from message_formats above.
+        displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #    relay - Talk through the relaybot (if enabled), no access otherwise
+    # commands - Access to use commands in the bridge, but not login.
+    #     user - Access to use the bridge with puppeting.
+    #    admin - Full access, user level with some additional administration tools.
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions: {{ matrix_steam_bridge_bridge_permissions | to_json }}
+
+# Config for the bridge's database.
+database:
+    # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+    type: postgres
+    # The database URI.
+    #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+    #           https://github.com/mattn/go-sqlite3#connection-string
+    #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+    #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+    uri: {{ matrix_steam_bridge_database_uri | to_json }}
+    # Maximum number of connections.
+    max_open_conns: 5
+    max_idle_conns: 2
+    # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+    # Parsed with https://pkg.go.dev/time#ParseDuration
+    max_conn_idle_time: null
+    max_conn_lifetime: null
+
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
+    # but https also works if they run on different machines.
+    address: {{ matrix_steam_bridge_homeserver_address | to_json }}
+    # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+    domain: {{ matrix_steam_bridge_homeserver_domain | to_json }}
+
+    # What software is the homeserver running?
+    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+    software: standard
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint:
+    # Endpoint for reporting per-message status.
+    # If set, the bridge will make POST requests to this URL when processing a message from Matrix.
+    # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
+    # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
+    # The bridge will use the appservice as_token to authorize requests.
+    message_send_checkpoint_endpoint:
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: {{ matrix_steam_bridge_homeserver_async_media | to_json }}
+
+    # Should the bridge use a websocket for connecting to the homeserver?
+    # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+    # mautrix-asmux (deprecated), and hungryserv (proprietary).
+    websocket: false
+    # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+    ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration (except when noted otherwise)
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    # Like the homeserver address, a local non-https address is recommended when the bridge is on the same machine.
+    # If the bridge is elsewhere, you must secure the connection yourself (e.g. with https or wireguard)
+    # If you want to use https, you need to use a reverse proxy. The bridge does not have TLS support built in.
+    address: {{ matrix_steam_bridge_appservice_address | to_json }}
+    # A public address that external services can use to reach this appservice.
+    # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
+    # This value doesn't affect the registration file.
+    public_address: {{ matrix_steam_bridge_appservice_public_address | to_json }}
+
+    # The hostname and port where this appservice should listen.
+    # For Docker, you generally have to change the hostname to 0.0.0.0.
+    hostname: 0.0.0.0
+    port: {{ matrix_steam_bridge_appservice_port }}
+
+    # The unique ID of this appservice.
+    id: steam
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_steam_bridge_appservice_bot_username | to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: {{ matrix_steam_bridge_appservice_bot_displayname | to_json(ensure_ascii=False) }}
+        avatar: {{ matrix_steam_bridge_appservice_bot_avatar | to_json }}
+
+    # Whether to receive ephemeral events via appservice transactions.
+    ephemeral_events: true
+    # Should incoming events be handled asynchronously?
+    # This may be necessary for large public instances with lots of messages going through.
+    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+    # This value doesn't affect the registration file.
+    async_transactions: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: {{ matrix_steam_bridge_appservice_token | to_json }}
+    hs_token: {{ matrix_steam_bridge_homeserver_token | to_json }}
+
+    # Localpart template of MXIDs for remote users.
+    # {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
+    username_template: "{% raw %}steam_{{.}}{% endraw %}"
+
+# Config options that affect the Matrix connector of the bridge.
+matrix:
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send a read receipt after successfully bridging a message.
+    delivery_receipts: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
+    # Whether the bridge should update the m.direct account data event when double puppeting is enabled.
+    sync_direct_chat_list: true
+    # Whether created rooms should have federation enabled. If false, created portal rooms
+    # will never be federated. Changing this option requires recreating rooms.
+    federate_rooms: {{ matrix_steam_bridge_matrix_federate_rooms | to_json }}
+    # The threshold as bytes after which the bridge should roundtrip uploads via the disk
+    # rather than keeping the whole file in memory.
+    upload_file_threshold: 5242880
+
+# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
+analytics:
+    # API key to send with tracking requests. Tracking is disabled if this is null.
+    token: null
+    # Address to send tracking requests to.
+    url: https://api.segment.io/v1/track
+    # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
+    user_id: null
+
+# Settings for provisioning API
+provisioning:
+    # Prefix for the provisioning API paths.
+    prefix: /_matrix/provision
+    # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
+    # or if set to "disable", the provisioning API will be disabled.
+    shared_secret: {{ matrix_steam_bridge_provisioning_shared_secret | to_json }}
+    # Whether to allow provisioning API requests to be authed using Matrix access tokens.
+    # This follows the same rules as double puppeting to determine which server to contact to check the token,
+    # which means that by default, it only works for users on the same server as the bridge.
+    allow_matrix_auth: true
+    # Enable debug API at /debug with provisioning authentication.
+    debug_endpoints: false
+
+# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
+# These settings control whether the bridge will provide such public media access.
+# TODO: Update with public_media config once it's figured out
+public_media:
+    # Should public media be enabled at all?
+    # The public_address field under the appservice section MUST be set when enabling public media.
+    enabled: {{ matrix_steam_bridge_public_media_enabled | to_json }}
+    # A key for signing public media URLs.
+    # If set to "generate", a random key will be generated.
+    signing_key: {{ matrix_steam_bridge_public_media_signing_key | to_json }}
+    # Number of seconds that public media URLs are valid for.
+    # If set to 0, URLs will never expire.
+    expiry: {{ matrix_steam_bridge_public_media_expiry | to_json }}
+    # Length of hash to use for public media URLs. Must be between 0 and 32.
+    hash_length: {{ matrix_steam_bridge_public_media_hash_length | to_json }}
+
+# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
+# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
+direct_media:
+    # Should custom mxc:// URIs be used instead of reuploading media?
+    enabled: false
+    # The server name to use for the custom mxc:// URIs.
+    # This server name will effectively be a real Matrix server, it just won't implement anything other than media.
+    # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
+    server_name: media.example.com
+    # Optionally a custom .well-known response. This defaults to `server_name:443`
+    well_known_response:
+    # Optionally specify a custom prefix for the media ID part of the MXC URI.
+    media_id_prefix:
+    # If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
+    # media download redirects if the requester supports it. Optionally, you can force redirects
+    # and not allow proxying at all by setting this to false.
+    # This option does nothing if the remote network does not support media downloads over HTTP.
+    allow_proxy: true
+    # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
+    # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
+    server_key: ""
+
+# Settings for backfilling messages.
+# Note that the exact way settings are applied depends on the network connector.
+# See https://docs.mau.fi/bridges/general/backfill.html for more details.
+backfill:
+    # Whether to do backfilling at all.
+    enabled: {{ matrix_steam_bridge_backfill_enabled | to_json }}
+    # Maximum number of messages to backfill in empty rooms.
+    max_initial_messages: {{ matrix_steam_bridge_backfill_max_initial_messages | to_json }}
+    # Maximum number of missed messages to backfill after bridge restarts.
+    max_catchup_messages: {{ matrix_steam_bridge_backfill_max_catchup_messages | to_json }}
+    # If a backfilled chat is older than this number of hours,
+    # mark it as read even if it's unread on the remote network.
+    unread_hours_threshold: 720
+    # Settings for backfilling threads within other backfills.
+    threads:
+        # Maximum number of messages to backfill in a new thread.
+        max_initial_messages: 50
+    # Settings for the backwards backfill queue. This only applies when connecting to
+    # Beeper as standard Matrix servers don't support inserting messages into history.
+    queue:
+        # Should the backfill queue be enabled?
+        enabled: false
+        # Number of messages to backfill in one batch.
+        batch_size: 100
+        # Delay between batches in seconds.
+        batch_delay: 20
+        # Maximum number of batches to backfill per portal.
+        # If set to -1, all available messages will be backfilled.
+        max_batches: -1
+        # Optional network-specific overrides for max batches.
+        # Interpretation of this field depends on the network connector.
+        max_batches_override: {}
+
+# Settings for enabling double puppeting
+double_puppet:
+    # Servers to always allow double puppeting from.
+    # This is only for other servers and should NOT contain the server the bridge is on.
+    servers: {}
+    # Whether to allow client API URL discovery for other servers. When using this option,
+    # users on other servers can use double puppeting even if their server URLs aren't
+    # explicitly added to the servers map above.
+    allow_discovery: false
+    # Shared secrets for automatic double puppeting.
+    # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
+    secrets: {{ matrix_steam_bridge_double_puppet_secrets | to_json }}
+
+# End-to-bridge encryption support options.
+#
+# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+encryption:
+    # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
+    allow: {{ matrix_steam_bridge_bridge_encryption_allow | to_json }}
+    # Whether to force-enable encryption in all bridged rooms.
+    default: {{ matrix_steam_bridge_bridge_encryption_default | to_json }}
+    # Whether to require all messages to be encrypted and drop any unencrypted messages.
+    require: {{ matrix_steam_bridge_bridge_encryption_require | to_json }}
+    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
+    appservice: {{ matrix_steam_bridge_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_steam_bridge_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_steam_bridge_self_sign_enabled | to_json }}
+    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+    # You must use a client that supports requesting keys from other users to use this feature.
+    allow_key_sharing: {{ matrix_steam_bridge_bridge_encryption_key_sharing_allow | to_json }}
+    # Pickle key for encrypting encryption keys in the bridge database.
+    # If set to generate, a random key will be generated.
+    pickle_key: {{ matrix_steam_bridge_bridge_encryption_pickle_key | to_json }}
+    # Options for deleting megolm sessions from the bridge.
+    delete_keys:
+        # Beeper-specific: delete outbound sessions when hungryserv confirms
+        # that the user has uploaded the key to key backup.
+        delete_outbound_on_ack: false
+        # Don't store outbound sessions in the inbound table.
+        dont_store_outbound: false
+        # Ratchet megolm sessions forward after decrypting messages.
+        ratchet_on_decrypt: false
+        # Delete fully used keys (index >= max_messages) after decrypting messages.
+        delete_fully_used_on_decrypt: false
+        # Delete previous megolm sessions from same device when receiving a new one.
+        delete_prev_on_new_session: false
+        # Delete megolm sessions received from a device when the device is deleted.
+        delete_on_device_delete: false
+        # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+        periodically_delete_expired: false
+        # Delete inbound megolm sessions that don't have the received_at field used for
+        # automatic ratcheting and expired session deletion. This is meant as a migration
+        # to delete old keys prior to the bridge update.
+        delete_outdated_inbound: false
+    # What level of device verification should be required from users?
+    #
+    # Valid levels:
+    #   unverified - Send keys to all device in the room.
+    #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+    #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+    #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+    #                           Note that creating user signatures from the bridge bot is not currently possible.
+    #   verified - Require manual per-device verification
+    #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+    verification_levels:
+        # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
+        receive: unverified
+        # Minimum level that the bridge should accept for incoming Matrix messages.
+        send: unverified
+        # Minimum level that the bridge should require for accepting key requests.
+        share: cross-signed-tofu
+    # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
+    # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
+    rotation:
+        # Enable custom Megolm room key rotation settings. Note that these
+        # settings will only apply to rooms created after this option is set.
+        enable_custom: false
+        # The maximum number of milliseconds a session should be used
+        # before changing it. The Matrix spec recommends 604800000 (a week)
+        # as the default.
+        milliseconds: 604800000
+        # The maximum number of messages that should be sent with a given a
+        # session before changing it. The Matrix spec recommends 100 as the
+        # default.
+        messages: 100
+        # Disable rotating keys when a user's devices change?
+        # You should not enable this option unless you understand all the implications.
+        disable_device_change_key_rotation: false
+
+# Logging config. See https://github.com/tulir/zeroconfig for details.
+logging:
+    min_level: {{ matrix_steam_bridge_logging_level | to_json }}
+    writers:
+        - type: stdout
+          format: pretty-colored

roles/custom/matrix-bridge-steam/templates/config.yaml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2025 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bridge-steam/templates/labels.j2

@@ -0,0 +1,78 @@
+{#
+SPDX-FileCopyrightText: 2025 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if matrix_steam_bridge_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_steam_bridge_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_steam_bridge_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-steam-bridge.loadbalancer.server.port={{ matrix_steam_bridge_appservice_port }}
+traefik.http.services.matrix-steam-bridge-metrics.loadbalancer.server.port=8000
+
+{% if matrix_steam_bridge_container_labels_metrics_enabled %}
+############################################################
+#                                                          #
+# Metrics                                                  #
+#                                                          #
+############################################################
+
+{% if matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled %}
+traefik.http.middlewares.matrix-steam-bridge-metrics-basic-auth.basicauth.users={{ matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users }}
+traefik.http.routers.matrix-steam-bridge-metrics.middlewares=matrix-steam-bridge-metrics-basic-auth
+{% endif %}
+
+traefik.http.routers.matrix-steam-bridge-metrics.rule={{ matrix_steam_bridge_container_labels_metrics_traefik_rule }}
+
+{% if matrix_steam_bridge_container_labels_metrics_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-steam-bridge-metrics.priority={{ matrix_steam_bridge_container_labels_metrics_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-steam-bridge-metrics.service=matrix-steam-bridge-metrics
+traefik.http.routers.matrix-steam-bridge-metrics.entrypoints={{ matrix_steam_bridge_container_labels_metrics_traefik_entrypoints }}
+
+traefik.http.routers.matrix-steam-bridge-metrics.tls={{ matrix_steam_bridge_container_labels_metrics_traefik_tls | to_json }}
+{% if matrix_steam_bridge_container_labels_metrics_traefik_tls %}
+traefik.http.routers.matrix-steam-bridge-metrics.tls.certResolver={{ matrix_steam_bridge_container_labels_metrics_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Metrics                                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% if matrix_steam_bridge_public_media_enabled %}
+############################################################
+#                                                          #
+# Public Media                                             #
+#                                                          #
+############################################################
+
+# Router for public media
+traefik.http.routers.matrix-steam-bridge-public-media.rule=Host(`{{ matrix_server_fqn_matrix }}`) && PathPrefix(`/_mautrix/publicmedia/{{ matrix_domain }}/`)
+traefik.http.routers.matrix-steam-bridge-public-media.service=matrix-steam-bridge
+traefik.http.routers.matrix-steam-bridge-public-media.entrypoints={{ matrix_steam_bridge_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-steam-bridge-public-media.tls={{ matrix_steam_bridge_container_labels_traefik_tls | to_json }}
+{% if matrix_steam_bridge_container_labels_traefik_tls %}
+traefik.http.routers.matrix-steam-bridge-public-media.tls.certResolver={{ matrix_steam_bridge_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+
+############################################################
+#                                                          #
+# /Public Media                                            #
+#                                                          #
+############################################################
+{% endif %}
+
+
+{% endif %}
+
+{{ matrix_steam_bridge_container_labels_additional_labels }}

roles/custom/matrix-bridge-steam/templates/systemd/matrix-steam-bridge.service.j2

@@ -1,11 +1,11 @@
 #jinja2: lstrip_blocks: True
 [Unit]
-Description=Matrix Go Skype Bridge bridge
-{% for service in matrix_go_skype_bridge_systemd_required_services_list %}
+Description=Matrix Steam bridge
+{% for service in matrix_steam_bridge_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
-{% for service in matrix_go_skype_bridge_systemd_wanted_services_list %}
+{% for service in matrix_steam_bridge_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
@@ -13,36 +13,36 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-steam-bridge 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-steam-bridge 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
-			--name=matrix-go-skype-bridge \
+			--name=matrix-steam-bridge \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
-			--network={{ matrix_go_skype_bridge_container_network }} \
-			--mount type=bind,src={{ matrix_go_skype_bridge_config_path }},dst=/config \
-			--mount type=bind,src={{ matrix_go_skype_bridge_data_path }},dst=/data \
-			--workdir=/data \
-			{% for arg in matrix_go_skype_bridge_container_extra_arguments %}
+			--network={{ matrix_steam_bridge_container_network }} \
+			--mount type=bind,src={{ matrix_steam_bridge_config_path }},dst=/app/config,ro \
+			--mount type=bind,src={{ matrix_steam_bridge_data_path }},dst=/app/data \
+			--label-file={{ matrix_steam_bridge_base_path }}/labels \
+			{% for arg in matrix_steam_bridge_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_go_skype_bridge_docker_image }} \
-			/usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml
+			{{ matrix_steam_bridge_docker_image }} \
+			/usr/bin/steam -c /app/config/config.yaml -r /app/config/registration.yaml --no-update
 
-{% for network in matrix_go_skype_bridge_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-go-skype-bridge
+{% for network in matrix_steam_bridge_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-steam-bridge
 {% endfor %}
 
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-go-skype-bridge
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-steam-bridge
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-go-skype-bridge 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-steam-bridge 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-steam-bridge 2>/dev/null || true'
 Restart=always
 RestartSec=30
-SyslogIdentifier=matrix-go-skype-bridge
+SyslogIdentifier=matrix-steam-bridge
 
 [Install]
 WantedBy=multi-user.target

roles/custom/matrix-bridge-steam/templates/systemd/matrix-steam-bridge.service.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2025 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bridge-wechat/defaults/main.yml

@@ -47,6 +47,9 @@ matrix_wechat_agent_container_src_files_path: "{{ matrix_wechat_base_path }}/age
 
 matrix_wechat_homeserver_address: ""
 matrix_wechat_homeserver_domain: "{{ matrix_domain }}"
+# Whether asynchronous uploads via MSC2246 should be enabled for media.
+# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
+matrix_wechat_homeserver_async_media: false
 matrix_wechat_appservice_address: 'http://matrix-wechat:8080'
 
 matrix_wechat_container_network: ""

roles/custom/matrix-bridge-wechat/templates/config.yaml.j2

@@ -16,7 +16,7 @@ homeserver:
     # Endpoint for reporting per-message status.
     message_send_checkpoint_endpoint: null
     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
+    async_media: {{ matrix_wechat_homeserver_async_media | to_json }}
 
     # Should the bridge use a websocket for connecting to the homeserver?
     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,

roles/custom/matrix-cactus-comments-client/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.38.0
+matrix_cactus_comments_client_version: 2.39.0
 
 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"

roles/custom/matrix-client-cinny/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
 # renovate: datasource=docker depName=ajbura/cinny
-matrix_client_cinny_version: v4.9.0
+matrix_client_cinny_version: v4.10.1
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}"
 matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-client-element/defaults/main.yml

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.11.109
+matrix_client_element_version: v1.12.2
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"
@@ -186,6 +186,7 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_permalink_prefix: "https://matrix.to"  # noqa var-naming
+matrix_client_element_mobile_guide_app_variant: "element"
 matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
 matrix_client_element_show_lab_settings: true  # noqa var-naming
 # Element public room directory server(s)

roles/custom/matrix-client-element/templates/config.json.j2

@@ -11,6 +11,7 @@
 	"setting_defaults": {
 		"custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }}
 	},
+	"mobile_guide_app_variant": {{ matrix_client_element_mobile_guide_app_variant | string | to_json }},
 	"default_theme": {{ matrix_client_element_default_theme | string | to_json }},
 	"default_country_code": {{ matrix_client_element_default_country_code | string | to_json }},
 	"permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }},

roles/custom/matrix-client-fluffychat/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
 matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
-matrix_client_fluffychat_version: v2.0.0
+matrix_client_fluffychat_version: v2.2.0
 matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
 matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}"
 matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -19,7 +19,7 @@ matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matr
 matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
-matrix_client_schildichat_version: 1.11.103-sc.0.test.0
+matrix_client_schildichat_version: 1.11.109-sc.0.test.0
 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_registry_prefix }}etkecc/schildichat-web:{{ matrix_client_schildichat_version }}"
 matrix_client_schildichat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else matrix_client_schildichat_docker_image_registry_prefix_upstream }}"
 matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-conduit/defaults/main.yml

@@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg
 matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}"
 matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/
 # renovate: datasource=docker depName=matrixconduit/matrix-conduit
-matrix_conduit_docker_image_tag: "v0.10.8"
+matrix_conduit_docker_image_tag: "v0.10.9"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"