feat(c10y): add url_preview_check_root_domain

feat(c10y): add url_preview_domain_explicit_allowlist
chore(deps): update dependency ntfy to v2.20.1-0
2026-03-29 19:31:25 +03:00 · 2026-03-29 09:59:54 +03:00 · 2026-03-29 09:59:54 +03:00 · 2026-03-28 14:24:46 +02:00 · 2026-03-28 14:17:16 +02:00 · 2026-03-27 18:08:25 +02:00
795 changed files with 24635 additions and 33799 deletions
--- a/.codespellrc
+++ b/.codespellrc
@@ -1,2 +1,2 @@
 [codespell]
-ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr
+ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema,commet,Commet
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -27,9 +27,6 @@
 			]
 		}
 	],
-	"ignoreDeps": [
-		"ghcr.io/matrixgpt/matrix-chatgpt-bot"
-	],
 	"pre-commit": {
 		"enabled": true
 	}
--- a/.github/workflows/close-stale-issues.yml
+++ b/.github/workflows/close-stale-issues.yml
@@ -19,7 +19,7 @@ jobs:
    if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
        with:
          ######################################################################
          # Issues/PRs
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -23,7 +23,7 @@ jobs:
    if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v6
        with:
          add-issue-labels: 'outdated'
          process-only: 'issues, prs'
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -9,34 +9,37 @@ name: Matrix CI

 on: [push, pull_request]  # yamllint disable-line rule:truthy

-jobs:
-  yamllint:
-    name: yamllint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out
-        uses: actions/checkout@v5
-      - name: Run yamllint
-        uses: frenck/action-yamllint@v1.5.0
-  ansible-lint:
-    name: ansible-lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out
-        uses: actions/checkout@v5
+permissions:
+  contents: read

-      - name: Run ansible-lint
-        uses: ansible/ansible-lint@v25.8.1
-        with:
-          args: "roles/custom"
-          setup_python: "true"
-          working_directory: ""
-          requirements_file: requirements.yml
-  precommit:
-    name: Run pre-commit
+jobs:
+  prek:
+    name: Run prek hooks
    runs-on: ubuntu-latest
+    container:
+      image: docker.io/archlinux:base-devel
+
    steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
-      - name: Run pre-commit
-        uses: pre-commit/action@v3.0.1
+      # git must be installed before checkout so it does a proper clone
+      # (with .git directory) instead of a tarball download.
+      - name: Install git
+        run: pacman -Sy --noconfirm git
+
+      - name: Check out
+        uses: actions/checkout@v6
+
+      - name: Restore prek cache
+        uses: actions/cache@v5
+        with:
+          path: var/prek
+          key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }}
+
+      - name: Install dependencies
+        run: pacman -S --noconfirm --needed just mise python
+
+      - name: Run prek hooks
+        run: |
+          # The checkout action sets safe.directory using its own bundled
+          # git, which is separate from the pacman-installed git that prek uses.
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          just prek-run-on-all
--- a/.github/workflows/update-translations.yml
+++ b/.github/workflows/update-translations.yml
@@ -0,0 +1,52 @@
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+name: Update translations
+
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - master
+    paths:  # See include_patterns on conf.py
+      - 'docs/*.md'
+      - 'i18n/README.md'
+      - '*.md'
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update:
+    if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
+    name: Update translations
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+
+      # Setting up recommended prerequisites
+      # See: i18n/README.md
+      - uses: astral-sh/setup-uv@v7
+      - uses: extractions/setup-just@v3
+
+      # TODO: optimize when we start publishing translations and integrate a Weblate instance
+      - name: Update translation catalog templates (POT) files
+        run: just --justfile i18n/justfile extract-translation-templates
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v8.1.0
+        with:
+          author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>  # Same as committer
+          body: This is an automatic pull request to update translation files.
+          branch: create-pull-request/i18n
+          commit-message: Automatic translations update
+          delete-branch: true
+          labels: docs
+          sign-commits: true
+          title: Automatic translations update
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 .python-version
 .idea/
 .direnv/
+/var/

 # ignore roles pulled by ansible-galaxy
 /roles/galaxy/*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,26 +1,40 @@
 ---
-default_install_hook_types: [pre-push]

-exclude: "LICENSES/"
+exclude: "^(LICENSES/|var/)"

 # See: https://pre-commit.com/hooks.html
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
-      # - id: check-executables-have-shebangs
      - id: check-added-large-files
      - id: check-case-conflict
      - id: check-json
+      - id: check-shebang-scripts-are-executable
      - id: check-toml
      - id: trailing-whitespace
      - id: end-of-file-fixer
  - repo: https://github.com/codespell-project/codespell
-    rev: v2.4.1
+    rev: v2.4.2
    hooks:
      - id: codespell
        args: ["--skip=*.po,*.pot,i18n/"]
  - repo: https://github.com/fsfe/reuse-tool  # https://reuse.software/dev/#pre-commit-hook
-    rev: v5.0.2
+    rev: v6.2.0
    hooks:
      - id: reuse
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v26.3.0
+    hooks:
+      - id: ansible-lint
+        files: '^roles/custom/'
+        args: ['roles/custom']
+        pass_filenames: false
+  - repo: local
+    hooks:
+      - id: check-examples-vars-migration-version
+        name: Check examples/vars.yml migration version matches expected
+        entry: bin/check-examples-vars-migration-version.sh
+        language: script
+        files: '(examples/vars\.yml|roles/custom/matrix_playbook_migration/defaults/main\.yml)'
+        pass_filenames: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,432 @@
+# 2026-03-23
+
+## Migration validation system introduced
+
+Previously, when updating your setup, you had to remember to read the [CHANGELOG](CHANGELOG.md) file or risk breakage.
+
+Now, the playbook includes a migration validation system that ensures you're aware of breaking changes before they affect your deployment.
+You're now forced to acknowledge each breaking change, unless you wish to live dangerously (see below).
+
+A new `matrix_playbook_migration_validated_version` variable has been introduced.
+
+**New users** who started from the [example `vars.yml`](examples/vars.yml) file already have this variable set and do not need to do anything.
+
+**Existing users** will need to add the following to their `vars.yml` file after reviewing all changelog entries up to now:
+
+```yml
+matrix_playbook_migration_validated_version: v2026.03.23.0
+```
+
+Going forward, whenever a breaking change is introduced the playbook will:
+
+- bump its expected version value (`matrix_playbook_migration_expected_version`), causing a discrepancy with what you validated (`matrix_playbook_migration_validated_version`)
+
+- fail when you run it with a helpful message listing what changed and linking to the relevant changelog entries
+
+After reviewing and adapting your setup, you simply update the variable to the new version.
+
+If you'd like to live dangerously and skip these checks (not recommended), you can set this once and be done with it:
+
+```yml
+matrix_playbook_migration_validated_version: "{{ matrix_playbook_migration_expected_version }}"
+```
+
+# 2026-03-19
+
+## Matrix Authentication Service now prefers UNIX sockets for playbook-managed Postgres
+
+When [Matrix Authentication Service](docs/configuring-playbook-matrix-authentication-service.md) (MAS) uses the playbook-managed Postgres service, it now connects to it via a [UNIX socket](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
+
+This follows the same approach [applied to Synapse](#synapse-now-prefers-unix-sockets-for-playbook-managed-postgres-and-valkey) and reduces unnecessary container-network wiring, keeping local IPC off the network stack.
+
+If you use an external Postgres server for MAS, this does not change your setup.
+
+If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
+
+```yaml
+matrix_authentication_service_config_database_socket_enabled: false
+```
+
+# 2026-03-17
+
+## Synapse now prefers UNIX sockets for playbook-managed Postgres and Valkey
+
+When Synapse uses the playbook-managed Postgres and Valkey services, it now connects to them via [UNIX sockets](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
+
+This reduces unnecessary container-network wiring and keeps local IPC off the network stack, which is a bit simpler and slightly more secure.
+
+If you use an external Postgres server or external Redis/Valkey for Synapse, this does not change your setup.
+
+If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
+
+```yaml
+matrix_synapse_database_socket_enabled: false
+matrix_synapse_redis_path_enabled: false
+```
+
+# 2026-03-01
+
+## (Potential BC Break) Synapse S3 media prefix is now applied consistently
+
+The `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` variable is now wired consistently for both:
+
+- the Synapse `s3_storage_provider` module configuration
+- the `matrix-synapse-s3-storage-provider-migrate` migration script (`s3_media_upload --prefix`)
+
+Previously, this variable could be set, but was not effectively applied by either of these paths.
+
+**Affects**: users of [synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) who have configured a non-empty `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` value.
+
+If your bucket data was uploaded without the prefix before this fix, enabling proper prefix usage can make existing objects appear missing until data is migrated/copied to the prefixed key namespace.
+
+# 2026-02-26
+
+## Internal refactor: merged the Synapse reverse-proxy companion role into `matrix-synapse`
+
+The standalone `matrix-synapse-reverse-proxy-companion` role has been merged into the [matrix-synapse](roles/custom/matrix-synapse/) role.
+
+This is not a user-facing change and does not change variable names (`matrix_synapse_reverse_proxy_companion_*` remain the same). The split looked clean on paper, but in practice both parts are tightly coupled through worker routing, tags (`setup-synapse`/`install-synapse`), and lifecycle ordering, so keeping them separate added coordination overhead with little practical benefit.
+
+Compatibility note: existing companion-specific tags (`setup-synapse-reverse-proxy-companion` and `install-synapse-reverse-proxy-companion`) are still available.
+
+With this change, Synapse and its reverse-proxy companion are managed in one role (`matrix-synapse`) while still keeping companion logic in dedicated task/template subdirectories for maintainability.
+
+# 2026-02-21
+
+## (BC Break) coturn is no longer auto-enabled by default
+
+By default, the [coturn](./docs/configuring-playbook-turn.md) TURN server component is no longer enabled for every deployment.
+
+This reduces resources and attach surface for deployments which:
+
+- either don't need calls at all
+- or use the modern [Matrix RTC](docs/configuring-playbook-matrix-rtc.md)/[Element Call](docs/configuring-playbook-element-call.md) stack.
+
+Coturn is still auto-enabled when [Jitsi](./docs/configuring-playbook-jitsi.md) is enabled (`jitsi_enabled: true`), because Jitsi still depends on TURN for legacy Matrix integration.
+
+Additionally, Coturn (when enabled) now defaults to using automatic IP detection of your server's external IP address, instead of assuming your Ansible inventory (`ansible_host`) points to a public address and using it for configuring `coturn_turn_external_ip_address`.
+
+To restore the old behavior (needed for legacy call setups), add the following configuration to your `vars.yml`:
+
+```yml
+coturn_enabled: true
+
+# If you'd like explicit control over the external IP address (like before), keep this too.
+coturn_turn_external_ip_address: "{{ ansible_host }}"
+```
+
+## LiveKit TURN TLS is now automatically fronted by playbook-managed Traefik
+
+For deployments that use the playbook-managed Traefik reverse-proxy, LiveKit TURN over TCP is now SSL-terminated at Traefik and passed as plain TCP to LiveKit (`turn.external_tls = true`) by default.
+
+To disable this behavior, set `livekit_server_config_turn_external_tls: false` and the playbook will revert to the old behavior - using traefik-certs-dumper to extract SSL certificates out of Traefik and pass them to LiveKit for explicit SSL termination there.
+
+If you are using `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), this change does **not** switch behavior automatically. That mode remains using certificate files in the container (Traefik certificates dumper flow) unless you explicitly set the TURN-Traefik mode variables to opt in.
+
+# 2026-02-17
+
+## (BC Break) prometheus-nginxlog-exporter role has been relocated and variable names need adjustments
+
+The role for prometheus-nginxlog-exporter has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_prometheus_nginxlog_exporter_` prefix on its variable names has been renamed to `prometheus_nginxlog_exporter_`, so you need to adjust your `vars.yml` configuration.
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+## synapse-auto-invite-accept has been removed from the playbook
+
+[synapse-auto-invite-accept](./docs/configuring-playbook-synapse-auto-accept-invite.md) has been removed from the playbook, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
+
+See [this section](./docs/configuring-playbook-synapse-auto-accept-invite.md#native-alternative) for details about how to enable the function on Synapse.
+
+If you're using any `matrix_synapse_ext_synapse_auto_accept_invite_*` variables, the playbook will let you know which one you'll need to remove from `vars.yml`.
+
+# 2026-02-16
+
+## matrix-appservice-slack has been removed from the playbook
+
+[matrix-appservice-slack](./docs/configuring-playbook-bridge-appservice-slack.md) has been removed from the playbook, as it has been discontinued because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026.
+
+The playbook will let you know if you're using any `matrix_appservice_slack_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-bridge-appservice-slack.md#uninstalling-the-component-manually).
+
+**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](./docs/configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook.
+
+# 2026-02-13
+
+## Conditional service restart for `install-*` commands
+
+When running `install-all` or `install-service` (whether via `just` or raw `ansible-playbook`), only services whose configuration or container image actually changed during the playbook run will now be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime — particularly for services like Traefik (the reverse proxy), which previously caused brief connectivity interruptions on every playbook run even when nothing changed.
+
+When running with `setup-*` tags (e.g. `setup-all`, `setup-synapse`), all services continue to be unconditionally restarted as before.
+
+Currently, only Traefik tracks its own changes and benefits from conditional restart. All other services default to being restarted (the previous behavior). This is just the beginning — as more roles gain change-tracking support, playbook performance will improve and downtime will decrease dramatically, especially for `install-all` runs where most services haven't changed.
+
+Some benchmarks for `just install-service traefik` when Traefik settings did not change:
+
+- **Before**:
+  - total time: ~56 seconds 🐌
+  - Traefik restarted: yes (unnecessarily) ❌
+  - dependent services restarted: yes, all of them ❌
+- **After**:
+  - total time: ~27 seconds ⚡
+  - Traefik restarted: no ✅
+  - dependent services restarted: no ✅
+
+This behavior can be overridden via `--extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'` to force unconditional restarts. See [Conditional service restart](docs/just.md#conditional-service-restart) for details.
+
+
+# 2026-02-12
+
+## Dimension integration manager has been removed from the playbook
+
+The [Dimension integration manager](./docs/configuring-playbook-dimension.md) has been removed from the playbook, as it has been unmaintained.
+
+The playbook will let you know if you're using any `matrix_dimension_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-dimension.md#uninstalling-the-component-manually).
+
+## (BC Break) Hydrogen role has been relocated and variable names need adjustments
+
+The role for Hydrogen has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_client_hydrogen_` prefix was dropped from its variable names, so you need to adjust your `vars.yml` configuration.
+
+You need to do the following replacement:
+
+- `matrix_client_hydrogen_` -> `hydrogen_`
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+# 2026-02-11
+
+## (BC Break) coturn role has been relocated and variable names need adjustments
+
+The role for coturn has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_coturn_` prefix on its variable names has been renamed to `coturn_`, so you need to adjust your `vars.yml` configuration.
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+## conduwuit has been removed from the playbook
+
+[conduwuit](./docs/configuring-playbook-conduwuit.md) has been removed from the playbook, as it has been abandoned.
+
+The playbook will let you know if you're using any `matrix_conduwuit_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the service manually](./docs/configuring-playbook-conduwuit.md#uninstalling-the-service-manually).
+
+Since [Continuwuity](configuring-playbook-continuwuity.md) is a drop-in replacement for conduwuit, migration is possible. Please refer to [this section](./configuring-playbook-continuwuity.md#migrating-from-conduwuit) for details.
+
+# 2026-02-09
+
+## (BC Break) matrix-media-repo datastore IDs are now required in `vars.yml`
+
+**Affects**: users with [matrix-media-repo](docs/configuring-playbook-matrix-media-repo.md) enabled (`matrix_media_repo_enabled: true`)
+
+The `matrix_media_repo_datastore_file_id` and `matrix_media_repo_datastore_s3_id` variables are no longer auto-configured with values. They must now be explicitly defined in your `vars.yml` file. The playbook will fail with a helpful error if they are not set (when needed).
+
+These were never meant to be auto-configured. They were derived from `matrix_homeserver_generic_secret_key`, which is intended for secrets that are OK to change subsequently (and Ansible would assist in propagating these changes). matrix-media-repo datastore IDs are not secrets — they are static identifiers linking media to storage backends, and **must not change** after first use.
+
+**For existing installations**, retrieve your current values from the server:
+
+```sh
+grep 'id:' /matrix/media-repo/config/media-repo.yaml
+```
+
+Then add to your `vars.yml`:
+
+```yaml
+matrix_media_repo_datastore_file_id: "YOUR_FILE_DATASTORE_ID_HERE"
+
+# Only if you use S3 storage:
+# matrix_media_repo_datastore_s3_id: "YOUR_S3_DATASTORE_ID_HERE"
+```
+
+**Why do this?**: This change allows us to **remove the [passlib](https://passlib.readthedocs.io/en/stable/index.html) Python library** from the [prerequisites](docs/prerequisites.md), as it was the last component that depended on it.
+
+# 2026-02-08
+
+## Zulip bridge has been removed from the playbook
+
+Zulip bridge has been removed from the playbook, as it doesn't work, and the maintainer seems to have abandoned it. See [this issue](https://github.com/GearKite/MatrixZulipBridge/issues/23) for more context.
+
+## Switched to faster secret derivation for service passwords
+
+We've switched the method used for deriving service passwords (database passwords, appservice tokens, etc.) from the `matrix_homeserver_generic_secret_key` variable.
+
+The old method used `password_hash('sha512', rounds=655555)` (655,555 rounds of SHA-512 hashing), which was designed for protecting low-entropy human passwords against brute-force attacks. For deriving secrets from an already high-entropy secret key, this many rounds provide no additional security - the secret key's entropy is what protects the derived passwords, not the computational cost of hashing.
+
+The new method uses a single-round `hash('sha512')` with a unique salt per service. This is equally secure for this use case (SHA-512 remains preimage-resistant; brute-forcing a high-entropy key is infeasible regardless of rounds), while being dramatically faster.
+
+On a fast mini PC, evaluating `postgres_managed_databases` (which references multiple database passwords) dropped from **~10.7 seconds to ~0.6 seconds**. The Postgres role evaluates this variable multiple times during a run, so the cumulative savings are significant. All other roles that reference derived passwords also benefit.
+
+**What this means for users**: all derived service passwords (database passwords, appservice tokens, etc.) will change on the next playbook run. The main/superuser database password (`postgres_connection_password`) is not affected, as it is hardcoded in inventory variables rather than derived via hashing. All services will receive their new passwords as part of the same run, so this should be a seamless, non-user-impacting change.
+
+## (BC Break) Dynamic DNS role has been relocated and variable names need adjustments
+
+The role for Dynamic DNS has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_dynamic_dns_` prefix on its variable names has been renamed to `ddclient_`, so you need to adjust your `vars.yml` configuration.
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+## ma1sd has been removed from the playbook
+
+[ma1sd](./docs/configuring-playbook-ma1sd.md) has been removed from the playbook, as it has been unmaintained for a long time.
+
+The playbook will let you know if you're using any `matrix_ma1sd_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-ma1sd.md#uninstalling-the-component-manually).
+
+Please note that some of the functions can be achieved with other components. For example, if you wish to implement LDAP integration, you might as well check out [the LDAP provider module for Synapse](./docs/configuring-playbook-ldap-auth.md) instead.
+
+# 2026-02-07
+
+## (BC Break) Cinny role has been relocated and variable names need adjustments
+
+The role for Cinny has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_client_cinny_` prefix was dropped from its variable names, so you need to adjust your `vars.yml` configuration.
+
+You need to do the following replacement:
+
+- `matrix_client_cinny_` -> `cinny_`
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+## The Sliding Sync proxy has been removed from the playbook
+
+The [Sliding Sync proxy](./docs/configuring-playbook-sliding-sync-proxy.md) has been removed from the playbook, as it's been replaced with a different method (called Simplified Sliding Sync) integrated to newer homeservers by default (**Conduit** homeserver from version `0.6.0` or **Synapse** from version `1.114`).
+
+The playbook will let you know if you're using any `matrix_sliding_sync_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the proxy manually](./docs/configuring-playbook-sliding-sync-proxy.md#uninstalling-the-proxy-manually).
+
+# 2026-02-04
+
+## baibot now supports OpenAI's built-in tools (Web Search and Code Interpreter)
+
+**TLDR**: if you're using the [OpenAI provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai) with [baibot](docs/configuring-playbook-bot-baibot.md), you can now enable [built-in tools](https://github.com/etkecc/baibot/blob/61d18b2/docs/features.md#%EF%B8%8F-built-in-tools-openai-only) (`web_search` and `code_interpreter`) to extend the model's capabilities.
+
+These tools are **disabled by default** and can be enabled via Ansible variables for static agent configurations:
+
+```yaml
+matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_tools_web_search: true
+matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_tools_code_interpreter: true
+```
+
+Users who define agents dynamically at runtime will need to [update their agents](https://github.com/etkecc/baibot/blob/61d18b2/docs/agents.md#updating-agents) to enable these tools. See the [baibot v1.14.0 changelog](https://github.com/etkecc/baibot/blob/61d18b2/CHANGELOG.md) for details.
+
+## Whoami-based sync worker routing for improved sticky sessions for Synapse
+
+Deployments using [Synapse workers](./docs/configuring-playbook-synapse.md#load-balancing-with-workers) now benefit from improved sync worker routing via a new whoami-based mechanism (making use of the [whoami Matrix Client-Server API](https://spec.matrix.org/v1.17/client-server-api/#get_matrixclientv3accountwhoami)).
+
+Previously, sticky routing for sync workers relied on parsing usernames from access tokens, which only worked with native Synapse tokens (`syt_<base64 username>_...`). This approach failed for [Matrix Authentication Service](docs/configuring-playbook-matrix-authentication-service.md) (MAS) deployments, where tokens are opaque and don't contain username information. This resulted in device-level stickiness (same token → same worker) rather than user-level stickiness (same user → same worker regardless of device), leading to suboptimal cache utilization on sync workers.
+
+The new implementation calls Synapse's `/whoami` endpoint to resolve access tokens to usernames, enabling proper user-level sticky routing regardless of the authentication system in use (native Synapse auth, MAS, etc.). Results are cached to minimize overhead.
+
+This change:
+- **Automatically enables** when sync workers are configured (no action required)
+- **Works universally** with any authentication system
+- **Replaces the old implementation** entirely to keep the codebase simple
+- **Adds minimal overhead** (one cached internal subrequest per sync request) for non-MAS deployments
+
+For debugging, you can enable verbose logging and/or response headers showing routing decisions:
+
+```yaml
+# Logs cache hits/misses and routing decisions to the container's stderr
+matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_logging_enabled: true
+
+# Adds X-Sync-Worker-Router-User-Identifier and X-Sync-Worker-Router-Upstream headers to sync responses
+matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_debug_headers_enabled: true
+```
+
+
+# 2025-12-09
+
+## Traefik Cert Dumper upgrade
+
+The variable `traefik_certs_dumper_ssl_dir_path` was renamed to `traefik_certs_dumper_ssl_path`. Users who use [their own webserver with Traefik](docs/configuring-playbook-own-webserver.md) may need to adjust their configuration.
+
+The variable `traefik_certs_dumper_dumped_certificates_dir_path` was renamed to `traefik_certs_dumper_dumped_certificates_path`. Users who use [SRV Server Delegation](docs/howto-srv-server-delegation.md) may need to adjust their configuration.
+
+# 2025-11-23
+
+## Matrix.to support
+
+The playbook now supports [Matrix.to](https://github.com/matrix-org/matrix.to) — a simple URL redirection service which powers [matrix.to](https://matrix.to).
+
+To learn more, see our [Setting up Matrix.to](docs/configuring-playbook-matrixto.md) documentation page.
+
+# 2025-11-09
+
+## matrix-appservice-webhooks has been removed from the playbook
+
+[matrix-appservice-webhooks](./docs/configuring-playbook-bridge-appservice-webhooks.md) has been removed from the playbook, as it has been deprecated since more than several years.
+
+The playbook will let you know if you're using any `matrix_appservice_webhooks_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the bridge manually](./docs/configuring-playbook-bridge-appservice-webhooks.md#uninstalling-the-bridge-manually).
+
+## mautrix-facebook and mautrix-instagram have been removed from the playbook
+
+[mautrix-facebook](./docs/configuring-playbook-bridge-mautrix-facebook.md) and [mautrix-instagram](./docs/configuring-playbook-bridge-mautrix-instagram.md) have been removed from the playbook, as they have been deprecated in favor of the [mautrix-meta](https://github.com/mautrix/meta) Messenger/Instagram bridge, integrated to the playbook at [2024-02-19](#2024-02-19).
+
+The playbook will let you know if you're using any variables for those bridges:
+
+- `matrix_mautrix_facebook_*`
+- `matrix_mautrix_instagram_*`
+
+You'll need to remove them from `vars.yml` and potentially uninstall them manually. Consult pages below for details:
+
+- [Instruction for mautrix-facebook](./docs/configuring-playbook-bridge-mautrix-facebook.md#uninstalling-the-bridge-manually)
+- [Instruction for mautrix-instagram](./docs/configuring-playbook-bridge-mautrix-instagram.md#uninstalling-the-bridge-manually)
+
+# 2025-11-08
+
+## MatrixZulipBridge support
+
+Thanks to [Suguru Hirahara](https://github.com/luixxiul), the playbook now supports the [GearKite/MatrixZulipBridge](https://github.com/GearKite/MatrixZulipBridg) bridge for bridging Matrix to [Zulip](https://zulip.com/).
+
+To learn more, see our [Setting up Zulip bridging](docs/configuring-playbook-bridge-zulip.md) documentation page.
+
+# 2025-11-07
+
+## The matrix-chatgpt-bot has been removed from the playbook
+
+The [matrix-bot-chatgpt](./docs/configuring-playbook-bot-chatgpt.md) has been removed from the playbook, as it has been deprecated since September 2024.
+
+The playbook will let you know if you're using any `matrix_bot_chatgpt_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the bot manually](./docs/configuring-playbook-bot-chatgpt.md#uninstalling-matrix-chatgpt-bot-manually).
+
+# 2025-11-05
+
+## The MX Puppet bridges for Discord, Instagram, Slack, and Twitter have been removed from the playbook
+
+The MX Puppet bridges for Discord, Instagram, Slack, and Twitter have been removed from the playbook, as they have been unmaintained for more than several years and do not support important features like authenticated media. See [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3867) for the context.
+
+The playbook will let you know if you're using any variables for those bridges:
+
+- `matrix_mx_puppet_discord_*`
+- `matrix_mx_puppet_instagram_*`
+- `matrix_mx_puppet_slack_*`
+- `matrix_mx_puppet_twitter_*`
+
+You'll need to remove them from `vars.yml` and potentially uninstall them manually. Consult pages below for details:
+
+- [Instruction for MX Puppet Discord bridge](./docs/configuring-playbook-bridge-mx-puppet-discord.md#uninstalling-the-bridge-manually)
+- [Instruction for MX Puppet Instagram bridge](./docs/configuring-playbook-bridge-mx-puppet-instagram.md#uninstalling-the-bridge-manually)
+- [Instruction for MX Puppet Slack bridge](./docs/configuring-playbook-bridge-mx-puppet-slack.md#uninstalling-the-bridge-manually)
+- [Instruction for MX Puppet Twitter bridge](./docs/configuring-playbook-bridge-mx-puppet-twitter.md#uninstalling-the-bridge-manually)
+
+# 2025-11-04
+
+## The Go Skype bridge has been removed from the playbook
+
+The [go-skype-bridge](./docs/configuring-playbook-bridge-go-skype-bridge.md) has been removed from the playbook, as Skype has been discontinued since the May 2025.
+
+The playbook will let you know if you're using any `matrix_go_skype_bridge_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the bridge manually](./docs/configuring-playbook-bridge-go-skype-bridge.md#uninstalling-the-bridge-manually).
+
+# 2025-10-02
+
+## Element Admin support
+
+The playbook now supports [Element Admin](./docs/configuring-playbook-element-admin.md) - a new web-based administration panel for Synapse and [Matrix Authentication Service](./docs/configuring-playbook-matrix-authentication-service.md).
+
+Deployments based on Matrix Authentication Service may find it useful to run both Synapse Admin and Element Admin at the same time.
+
+Deployments that don't rely on Matrix Authentication Service are unlikely to find anything useful in Element Admin right now (it's too basic in its current form).
+
+
 # 2025-04-26

 ## Continuwuity support
@@ -100,7 +529,7 @@ In light of this new information, you have 2 options:
 - Consider closing the STUN/UDP port with the following configuration:

  ```yaml
-  matrix_coturn_container_stun_plain_host_bind_port_udp: ""
+  coturn_container_stun_plain_host_bind_port_udp: ""
  ```

 - Consider keeping `3478/udp` blocked in your external firewall (if you have one)
@@ -161,11 +590,11 @@ The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by defaul
 If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:

 ```yaml
-matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
+coturn_container_stun_plain_host_bind_port_udp: "3478"
 ```

 > [!WARNING]
-> People running Coturn directly on the `host` network (using `matrix_coturn_container_network: host`) will still have the STUN port exposed over UDP, as port exposure is done directly via Coturn and not via Docker. In such cases, the playbook cannot prevent `3478/udp` port exposure and you'd need to do it in another way (separate firewall rule, etc).
+> People running Coturn directly on the `host` network (using `coturn_container_network: host`) will still have the STUN port exposed over UDP, as port exposure is done directly via Coturn and not via Docker. In such cases, the playbook cannot prevent `3478/udp` port exposure and you'd need to do it in another way (separate firewall rule, etc).


 # 2025-02-17
@@ -418,8 +847,8 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:

 ```yaml
-matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
-matrix_synapse_admin_docker_image_registry_prefix_upstream: docker.io/
+matrix_synapse_admin_container_image: "{{ matrix_synapse_admin_container_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
+matrix_synapse_admin_container_image_registry_prefix_upstream: docker.io/

 matrix_synapse_admin_version: 0.10.3

@@ -1508,12 +1937,12 @@ Other roles which aren't strictly related to Matrix are likely to follow this fa

 ## coturn can now use host-networking

-Large coturn deployments (with a huge range of ports specified via `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow coturn service startup and shutdown.
+Large coturn deployments (with a huge range of ports specified via `coturn_turn_udp_min_port` and `coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow coturn service startup and shutdown.

 Such deployments don't need to run coturn within a private container network anymore. coturn can now run with host-networking by using configuration like this:

 ```yaml
-matrix_coturn_container_network: host
+coturn_container_network: host
 ```

 With such a configuration, **Docker no longer needs to configure thousands of firewall forwarding rules** each time coturn starts and stops. This, however, means that **you will need to ensure these ports are open** in your firewall yourself.
@@ -1522,11 +1951,11 @@ Thanks to us [tightening coturn security](#backward-compatibility-tightening-cot

 ## (Backward Compatibility) Tightening coturn security can lead to connectivity issues

-**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default coturn blocklists. They may need to override `matrix_coturn_denied_peer_ips` and remove some IP ranges from it.
+**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default coturn blocklists. They may need to override `coturn_denied_peer_ips` and remove some IP ranges from it.

 Inspired by [this security article](https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/), we've decided to make use of coturn's `denied-peer-ip` functionality to prevent relaying network traffic to certain private IP subnets. This ensures that your coturn server won't accidentally try to forward traffic to certain services running on your local networks. We run coturn in a container and in a private container network by default, which should prevent such access anyway, but having additional block layers in place is better.

-If you access your Matrix server from a local network and need coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `matrix_coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it.
+If you access your Matrix server from a local network and need coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it.

 We've also added `no-multicast-peers` to the default coturn configuration, but we don't expect this to cause trouble for most people.

@@ -2312,8 +2741,8 @@ To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.co
 If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:

 ```yaml
-matrix_coturn_tls_v1_enabled: true
-matrix_coturn_tls_v1_1_enabled: true
+coturn_tls_v1_enabled: true
+coturn_tls_v1_1_enabled: true
 ```


@@ -2814,7 +3243,7 @@ See our [Migrating to Element Web](docs/configuring-playbook-riot-web.md#migrati

 ## Steam bridging support via mx-puppet-steam

-Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
+Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.


 # 2020-07-01
@@ -3592,7 +4021,7 @@ Because people like using the playbook's components independently (outside of th
 With the new changes, **all roles are now only dependent on the minimal `matrix-base` role**. They are no longer dependent among themselves.

 In addition, the following components can now be completely disabled (for those who want/need to):
- `matrix-coturn` by using `matrix_coturn_enabled: false`
+- `matrix-coturn` by using `coturn_enabled: false`
 - `matrix-mailer` by using `matrix_mailer_enabled: false`
 - `matrix-postgres` by using `matrix_postgres_enabled: false`

@@ -3812,7 +4241,7 @@ The following playbook variables were renamed:
 - from `matrix_docker_image_mautrix_telegram` to `matrix_mautrix_telegram_docker_image`
 - from `matrix_docker_image_mautrix_whatsapp` to `matrix_mautrix_whatsapp_docker_image`
 - from `matrix_docker_image_mailer` to `matrix_mailer_docker_image`
- from `matrix_docker_image_coturn` to `matrix_coturn_docker_image`
+- from `matrix_docker_image_coturn` to `coturn_container_image`
 - from `matrix_docker_image_goofys` to `matrix_s3_goofys_docker_image`
 - from `matrix_docker_image_riot` to `matrix_riot_web_docker_image`
 - from `matrix_docker_image_nginx` to `matrix_nginx_proxy_docker_image`
--- a/README.md
+++ b/README.md
@@ -52,8 +52,7 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow
 | ---- | -------- | ----------- | ------------- |
 | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
 | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
-| [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) |
-| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | [Link](docs/configuring-playbook-continuwuity.md) |
+| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. | [Link](docs/configuring-playbook-continuwuity.md) |
 | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |

 ### Clients
@@ -65,6 +64,7 @@ Web clients for Matrix that you can host on your own domains.
 | [Element Web](https://github.com/element-hq/element-web) | ✅ | Default Matrix web client, configured to connect to your own Synapse server | [Link](docs/configuring-playbook-client-element-web.md) |
 | [Hydrogen](https://github.com/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
 | [Cinny](https://github.com/ajbura/cinny) |  ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
+| [Sable](https://github.com/7w1/sable) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-sable.md) |
 | [SchildiChat Web](https://schildi.chat/) | ❌ | Based on Element Web, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat-web.md) |
 | [FluffyChat Web](https://fluffychat.im/) | ❌ | The cutest messenger in Matrix | [Link](docs/configuring-playbook-client-fluffychat-web.md) |

@@ -75,14 +75,12 @@ Services that run on the server to make the various parts of your installation w
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
 | [PostgreSQL](https://www.postgresql.org/)| ✅ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
-| [coturn](https://github.com/coturn/coturn) | ✅ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [Traefik](https://doc.traefik.io/traefik/) | ✅ | Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. [Using your own webserver](docs/configuring-playbook-own-webserver.md) is also possible. | [Link](docs/configuring-playbook-traefik.md) |
 | [Let's Encrypt](https://letsencrypt.org/) | ✅ | Free SSL certificate, which secures the connection to all components | [Link](docs/configuring-playbook-ssl-certificates.md) |
 | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
-| [ma1sd](https://github.com/ma1uta/ma1sd) | ❌ | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md)
+| [coturn](https://github.com/coturn/coturn) | ❌ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) |
-| [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) |
-| [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) |
+| Matrix RTC stack | ❌ | Supporting components ([LiveKit Server](docs/configuring-playbook-livekit-server.md) and [LiveKit JWT Service](docs/configuring-playbook-livekit-jwt-service.md)) for in-app audio/video calls for Matrix clients | [Link](docs/configuring-playbook-matrix-rtc.md) |

 ### Authentication

@@ -129,18 +127,13 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | ❌ | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
 | [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) | ❌ | Bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) | [Link](docs/configuring-playbook-bridge-appservice-kakaotalk.md) |
 | [matrix-appservice-discord](https://github.com/matrix-org/matrix-appservice-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
-| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
 | [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) | ❌ | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
 | [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | ❌ | Bridge to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
+| [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
 | [matrix-wechat](https://github.com/duo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) | [Link](docs/configuring-playbook-bridge-wechat.md) |
 | [Heisenbridge](https://github.com/hifi/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
-| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | ❌ | Bridge to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
-| [mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack) | ❌ | Bridge to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
-| [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | ❌ | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) |
-| [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) |
-| [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
 | [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
-| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
+| [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
 | [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |

 ### Bots
@@ -178,10 +171,9 @@ Various services that don't fit any other categories.

 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
-| [sliding-sync](https://github.com/matrix-org/sliding-sync)| ❌ | (Superseded by Simplified Sliding Sync integrated into Synapse > `1.114` and Conduit > `0.6.0`) Sliding Sync support for clients which require it (e.g. old Element X versions before Simplified Sliding Sync was developed) | [Link](docs/configuring-playbook-sliding-sync-proxy.md) |
-| [synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite) | ❌ | Synapse module to automatically accept invites | [Link](docs/configuring-playbook-synapse-auto-accept-invite.md) |
 | [synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) | ❌ | Cli tool that automatically compresses `state_groups` database table in background | [Link](docs/configuring-playbook-synapse-auto-compressor.md) |
 | [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | ❌ | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
+| [Matrix.to](https://github.com/matrix-org/matrix.to) | ❌ | Simple URL redirection service for the Matrix ecosystem | [Link](docs/configuring-playbook-matrixto.md) |
 | [Etherpad](https://etherpad.org) | ❌ | Open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) |
 | [Jitsi](https://jitsi.org/) | ❌ | Open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) |
 | [Cactus Comments](https://cactus.chat) | ❌ | Federated comment system built on Matrix | [Link](docs/configuring-playbook-cactus-comments.md) |
--- a/bin/check-examples-vars-migration-version.sh
+++ b/bin/check-examples-vars-migration-version.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# Ensures that the migration validated version in examples/vars.yml
+# matches the expected version in the matrix_playbook_migration role defaults.
+
+set -euo pipefail
+
+defaults_file="roles/custom/matrix_playbook_migration/defaults/main.yml"
+examples_file="examples/vars.yml"
+
+expected_version=$(grep -oP '^matrix_playbook_migration_expected_version:\s*"?\K[^"]+' "$defaults_file")
+examples_version=$(grep -oP '^matrix_playbook_migration_validated_version:\s*"?\K[^"]+' "$examples_file")
+
+if [ -z "$expected_version" ]; then
+	echo "ERROR: Could not extract matrix_playbook_migration_expected_version from $defaults_file"
+	exit 1
+fi
+
+if [ -z "$examples_version" ]; then
+	echo "ERROR: Could not extract matrix_playbook_migration_validated_version from $examples_file"
+	exit 1
+fi
+
+if [ "$expected_version" != "$examples_version" ]; then
+	echo "ERROR: Migration version mismatch!"
+	echo "  $defaults_file has expected version: $expected_version"
+	echo "  $examples_file has validated version: $examples_version"
+	echo ""
+	echo "Please update $examples_file to match."
+	exit 1
+fi
--- a/bin/rebuild-mautrix-meta-instagram.sh
+++ b/bin/rebuild-mautrix-meta-instagram.sh
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -20,10 +20,13 @@ To manually check which version of Ansible you're on, run: `ansible --version`.

 For the **best experience**, we recommend getting the **latest version of Ansible available**.

-We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
+We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`).

 If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).

+> [!WARNING]
+> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory.
+
 ## Upgrading Ansible

 Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
@@ -90,7 +93,7 @@ docker run \
 --rm \
 -w /work \
 --mount type=bind,src=`pwd`,dst=/work \
--mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \
+--mount type=bind,src=$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \
 --entrypoint=/bin/sh \
 ghcr.io/devture/ansible:11.6.0-r0-0
 ```
--- a/docs/configuring-playbook-bot-baibot.md
+++ b/docs/configuring-playbook-bot-baibot.md
@@ -39,16 +39,35 @@ Depending on your current `vars.yml` file and desired configuration, **you may r

 To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:

+Authentication can be configured in one of two mutually-exclusive ways:
+
+- **Password authentication** (`matrix_bot_baibot_config_user_password`) - recommended for most playbook-managed setups, because it integrates with automatic user creation flow used by the playbook, and auto-creates the bot account
+- **Access-token authentication** (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) - useful for specific [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md)/OIDC setups where password authentication is not available or not desired
+
+Even when [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) is enabled, password authentication is still typically the best fit for baibot if you're using a playbook-managed bot account.
+
+For upstream details, see baibot's [🔐 Authentication](https://github.com/etkecc/baibot/blob/main/docs/configuration/authentication.md) documentation.
+
 ```yaml
 matrix_bot_baibot_enabled: true

 # Uncomment and adjust this part if you'd like to use a username different than the default
 # matrix_bot_baibot_config_user_mxid_localpart: baibot

+# Authentication mode (choose exactly one):
+#
+# 1) Password authentication (recommended for most setups)
 # Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
 # If you'd like to change this password subsequently, see the details below.
 matrix_bot_baibot_config_user_password: 'PASSWORD_FOR_THE_BOT'

+# 2) Access-token authentication (for MAS/OIDC-enabled homeservers)
+# matrix_bot_baibot_config_user_access_token: 'YOUR_MAS_COMPATIBILITY_TOKEN_HERE'
+# matrix_bot_baibot_config_user_device_id: 'BAIBOT'
+#
+# You can generate a compatibility token for MAS with:
+# mas-cli manage issue-compatibility-token <username> [device_id]
+
 # An optional passphrase to use for backing up and recovering the bot's encryption keys.
 # You can create one with a command like `pwgen -s 64 1`.
 #
@@ -243,6 +262,12 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_

 # If you'd like to use another text-generation agent, uncomment and adjust:
 # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
+
+# Uncomment below to enable OpenAI's built-in tools.
+# These tools are disabled by default. Enabling them may incur additional costs.
+# See: https://github.com/etkecc/baibot/blob/61d18b2/docs/features.md#%EF%B8%8F-built-in-tools-openai-only
+# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_tools_web_search: true
+# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_tools_code_interpreter: true
 ```

 Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.
@@ -381,13 +406,15 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use

 **Notes**:

- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
+- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used.
+
+- If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable.

 - The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`

  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.

- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password.
+- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)

 ## Usage

--- a/docs/configuring-playbook-bot-chatgpt.md
+++ b/docs/configuring-playbook-bot-chatgpt.md
@@ -1,98 +1,25 @@
 <!--
-SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Nikita Chernyi
+SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up matrix-bot-chatgpt (optional, unmaintained)
+# Setting up matrix-chatgpt-bot (optional, removed)

-**Note**: [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) is now an archived (**unmaintained**) project. Talking to ChatGPT (and many other LLM providers) can happen via the much more featureful [baibot](https://github.com/etkecc/baibot), which can be [installed using this playbook](configuring-playbook-bot-baibot.md). Consider using that bot instead of this one.
+🪦 The playbook used to be able to install and configure [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot), but no longer includes this component.

-The playbook can install and configure [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) for you.
+While not a 1:1 replacement, the bot's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md).

-Talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client!
+## Uninstalling matrix-chatgpt-bot manually

-See the project's [documentation](https://github.com/matrixgpt/matrix-chatgpt-bot/blob/main/README.md) to learn what it does and why it might be useful to you.
-
-## Prerequisites
-
-### Obtain an OpenAI API key
-
-To use the bot, you'd need to obtain an API key from [https://platform.openai.com/account/api-keys](https://platform.openai.com/account/api-keys).
-
-### Register the bot account
-
-The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot.
-
-Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
-
-You can use the playbook to [register a new user](registering-users.md):
+If you still have the matrix-chatgpt-bot component installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

 ```sh
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
+systemctl disable --now matrix-bot-chatgpt.service
+
+rm -rf /matrix/chatgpt
 ```
-
-### Obtain an access token and create encryption keys
-
-The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
-
-> [!WARNING]
-> Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.
-
-To make sure the bot can read encrypted messages, it will need an encryption key, just like any other new user. While obtaining the access token, follow the prompts to setup a backup key. More information can be found in the [Element documentation](https://element.io/help#encryption6).
-
-## Adjusting the playbook configuration
-
-To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `API_KEY_HERE` with the API key retrieved [here](#obtain-an-openai-api-key) and `ACCESS_TOKEN_HERE` with the access token created [here](#obtain-an-access-token-and-create-encryption-keys), respectively.
-
-```yaml
-matrix_bot_chatgpt_enabled: true
-
-matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE'
-
-# Uncomment and adjust this part if you'd like to use a username different than the default
-# matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt'
-
-matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE'
-
-# Configuring the system prompt used, needed if the bot is used for special tasks.
-# More information: https://github.com/mustvlad/ChatGPT-System-Prompts
-matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bot.
-
-Take a look at:
-
- `roles/custom/matrix-bot-chatgpt/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
-```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
-```
-
-**Notes**:
-
- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
-
- The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
-
-## Usage
-
-To use the bot, invite it to the room you specified on your `vars.yml` file (`/invite @bot.chatgpt:example.com` where `example.com` is your base domain, not the `matrix.` domain).
-
-After the bot joins the room, you can send a message to it. When you do so, use the prefix if you configured it or mention the bot.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-chatgpt`.
--- a/docs/configuring-playbook-bot-draupnir.md
+++ b/docs/configuring-playbook-bot-draupnir.md
@@ -242,9 +242,12 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn

 We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).

-Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
+Policy lists are maintained in Matrix rooms. Popular ones maintained in the public are:

-You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
+- `#community-moderation-effort-bl:neko.dev`
+- `#huginn-muninn-active-threats:feline.support`
+
+You can tell Draupnir to subscribe to each of these by sending the following command to the Management Room: `!draupnir watch POLICY_LIST_ADDRESS_HERE` (e.g. `!draupnir watch #community-moderation-effort-bl:neko.dev`)

 #### Creating your own policy lists and rules

@@ -270,14 +273,14 @@ You can undo bans with the [unban command](https://the-draupnir-project.github.i

 ### Enabling built-in protections

-You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
+You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuitProtection` ("If X amount of users join in Y time, set the room to invite-only").

 To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.

-To **see the configuration options for a given protection**, send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuit`).
+To [**see the configuration options for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#displaying-the-protection-settings), send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuitProtection`).

-To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
+To [**set a specific option for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#changing-protection-settings), send a command like this: `!draupnir protections config set PROTECTION_NAME OPTION VALUE` (e.g. `!draupnir protections config set JoinWaveShortCircuitProtection timescaleMinutes 30`).

-To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
+To [**enable a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/block-invitations-on-server-protection#enabling-the-protection), send a command like this: `!draupnir protections enable PROTECTION_NAME` (e.g. `!draupnir protections enable JoinWaveShortCircuitProtection`).

-To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).
+To **disable a given protection**, send a command like this: `!draupnir protections disable PROTECTION_NAME` (e.g. `!draupnir protections disable JoinWaveShortCircuitProtection`).
--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@@ -37,6 +37,10 @@ matrix_synapse_enable_registration: true

 # Restrict registration to users with a token
 matrix_synapse_registration_requires_token: true
+
+# Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace.
+# Example: "!regbot "
+matrix_bot_matrix_registration_bot_bot_prefix: ""
 ```

 The bot account will be created automatically.
--- a/docs/configuring-playbook-bridge-appservice-discord.md
+++ b/docs/configuring-playbook-bridge-appservice-discord.md
@@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 # Setting up Appservice Discord bridging (optional)

-**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
+**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge supported by the playbook.
 - For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing.
 - For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.

--- a/docs/configuring-playbook-bridge-appservice-slack.md
+++ b/docs/configuring-playbook-bridge-appservice-slack.md
@@ -1,157 +1,38 @@
 <!--
-SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2019 Edgars Voroboks
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Chris van Dijk
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2020 Udo Rader
-SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 jens quade
 SPDX-FileCopyrightText: 2021 Joel Bennett
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Kim Brose
+SPDX-FileCopyrightText: 2022 Travis Ralston
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2022 Yan Minagawa
 SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Appservice Slack bridging (optional)
+# Setting up Appservice Slack bridging (optional, removed)

-**Notes**:
- Bridging to [Slack](https://slack.com) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook.
- Currently (as of November, 2024) **this component is not available for new installation unless you have already created a classic Slack application** (which the bridge makes use of in order to enable bridging between Slack and Matrix), because the creation of classic Slack applications has been discontinued since June 4 2024. The author of the bridge claims [here](https://github.com/matrix-org/matrix-appservice-slack/issues/789#issuecomment-2172947787) that he plans to support the modern Slack application and until then "the best (and only) option for new installations is to use the webhook bridging".
+🪦 The playbook used to be able to install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack), but no longer includes this component, as it had been unavailable for new installation since 2024, and was finally abandoned because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026.

-The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you.
+**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook.

-See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the component manually

-## Prerequisites
+If you still have matrix-appservice-slack installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-### Create a Classic Slack App
-
-First, you need to create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
-
-Name the app "matrixbot" (or anything else you'll remember). Select the team/workspace this app will belong to. Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
-
-Then, click on Event Subscriptions and enable them and use the request url: `https://matrix.example.com/appservice-slack`.
-
-Add the following events as `Bot User Events` and save:
-
- team_domain_change
- message.channels
- message.groups (if you want to bridge private channels)
- reaction_added
- reaction_removed
-
-Next, click on "OAuth & Permissions" and add the following scopes:
-
- chat:write:bot
- users:read
- reactions:write
- files:write:user (if you want to bridge files)
-
-**Note**: In order to make Slack files visible to Matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details.
-
-Click on "Install App" and "Install App to Workspace". Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
-
-### Create an administration control room on Matrix
-
-Create a new Matrix room to act as the administration control room.
-
-Note its internal room ID. This can be done in Element Web by sending a message, opening the options for that message and choosing "view source". The room ID will be displayed near the top.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_appservice_slack_enabled: true
-matrix_appservice_slack_control_room_id: "Your Matrix admin room ID"
-
-# Uncomment to enable puppeting (optional, but recommended)
-# matrix_appservice_slack_puppeting_enabled: true
-# matrix_appservice_slack_puppeting_slackapp_client_id: "Your Classic Slack App Client ID"
-# matrix_appservice_slack_puppeting_slackapp_client_secret: "Your Classic Slack App Client Secret"
-
-# Uncomment to enable Team Sync (optional)
-# See https://matrix-appservice-slack.readthedocs.io/en/latest/team_sync/
-# matrix_appservice_slack_team_sync_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-Take a look at:
-
- `roles/custom/matrix-bridge-appservice-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_slack_configuration_extension_yaml` variable
-
-For example, to change the bot's username from `slackbot`, add the following configuration to your `vars.yml` file. Replace `examplebot` with your own.
-
-```yaml
-matrix_appservice_slack_configuration_extension_yaml: |
-  bot_username: "examplebot"
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-appservice-slack.service
+
+rm -rf /matrix/appservice-slack
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_appservice_slack;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to send `/invite @slackbot:example.com` to invite the bridge bot user into the admin room.
-
-If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:
-
- Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID — it will look something like `!qporfwt:example.com`.
- Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for Slack and `/invite @slackbot:example.com` for Matrix.
- Determine the "channel ID" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel ID>/details/`.
- Issue a link command in the administration control room with these collected values as arguments:
-
-    with file bridging:
-
-    ```
-    link --channel_id CHANNELID --room !qporfwt:example.com --slack_bot_token xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx --slack_user_token xoxp-xxxxxxxx-xxxxxxxxx-xxxxxxxx-xxxxxxxx
-    ```
-
-    without file bridging:
-
-    ```
-    link --channel_id CHANNELID --room !qporfwt:example.com --slack_bot_token xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx
-    ```
-
-    These arguments can be shortened to single-letter forms:
-
-    ```
-    link -I CHANNELID -R !qporfwt:example.com -t xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx
-    ```
-
-### Unlinking
-
-Channels can be unlinked again by sending this:
-
-```
-unlink --room !qporfwt:example.com
-```
-
-Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged Matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-appservice-slack`.
-
-### Linking: "Room is now pending-name"
-
-This typically means that you haven't used the correct Slack channel ID. Unlink the room and recheck 'Determine the "channel ID"' from above.
-
-### Messages work from Matrix to Slack, but not the other way around
-
-Check the logs, and if you find the message like below, unlink your room, reinvite the bot and re-link it again.
-
-`WARN SlackEventHandler Ignoring message from unrecognised Slack channel ID : %s (%s) <the channel ID> <some other ID>`
-
-This may particularly hit you, if you tried to unsuccessfully link your room multiple times without unlinking it after each failed attempt.
--- a/docs/configuring-playbook-bridge-appservice-webhooks.md
+++ b/docs/configuring-playbook-bridge-appservice-webhooks.md
@@ -1,113 +1,30 @@
 <!--
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2020 - 2023 MDAD project contributors
 SPDX-FileCopyrightText: 2020 Björn Marten
-SPDX-FileCopyrightText: 2020 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 iLyas Bakouch
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Kim Brose
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Appservice Webhooks bridging (optional, deprecated)
+# Setting up Appservice Webhooks bridging (optional, removed)

-**Note**: This bridge has been deprecated. We recommend not bothering with installing it. While not a 1:1 replacement, the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md). Consider using that bridge instead of this one.
+🪦 The playbook used to be able to install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks), but no longer includes this component, as it has been deprecated since more than several years.

-The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. This bridge provides support for Slack-compatible webhooks.
+You may wish to use [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) instead.

-See the project's [documentation](https://github.com/turt2live/matrix-appservice-webhooks/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually

-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_appservice_webhooks_enabled: true
-matrix_appservice_webhooks_api_secret: '<your_secret>'
-
-# As of Synapse 1.90.0, uncomment to enable the backwards compatibility (https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1900) that this bridge needs.
-# Note: This deprecated method is considered insecure.
-#
-# matrix_synapse_configuration_extension_yaml: |
-#   use_appservice_legacy_authorization: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-Take a look at:
-
- `roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-appservice-webhooks/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_webhooks_configuration_extension_yaml` variable
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
-```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to invite the bridge bot user to your room in either way.
-
- Send `/invite @_webhook:example.com` (**Note**: Make sure you have administration permissions in your room)
- Add the bridge bot to a private channel (personal channels imply you being an administrator)
-
-You then need to send a message to the bridge bot to receive a private message including the webhook link:
-
-```
-!webhook
-```
-
-The JSON body for posting messages will have to look like this:
-
-```json
-{
-    "text": "Hello world!",
-    "format": "plain",
-    "displayName": "My Cool Webhook",
-    "avatar_url": "http://i.imgur.com/IDOBtEJ.png"
-}
-```
-
-You can test this via curl like so:
+If you still have matrix-appservice-webhooks installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

 ```sh
-curl --header "Content-Type: application/json" \
--data '{
-"text": "Hello world!",
-"format": "plain",
-"displayName": "My Cool Webhook",
-"avatar_url": "http://i.imgur.com/IDOBtEJ.png"
-}' \
-<the webhook link you've gotten from the bridge bot>
-```
-
-### Setting Webhooks with Dimension integration manager
-
-If you're using the [Dimension integration manager](configuring-playbook-dimension.md), you can configure the Webhooks bridge with it.
-
-To configure it, open the Dimension integration manager, and go to "Settings" and "Bridges", then select edit action for "Webhook Bridge".
-
-On the UI, press "Add self-hosted Bridge" button and populate "Provisioning URL"  and "Shared Secret" values from `/matrix/appservice-webhooks/config/config.yaml` file's homeserver URL value and provisioning secret value, respectively.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-appservice-webhooks`.
-
-### Increase logging verbosity
-
-The default logging level for this component is `info`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-# Valid values: info, verbose
-matrix_appservice_webhooks_log_level: 'verbose'
+systemctl disable --now matrix-appservice-webhooks.service
+
+rm -rf /matrix/appservice-webhooks
 ```
--- a/docs/configuring-playbook-bridge-go-skype-bridge.md
+++ b/docs/configuring-playbook-bridge-go-skype-bridge.md
@@ -1,68 +1,26 @@
 <!--
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2021 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Go Skype Bridge bridging (optional)
+# Setting up Go Skype Bridge bridging (optional, removed)

-The playbook can install and configure [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you, for bridging to [Skype](https://www.skype.com/). This bridge was created based on [mautrix-whatsapp](https://github.com/mautrix/whatsapp) and can be configured in a similar way to it.
+🪦 The playbook used to be able to install and configure [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge), but no longer includes this component, as Skype has been discontinued since May 2025.

-See the project's [documentation](https://github.com/kelaresg/go-skype-bridge/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually

-## Prerequisite (optional)
+If you still have the Go Skype bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-### Enable Shared Secret Auth
-
-If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.
-
-**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_go_skype_bridge_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
-
-**Note**: when following the guide to configure the bridge, make sure to replace `_mautrix_SERVICENAME_` in the variable names with `_go_skype_bridge_`.
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `@skypebridgebot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-go-skype-bridge`.
-
-### Increase logging verbosity
-
-The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-# Valid values: fatal, error, warn, info, debug
-matrix_go_skype_bridge_log_level: 'info'
+systemctl disable --now matrix-go-skype-bridge.service
+
+rm -rf /matrix/go-skype-bridge
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_go_skype_bridge;'
 ```
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -16,8 +16,6 @@ Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from softw

 See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does and why it might be useful to you.

-**Note**: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however was deprecated by its author.
-
 ## Prerequisites

 ### Download GitHub app private key (optional)
@@ -35,7 +33,7 @@ matrix_hookshot_enabled: true

 # Uncomment to enable end-to-bridge encryption.
 # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
-# matrix_hookshot_experimental_encryption_enabled: true
+# matrix_hookshot_encryption_enabled: true

 # Uncomment and paste the contents of GitHub app private key to enable GitHub bridge.
 # Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section.
@@ -131,10 +129,6 @@ aux_file_definitions:

 For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).

-### Collision with matrix-appservice-webhooks
-
-If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
-
 ### Enable metrics

 The playbook can enable and configure the metrics of the service for you.
--- a/docs/configuring-playbook-bridge-mautrix-bridges.md
+++ b/docs/configuring-playbook-bridge-mautrix-bridges.md
@@ -24,7 +24,7 @@ To enable the bridge, add the following configuration to your `inventory/host_va
 matrix_mautrix_SERVICENAME_enabled: true
 ```

-**Note**: for bridging to Meta's Messenger or Instagram, you would need to add `meta` with an underscore symbol (`_`) or hyphen (`-`) based on the context as prefix to each `SERVICENAME`; add `_` to variables (as in `matrix_mautrix_meta_messenger_configuration_extension_yaml` for example) and `-` to paths of the configuration files (as in `roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2`), respectively. **`matrix_mautrix_facebook_*` and `matrix_mautrix_instagram_*` variables belong to the deprecated components and do not control the new bridge** ([mautrix-meta](https://github.com/mautrix/meta)), which can be [installed using this playbook](configuring-playbook-bridge-mautrix-meta-messenger.md).
+**Note**: for bridging to Meta's Messenger or Instagram, you would need to add `meta` with an underscore symbol (`_`) or hyphen (`-`) based on the context as prefix to each `SERVICENAME`; add `_` to variables (as in `matrix_mautrix_meta_messenger_configuration_extension_yaml` for example) and `-` to paths of the configuration files (as in `roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2`), respectively.

 There are some additional things you may wish to configure about the bridge before you continue. Each bridge may have additional requirements besides `_enabled: true`. For example, the mautrix-telegram bridge (our documentation page about it is [here](configuring-playbook-bridge-mautrix-telegram.md)) requires the `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash` variables to be defined. Refer to each bridge's individual documentation page for details about enabling bridges.

--- a/docs/configuring-playbook-bridge-mautrix-discord.md
+++ b/docs/configuring-playbook-bridge-mautrix-discord.md
@@ -1,11 +1,11 @@
 <!--
-SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2018 Hugues Morisset
-SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2018-2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2021, 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2022 Abílio Costa
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Marko Weltzer
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@@ -14,9 +14,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 <sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>

-**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
+**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.

 The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you.

@@ -24,9 +22,9 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h

 ## Prerequisites

-There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended).
+There are 3 ways to login to discord using this bridge, either by [scanning a QR code](https://docs.mau.fi/bridges/go/discord/authentication.html#qr-login) using the Discord mobile app, by using a [Discord token](https://docs.mau.fi/bridges/go/discord/authentication.html#token-login), **or** by using a [Discord bot token](https://docs.mau.fi/bridges/go/discord/authentication.html#bot-token-login).

-If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible.
+⚠️ QR code login is considered a self-bot and is forbidden by Discord. It can result in an account termination. See the [Discord policy](https://support.discord.com/hc/en-us/articles/115002192352-Automated-User-Accounts-Self-Bots).

 ### Enable Appservice Double Puppet or Shared Secret Auth (optional)

@@ -80,6 +78,14 @@ After bridging, spaces will be created automatically, and rooms will be created

 If you want to manually bridge channels, invite the bot to the room you want to bridge, and run `!discord bridge CHANNEL_ID_HERE` to bridge the room. Make sure to replace `CHANNEL_ID_HERE` with the channel's ID.

+### Enable relay
+
+The bridge supports using Discord's webhook feature to relay messages from Matrix users who haven't logged into the bridge.
+
+In a room that has already been bridged, run `!discord set-relay --create`. The bridge will then create a webhook in the bridged discord channel and begin relaying messages. If the discord user does not have access to manage webhooks, run `!discord set-relay --url <url>` with the url of an already created webhook. (See Discords [Intro to webhooks](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks))
+
+More information on relaying is available on the [official documentation](https://docs.mau.fi/bridges/go/discord/relay.html).
+
 ## Troubleshooting

 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-discord`.
@@ -92,3 +98,7 @@ The default logging level for this component is `warn`. If you want to increase
 # Valid values: fatal, error, warn, info, debug, trace
 matrix_mautrix_discord_logging_level: 'debug'
 ```
+
+### Command requires room admin rights when user is creator
+
+[MSC4289](https://github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/4289-privilege-creators.md), introduced in [room version 12](https://spec.matrix.org/unstable/rooms/v12/), gives creators an infinitley high powerlevel. At the time of implementation, mautrix-discord and similar applications may not identify creators as or above admins. Either a separate admin user will need to manage the bridge or the room version should be less than version 12.
--- a/docs/configuring-playbook-bridge-mautrix-facebook.md
+++ b/docs/configuring-playbook-bridge-mautrix-facebook.md
@@ -1,100 +1,32 @@
 <!--
-SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2019 Hugues Morisset
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2021 Aaron Raimist
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 László Várady
-SPDX-FileCopyrightText: 2024 Suguru Hirahara
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Mautrix Facebook bridging (optional, deprecated)
+# Setting up Mautrix Facebook bridging (optional, removed)

-<sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>
+🪦 The playbook used to be able to install and configure [mautrix-facebook](https://github.com/mautrix/facebook), but no longer includes this component, as it has been deprecated in favor of the [mautrix-meta](https://github.com/mautrix/meta) Messenger/Instagram bridge.

-**Note**: This bridge has been deprecated in favor of the [mautrix-meta](https://github.com/mautrix/meta) Messenger/Instagram bridge, which can be [installed using this playbook](configuring-playbook-bridge-mautrix-meta-messenger.md). Consider using that bridge instead of this one.
+The mautrix-meta bridge can be [installed using this playbook](configuring-playbook-bridge-mautrix-meta-messenger.md).

-The playbook can install and configure [mautrix-facebook](https://github.com/mautrix/facebook) for you.
+## Uninstalling the bridge manually

-See the project's [documentation](https://github.com/mautrix/facebook/blob/master/README.md) to learn what it does and why it might be useful to you.
-
-## Prerequisite (optional)
-
-### Enable Shared Secret Auth
-
-If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.
-
-**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_mautrix_facebook_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
-```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `@facebookbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-You then need to send `login YOUR_FACEBOOK_EMAIL_ADDRESS` to the bridge bot to enable bridging for your Facebook Messenger account.
-
-If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-facebook`.
-
-### Increase logging verbosity
-
-The default logging level for this component is `WARNING`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-matrix_mautrix_facebook_logging_level: DEBUG
-```
-
-### Facebook rejecting login attempts and forcing you to change password
-
-If your Matrix server is in a wildly different location than where you usually use your Facebook account from, the bridge's login attempts may be outright rejected by Facebook. Along with that, Facebook may even force you to change the account's password.
-
-If you happen to run into this problem while [setting up bridging](#usage), try to first get a successful session up by logging in to Facebook through the Matrix server's IP address.
-
-The easiest way to do this may be to use [sshuttle](https://sshuttle.readthedocs.io/) to proxy your traffic through the Matrix server.
-
-Example command for proxying your traffic through the Matrix server:
+If you still have the bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

 ```sh
-sshuttle -r root@matrix.example.com:22 0/0
+systemctl disable --now matrix-mautrix-facebook.service
+
+rm -rf /matrix/mautrix-facebook
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mautrix_facebook;'
 ```
-
-Once connected, you should be able to verify that you're browsing the web through the Matrix server's IP by checking [icanhazip](https://icanhazip.com/).
-
-Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/).
-
-Once logged in, proceed to [set up bridging](#usage).
-
-If that doesn't work, enable 2FA (see: [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823)) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change
--- a/docs/configuring-playbook-bridge-mautrix-hangouts.md
+++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md
@@ -23,5 +23,5 @@ systemctl disable --now matrix-mautrix-hangouts.service

 rm -rf /matrix/mautrix-hangouts

-/matrix/postgres/bin/cli-non-interactive 'DROP DATABASE matrix_mautrix_hangouts;'
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mautrix_hangouts;'
 ```
--- a/docs/configuring-playbook-bridge-mautrix-instagram.md
+++ b/docs/configuring-playbook-bridge-mautrix-instagram.md
@@ -1,63 +1,33 @@
 <!--
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019 Hugues Morisset
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2021 Aaron Raimist
 SPDX-FileCopyrightText: 2021 Marcus Proest
-SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 László Várady
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Mautrix Instagram bridging (optional, deprecated)
+# Setting up Mautrix Instagram bridging (optional, removed)

-<sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>
+🪦 The playbook used to be able to install and configure [mautrix-instagram](https://github.com/mautrix/instagram), but no longer includes this component, as it has been deprecated in favor of the [mautrix-meta](https://github.com/mautrix/meta) Messenger/Instagram bridge.

-**Note**: This bridge has been deprecated in favor of the [mautrix-meta](https://github.com/mautrix/meta) Messenger/Instagram bridge, which can be [installed using this playbook](configuring-playbook-bridge-mautrix-meta-instagram.md). Consider using that bridge instead of this one.
+The mautrix-meta bridge can be [installed using this playbook](configuring-playbook-bridge-mautrix-meta-messenger.md).

-The playbook can install and configure [mautrix-instagram](https://github.com/mautrix/instagram) for you.
+## Uninstalling the bridge manually

-See the project's [documentation](https://github.com/mautrix/instagram/blob/master/README.md) to learn what it does and why it might be useful to you.
+If you still have the bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_mautrix_instagram_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `@instagrambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-You then need to send `login YOUR_INSTAGRAM_EMAIL_ADDRESS YOUR_INSTAGRAM_PASSWORD` to the bridge bot to enable bridging for your instagram/Messenger account.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-instagram`.
-
-### Increase logging verbosity
-
-The default logging level for this component is `WARNING`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-matrix_mautrix_instagram_logging_level: DEBUG
+systemctl disable --now matrix-mautrix-instagram.service
+
+rm -rf /matrix/mautrix-instagram
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mautrix_instagram;'
 ```
--- a/docs/configuring-playbook-bridge-mautrix-slack.md
+++ b/docs/configuring-playbook-bridge-mautrix-slack.md
@@ -11,10 +11,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 <sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>

-**Note**: bridging to [Slack](https://slack.com/) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. Note that it is not available for new installation unless you have already created a classic Slack application, because the creation of classic Slack applications, which this bridge makes use of, has been discontinued.
- For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook.
-
 The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you.

 See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you.
@@ -25,7 +21,7 @@ See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMA

 For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html).

-Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel.
+Note that neither of these methods are officially supported by Slack.

 ### Enable Appservice Double Puppet (optional)

@@ -45,8 +41,7 @@ matrix_mautrix_slack_enabled: true

 There are some additional things you may wish to configure about the bridge.

-<!-- NOTE: relay mode is not supported for this bridge -->
-See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
+See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.

 ## Installing

--- a/docs/configuring-playbook-bridge-mautrix-twitter.md
+++ b/docs/configuring-playbook-bridge-mautrix-twitter.md
@@ -11,8 +11,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 <sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>

-**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) bridge supported by the playbook.
-
 The playbook can install and configure [mautrix-twitter](https://github.com/mautrix/twitter) for you.

 See the project's [documentation](https://github.com/mautrix/twitter/blob/master/README.md) to learn what it does and why it might be useful to you.
--- a/docs/configuring-playbook-bridge-mx-puppet-discord.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md
@@ -1,51 +1,31 @@
 <!--
-SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2020 Hugues Morisset
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up MX Puppet Discord bridging (optional)
+# Setting up MX Puppet Discord bridging (optional, removed)

-**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
+🪦 The playbook used to be able to install and configure [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord), but no longer includes this component, as it has been unmaintained for a long time.

-The playbook can install and configure [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) for you.
+You may wish to use the [Mautrix Discord bridge](https://github.com/mautrix/discord) instead.

-See the project's [documentation](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually

-## Adjusting the playbook configuration
+If you still have the MX Puppet Discord bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-To enable the [Discord](https://discordapp.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_mx_puppet_discord_enabled: true
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-mx-puppet-discord.service
+
+rm -rf /matrix/mx-puppet-discord
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mx_puppet_discord;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `Discord Puppet Bridge` with the handle `@_discordpuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-discord [documentation](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) for more information about how to configure the bridge.
-
-Once logged in, send `list` to the bot user to list the available rooms.
-
-Clicking rooms in the list will result in you receiving an invitation to the bridged room.
-
-Send `help` to the bot to see the available commands.
--- a/docs/configuring-playbook-bridge-mx-puppet-instagram.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md
@@ -1,51 +1,30 @@
 <!--
-SPDX-FileCopyrightText: 2021 MDAD project contributors
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2020 Hugues Morisset
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up MX Puppet Instagram bridging (optional)
+# Setting up MX Puppet Instagram bridging (optional, removed)

-The playbook can install and configure [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you.
+🪦 The playbook used to be able to install and configure [mx-puppet-instagram](https://gitlab.com/mx-puppet/instagram/mx-puppet-instagram), but no longer includes this component, as it has been unmaintained for a long time.

-This allows you to bridge Instagram DirectMessages into Matrix.
+You may wish to use the [Mautrix Meta](https://github.com/mautrix/meta) Messenger/Instagram bridge instead.

-## Adjusting the playbook configuration
+## Uninstalling the bridge manually

-To enable the [Instagram](https://www.instagram.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+If you still have the MX Puppet Instagram bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-```yaml
-matrix_mx_puppet_instagram_enabled: true
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-mx-puppet-instagram.service
+
+rm -rf /matrix/mx-puppet-instagram
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mx_puppet_instagram;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `Instagram Puppet Bridge` with the handle `@_instagrampuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-Send `link <username> <password>` to the bridge bot to link your instagram account.
-
-The `list` commands shows which accounts are linked and which `puppetId` is associated.
-
-For double-puppeting, you probably want to issue these commands:
-
- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying)
- `setautoinvite $puppetId 1` to automatically invite you to chats
- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting)
-
-If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out.
-
-Send `help` to the bot to see the available commands. At the time of writing, not every command is fully implemented.
--- a/docs/configuring-playbook-bridge-mx-puppet-skype.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-skype.md
@@ -10,4 +10,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 🪦 The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintained for a long time.

-Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook.
+The playbook used to be able to install and configure [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) as alternative to this bridge, but no longer includes this component, because Skype has been discontinued since May 2025.
--- a/docs/configuring-playbook-bridge-mx-puppet-slack.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md
@@ -1,58 +1,33 @@
 <!--
-SPDX-FileCopyrightText: 2020 - 2023 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2020 Rodrigo Belem
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2021 Marcel Ackermann
+SPDX-FileCopyrightText: 2021 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Jim Myhrberg
 SPDX-FileCopyrightText: 2022 Nikita Chernyi
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up MX Puppet Slack bridging (optional)
+# Setting up MX Puppet Slack bridging (optional, removed)

-**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook. Note that `matrix-appservice-slack` is not available for new installation unless you have already created a classic Slack application, because the creation of classic Slack applications, which this bridge makes use of, has been discontinued.
+🪦 The playbook used to be able to install and configure [mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack), but no longer includes this component, as it has been unmaintained for a long time.

-The playbook can install and configure [mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack) for you.
+You may wish to use the [Mautrix Slack bridge](https://github.com/mautrix/slack) instead.

-See the project's [documentation](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually

-## Prerequisite
+If you still have the MX Puppet Slack bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-Follow the [OAuth credentials](https://gitlab.com/mx-puppet/slack/mx-puppet-slack#option-2-oauth) instructions to create a new Slack app, setting the redirect URL to `https://matrix.example.com/slack/oauth`.
-
-## Adjusting the playbook configuration
-
-To enable the [Slack](https://slack.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_mx_puppet_slack_enabled: true
-# Client ID must be quoted so YAML does not parse it as a float.
-matrix_mx_puppet_slack_oauth_client_id: "<SLACK_APP_CLIENT_ID>"
-matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-mx-puppet-slack.service
+
+rm -rf /matrix/mx-puppet-slack
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mx_puppet_slack;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `Slack Puppet Bridge` with the handle `@_slackpuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-slack [documentation](https://gitlab.com/mx-puppet/slack/mx-puppet-slack) for more information about how to configure the bridge.
-
-Once logged in, send `list` to the bot user to list the available rooms.
-
-Clicking rooms in the list will result in you receiving an invitation to the bridged room.
-
-Send `help` to the bot to see the available commands.
--- a/docs/configuring-playbook-bridge-mx-puppet-steam.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md
@@ -7,11 +7,13 @@ SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up MX Puppet Steam bridging (optional)
+# Setting up MX Puppet Steam bridging (optional, deprecated)

-The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.
+**Note**: This bridge has been deprecated in favor of the [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) bridge for Steam, which can be [installed using this playbook](configuring-playbook-bridge-steam.md). Consider using that bridge instead of this one.

-See the project's [documentation](https://github.com/icewind1991/mx-puppet-steam/blob/master/README.md) to learn what it does and why it might be useful to you.
+The playbook can install and configure [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) for you.
+
+See the project's [documentation](https://codeberg.org/icewind/mx-puppet-steam/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

@@ -38,7 +40,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju

 To use the bridge, you need to start a chat with `Steam Puppet Bridge` with the handle `@_steampuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).

-Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam) for more information about how to configure the bridge.
+Three authentication methods are available, Legacy Token, OAuth and xoxc token. See mx-puppet-steam [documentation](https://codeberg.org/icewind/mx-puppet-steam) for more information about how to configure the bridge.

 Once logged in, send `list` to the bot user to list the available rooms.

--- a/docs/configuring-playbook-bridge-mx-puppet-twitter.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md
@@ -1,57 +1,29 @@
 <!--
+SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2020 Tulir Asokan
-SPDX-FileCopyrightText: 2021 Slavi Pantaleev
+SPDX-FileCopyrightText: 2021 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up MX Puppet Twitter bridging (optional)
+# Setting up MX Puppet Twitter bridging (optional, removed)

-**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mautrix-twitter](configuring-playbook-bridge-mautrix-twitter.md) bridge supported by the playbook.
+🪦 The playbook used to be able to install and configure [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter), but no longer includes this component, as it has been unmaintained for a long time.

-The playbook can install and configure [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.
+You may wish to use the [Mautrix Twitter bridge](https://github.com/mautrix/twitter) instead.

-See the project's [documentation](https://github.com/Sorunome/mx-puppet-twitter/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the bridge manually

-## Prerequisite
+If you still have the MX Puppet Twitter bridge installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-Make an app on [developer.twitter.com](https://developer.twitter.com/en/apps).
-
-## Adjusting the playbook configuration
-
-To enable the [Twitter](https://twitter.com) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_mx_puppet_twitter_enabled: true
-matrix_mx_puppet_twitter_consumer_key: ''
-matrix_mx_puppet_twitter_consumer_secret: ''
-matrix_mx_puppet_twitter_access_token: ''
-matrix_mx_puppet_twitter_access_token_secret: ''
-matrix_mx_puppet_twitter_environment: ''
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-mx-puppet-twitter.service
+
+rm -rf /matrix/mx-puppet-twitter
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_mx_puppet_twitter;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to start a chat with `Twitter Puppet Bridge` with the handle `@_twitterpuppet_bot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
-
-To log in, use `link` and click the link.
-
-Once logged in, send `list` to the bot user to list the available rooms.
-
-Clicking rooms in the list will result in you receiving an invitation to the bridged room.
-
-Send `help` to the bot to see the available commands.
--- a/docs/configuring-playbook-bridge-steam.md
+++ b/docs/configuring-playbook-bridge-steam.md
@@ -0,0 +1,48 @@
+<!--
+SPDX-FileCopyrightText: 2025 Jason LaGuidice
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Steam bridging (optional)
+
+The playbook can install and configure [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) for you.
+
+See the project's [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge/blob/main/README.md) to learn what it does and why it might be useful to you.
+
+## Adjusting the playbook configuration
+
+To enable the [Steam](https://steampowered.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_steam_bridge_enabled: true
+```
+
+## Installing
+
+After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` and `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+
+The tag for `just` commands for this bridge is `matrix-steam-bridge` - for example: `just install-service matrix-steam-bridge`
+
+## Usage
+
+To use the bridge, you need to start a chat with `Steam bridge bot` with the handle `@steambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
+
+The bridge supports QR code and password-based login as well as SteamGuard codes via app, SMS, or e-mail. See matrix-steam-bridge [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge) for more information about how to configure the bridge.
+
+To login, send `login [flow ID]` where possible flow IDs are `password` or `qr`
+
+Once logged in, send `search [name]` to search through recognized Steam friends. You can send a user name, display name, or all forms of Steam ID. Send `start-chat [identifier]` to request the bridge bot to open a chat room with a user.
+
+Chat rooms will automatically be opened as new messages are received.
+
+Send `help` to the bot to see the available commands.
--- a/docs/configuring-playbook-client-cinny.md
+++ b/docs/configuring-playbook-client-cinny.md
@@ -27,26 +27,26 @@ When setting, replace `example.com` with your own.
 To enable Cinny, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:

 ```yaml
-matrix_client_cinny_enabled: true
+cinny_enabled: true
 ```

 ### Adjusting the Cinny URL (optional)

-By tweaking the `matrix_client_cinny_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
+By tweaking the `cinny_hostname` variable, you can easily make the service available at a **different hostname** than the default one.

 Example additional configuration for your `vars.yml` file:

 ```yaml
 # Switch to a different domain (`app.example.com`) than the default one (`cinny.example.com`)
-matrix_client_cinny_hostname: "app.{{ matrix_domain }}"
+cinny_hostname: "app.{{ matrix_domain }}"

 # Expose under the /cinny subpath
-# matrix_client_cinny_path_prefix: /cinny
+# cinny_path_prefix: /cinny
 ```

 After changing the domain, **you may need to adjust your DNS** records to point the Cinny domain to the Matrix server.

-**Note**: while there is a `matrix_client_cinny_path_prefix` variable for changing the path where Cinny is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Cinny requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Cinny at a dedicated subdomain.
+**Note**: while there is a `cinny_path_prefix` variable for changing the path where Cinny is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Cinny requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Cinny at a dedicated subdomain.

 ### Extending the configuration

@@ -54,8 +54,8 @@ There are some additional things you may wish to configure about the component.

 Take a look at:

- `roles/custom/matrix-client-cinny/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-client-cinny/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_client_cinny_configuration_extension_json` variable
+- `roles/galaxy/cinny/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/cinny/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `cinny_configuration_extension_json` variable

 ## Installing

--- a/docs/configuring-playbook-client-fluffychat-web.md
+++ b/docs/configuring-playbook-client-fluffychat-web.md
@@ -13,7 +13,7 @@ FluffyChat Web is a cute cross-platform (web, iOS, Android) messenger for Matrix

 💡 **Note**: the latest version of FluffyChat Web is also available on the web, hosted by 3rd parties. If you trust giving your credentials to the following 3rd party Single Page Application, you can consider using it from there:

- [fluffychat.im](https://fluffychat.im/web), hosted by the [FluffyChat](https://fluffychat.im/) developers
+- [fluffychat.im](https://fluffychat.im/web), hosted by the [FluffyChat](https://fluffy.chat/) developers

 ## Adjusting DNS records

--- a/docs/configuring-playbook-client-hydrogen.md
+++ b/docs/configuring-playbook-client-hydrogen.md
@@ -24,22 +24,22 @@ When setting, replace `example.com` with your own.
 To enable Hydrogen, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:

 ```yaml
-matrix_client_hydrogen_enabled: true
+hydrogen_enabled: true
 ```

 ### Adjusting the Hydrogen URL (optional)

-By tweaking the `matrix_client_hydrogen_hostname` and `matrix_client_hydrogen_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
+By tweaking the `hydrogen_hostname` and `hydrogen_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.

 Example additional configuration for your `vars.yml` file:

 ```yaml
 # Switch to the domain used for Matrix services (`matrix.example.com`),
 # so we won't need to add additional DNS records for Hydrogen.
-matrix_client_hydrogen_hostname: "{{ matrix_server_fqn_matrix }}"
+hydrogen_hostname: "{{ matrix_server_fqn_matrix }}"

 # Expose under the /hydrogen subpath
-matrix_client_hydrogen_path_prefix: /hydrogen
+hydrogen_path_prefix: /hydrogen
 ```

 After changing the domain, **you may need to adjust your DNS** records to point the Hydrogen domain to the Matrix server.
@@ -52,8 +52,8 @@ There are some additional things you may wish to configure about the client.

 Take a look at:

- `roles/custom/matrix-client-hydrogen/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-client-hydrogen/templates/config.json.j2` for the client's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_client_hydrogen_configuration_extension_json` variable
+- `roles/galaxy/hydrogen/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/hydrogen/templates/config.json.j2` for the client's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `hydrogen_configuration_extension_json` variable

 ## Installing

--- a/docs/configuring-playbook-client-sable.md
+++ b/docs/configuring-playbook-client-sable.md
@@ -0,0 +1,71 @@
+<!--
+SPDX-FileCopyrightText: 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Sable (optional)
+
+The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you.
+
+Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others.
+
+## Adjusting DNS records
+
+By default, this playbook installs Sable on the `sable.` subdomain (`sable.example.com`) and requires you to create a CNAME record for `sable`, which targets `matrix.example.com`.
+
+When setting, replace `example.com` with your own.
+
+## Adjusting the playbook configuration
+
+To enable Sable, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+sable_enabled: true
+```
+
+### Adjusting the Sable URL (optional)
+
+By tweaking the `sable_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
+
+Example additional configuration for your `vars.yml` file:
+
+```yaml
+# Switch to a different domain (`app.example.com`) than the default one (`sable.example.com`)
+sable_hostname: "app.{{ matrix_domain }}"
+
+# Expose under the /sable subpath
+# sable_path_prefix: /sable
+```
+
+After changing the domain, **you may need to adjust your DNS** records to point the Sable domain to the Matrix server.
+
+**Note**: while there is a `sable_path_prefix` variable for changing the path where Sable is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Sable requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Sable at a dedicated subdomain.
+
+### Extending the configuration
+
+There are some additional things you may wish to configure about the component.
+
+Take a look at:
+
+- `roles/galaxy/sable/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/sable/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `sable_configuration_extension_json` variable
+
+## Installing
+
+After configuring the playbook and [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+
+## Troubleshooting
+
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-sable`.
--- a/docs/configuring-playbook-conduit.md
+++ b/docs/configuring-playbook-conduit.md
@@ -13,8 +13,6 @@ See the project's [documentation](https://docs.conduit.rs/) to learn what it doe

 By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.

-💡 **Note**: The playbook also supports installing a (currently) faster-moving Conduit fork called [conduwuit](./configuring-playbook-conduwuit.md).
-
 > [!WARNING]
 > - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
 > - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
--- a/docs/configuring-playbook-conduwuit.md
+++ b/docs/configuring-playbook-conduwuit.md
@@ -1,106 +1,45 @@
 <!--
-SPDX-FileCopyrightText: 2025 Slavi Pantaleev
-SPDX-FileCopyrightText: 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2023 Justin Croonenberghs
+SPDX-FileCopyrightText: 2023 Kuba Orlik
+SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+SPDX-FileCopyrightText: 2023 Samuel Meenzen
+SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Configuring conduwuit (optional)
+# Configuring conduwuit (optional, removed)

-The playbook can install and configure the [conduwuit](https://conduwuit.puppyirl.gay/) Matrix server for you.
+🪦 The playbook used to be able to install and configure the [conduwuit](https://conduwuit.puppyirl.gay/) Matrix server, but no longer includes this component, as it's been abandoned and unmaintained.

-See the project's [documentation](https://conduwuit.puppyirl.gay/) to learn what it does and why it might be useful to you.
+## Uninstalling the service manually

-By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.
+If you still have conduwuit installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually.

-💡 **Note**: conduwuit is a fork of [Conduit](./configuring-playbook-conduit.md), which the playbook also supports. See [Differences from upstream Conduit](https://conduwuit.puppyirl.gay/differences.html).
+To uninstall the service, run the command below on the server:

-> [!WARNING]
-> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> conduwuit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
-> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
-> - **the Conduwuit project appears to have been abandoned**. You may wish to install [Conduit](./configuring-playbook-conduit.md), or one of the Conduwuit successors (like [Continuwuity](configuring-playbook-continuwuity.md))
-
-## Adjusting the playbook configuration
-
-To use conduwuit, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:
-
-```yaml
-matrix_homeserver_implementation: conduwuit
-
-# Registering users can only happen via the API,
-# so it makes sense to enable it, at least initially.
-matrix_conduwuit_config_allow_registration: true
-
-# Generate a strong registration token to protect the registration endpoint from abuse.
-# You can create one with a command like `pwgen -s 64 1`.
-matrix_conduwuit_config_registration_token: ''
+```sh
+systemctl disable --now matrix-conduwuit.service
 ```

-### Extending the configuration
+## Migrating to Continuwuity

-There are some additional things you may wish to configure about the server.
+Since [Continuwuity](configuring-playbook-continuwuity.md) is a drop-in replacement for conduwuit, migration is possible. Please refer to [this section](./configuring-playbook-continuwuity.md#migrating-from-conduwuit) for details.

-Take a look at:
+## Removing data manually

- `roles/custom/matrix-conduwuit/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2` for the server's default configuration
+If you are not going to migrate to [Continuwuity](configuring-playbook-continuwuity.md), you can remove data by running the command on the server:

-There are various Ansible variables that control settings in the `conduwuit.toml` file.
-
-If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://conduwuit.puppyirl.gay/configuration.html#environment-variables) using `matrix_conduwuit_environment_variables_extension`. For example:
-
-```yaml
-matrix_conduwuit_environment_variables_extension: |
-  CONDUWUIT_MAX_REQUEST_SIZE=50000000
-  CONDUWUIT_REQUEST_TIMEOUT=60
+```sh
+rm -rf /matrix/conduwuit
 ```

-## Creating the first user account
-
-Unlike other homeserver implementations (like Synapse and Dendrite), conduwuit does not support creating users via the command line or via the playbook.
-
-If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
-
-This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
-
-The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.
-
-
-## Configuring bridges / appservices
-
-For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver.
-
-For conduwuit, you will have to manually register appservices using the [`!admin appservices register` command](https://conduwuit.puppyirl.gay/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account.
-
-The server's bot account has a Matrix ID of `@conduit:example.com` (not `@conduwuit:example.com`!) due to conduwuit's historical legacy.
-Your first user account would already have been invited to an admin room with this bot.
-
-Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`.
-
-Then, send its content to the existing admin room:
-
-    !admin appservices register
-
-    ```
-    as_token: <token>
-    de.sorunome.msc2409.push_ephemeral: true
-    receive_ephemeral: true
-    hs_token: <token>
-    id: signal
-    namespaces:
-      aliases:
-      - exclusive: true
-        regex: ^#signal_.+:example\.org$
-      users:
-      - exclusive: true
-        regex: ^@signal_.+:example\.org$
-      - exclusive: true
-        regex: ^@signalbot:example\.org$
-    rate_limited: false
-    sender_localpart: _bot_signalbot
-    url: http://matrix-mautrix-signal:29328
-    ```
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-conduwuit`.
+>[!WARNING]
+> Once you removing the path, there is no going back. Your data on the homeserver (including chat history, rooms, etc.) will be deleted and not be possible to restore them. Please be certain.
--- a/docs/configuring-playbook-continuwuity.md
+++ b/docs/configuring-playbook-continuwuity.md
@@ -13,7 +13,7 @@ See the project's [documentation](https://continuwuity.org) to learn what it doe

 By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.

-💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports.
+💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook has supported.

 > [!WARNING]
 > - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
@@ -58,9 +58,14 @@ matrix_continuwuity_environment_variables_extension: |

 Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.

-If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
+On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:

-This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
+```sh
+# Adjust the duration if necessary or remove the whole --since argument
+journalctl -u matrix-continuwuity.service --since="10 minutes ago"
+```
+
+Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.

 The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.

--- a/docs/configuring-playbook-dimension.md
+++ b/docs/configuring-playbook-dimension.md
@@ -1,144 +1,33 @@
 <!--
-SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2019 - 2025 MDAD project contributors
 SPDX-FileCopyrightText: 2019 Edgars Voroboks
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
 SPDX-FileCopyrightText: 2020 Chris van Dijk
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2020 jens quade
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Kim Brose
 SPDX-FileCopyrightText: 2022 Travis Ralston
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2022 Yan Minagawa
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Dimension integration manager (optional, unmaintained)
+# Setting up Dimension integration manager (optional, removed)

-**Notes**:
- Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it.
- This playbook now supports running Dimension in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_homeserver_federation_enabled`.
+🪦 The playbook used to be able to install and configure [Dimension](https://dimension.t2bot.io) integration manager, but no longer includes this component, as it has been unmaintained.

-The playbook can install and configure the [Dimension](https://dimension.t2bot.io) integration manager for you.
+## Uninstalling the component manually

-See the project's [documentation](https://github.com/turt2live/matrix-dimension/blob/master/README.md) to learn what it does and why it might be useful to you.
-
-## Prerequisites
-
-### Open Matrix Federation port
-
-Enabling the Dimension service will automatically reconfigure your Synapse homeserver to expose the `openid` API endpoints on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. If you enable the component, make sure that the port is accessible.
-
-### Install Matrix services
-
-Dimension can only be installed after Matrix services are installed and running. If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) and come back here later.
-
-### Register a dedicated Matrix user (optional, recommended)
-
-We recommend that you create a dedicated Matrix user for Dimension (`dimension` is a good username).
-
-Generate a strong password for the user. You can create one with a command like `pwgen -s 64 1`.
-
-You can use the playbook to [register a new user](registering-users.md):
+If you still have the Dimension integration manager installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

 ```sh
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=dimension password=PASSWORD_FOR_THE_USER admin=no' --tags=register-user
+systemctl disable --now matrix-dimension.service
+
+rm -rf /matrix/dimension
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_dimension;'
 ```
-
-### Obtain an access token
-
-Dimension requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
-
-> [!WARNING]
-> Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.
-
-## Adjusting DNS records
-
-By default, this playbook installs Dimension on the `dimension.` subdomain (`dimension.example.com`) and requires you to create a CNAME record for `dimension`, which targets `matrix.example.com`.
-
-When setting, replace `example.com` with your own.
-
-## Adjusting the playbook configuration
-
-To enable Dimension, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token).
-
-```yaml
-matrix_dimension_enabled: true
-
-matrix_dimension_access_token: "ACCESS_TOKEN_HERE"
-```
-
-### Define admin users
-
-To define admin users who can modify the integrations this Dimension supports, add the following configuration to your `vars.yml` file:
-
-```yaml
-matrix_dimension_admins:
-  - "@alice:{{ matrix_domain }}"
-  - "@bob:{{ matrix_domain }}"
-```
-
-The admin interface is accessible within Element Web by accessing it in any room and clicking the cog wheel/settings icon in the top right. Currently, Dimension can be opened in Element Web by the "Add widgets, bridges, & bots" link in the room information.
-
-### Adjusting the Dimension URL (optional)
-
-By tweaking the `matrix_dimension_hostname` and `matrix_dimension_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
-
-Example additional configuration for your `vars.yml` file:
-
-```yaml
-# Switch to the domain used for Matrix services (`matrix.example.com`),
-# so we won't need to add additional DNS records for Dimension.
-matrix_dimension_hostname: "{{ matrix_server_fqn_matrix }}"
-
-# Expose under the /dimension subpath
-# matrix_dimension_path_prefix: /dimension
-```
-
-After changing the domain, **you may need to adjust your DNS** records to point the Dimension domain to the Matrix server.
-
-If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
-
-**Note**: while there is a `matrix_dimension_path_prefix` variable for changing the path where Dimension is served, overriding it is not possible due to [this Dimension issue](https://github.com/turt2live/matrix-dimension/issues/510). You'd need to serve Dimension at a dedicated subdomain.
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the component.
-
-Take a look at:
-
- `roles/custom/matrix-dimension/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-dimension/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_dimension_configuration_extension_yaml` variable
-
-You can find all configuration options on [GitHub page of Dimension project](https://github.com/turt2live/matrix-dimension/blob/master/config/default.yaml).
-
-## Installing
-
-After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
-```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-**Notes**:
-
- The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-  `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-After Dimension has been installed you may need to log out and log back in for it to pick up the new integration manager. Then you can access integrations in Element Web by opening a room, clicking the room info button (`i`) on the top right corner, and then clicking the "Add widgets, bridges, & bots" link.
-
-### Set up a Jitsi widget
-
-By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance.
-
-To set up the widget, an admin user needs to configure the domain via the admin UI once Dimension is running. In Element Web, go to *Manage Integrations* → *Settings* → *Widgets* → *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
-
-There is unfortunately no way to configure the widget via the playbook. See [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dimension`.
--- a/docs/configuring-playbook-dynamic-dns.md
+++ b/docs/configuring-playbook-dynamic-dns.md
@@ -1,7 +1,20 @@
 <!--
+SPDX-FileCopyrightText: 2020 Aaron Raimist
+SPDX-FileCopyrightText: 2020 Chris van Dijk
+SPDX-FileCopyrightText: 2020 Dominik Zajac
+SPDX-FileCopyrightText: 2020 Mickaël Cornière
 SPDX-FileCopyrightText: 2020 Scott Crossen
-SPDX-FileCopyrightText: 2020 Slavi Pantaleev
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2020-2024 MDAD project contributors
+SPDX-FileCopyrightText: 2020-2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2022 François Darveau
+SPDX-FileCopyrightText: 2022 Julian Foad
+SPDX-FileCopyrightText: 2022 Warren Bailey
+SPDX-FileCopyrightText: 2023 Antonis Christofides
+SPDX-FileCopyrightText: 2023 Felix Stupp
+SPDX-FileCopyrightText: 2023 Julian-Samuel Gebühr
+SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+SPDX-FileCopyrightText: 2024 Tiz
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@@ -12,6 +25,10 @@ The playbook can configure Dynamic DNS with [ddclient⁠](https://github.com/ddc

 Most cloud providers / ISPs will charge you extra for a static IP address. If you're not hosting a highly reliable homeserver you can workaround this via dynamic DNS.

+For details about configuring the [Ansible role for ddclient](https://github.com/mother-of-all-self-hosting/ansible-role-ddclient), you can check them via:
+- 🌐 [the role's documentation](https://github.com/mother-of-all-self-hosting/ansible-role-ddclient/blob/main/docs/configuring-ddclient.md) online
+- 📁 `roles/galaxy/ddclient/docs/configuring-ddclient.md` locally, if you have [fetched the Ansible roles](../installing.md)
+
 ## Prerequisite

 You'll need to authenticate with your DNS provider somehow, in most cases this is simply a username and password but can differ from provider to provider. Please consult with your providers documentation and the upstream [ddclient documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in) to determine what you'll need to provide to authenticate.
@@ -21,17 +38,23 @@ You'll need to authenticate with your DNS provider somehow, in most cases this i
 To enable dynamic DNS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:

 ```yaml
-matrix_dynamic_dns_enabled: true
+ddclient_enabled: true

-matrix_dynamic_dns_domain_configurations:
+ddclient_domain_configurations:
  - provider: example.net
-    protocol: dyndn2
+    protocol: dyndns2
    username: YOUR_USERNAME_HERE
    password: YOUR_PASSWORD_HERE
    domain: "{{ matrix_domain }}"
 ```

-Keep in mind that certain providers may require a different configuration of the `matrix_dynamic_dns_domain_configurations` variable, for provider specific examples see the [upstream documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in).
+Keep in mind that certain providers may require a different configuration of the `ddclient_domain_configurations` variable, for provider specific examples see the [upstream documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in).
+
+### Configuring the endpoint to obtain IP address (optional)
+
+The playbook sets the default endpoint for obtaining the IP address to `https://cloudflare.com/cdn-cgi/trace`. You can replace it by specifying yours to `ddclient_web` and `ddclient_web_skip` if necessary.
+
+Refer to [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ddclient/blob/main/docs/configuring-ddclient.md#setting-the-endpoint-to-obtain-ip-address-optional) for more information.

 ### Extending the configuration

@@ -39,7 +62,7 @@ There are some additional things you may wish to configure about the component.

 Take a look at:

- `roles/custom/matrix-dynamic-dns/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/ddclient/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

 ## Installing

@@ -63,4 +86,4 @@ Additional resources:

 ## Troubleshooting

-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dynamic-dns`. However, due to an [upstream issue](https://github.com/linuxserver/docker-ddclient/issues/54#issuecomment-1153143132) the logging output is not always complete. For advanced debugging purposes running the `ddclient` tool outside of the container is useful via the following: `ddclient -file ./ddclient.conf -daemon=0 -debug -verbose -noquiet`.
+See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ddclient/blob/main/docs/configuring-ddclient.md#troubleshooting) on the role's documentation for details.
--- a/docs/configuring-playbook-element-admin.md
+++ b/docs/configuring-playbook-element-admin.md
@@ -0,0 +1,67 @@
+<!--
+SPDX-FileCopyrightText: 2024 wjbeckett
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Element Admin (optional)
+
+The playbook can install and configure [Element Admin](https://github.com/element-hq/element-admin) for you.
+
+Element Admin is a web-based administration panel for Synapse and [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
+
+See the project's [documentation](https://github.com/element-hq/element-admin) to learn more.
+
+💡 **Note**: This project is still very young and doesn't have many features. For now, it's recommended to use [Synapse Admin](./configuring-playbook-synapse-admin.md) instead. Deployments that use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) can use Element Admin for user-management (something that Synapse Admin can't do), while continuing to use Synapse Admin for all other purposes.
+
+## Prerequisites
+
+- A [Synapse](configuring-playbook-synapse.md) homeserver with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
+- [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
+
+## Decide on a domain and path
+
+By default, the Element Admin is configured to be served on the `admin.element.example.com` domain.
+
+If you'd like to run Element Admin on another hostname, see the [Adjusting the Element Admin URL](#adjusting-the-element-admin-url-optional) section below.
+
+## Adjusting DNS records (optional)
+
+By default, this playbook installs Element Admin on the `admin.element.` subdomain (`admin.element.example.com`) and requires you to create a `CNAME` record for `admin.element`, which targets `matrix.example.com`.
+
+When setting these values, replace `example.com` with your own.
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_element_admin_enabled: true
+```
+
+### Adjusting the Element Admin URL (optional)
+
+By tweaking the `matrix_element_admin_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
+
+Example additional configuration for your `vars.yml` file:
+
+```yaml
+matrix_element_admin_hostname: element-admin.example.com
+```
+
+> [!WARNING]
+> A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**.
+
+## Installing
+
+After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
--- a/docs/configuring-playbook-email.md
+++ b/docs/configuring-playbook-email.md
@@ -17,6 +17,16 @@ The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online
 - 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)

+## Why use exim-relay?
+
+**Benefits of using exim-relay** instead of configuring SMTP directly in each service:
+
+1. **Final delivery capability**: Can deliver emails directly if you don't have an SMTP server
+
+2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component
+
+3. **Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable
+
 ## Firewall settings

 No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration).
--- a/docs/configuring-playbook-federation.md
+++ b/docs/configuring-playbook-federation.md
@@ -44,7 +44,7 @@ matrix_homeserver_federation_enabled: false

 With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server.

-**Disabling federation does not necessarily disable the federation port** (`8448`). Services like [Dimension](configuring-playbook-dimension.md) and [ma1sd](configuring-playbook-ma1sd.md) normally rely on `openid` APIs exposed on that port. Even if you disable federation and only if necessary, we may still be exposing the federation port and serving the `openid` APIs there. To override this and completely disable Synapse's federation port use:
+**Disabling federation does not necessarily disable the federation port** (`8448`). Even if you disable federation and only if necessary, we may still be exposing the federation port and serving the `openid` APIs there. To override this and completely disable Synapse's federation port use:

 ```yaml
 matrix_homeserver_federation_enabled: false
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -18,6 +18,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 The playbook can install and configure the [Jitsi](https://jitsi.org/) video-conferencing platform for you.

+Because Jitsi still requires a TURN server, enabling Jitsi
+automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it.
+
 Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.

 💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.
--- a/docs/configuring-playbook-livekit-server.md
+++ b/docs/configuring-playbook-livekit-server.md
@@ -15,7 +15,7 @@ LiveKit Server is an open source project that provides scalable, multi-user conf

 The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
- 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
+- 📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)

 ## Adjusting firewall rules

@@ -29,10 +29,43 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p

 - `5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below.

-💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
+- `30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server.
+
+💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly.
+
+## TURN TLS handling
+
+When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled.
+
+- The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`.
+- `livekit_server_config_turn_external_tls` is automatically enabled for this setup.
+- Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode.
+
+To opt out and keep TURN TLS termination in LiveKit itself, set:
+
+```yml
+livekit_server_config_turn_external_tls: false
+```
+
+In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled.
+
+If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before.
+
+Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:
+
+```yml
+livekit_server_config_turn_external_tls: true
+livekit_server_container_labels_turn_traefik_enabled: true
+livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-traffic-entrypoint>"
+```
+
+and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.

 ## Limitations

-For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
+LiveKit Server's TURN listener behavior depends on where TLS is terminated:

-It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
+- Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible.
+- With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit.
+
+It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
--- a/docs/configuring-playbook-ma1sd.md
+++ b/docs/configuring-playbook-ma1sd.md
@@ -1,176 +1,37 @@
 <!--
-SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2019 - 2020 MDAD project contributors
+SPDX-FileCopyrightText: 2018-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
 SPDX-FileCopyrightText: 2019 Noah Fleischmann
-SPDX-FileCopyrightText: 2020 Justin Croonenberghs
+SPDX-FileCopyrightText: 2019-2022, 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2020 Hugues Morisset
 SPDX-FileCopyrightText: 2020 Marcel Partap
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2020, 2023 Justin Croonenberghs
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2023 Kuba Orlik
+SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+SPDX-FileCopyrightText: 2023 Samuel Meenzen
+SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up ma1sd Identity Server (optional)
+# Setting up ma1sd Identity Server (optional, removed)

-> [!WARNING]
-> Since ma1sd has been unmaintained for years (the latest commit and release being from 2021) and the future of identity server's role in the Matrix specification is uncertain, **we recommend not bothering with installing it unless it's the only way you can do what you need to do**.
->
-> Please note that certain things can be achieved with other components. For example, if you wish to implement LDAP integration, you might as well check out [the LDAP provider module for Synapse](./configuring-playbook-ldap-auth.md) instead.
+🪦 The playbook used to be able to install and configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server, but no longer includes this component, as it has been unmaintained for a long time.

-The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. It is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.
+Please note that some of the functions can be achieved with other components. For example, if you wish to implement LDAP integration, you might as well check out [the LDAP provider module for Synapse](./configuring-playbook-ldap-auth.md) instead.

-ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). It is private by default, potentially at the expense of user discoverability.
+## Uninstalling the component manually

-See the project's [documentation](https://github.com/ma1uta/ma1sd/blob/master/README.md) to learn what it does and why it might be useful to you.
+If you still have the ma1sd Identity Server installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-## Prerequisites
-
-### Open Matrix Federation port
-
-Enabling the ma1sd service will automatically reconfigure your Synapse homeserver to expose the `openid` API endpoints on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. If you enable the component, make sure that the port is accessible.
-
-## Adjusting DNS records
-
-To make the ma1sd Identity Server enable its federation features, set up a SRV record that looks like this:
-
- Name: `_matrix-identity._tcp` (use this text as-is)
- Content: `10 0 443 matrix.example.com` (replace `example.com` with your own)
-
-See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
-
-When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as `_matrix-identity` and protocol as `_tcp`.
-
-**Note**: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
-
-## Adjusting the playbook configuration
-
-To enable ma1sd, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_ma1sd_enabled: true
-```
-
-### Matrix.org lookup forwarding
-
-To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information).
-
-Enabling this is discouraged and you'd better [learn more](https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups) before proceeding.
-
-To enable matrix.org forwarding, add the following configuration to your `vars.yml` file:
-
-```yaml
-matrix_ma1sd_matrixorg_forwarding_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the component.
-
-Take a look at:
-
- `roles/custom/matrix-ma1sd/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_ma1sd_configuration_extension_yaml` variable
-
-You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more details and configuration options.
-
-#### Customizing email templates
-
-If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables (in the `roles/custom/matrix-ma1sd/defaults/main.yml` file.
-
-#### ma1sd-controlled Registration
-
-To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md) feature of ma1sd, you can make use of the following variables:
-
- `matrix_synapse_enable_registration` — to enable user-initiated registration in Synapse
-
- `matrix_synapse_enable_registration_captcha` — to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring-captcha.md) documentation.
-
- `matrix_synapse_registrations_require_3pid` — a list of 3pid types (among `'email'`, `'msisdn'`) required by the Synapse server for registering
-
- variables prefixed with `matrix_ma1sd_container_labels_` (e.g. `matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled`) — to configure the Traefik reverse-proxy to capture and send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality
-
- `matrix_ma1sd_configuration_extension_yaml` — to configure ma1sd as required. See the [Registration feature's docs](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md) for inspiration. Also see the [Additional features](#additional-features) section below to learn more about how to use `matrix_ma1sd_configuration_extension_yaml`.
-
-**Note**: For this to work, either the homeserver needs to [federate](configuring-playbook-federation.md) or the `openid` APIs need to exposed on the federation port. When federation is disabled and ma1sd is enabled, we automatically expose the `openid` APIs (only!) on the federation port. Make sure the federation port (usually `https://matrix.example.com:8448`) is whitelisted in your firewall (even if you don't actually use/need federation).
-
-#### Authentication
-
-[Authentication](https://github.com/ma1uta/ma1sd/blob/master/docs/features/authentication.md) provides the possibility to use your own [Identity Stores](https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md) (for example LDAP) to authenticate users on your Homeserver.
-
-To enable authentication against an LDAP server, add the following configuration to your `vars.yml` file:
-
-```yaml
-matrix_synapse_ext_password_provider_rest_auth_enabled: true
-
-# matrix-ma1sd is the hostname of the ma1sd Docker container
-matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
-
-matrix_ma1sd_configuration_extension_yaml: |
-  ldap:
-    enabled: true
-    connection:
-      host: ldapHostnameOrIp
-      tls: false
-      port: 389
-      baseDNs: ['OU=Users,DC=example,DC=org']
-      bindDn: CN=My ma1sd User,OU=Users,DC=example,DC=org
-      bindPassword: TheUserPassword
-```
-
-#### Example: SMS verification
-
-If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:
-
-```yaml
-matrix_ma1sd_configuration_extension_yaml: |
-  threepid:
-    medium:
-      msisdn:
-        connectors:
-          twilio:
-            account_sid: '<secret-SID>'
-            auth_token: '<secret-token>'
-            number: '+<msisdn-number>'
-```
-
-#### Example: Open Registration for every Domain
-
-If you want to open registration for any domain, you have to setup the allowed domains with ma1sd's `blacklist` and `whitelist`. The default behavior when neither the `blacklist`, nor the `whitelist` match, is to allow registration. Beware: you can't block toplevel domains (aka `.xy`) because the internal architecture of ma1sd doesn't allow that.
-
-```yaml
-matrix_ma1sd_configuration_extension_yaml: |
-  register:
-    policy:
-      allowed: true
-      threepid:
-        email:
-          domain:
-            blacklist: ~
-            whitelist: ~
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Troubleshooting
-
-If email address validation emails sent by ma1sd are not reaching you, you should look into [Adjusting email-sending settings](configuring-playbook-email.md).
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-ma1sd`.
-
-### Increase logging verbosity
-
-If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
-
-```yaml
-# See: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity
-matrix_ma1sd_verbose_logging: true
+systemctl disable --now matrix-ma1sd.service
+
+rm -rf /matrix/ma1sd
+
+/matrix/postgres/bin/cli-non-interactive 'DROP DATABASE matrix_ma1sd;'
 ```
--- a/docs/configuring-playbook-matrix-authentication-service.md
+++ b/docs/configuring-playbook-matrix-authentication-service.md
@@ -51,12 +51,16 @@ This section details what you can expect when switching to the Matrix Authentica

 - ❌ **Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md).

- ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet.
+- ❌ Certain **tools like [Synapse Admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. Synapse Admin already supports OIDC auth, browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which Synapse Admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes.

 - ❌ **Some services experience issues when authenticating via MAS**:

  - [Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again

+  - [Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:
+
+    > cannot initialize matrix bot error="olm account is marked as shared, keys seem to have disappeared from the server"
+
 - ❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting).

 - ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
--- a/docs/configuring-playbook-matrix-media-repo.md
+++ b/docs/configuring-playbook-matrix-media-repo.md
@@ -24,8 +24,21 @@ To enable matrix-media-repo, add the following configuration to your `inventory/

 ```yaml
 matrix_media_repo_enabled: true
+
+# Any unique alphanumeric string. Cannot be changed after first use.
+# For new installations, generate one with: pwgen -s 64 1
+# For existing installations, see below.
+matrix_media_repo_datastore_file_id: "CHANGE_ME_TO_A_UNIQUE_VALUE"
 ```

+**For existing installations**: retrieve the current datastore ID from the server's config file before proceeding:
+
+```sh
+grep 'id:' /matrix/media-repo/config/media-repo.yaml
+```
+
+Then use that value for `matrix_media_repo_datastore_file_id`. This is not a secret — it is a plain identifier used by matrix-media-repo to link media files to their storage backend.
+
 By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.

 ### Enable metrics
@@ -109,6 +122,11 @@ matrix_media_repo_admins: []
 matrix_media_repo_datastore_file_for_kinds: ["thumbnails", "remote_media", "local_media", "archives"]
 matrix_media_repo_datastore_s3_for_kinds: []

+# Required when S3 storage is enabled (matrix_media_repo_datastore_s3_for_kinds is non-empty).
+# Any unique alphanumeric string. Cannot be changed after first use.
+# For new installations, generate one with: pwgen -s 64 1
+# matrix_media_repo_datastore_s3_id: ""
+
 # The s3 uploader needs a temporary location to buffer files to reduce memory usage on
 # small file uploads. If the file size is unknown, the file is written to this location
 # before being uploaded to s3 (then the file is deleted). If you aren't concerned about
--- a/docs/configuring-playbook-matrix-rtc.md
+++ b/docs/configuring-playbook-matrix-rtc.md
@@ -16,10 +16,9 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
 ## Prerequisites

 - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
 - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
+- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
+- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
 - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).

 > [!WARNING]
--- a/docs/configuring-playbook-matrixto.md
+++ b/docs/configuring-playbook-matrixto.md
@@ -0,0 +1,68 @@
+<!--
+SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Setting up Matrix.to (optional)
+
+The playbook can install and configure the [Matrix.to](https://github.com/matrix-org/matrix.to) URL redirection service for you.
+
+See the project's [documentation](https://github.com/matrix-org/matrix.to/blob/main/README.md) to learn what it does and why it might be useful to you.
+
+## Adjusting DNS records
+
+By default, this playbook installs Matrix.to on the `mt.` subdomain (`mt.example.com`) and requires you to create a CNAME record for `mt`, which targets `matrix.example.com`.
+
+When setting, replace `example.com` with your own.
+
+## Adjusting the playbook configuration
+
+To enable Matrix.to, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_matrixto_enabled: true
+```
+
+### Adjusting the Matrix.to URL (optional)
+
+By tweaking the `matrix_matrixto_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
+
+Example additional configuration for your `vars.yml` file:
+
+```yaml
+# Change the default hostname
+matrix_matrixto_hostname: t.example.com
+```
+
+After changing the domain, **you may need to adjust your DNS** records to point the Matrix.to domain to the Matrix server.
+
+### Extending the configuration
+
+There are some additional things you may wish to configure about the server.
+
+Take a look at:
+
+- `roles/custom/matrix-matrixto/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+
+## Installing
+
+After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+
+## Usage
+
+Refer to the project's [documentation](https://github.com/matrix-org/matrix.to/blob/main/README.md) for available parameters, etc.
+
+## Troubleshooting
+
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-matrixto`.
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -51,7 +51,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
 # Adjust to point to your Traefik container
 matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container

-traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
+traefik_certs_dumper_ssl_path: "/path/to/your/traefiks/acme.json/directory"

 # Uncomment and adjust the variable below if the name of your federation entrypoint is different
 # than the default value (matrix-federation).
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -83,7 +83,7 @@ See the project's [documentation](https://github.com/martin-helmich/prometheus-n
 To enable it, add the following configuration to your `vars.yml` file:

 ```yaml
-matrix_prometheus_nginxlog_exporter_enabled: true
+prometheus_nginxlog_exporter_enabled: true
 ```

 If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be created.
@@ -95,8 +95,8 @@ If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be creat
 At the moment of writing only images for `amd64` and `arm64` architectures are available. The playbook currently does not support [self-building](./self-building.md) a container image on other architectures. You can however use a custom-build image by setting:

 ```yaml
-matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
-matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
+prometheus_nginxlog_exporter_container_image_arch_check_enabled: false
+prometheus_nginxlog_exporter_container_image: path/to/docker/image:tag
 ```

 ### Extending the configuration
@@ -106,7 +106,7 @@ There are some additional things you may wish to configure about Prometheus and
 Take a look at:

 - [Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `prometheus_configuration_extension_yaml` variable
- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

 ## Adjusting the playbook configuration — Grafana

@@ -178,11 +178,11 @@ Name | Description
 `matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
 `matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
 `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
-`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
+`prometheus_node_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
-`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
-`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
-`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
+`prometheus_postgres_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
+`prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
+`prometheus_nginxlog_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.

 ### Expose metrics of other services/roles

--- a/docs/configuring-playbook-rest-auth.md
+++ b/docs/configuring-playbook-rest-auth.md
@@ -18,7 +18,7 @@ Add the following configuration to your `inventory/host_vars/matrix.example.com/

 ```yaml
 matrix_synapse_ext_password_provider_rest_auth_enabled: true
-matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
+matrix_synapse_ext_password_provider_rest_auth_endpoint: SET_YOUR_ENDPOINT_HERE
 matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
 matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
 matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
@@ -47,9 +47,4 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju

 ## Usage

-### Use ma1sd Identity Server for the backend (not recommended)
-
-This module does not provide direct integration with any backend. For the backend you can use [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server, which can be configured with the playbook.
-
-> [!WARNING]
-> We recommend not bothering with installing ma1sd as it has been unmaintained for years. If you wish to install it anyway, consult the [ma1sd Identity Server configuration](configuring-playbook-ma1sd.md).
+This module does not provide direct integration with any backend. Please prepare one by yourself for it.
--- a/docs/configuring-playbook-sliding-sync-proxy.md
+++ b/docs/configuring-playbook-sliding-sync-proxy.md
@@ -1,95 +1,32 @@
 <!--
-SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
 SPDX-FileCopyrightText: 2023 Justin Croonenberghs
 SPDX-FileCopyrightText: 2023 Kuba Orlik
 SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
 SPDX-FileCopyrightText: 2023 Samuel Meenzen
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2024 Fabio Bonelli
-SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up the Sliding Sync proxy (optional)
+# Setting up the Sliding Sync proxy (optional, removed)

-**Note**: The sliding-sync proxy is **not required** anymore as it's been replaced with a different method (called Simplified Sliding Sync) which is integrated into newer homeservers by default (**Conduit** homeserver from version `0.6.0` or **Synapse** from version `1.114`). This component and documentation remain here for historical purposes, but **installing this old sliding-sync proxy is generally not recommended anymore**.
+🪦 The playbook used to be able to install and configure the [sliding-sync](https://github.com/matrix-org/sliding-sync) proxy, but no longer includes this component, as it's been replaced with a different method (called Simplified Sliding Sync) integrated to newer homeservers by default (**Conduit** homeserver from version `0.6.0` or **Synapse** from version `1.114`).

-The playbook can install and configure [sliding-sync](https://github.com/matrix-org/sliding-sync) proxy for you.
+## Uninstalling the proxy manually

-Sliding Sync is an implementation of [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md) and a prerequisite for running Element X clients ([Element X iOS](https://github.com/element-hq/element-x-ios) and [Element X Android](https://github.com/element-hq/element-x-android)). See the project's [documentation](https://github.com/matrix-org/sliding-sync) to learn more.
+If you still have the Sliding Sync proxy installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-## Adjusting DNS records (optional)
-
-By default, this playbook installs the Sliding Sync proxy on the `matrix.` subdomain, at the `/sliding-sync` path (https://matrix.example.com/sliding-sync). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.
-
-If you wish to adjust it, see the section [below](#adjusting-the-sliding-sync-proxy-url-optional) for details about DNS configuration.
-
-## Adjusting the playbook configuration
-
-To enable Sliding Sync proxy, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_sliding_sync_enabled: true
-```
-
-### Adjusting the Sliding Sync proxy URL (optional)
-
-By tweaking the `matrix_sliding_sync_hostname` and `matrix_sliding_sync_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
-
-Example additional configuration for your `vars.yml` file:
-
-```yaml
-# Change the default hostname and path prefix
-matrix_sliding_sync_hostname: ss.example.com
-matrix_sliding_sync_path_prefix: /
-```
-
-If you've changed the default hostname, you may need to create a CNAME record for the Sliding Sync proxy domain (`ss.example.com`), which targets `matrix.example.com`.
-
-When setting, replace `example.com` with your own.
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the component.
-
-Take a look at:
-
- `roles/custom/matrix-sliding-sync/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
-
-## Installing
-
-After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-sliding-sync.service
+
+rm -rf /matrix/sliding-sync
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_sliding_sync;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-### External databases
-
-Please note that, if your setup utilizes an external database, you must also establish configuration for the sliding sync proxy. Alter the defaults below to suit your configuration:
-
-```yaml
-matrix_sliding_sync_database_username: 'matrix_sliding_sync'
-matrix_sliding_sync_database_password: ''
-matrix_sliding_sync_database_hostname: ''
-matrix_sliding_sync_database_port: 5432
-matrix_sliding_sync_database_name: 'matrix_sliding_sync'
-```
-
-## Usage
-
-You **don't need to do anything special** to make use of the Sliding Sync proxy. Simply open your client which supports Sliding Sync (like Element X) and log in.
-
-When the Sliding Sync proxy is [installed](#installing), your `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc3575.proxy` section and `url` property are added there and made to point to your Sliding Sync proxy's base URL (e.g. `https://matrix.example.com/sliding-sync`).
-
-This allows clients which support Sliding Sync to detect the Sliding Sync proxy's URL and make use of it.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-sliding-sync`.
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@@ -17,7 +17,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
 - This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
 - Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).

-  The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).
+  The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.

 ## Use staging Let's Encrypt certificates

--- a/docs/configuring-playbook-synapse-admin.md
+++ b/docs/configuring-playbook-synapse-admin.md
@@ -1,22 +1,26 @@
 <!--
-SPDX-FileCopyrightText: 2020 - 2024 MDAD project contributors
-SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020-2024 MDAD project contributors
+SPDX-FileCopyrightText: 2020-2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2021 Aaron Raimist
 SPDX-FileCopyrightText: 2023 Christian González
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2024 Nikita Chernyi
 SPDX-FileCopyrightText: 2024 Uğur İLTER
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

 # Setting up Synapse Admin (optional)

-The playbook can install and configure [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin) (a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), community room: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)) for you.
+The playbook can install and configure Synapse Admin for you.

-synapse-admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix server**. It's designed to work with the Synapse homeserver implementation and WON'T work with Dendrite because [Dendrite Admin API](https://element-hq.github.io/dendrite/administration/adminapi) differs from [Synapse Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/).
+Synapse Admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix homeserver**. This playbook is configured to install [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin), which is a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin).

-💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
+>[!NOTE]
+>
+> - Synapse Admin does not work with other homeserver implementations than Synapse due to API's incompatibility.
+> - The latest version of Synapse Admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
+> - This playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). Please note that it's currently less feature-rich than Synapse Admin and requires [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).

 ## Adjusting DNS records (optional)

@@ -39,9 +43,6 @@ matrix_synapse_admin_enabled: true

 By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable.

-> [!WARNING]
-> If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all.
-
 ### Adjusting the Synapse Admin URL (optional)

 By tweaking the `matrix_synapse_admin_hostname` and `matrix_synapse_admin_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
@@ -88,3 +89,5 @@ To use Synapse Admin, you need to have [registered at least one administrator ac
 ## Troubleshooting

 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-synapse-admin`.
+
+If you have questions, you can join this community room and feel free to ask: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)
--- a/docs/configuring-playbook-synapse-auto-accept-invite.md
+++ b/docs/configuring-playbook-synapse-auto-accept-invite.md
@@ -1,45 +1,26 @@
 <!--
-SPDX-FileCopyrightText: 2024 MDAD project contributors
-SPDX-FileCopyrightText: 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2024 Suguru Hirahara
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2023 Justin Croonenberghs
+SPDX-FileCopyrightText: 2023 Kuba Orlik
+SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+SPDX-FileCopyrightText: 2023 Samuel Meenzen
+SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Synapse Auto Invite Accept (optional)
+# Setting up Synapse Auto Invite Accept (optional, removed)

-The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you.
-
-In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
-
-See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you.
-
-**Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.
-
-## Adjusting the playbook configuration
-
-If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
-
-matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true
-```
-
-### Synapse worker deployments
-
-In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:
-
-```yaml
-matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0'
-```
-
-There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
+🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).

 ## Native alternative

-Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse.
-
 Here's example configuration for using the **native** Synapse feature:

 ```yaml
--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -177,6 +177,8 @@ By default, we periodically ensure that all local files are uploaded to S3 and a
 - … invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
 - … triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00

+The same `migrate` script also prunes empty directories in the local media repository (`remote_content` and `remote_thumbnail`) after upload/delete operations.
+
 So… you don't need to perform any maintenance yourself.

 The schedule is defined in the format of systemd timer calendar. To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -76,10 +76,33 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and

 When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable.

-A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.
+The `matrix-synapse` role also manages the `matrix-synapse-reverse-proxy-companion` component for load-balancing with workers. This component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.

 In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/element-hq/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.

+### Limit joining heavy rooms on constrained hosts
+
+If your server is underpowered, joining heavy rooms can cause Synapse to consume a lot of resources and be unavailable for long (while it catches up).
+
+To avoid this, Synapse can be configured to reject joins for remote rooms that are too complex before users enter them.
+
+Complexity is computed as `current_state_events / 500` (Synapse state event count for current room state). When the resulting value is higher than `matrix_synapse_limit_remote_rooms_complexity` and `matrix_synapse_limit_remote_rooms_enabled` is `true`, Synapse blocks joining the room.
+
+We recommend using this as a guardrail on low-resource servers:
+
+```yaml
+matrix_synapse_limit_remote_rooms_enabled: true
+
+# Tweak as necessary
+matrix_synapse_limit_remote_rooms_complexity: 1.0
+
+# Uncomment and tweak if necessary
+# matrix_synapse_limit_remote_rooms_complexity_error: "Your homeserver is unable to join rooms this large or complex. Please speak to your server administrator, or upgrade your instance to join this room."
+
+# If you'd like your admins to be exempt from this limit, uncomment the line below
+# matrix_synapse_limit_remote_rooms_admins_can_join: true
+```
+
 ### Synapse + OpenID Connect for Single-Sign-On

 💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment.
--- a/docs/configuring-playbook-turn.md
+++ b/docs/configuring-playbook-turn.md
@@ -1,39 +1,61 @@
 <!--
-SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2018-2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Aaron Raimist
 SPDX-FileCopyrightText: 2020 Christian Wolf
-SPDX-FileCopyrightText: 2020 MDAD project contributors
 SPDX-FileCopyrightText: 2020 Marcel Partap
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2020-2024 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Alejo Diaz
+SPDX-FileCopyrightText: 2022 Julian Foad
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

 # Configuring a TURN server (optional, advanced)

-By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document.
+By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default.

-If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it.
+If you explicitly need coturn while not using Jitsi, enable it with:
+
+```yaml
+coturn_enabled: true
+```
+
+and configure its IP-related settings in the section below.
+
+If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below.
+
+When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-matrix-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn.
+
+## Adjusting firewall rules
+
+To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:
+
+- `3478/tcp`: STUN/TURN over TCP
+- `3478/udp`: STUN/TURN over UDP
+- `5349/tcp`: TURN over TCP
+- `5349/udp`: TURN over UDP
+- `49152-49172/udp`: TURN/UDP relay range
+
+If LiveKit's embedded TURN is enabled at the same time (for MatrixRTC/Element Call), keep the Coturn relay range distinct from LiveKit's relay range (`livekit_server_config_turn_relay_range_start`/`livekit_server_config_turn_relay_range_end`).
+
+💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself.

 ## Adjusting the playbook configuration

 ### Define public IP manually (optional)

-In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn.
-
-If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server.
+If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:

 ```yaml
-matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
+# You can define multiple IP addresses if your server has multiple external IP addresses
+coturn_turn_external_ip_addresses: ["YOUR_PUBLIC_IP"]
 ```

-If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
+If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.

-If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
-
-```yaml
-# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address
-matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
-```
+>[!NOTE]
+> You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.

 ### Change the authentication mechanism (optional)

@@ -42,20 +64,37 @@ The playbook uses the [`auth-secret` authentication method](https://github.com/c
 To do so, add the following configuration to your `vars.yml` file:

 ```yaml
-matrix_coturn_authentication_method: lt-cred-mech
+coturn_authentication_method: lt-cred-mech
 ```

 Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and coturn.

 If [Jitsi](configuring-playbook-jitsi.md) is installed, note that switching to `lt-cred-mech` will disable the integration between Jitsi and your coturn server, as Jitsi seems to support the `auth-secret` authentication method only.

+### Customize the Coturn hostname (optional)
+
+By default, Coturn uses the same hostname as your Matrix homeserver (the value of `matrix_server_fqn_matrix`, which is typically `matrix.example.com`).
+
+If you'd like to use a custom subdomain for Coturn (e.g., `turn.example.com` or `t.matrix.example.com`), add the following configuration to your `vars.yml` file:
+
+```yaml
+coturn_hostname: turn.example.com
+```
+
+The playbook will automatically:
+- Configure Coturn to use this hostname
+- Obtain an SSL certificate for the custom domain via Traefik
+- Update all TURN URIs to point to the custom domain
+
+**Note**: Make sure the custom hostname resolves to your server's IP address via DNS before running the playbook.
+
 ### Use your own external coturn server (optional)

 If you'd like to use another TURN server (be it coturn or some other one), add the following configuration to your `vars.yml` file. Make sure to replace `HOSTNAME_OR_IP` with your own.

 ```yaml
 # Disable integrated coturn server
-matrix_coturn_enabled: false
+coturn_enabled: false

 # Point Synapse to your other coturn server
 matrix_synapse_turn_uris:
@@ -76,15 +115,15 @@ You can put multiple host/port combinations if you'd like to.

 ### Edit the reloading schedule (optional)

-By default the service is reloaded on 6:30 a.m. every day based on the `matrix_coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar.
+By default the service is reloaded on 6:30 a.m. every day based on the `coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar.

 To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):

 ```yaml
-matrix_coturn_reload_schedule: "*-*-* 06:30:00"
+coturn_reload_schedule: "*-*-* 06:30:00"
 ```

-**Note**: the actual job may run with a delay. See `matrix_coturn_reload_schedule_randomized_delay_sec` for its default value.
+**Note**: the actual job may run with a delay. See `coturn_reload_schedule_randomized_delay_sec` for its default value.

 ### Extending the configuration

@@ -92,18 +131,18 @@ There are some additional things you may wish to configure about the TURN server

 Take a look at:

- `roles/custom/matrix-coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

 ## Disabling coturn

-If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:
+Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it.
+
+To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:

 ```yaml
-matrix_coturn_enabled: false
+coturn_enabled: false
 ```

-In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail.
-
 ## Installing

 After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -51,8 +51,6 @@ For a more custom setup, see the [Other configuration options](#other-configurat

  - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation

-  - [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation
-
  - [Configuring continuwuity](configuring-playbook-continuwuity.md), if you've switched to the [continuwuity](https://continuwuity.org) homeserver implementation

  - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation
@@ -70,8 +68,6 @@ For a more custom setup, see the [Other configuration options](#other-configurat

  - [Adjusting email-sending settings](configuring-playbook-email.md)

-  - [Setting up ma1sd Identity Server](configuring-playbook-ma1sd.md)
-
  - [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md)

 - Server connectivity:
@@ -91,6 +87,8 @@ Web clients for Matrix that you can host on your own domains.

 - [Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabled [Cinny](https://github.com/ajbura/cinny), a web client focusing primarily on simple, elegant and secure interface

+- [Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface
+
 - [Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks

 - [Setting up FluffyChat Web](configuring-playbook-client-fluffychat-web.md), if you've enabled [FluffyChat Web](https://github.com/krille-chan/fluffychat), a cute cross-platform messenger (web, iOS, Android) for Matrix written in [Flutter](https://flutter.dev/)
@@ -166,27 +164,17 @@ Bridges can be used to connect your Matrix installation with third-party communi

 - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)

- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md)
-
 - [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md)

 - [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md)

 - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) — a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira).

- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md)
-
- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md)
-
- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md)
-
- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md)
-
 - [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)

- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)
+- [Setting up Steam bridging](configuring-playbook-bridge-steam.md)

- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)
+- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)

 - [Setting up Postmoogle email bridging](configuring-playbook-bridge-postmoogle.md)

@@ -247,12 +235,12 @@ Various services that don't fit any other categories.

 - [Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)

- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
-
 - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers

 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)

+- [Setting up Matrix.to](configuring-playbook-matrixto.md)
+
 - [Setting up Etherpad](configuring-playbook-etherpad.md)

 - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md)
@@ -269,8 +257,12 @@ Various services that don't fit any other categories.

 **Note**: since a deprecated or unmaintained service will not be updated, its bug or vulnerability will be unlikely to get patched. It is recommended to migrate from the service to an alternative if any, and make sure to do your own research before you decide to keep it running nonetheless.

+- [Configuring conduwuit](configuring-playbook-conduwuit.md) (removed; this component has been abandoned and unmaintained)
+
 - [Setting up the Sliding Sync proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like old Element X versions, before it got switched to Simplified Sliding Sync)

+- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (removed; this component has been discontinued)
+
 - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (deprecated; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))

 - [Setting up the Dimension integration manager](configuring-playbook-dimension.md) ([unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md))
@@ -279,10 +271,24 @@ Various services that don't fit any other categories.

 - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (unmaintained; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))

+- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (removed; Skype has been discontinued since May 2025)
+
+- [Setting up ma1sd Identity Server](configuring-playbook-ma1sd.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook.)
+
 - [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unmaintained; the bridge's author suggests taking a look at [baibot](https://github.com/etkecc/baibot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bot-baibot.md))

 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))

 - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-instagram](configuring-playbook-bridge-mautrix-meta-instagram.md))

+- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md))
+
+- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md))
+
 - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (removed; this component has been broken for a long time, so it has been removed from the playbook. Consider [setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md))
+
+- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))
+
+- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))
+
+- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -27,7 +27,6 @@ We try to stick to official images (provided by their respective projects) as mu
 | ------- | --------------- | -------- | ----------- |
 | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network |
 | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements |
-| [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. |
 | [continuwuity](configuring-playbook-continuwuity.md) | [continuwuation/continuwuity](https://forgejo.ellis.link/continuwuation/continuwuity) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. |
 | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. |

@@ -40,6 +39,7 @@ Web clients for Matrix that you can host on your own domains.
 | [Element Web](configuring-playbook-client-element-web.md) | [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) | ✅ | Default Matrix web client, configured to connect to your own Synapse server |
 | [Hydrogen](configuring-playbook-client-hydrogen.md) | [element-hq/hydrogen-web](https://ghcr.io/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support |
 | [Cinny](configuring-playbook-client-cinny.md) | [ajbura/cinny](https://hub.docker.com/r/ajbura/cinny) | ❌ | Simple, elegant and secure web client |
+| [Sable](configuring-playbook-client-sable.md) | [7w1/sable](https://ghcr.io/7w1/sable) | ❌ | Simple, elegant and secure web client |
 | [SchildiChat Web](configuring-playbook-client-schildichat-web.md) | [etke.cc/schildichat-web](https://ghcr.io/etkecc/schildichat-web) | ❌ | Based on Element Web, with a more traditional instant messaging experience |

 ## Server Components
@@ -53,7 +53,6 @@ Services that run on the server to make the various parts of your installation w
 | [Traefik](configuring-playbook-traefik.md) | [Traefik](https://hub.docker.com/_/traefik/) | ✅ | Web server, listening on ports 80, 443 and 8448 — standing in front of all the other services. [Using your own webserver](configuring-playbook-own-webserver.md) is also possible. |
 | [Let's Encrypt](configuring-playbook-ssl-certificates.md) | [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) | ✅ | [Certbot](https://certbot.eff.org/) tool for obtaining SSL certificates from [Let's Encrypt](https://letsencrypt.org/) |
 | [Exim](configuring-playbook-email.md) | [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) |
-| [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
 | [ddclient](configuring-playbook-dynamic-dns.md) | [linuxserver/ddclient](https://hub.docker.com/r/linuxserver/ddclient) | ❌ | Update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider |
 | [LiveKit Server](configuring-playbook-livekit-server.md) | [livekit/livekit-server](https://hub.docker.com/r/livekit/livekit-server/) | ❌ | WebRTC server for audio/video calls |
 | [Livekit JWT Service](configuring-playbook-livekit-jwt-service.md) | [element-hq/lk-jwt-service](https://ghcr.io/element-hq/lk-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) |
@@ -103,17 +102,12 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-appservice-irc](configuring-playbook-bridge-appservice-irc.md) | [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) | ❌ | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) |
 | [matrix-appservice-kakaotalk](configuring-playbook-bridge-appservice-kakaotalk.md) | Self-building | ❌ | Bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) |
 | [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) | [matrix-org/matrix-appservice-discord](https://ghcr.io/matrix-org/matrix-appservice-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) |
-| [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
 | [matrix-hookshot](configuring-playbook-bridge-hookshot.md) | [halfshot/matrix-hookshot](https://hub.docker.com/r/halfshot/matrix-hookshot) | ❌ | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular |
 | [matrix-sms-bridge](configuring-playbook-bridge-matrix-bridge-sms.md) | [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) | ❌ | Bridge to SMS |
 | [matrix-wechat](configuring-playbook-bridge-wechat.md) | [lxduo/matrix-wechat](https://hub.docker.com/r/lxduo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) |
 | [Heisenbridge](configuring-playbook-bridge-heisenbridge.md) | [hif1/heisenbridge](https://hub.docker.com/r/hif1/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) |
-| [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) | [nodefyme/go-skype-bridge](https://hub.docker.com/r/nodefyme/go-skype-bridge) | ❌ | Bridge to [Skype](https://www.skype.com) |
-| [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
-| [mx-puppet-instagram](configuring-playbook-bridge-mx-puppet-instagram.md) | [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) | ❌ | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) |
-| [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
-| [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
 | [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) |
+| [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) |
 | [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) |
 | [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge |

@@ -156,9 +150,7 @@ Various services that don't fit any other categories.

 | Service | Container image | Default? | Description |
 | ------- | --------------- | -------- | ----------- |
-| [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
-| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
-| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [etke.cc/rust-synapse-compress-state](https://gitlab.com/etke.cc/rust-synapse-compress-state/container_registry) | ❌ | Cli tool that automatically compresses `state_groups` database table in background |
+| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
 | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
 | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
 | [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI |
@@ -178,10 +170,19 @@ The list of the deprecated or unmaintained services is available [here](configur

 | Service | Container image | Default? | Description |
 | ------- | --------------- | -------- | ----------- |
-| [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
+| [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit was a fork of Conduit. |
 | [Dimension](configuring-playbook-dimension.md) | [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) | ❌ | Open source integration manager for Matrix clients |
 | [Email2Matrix](configuring-playbook-email2matrix.md) | [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) | ❌ | Bridge for relaying emails to Matrix rooms |
 | [Go-NEB](configuring-playbook-bot-go-neb.md) | [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) | ❌ | Multi functional bot written in Go |
+| [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
+| [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
+| [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
 | [matrix-chatgpt-bot](configuring-playbook-bot-chatgpt.md) | [matrixgpt/matrix-chatgpt-bot](https://ghcr.io/matrixgpt/matrix-chatgpt-bot) | ❌ | Accessing ChatGPT via your favourite Matrix client |
 | [mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md) | [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) | ❌ | Bridge to [Facebook](https://facebook.com/) |
 | [mautrix-instagram](configuring-playbook-bridge-mautrix-instagram.md) | [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) | ❌ | Bridge to [Instagram](https://instagram.com/) |
+| [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
+| [mx-puppet-instagram](configuring-playbook-bridge-mx-puppet-instagram.md) | [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) | ❌ | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) |
+| [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
+| [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
+| [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
+| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -305,18 +305,23 @@ See [Serving the base domain](configuring-playbook-base-domain-serving.md).

 ### How do I optimize this setup for a low-power server?

+For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md)).
+
 You can disable some not-so-important services to save on memory.

 ```yaml
 # Disabling this will prevent email-notifications and other such things from working.
 exim_relay_enabled: false
+```

-# You can also disable this to save more RAM,
-# at the expense of audio/video calls being unreliable.
-matrix_coturn_enabled: false
+If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.

-# This makes Synapse not keep track of who is online/offline.
-#
+
+#### Synapse-specific optimizations
+
+If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:
+
+```yaml
 # Keeping track of this and announcing such online-status in federated rooms with
 # hundreds of servers inside is insanely heavy (https://github.com/matrix-org/synapse/issues/3971).
 #
@@ -324,18 +329,14 @@ matrix_coturn_enabled: false
 matrix_synapse_presence_enabled: false
 ```

-You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:
+You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:

 ```yaml
-matrix_synapse_configuration_extension_yaml: |
-  limit_remote_rooms:
-    enabled: true
-    complexity: 1.0 # this limits joining complex (~large) rooms, can be
-					# increased, but larger values can require more RAM
+# See: docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
+matrix_synapse_limit_remote_rooms_enabled: true
+matrix_synapse_limit_remote_rooms_complexity: 1.0
 ```

-If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
-
 ### I already have Docker on my server. Can you stop installing Docker via the playbook?

 Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
@@ -440,6 +441,19 @@ To prevent double-logging, Docker logging is disabled by explicitly passing `--l

 See [this section](maintenance-and-troubleshooting.md#how-to-see-the-logs) on the page for maintenance and troubleshooting for more details to see the logs.

+### The server fails to start due to the `Unable to start service matrix-coturn.service` error. Why and how to solve it?
+
+The error is most likely because Traefik cannot obtain SSL certificates due to certain reasons such as wrong domain name configuration or port 80 being unavailable due to other services.
+
+If Traefik fails to obtain an SSL certificate for domain names such as `matrix.`, Traefik Certs Dumper cannot extract the SSL certificate out of there, and coturn cannot be started and the error occurs. Refer to these comments for details:
+
+- <https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3957#issuecomment-2599590441>
+- <https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4570#issuecomment-3364111466>
+
+If you are not sure what the problem is, at first make sure that you have set the "base domain" (`example.com`, **not `matrix.example.com`**) to `matrix_domain`. You should be able to find it at the top of your `vars.yml`.
+
+If it is correctly specified, look Traefik's logs (`journalctl -fu matrix-traefik.service`) for errors by Let's Encrypt for troubleshooting.
+
 ## Miscellaneous

 ### I would like to see this favorite service of mine integrated and become available on my Matrix server. How can I request it?
--- a/docs/howto-srv-server-delegation.md
+++ b/docs/howto-srv-server-delegation.md
@@ -26,7 +26,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra

 **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels:

- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md))
+- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md))
 - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached

 Also, all instructions below are from an older version of the playbook and may not work anymore.
@@ -104,24 +104,24 @@ This should not happen again afterwards as Traefik will renew certificates well

 ```yaml
 # Only depend on docker.service, this removes the dependency on the certificate exporter, might imply the need to manually restart coturn on the first installation once the certificates are obtained, afterwards, the reload service should handle things
-matrix_coturn_systemd_required_services_list: ['docker.service']
+coturn_systemd_required_services_list: ['docker.service']

 # This changes the path of the loaded certificate, while maintaining the original functionality, we're now loading the wildcard certificate.
-matrix_coturn_container_additional_volumes: |
+coturn_container_additional_volumes: |
  {{
    (
      [
       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/certificate.crt'),
         'dst': '/certificate.crt',
         'options': 'ro',
       },
       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/privatekey.key'),
         'dst': '/privatekey.key',
         'options': 'ro',
       },
-      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
+      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and coturn_tls_enabled else []
    )
  }}
 ```
@@ -165,24 +165,24 @@ traefik_environment_variables: |
  LEGO_DISABLE_CNAME_SUPPORT=true

 # Only depend on docker.service, this removes the dependency on the certificate exporter, might imply the need to manually restart coturn on the first installation once the certificates are obtained, afterwards, the reload service should handle things
-matrix_coturn_systemd_required_services_list: ['docker.service']
+coturn_systemd_required_services_list: ['docker.service']

 # This changes the path of the loaded certificate, while maintaining the original functionality, we're now loading the wildcard certificate.
-matrix_coturn_container_additional_volumes: |
+coturn_container_additional_volumes: |
  {{
    (
      [
       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/certificate.crt'),
         'dst': '/certificate.crt',
         'options': 'ro',
       },
       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/privatekey.key'),
         'dst': '/privatekey.key',
         'options': 'ro',
       },
-      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
+      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and coturn_tls_enabled else []
    )
  }}
 ```
--- a/docs/installing.md
+++ b/docs/installing.md
@@ -146,6 +146,7 @@ After completing the installation, you can:
 - or learn how to [maintain your server](faq.md#maintenance)
 - or join some Matrix rooms:
  * via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers.
+    For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
  * or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
 - or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))

--- a/docs/just.md
+++ b/docs/just.md
@@ -43,3 +43,13 @@ For example, these two commands are different:
 The just recipe runs `ensure-matrix-users-created` and `start` tags after `install-all`, while the latter runs only `install-all` tag. The correct shortcut of the latter is `just run-tags install-all`.

 Such kind of difference sometimes matters. For example, when you install a Matrix server into which you will import old data (see [here](installing.md#installing-a-server-into-which-youll-import-old-data)), you are not supposed to run `just install-all` or `just setup-all`, because these commands start services immediately after installing components, which may prevent you from importing the data.
+
+## Conditional service restart
+
+When running `install-all` or `install-service` (whether via `just` or raw `ansible-playbook`), only services whose configuration or container image actually changed during the playbook run will be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime.
+
+When running with `setup-*` tags (e.g. `setup-all`, `setup-synapse`), all services are unconditionally restarted regardless of whether changes were detected. This is appropriate for setup's thorough "full setup" semantics.
+
+`start-all` and `start-group` always restart all targeted services, since no installation tasks run during these commands.
+
+This behavior is automatically determined based on the playbook tags in use. It can be overridden with the `devture_systemd_service_manager_conditional_restart_enabled` variable. For example, to force unconditional restarts during installation: `just install-all --extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'`
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -104,12 +104,12 @@ To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense

 PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.

-The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
+The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_default` variable.

 Most users should be fine with the automatically-done tuning. However, you may wish to:

- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
+- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_default` variable

- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
+- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_default: []`

- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration
+- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_default` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration
--- a/docs/maintenance-synapse.md
+++ b/docs/maintenance-synapse.md
@@ -83,6 +83,8 @@ You should then be able to browse the adminer database administration GUI at htt

 Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_presence_enabled: false` to your `vars.yml` file.

+On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
+
 If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).

 [Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -23,8 +23,6 @@ We will be using `example.com` as the domain in the following instruction. Pleas

 - [Ansible](http://ansible.com/) program. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.

- [passlib](https://passlib.readthedocs.io/en/stable/index.html) Python library. See [this official documentation](https://passlib.readthedocs.io/en/stable/install.html#installation-instructions) for an instruction to install it. On most distros, you need to install some `python-passlib` or `py3-passlib` package, etc.
-
 - [`git`](https://git-scm.com/) as the recommended way to download the playbook. `git` may also be required on the server if you will be [self-building](self-building.md) components.

 - [`just`](https://github.com/casey/just) for running `just roles`, `just update`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually. Take a look at this documentation for more information: [Running `just` commands](just.md).
@@ -59,12 +57,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas

  - `80/tcp`: HTTP webserver
  - `443/tcp` and `443/udp`: HTTPS webserver
-  - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
-  - `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
-  - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
-  - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
  - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
-  - the range `49152-49172/udp`: TURN over UDP
  - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.

 ---------------------------------------------
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@@ -161,6 +161,6 @@ You can then proceed to run the query above.

 ### Adding/Removing Administrator privileges to an existing user in Matrix Authentication Service

-Promoting/demoting a user in Matrix Authentication Service cannot currently (2024-10-19) be done via the [`mas-cli` Management tool](./configuring-playbook-matrix-authentication-service.md#management).
+Promoting/demoting a user in Matrix Authentication Service can be done using the [`mas-cli`](./configuring-playbook-matrix-authentication-service.md#management) management tool's [`manage promote-admin`](https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-promote-admin) and [`manage demote-admin`](https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-demote-admin) commands. For example: `/matrix/matrix-authentication-service/bin/mas-cli manage promote-admin some.username`.

-You can do it via the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html)'s `POST /api/admin/v1/users/{id}/set-admin` endpoint.
+You can also do it via the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html)'s `POST /api/admin/v1/users/{id}/set-admin` endpoint.
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -28,20 +28,16 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-synapse`
 - `matrix-synapse-admin`
 - `matrix-client-element`
- `matrix-client-hydrogen`
- `matrix-client-cinny`
+- `hydrogen`
+- `cinny`
+- `sable`
 - `matrix-registration`
- `matrix-coturn`
+- `coturn`
 - `matrix-corporal`
- `matrix-dimension`
- `matrix-ma1sd`
 - `exim-relay`
 - `matrix-bridge-hookshot`
 - `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-appservice-webhooks`
 - `matrix-bridge-beeper-linkedin`
- `matrix-bridge-mautrix-facebook`
 - `matrix-bridge-mautrix-googlechat`
 - `matrix-bridge-mautrix-telegram`
 - `matrix-bridge-mautrix-signal`
--- a/examples/hosts
+++ b/examples/hosts
@@ -1,6 +1,3 @@
-# We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.
-# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
-#
 # To connect using a non-root user (and elevate to root with sudo later),
 # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
 # If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
@@ -18,4 +15,4 @@
 # to the host line below.

 [matrix_servers]
-matrix.example.com ansible_host=<your-server's external IP address> ansible_ssh_user=root
+matrix.example.com ansible_host=<your-server's domain name or IP address> ansible_ssh_user=root
--- a/examples/reverse-proxies/apache/README.md
+++ b/examples/reverse-proxies/apache/README.md
@@ -19,4 +19,4 @@ To get started, first follow the [front the integrated reverse-proxy webserver w
 `matrix-domain.conf` contains configuration for the Matrix domain, which handles both the Client-Server API (port `443`) and the Matrix Federation API (port `8448`).

 `matrix-client-element.conf` is an example for when you're hosting Element Web at `element.example.com`.
-This configuration can also be used as an example for handling other domains, depending on the services you enable with the playbook (e.g. `dimension.example.com`, etc).
+This configuration can also be used as an example for handling other domains, depending on the services you enable with the playbook (e.g. `etherpad.example.com`, etc).
--- a/examples/reverse-proxies/apache/matrix-domain.conf
+++ b/examples/reverse-proxies/apache/matrix-domain.conf
@@ -33,6 +33,12 @@
 	ProxyRequests Off
 	ProxyVia On
 	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+	ProxyTimeout 86400
+
+	RewriteEngine On
+	RewriteCond %{HTTP:Connection} Upgrade [NC]
+	RewriteCond %{HTTP:Upgrade} websocket [NC]
+	RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]

 	AllowEncodedSlashes NoDecode
 	ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
--- a/examples/reverse-proxies/nginx/README.md
+++ b/examples/reverse-proxies/nginx/README.md
@@ -22,4 +22,4 @@ Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modi

 This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.example.com`, `element.example.com`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.

-Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.example.com` from the `server_name` list if you don't use [Element Web](../../../docs/configuring-playbook-client-element-web.md) client or add `dimension.example.com` to it if you do use the [Dimension](../../../docs/configuring-playbook-dimension.md) integration manager.
+Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.example.com` from the `server_name` list if you don't use [Element Web](../../../docs/configuring-playbook-client-element-web.md) client or add `etherpad.example.com` to it if you do use [Etherpad](../../../docs/configuring-playbook-etherpad.md).
--- a/examples/reverse-proxies/nginx/matrix.conf
+++ b/examples/reverse-proxies/nginx/matrix.conf
@@ -19,7 +19,7 @@ server {
    # TODO: add/remove services and their subdomains if you use/don't use them
    # this example is using hosting something on the base domain and an Element Web client, so example.com and element.example.com are listed in addition to matrix.example.com
    # if you don't use those, you can remove them
-    # if you use e.g. Dimension on dimension.example.com, add dimension.example.com to the server_name list
+    # if you use e.g. Etherpad on etherpad.example.com, add etherpad.example.com to the server_name list
    server_name example.com matrix.example.com element.example.com;

    location / {
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -1,4 +1,9 @@
 ---
+# This variable acknowledges that you've reviewed breaking changes up to this version.
+# The playbook will fail if this is outdated, guiding you through what changed.
+# See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
+matrix_playbook_migration_validated_version: v2026.03.23.0
+
 # The bare domain name which represents your Matrix identity.
 # Matrix user IDs for your server will be of the form (`@alice:example.com`).
 #
@@ -53,18 +58,10 @@ devture_systemd_docker_base_ipv6_enabled: true
 # The value used here must be shorter than 100 characters.
 postgres_connection_password: ''

-# By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
-# If this value is an external IP address, you can skip this section.
+# You can limit heavy room joins on constrained hosts.
+# See:
+# docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
 #
-# If `ansible_host` is not the server's external IP address, you have 2 choices:
-# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
-# 2. Uncomment and adjust the line below to specify an IP address manually
-#
-# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
-# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
-# (see `roles/custom/matrix-coturn/defaults/main.yml`).
-#
-# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
-# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
-#
-# matrix_coturn_turn_external_ip_address: ''
+# matrix_synapse_limit_remote_rooms_enabled: true
+# matrix_synapse_limit_remote_rooms_complexity: 1.0
+# matrix_synapse_limit_remote_rooms_admins_can_join: false
--- a/flake.nix
+++ b/flake.nix
@@ -19,6 +19,7 @@
          devShells.default = mkShell {
            buildInputs = [
              just
+              mise
              ansible
            ];
            shellHook = ''
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -1,33 +1,33 @@
 alabaster==1.0.0
-babel==2.17.0
-certifi==2025.8.3
-charset-normalizer==3.4.3
-click==8.2.2
-docutils==0.22
-idna==3.10
-imagesize==1.4.1
+babel==2.18.0
+certifi==2026.2.25
+charset-normalizer==3.4.6
+click==8.3.1
+docutils==0.22.4
+idna==3.11
+imagesize==2.0.0
 Jinja2==3.1.6
-linkify-it-py==2.0.3
+linkify-it-py==2.1.0
 markdown-it-py==4.0.0
-MarkupSafe==3.0.2
+MarkupSafe==3.0.3
 mdit-py-plugins==0.5.0
 mdurl==0.1.2
-myst-parser==4.0.1
-packaging==25.0
+myst-parser==5.0.0
+packaging==26.0
 Pygments==2.19.2
-PyYAML==6.0.2
-requests==2.32.4
-setuptools==80.9.0
+PyYAML==6.0.3
+requests==2.33.0
+setuptools==82.0.1
 snowballstemmer==3.0.1
-Sphinx==8.2.3
+Sphinx==9.1.0
 sphinx-intl==2.3.2
-sphinx-markdown-builder==0.6.8
+sphinx-markdown-builder==0.6.10
 sphinxcontrib-applehelp==2.0.0
 sphinxcontrib-devhelp==2.0.0
 sphinxcontrib-htmlhelp==2.1.0
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
-tabulate==0.9.0
-uc-micro-py==1.0.3
-urllib3==2.5.0
+tabulate==0.10.0
+uc-micro-py==2.0.0
+urllib3==2.6.3
--- a/i18n/translation-templates/CHANGELOG.pot
+++ b/i18n/translation-templates/CHANGELOG.pot
--- a/i18n/translation-templates/README.pot
+++ b/i18n/translation-templates/README.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"

 #: ../../../README.md:1
-msgid "[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate)"
+msgid "[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com&fetchMode=summary)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) [![REUSE status](https://api.reuse.software/badge/github.com/spantaleev/matrix-docker-ansible-deploy)](https://api.reuse.software/info/github.com/spantaleev/matrix-docker-ansible-deploy)"
 msgstr ""

 #: ../../../README.md:1
@@ -28,6 +28,10 @@ msgstr ""
 msgid "donate"
 msgstr ""

+#: ../../../README.md:1
+msgid "REUSE status"
+msgstr ""
+
 #: ../../../README.md:3
 msgid "Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker"
 msgstr ""
@@ -173,15 +177,15 @@ msgid "[Link](docs/configuring-playbook-conduit.md)"
 msgstr ""

 #: ../../../README.md:0
-msgid "[conduwuit](https://conduwuit.puppyirl.gay/)"
+msgid "[continuwuity](https://continuwuity.org)"
 msgstr ""

 #: ../../../README.md:0
-msgid "Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit."
+msgid "Storing your data and managing your presence in the [Matrix](http://matrix.org/) network."
 msgstr ""

 #: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-conduwuit.md)"
+msgid "[Link](docs/configuring-playbook-continuwuity.md)"
 msgstr ""

 #: ../../../README.md:0
@@ -252,11 +256,23 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-client-schildichat-web.md)"
 msgstr ""

-#: ../../../README.md:69
+#: ../../../README.md:0
+msgid "[FluffyChat Web](https://fluffychat.im/)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "The cutest messenger in Matrix"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-client-fluffychat-web.md)"
+msgstr ""
+
+#: ../../../README.md:70
 msgid "Server Components"
 msgstr ""

-#: ../../../README.md:71
+#: ../../../README.md:72
 msgid "Services that run on the server to make the various parts of your installation work."
 msgstr ""

@@ -289,7 +305,7 @@ msgid "[Traefik](https://doc.traefik.io/traefik/)"
 msgstr ""

 #: ../../../README.md:0
-msgid "Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md)"
+msgid "Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. [Using your own webserver](docs/configuring-playbook-own-webserver.md) is also possible."
 msgstr ""

 #: ../../../README.md:0
@@ -320,18 +336,6 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-email.md)"
 msgstr ""

-#: ../../../README.md:0
-msgid "[ma1sd](https://github.com/ma1uta/ma1sd)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "Matrix Identity Server"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-ma1sd.md)"
-msgstr ""
-
 #: ../../../README.md:0
 msgid "[ddclient](https://github.com/linuxserver/docker-ddclient)"
 msgstr ""
@@ -344,11 +348,35 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-dynamic-dns.md)"
 msgstr ""

-#: ../../../README.md:83
-msgid "Authentication"
+#: ../../../README.md:0
+msgid "[LiveKit Server](https://github.com/livekit/livekit)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "WebRTC server for audio/video calls"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-livekit-server.md)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Livekit JWT Service](https://github.com/livekit/livekit-jwt-service)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-livekit-jwt-service.md)"
 msgstr ""

 #: ../../../README.md:85
+msgid "Authentication"
+msgstr ""
+
+#: ../../../README.md:87
 msgid "Extend and modify how users are authenticated on your homeserver."
 msgstr ""

@@ -393,7 +421,7 @@ msgid "[matrix-ldap-registration-proxy](https://gitlab.com/activism.internationa
 msgstr ""

 #: ../../../README.md:0
-msgid "A proxy that handles Matrix registration requests and forwards them to LDAP."
+msgid "Proxy that handles Matrix registration requests and forwards them to LDAP"
 msgstr ""

 #: ../../../README.md:0
@@ -405,7 +433,7 @@ msgid "[matrix-registration](https://github.com/ZerataX/matrix-registration)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A simple python application to have a token based Matrix registration"
+msgid "Simple python application to have a token based Matrix registration"
 msgstr ""

 #: ../../../README.md:0
@@ -413,7 +441,7 @@ msgid "[Link](docs/configuring-playbook-matrix-registration.md)"
 msgstr ""

 #: ../../../README.md:0
-msgid "[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) (UVS)"
+msgid "[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)"
 msgstr ""

 #: ../../../README.md:0
@@ -429,18 +457,18 @@ msgid "[synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispa
 msgstr ""

 #: ../../../README.md:0
-msgid "A spam checker module"
+msgid "Spam checker module"
 msgstr ""

 #: ../../../README.md:0
 msgid "[Link](docs/configuring-playbook-synapse-simple-antispam.md)"
 msgstr ""

-#: ../../../README.md:97
+#: ../../../README.md:99
 msgid "File Storage"
 msgstr ""

-#: ../../../README.md:99
+#: ../../../README.md:101
 msgid "Use alternative file storage to the default `media_store` folder."
 msgstr ""

@@ -469,18 +497,18 @@ msgid "[matrix-media-repo](https://github.com/turt2live/matrix-media-repo)"
 msgstr ""

 #: ../../../README.md:0
-msgid "matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification."
+msgid "Highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification."
 msgstr ""

 #: ../../../README.md:0
 msgid "[Link](docs/configuring-playbook-matrix-media-repo.md)"
 msgstr ""

-#: ../../../README.md:107
+#: ../../../README.md:109
 msgid "Bridges"
 msgstr ""

-#: ../../../README.md:109
+#: ../../../README.md:111
 msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
 msgstr ""

@@ -556,6 +584,18 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bridge-mautrix-wsproxy.md)"
 msgstr ""

+#: ../../../README.md:0
+msgid "[mautrix-bluesky](https://github.com/mautrix/bluesky)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "Bridge to [Bluesky](https://bsky.social/)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-bridge-mautrix-bluesky.md)"
+msgstr ""
+
 #: ../../../README.md:0
 msgid "[mautrix-twitter](https://github.com/mautrix/twitter)"
 msgstr ""
@@ -684,6 +724,18 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md)"
 msgstr ""

+#: ../../../README.md:0
+msgid "[matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "Bridge to [Steam](https://steampowered.com/)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-bridge-steam.md)"
+msgstr ""
+
 #: ../../../README.md:0
 msgid "[matrix-wechat](https://github.com/duo/matrix-wechat)"
 msgstr ""
@@ -708,62 +760,6 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bridge-heisenbridge.md)"
 msgstr ""

-#: ../../../README.md:0
-msgid "[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "Bridge to [Skype](https://www.skype.com)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-bridge-go-skype-bridge.md)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "Bridge to [Slack](https://slack.com)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-bridge-mx-puppet-slack.md)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/))"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "Bridge for Twitter-DMs ([Twitter](https://twitter.com/))"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-bridge-mx-puppet-discord.md)"
-msgstr ""
-
 #: ../../../README.md:0
 msgid "[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme)"
 msgstr ""
@@ -777,7 +773,7 @@ msgid "[Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md)"
 msgstr ""

 #: ../../../README.md:0
-msgid "[mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam)"
+msgid "[mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam)"
 msgstr ""

 #: ../../../README.md:0
@@ -800,11 +796,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bridge-postmoogle.md)"
 msgstr ""

-#: ../../../README.md:141
+#: ../../../README.md:140
 msgid "Bots"
 msgstr ""

-#: ../../../README.md:143
+#: ../../../README.md:142
 msgid "Bots provide various additional functionality to your installation."
 msgstr ""

@@ -813,7 +809,7 @@ msgid "[baibot](https://github.com/etkecc/baibot)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A bot that exposes the power of [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) to you"
+msgid "Bot that exposes the power of [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) to you"
 msgstr ""

 #: ../../../README.md:0
@@ -849,7 +845,7 @@ msgid "[maubot](https://github.com/maubot/maubot)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A plugin-based Matrix bot system"
+msgid "Plugin-based Matrix bot system"
 msgstr ""

 #: ../../../README.md:0
@@ -861,7 +857,7 @@ msgid "[Honoroit](https://github.com/etkecc/honoroit)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A helpdesk bot"
+msgid "Helpdesk bot"
 msgstr ""

 #: ../../../README.md:0
@@ -873,7 +869,7 @@ msgid "[Mjolnir](https://github.com/matrix-org/mjolnir)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A moderation tool for Matrix"
+msgid "Moderation tool for Matrix"
 msgstr ""

 #: ../../../README.md:0
@@ -885,7 +881,7 @@ msgid "[Draupnir](https://github.com/the-draupnir-project/Draupnir)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A moderation tool for Matrix (Fork of Mjolnir)"
+msgid "Moderation tool for Matrix (Fork of Mjolnir)"
 msgstr ""

 #: ../../../README.md:0
@@ -904,11 +900,11 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-bot-buscarron.md)"
 msgstr ""

-#: ../../../README.md:156
+#: ../../../README.md:155
 msgid "Administration"
 msgstr ""

-#: ../../../README.md:158
+#: ../../../README.md:157
 msgid "Services that help you in administrating and monitoring your Matrix installation."
 msgstr ""

@@ -941,7 +937,7 @@ msgid "[synapse-admin](https://github.com/etkecc/synapse-admin)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A web UI tool for administrating users and rooms on your Matrix server"
+msgid "Web UI tool for administrating users and rooms on your Matrix server"
 msgstr ""

 #: ../../../README.md:0
@@ -957,7 +953,7 @@ msgid "Consists of the [Prometheus](https://prometheus.io) time-series database
 msgstr ""

 #: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-prometheus-grafana.md) (for [prometheus-nginxlog-exporter](docs/configuring-playbook-prometheus-nginxlog.md))"
+msgid "[Link](docs/configuring-playbook-prometheus-grafana.md) (for [prometheus-nginxlog-exporter](docs/configuring-playbook-prometheus-grafana.md#enable-metrics-and-graphs-for-nginx-logs-optional))"
 msgstr ""

 #: ../../../README.md:0
@@ -996,32 +992,20 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-synapse-usage-exporter.md)"
 msgstr ""

-#: ../../../README.md:170
+#: ../../../README.md:169
 msgid "Misc"
 msgstr ""

-#: ../../../README.md:172
+#: ../../../README.md:171
 msgid "Various services that don't fit any other categories."
 msgstr ""

-#: ../../../README.md:0
-msgid "[sliding-sync](https://github.com/matrix-org/sliding-sync)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "(Superseded by Simplified Sliding Sync integrated into Synapse > `1.114` and Conduit > `0.6.0`) Sliding Sync support for clients which require it (e.g. old Element X versions before Simplified Sliding Sync was developed)"
-msgstr ""
-
-#: ../../../README.md:0
-msgid "[Link](docs/configuring-playbook-sliding-sync-proxy.md)"
-msgstr ""
-
 #: ../../../README.md:0
 msgid "[synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A Synapse module to automatically accept invites."
+msgid "Synapse module to automatically accept invites"
 msgstr ""

 #: ../../../README.md:0
@@ -1033,7 +1017,7 @@ msgid "[synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-comp
 msgstr ""

 #: ../../../README.md:0
-msgid "A cli tool that automatically compresses `state_groups` database table in background."
+msgid "Cli tool that automatically compresses `state_groups` database table in background"
 msgstr ""

 #: ../../../README.md:0
@@ -1052,12 +1036,24 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-matrix-corporal.md)"
 msgstr ""

+#: ../../../README.md:0
+msgid "[Matrix.to](https://github.com/matrix-org/matrix.to)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "Simple URL redirection service for the Matrix ecosystem"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-matrixto.md)"
+msgstr ""
+
 #: ../../../README.md:0
 msgid "[Etherpad](https://etherpad.org)"
 msgstr ""

 #: ../../../README.md:0
-msgid "An open source collaborative text editor"
+msgid "Open source collaborative text editor"
 msgstr ""

 #: ../../../README.md:0
@@ -1069,7 +1065,7 @@ msgid "[Jitsi](https://jitsi.org/)"
 msgstr ""

 #: ../../../README.md:0
-msgid "An open source video-conferencing platform"
+msgid "Open source video-conferencing platform"
 msgstr ""

 #: ../../../README.md:0
@@ -1081,7 +1077,7 @@ msgid "[Cactus Comments](https://cactus.chat)"
 msgstr ""

 #: ../../../README.md:0
-msgid "A federated comment system built on Matrix"
+msgid "Federated comment system built on Matrix"
 msgstr ""

 #: ../../../README.md:0
@@ -1093,7 +1089,7 @@ msgid "[Pantalaimon](https://github.com/matrix-org/pantalaimon)"
 msgstr ""

 #: ../../../README.md:0
-msgid "An E2EE aware proxy daemon"
+msgid "E2EE aware proxy daemon"
 msgstr ""

 #: ../../../README.md:0
@@ -1124,6 +1120,18 @@ msgstr ""
 msgid "[Link](docs/configuring-playbook-ntfy.md)"
 msgstr ""

+#: ../../../README.md:0
+msgid "[Element Call](https://github.com/element-hq/element-call)"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "A native Matrix video conferencing application"
+msgstr ""
+
+#: ../../../README.md:0
+msgid "[Link](docs/configuring-playbook-element-call.md)"
+msgstr ""
+
 #: ../../../README.md:187
 msgid "🆕 Changes"
 msgstr ""
--- a/i18n/translation-templates/YEAR-IN-REVIEW.pot
+++ b/i18n/translation-templates/YEAR-IN-REVIEW.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,274 +16,274 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../YEAR-IN-REVIEW.md:1
+#: ../../../YEAR-IN-REVIEW.md:8
 msgid "2023"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:3
+#: ../../../YEAR-IN-REVIEW.md:10
 msgid "2023 was a year filled with many changes for matrix-docker-ansible-deploy. In this post, we're looking backward at some of the major changes that happened this year, as well as taking a glimpse of what's ahead in 2024."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:5
+#: ../../../YEAR-IN-REVIEW.md:12
 msgid "2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:7
-msgid "AI aside, with the playbook's focus being containers, we're **doubling down on being \"container native\"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:"
-msgstr ""
-
-#: ../../../YEAR-IN-REVIEW.md:9
-msgid "complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult"
-msgstr ""
-
-#: ../../../YEAR-IN-REVIEW.md:10
-msgid "the current setup became \"good enough\" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way."
-msgstr ""
-
-#: ../../../YEAR-IN-REVIEW.md:12
-msgid "`matrix-nginx-proxy` is no longer in the way of us being interoperable, but its ugly internal details are still there. It is one more proxy in the long chain of reverse-proxies we have and we'd like to cut it out. This would both make things simpler and also boost performance."
-msgstr ""
-
 #: ../../../YEAR-IN-REVIEW.md:14
-msgid "The delay in eliminating `matrix-nginx-proxy` has probably been welcome by many existing users who decided to postpone the Traefik migration a bit longer. In 2024, work on eliminating `matrix-nginx-proxy` will continue with rapid pace. People who are still using `matrix-nginx-proxy` as their front-most reverse-proxy will need to rework their setup. About a year of putting it off has been long enough."
+msgid "AI aside, with the playbook's focus being containers, we're **doubling down on being \"container native\"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:"
 msgstr ""

 #: ../../../YEAR-IN-REVIEW.md:16
+msgid "complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult"
+msgstr ""
+
+#: ../../../YEAR-IN-REVIEW.md:17
+msgid "the current setup became \"good enough\" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way."
+msgstr ""
+
+#: ../../../YEAR-IN-REVIEW.md:19
+msgid "`matrix-nginx-proxy` is no longer in the way of us being interoperable, but its ugly internal details are still there. It is one more proxy in the long chain of reverse-proxies we have and we'd like to cut it out. This would both make things simpler and also boost performance."
+msgstr ""
+
+#: ../../../YEAR-IN-REVIEW.md:21
+msgid "The delay in eliminating `matrix-nginx-proxy` has probably been welcome by many existing users who decided to postpone the Traefik migration a bit longer. In 2024, work on eliminating `matrix-nginx-proxy` will continue with rapid pace. People who are still using `matrix-nginx-proxy` as their front-most reverse-proxy will need to rework their setup. About a year of putting it off has been long enough."
+msgstr ""
+
+#: ../../../YEAR-IN-REVIEW.md:23
 msgid "This large Traefik reverse-proxy change was also accompanied by another internal change which began in 2022, but continued in 2023 - **moving non-Matrix-related roles from being internal to the playbook to living their own life outside of it**. Various roles were made more decoupled and moved outside of the playbook, so that other projects (like the [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook or other Ansible playbooks) could benefit from them. This led to the **death of a few sibling playbooks** ([gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy), [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy), [peertube-docker-ansible-deploy](https://github.com/spantaleev/peertube-docker-ansible-deploy), [vaultwarden-docker-ansible-deploy](https://github.com/spantaleev/vaultwarden-docker-ansible-deploy)), but brought life to something better, which supports all these services and more."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:18
+#: ../../../YEAR-IN-REVIEW.md:25
 msgid "[mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) is a new Ansible playbook that a few of us (matrix-docker-ansible-deploy contributors) have launched in 2023. It has quickly grown to supports [60+ services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md) and aims to do the same for [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) service hosting, as matrix-docker-ansible-deploy has done for Matrix - providing a clean and secure way to run a bunch of services in containers on a regular server (that is to say, without Kubernetes, etc.). Thanks to Traefik and Ansible role reuse, it's easy to host both mash-playbook services and matrix-docker-ansible-deploy services on the same server - see mash-playbook's [interoperability](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md) documentation page. If you've been looking for a holiday project or your New Year's Resolutions list contains \"self-hosting more services\", then you're welcome to give this new playbook a try and join its Matrix room ([#mash-playbook:devture.com](https://matrix.to/#/#mash-playbook:devture.com))."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:20
+#: ../../../YEAR-IN-REVIEW.md:27
 msgid "Because many of the roles are now external to this playbook (defined in the [requirements.yml](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/da27655ef34999fa924bc0a5e641dbd9ba06f133/requirements.yml) file), running `make roles` (or better yet `just roles` via the [just tool](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#support-for-running-commands-via-just)) becomes a necessity each time one pulls playbook updates (`git pull`). Pulling external roles happens via the [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) command-line tool, but if available, the playbook would also use the much faster [agru](https://github.com/etkecc/agru) tool (developed by [Aine](https://gitlab.com/etke.cc) from [etke.cc](https://etke.cc/) this year)."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:22
+#: ../../../YEAR-IN-REVIEW.md:29
 msgid "With the internal (but important) details out of the way, we can now talk more about **new features that landed in matrix-docker-ansible-deploy in 2023**."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:24
+#: ../../../YEAR-IN-REVIEW.md:31
 msgid "The following **new** **bridges** were added to the playbook in 2023:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:26
+#: ../../../YEAR-IN-REVIEW.md:33
 msgid "(2023-01-11) [mautrix-slack](https://mau.dev/mautrix/slack), thanks to a PR by [Cody Neiman](https://github.com/xangelix) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#mautrix-slack-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:27
+#: ../../../YEAR-IN-REVIEW.md:34
 msgid "(2023-07-21) [mautrix-gmessages](https://github.com/mautrix/gmessages), thanks to a PR by [Shreyas Ajjarapu](https://github.com/shreyasajj) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#mautrix-gmessages-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:28
+#: ../../../YEAR-IN-REVIEW.md:35
 msgid "(2023-08-23) [mautrix-wsproxy](https://github.com/mautrix/wsproxy) for Apple iMessage bridging (when combined with the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android phone), thanks to a PR by [Johan Swetzén](https://github.com/jswetzen)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:30
+#: ../../../YEAR-IN-REVIEW.md:37
 msgid "This brings the total number of **[bridges that the playbook supports](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/docs/configuring-playbook.md#bridging-other-networks) up to 30**. There are alternative bridge implementations for various networks and protocols, so the number of \"unique bridged networks\" is surely much smaller."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:32
+#: ../../../YEAR-IN-REVIEW.md:39
 msgid "A few other **major components and changes** landed in 2023:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:34
+#: ../../../YEAR-IN-REVIEW.md:41
 msgid "(2023-02-10) The [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool (successor to [Mjolnir](https://github.com/matrix-org/mjolnir)), thanks to a PR by [FSG-Cat](https://github.com/FSG-Cat) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#draupnir-moderation-tool-bot-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:35
+#: ../../../YEAR-IN-REVIEW.md:42
 msgid "(2023-02-10) [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) to add Matrix Authentication Support to our Jitsi setup, thanks to a PR by [Jakob S.](https://github.com/jakicoll) from [zakk gGmbH](https://github.com/zakk-it) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#matrix-authentication-support-for-jitsi))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:36
+#: ../../../YEAR-IN-REVIEW.md:43
 msgid "(2023-02-25) The [rageshake](https://github.com/matrix-org/rageshake) bug report server, thanks to a PR by [Benjamin Kampmann](https://github.com/gnunicorn) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#rageshake-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:37
+#: ../../../YEAR-IN-REVIEW.md:44
 msgid "(2023-03-07) [Sliding Sync proxy](https://github.com/matrix-org/sliding-sync) (currently a necessary component for [Element X](https://element.io/labs/element-x) to work), thanks to: [Benjamin Kampmann](https://github.com/gnunicorn) and [FSG-Cat](https://github.com/FSG-Cat) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#sliding-sync-proxy-element-x-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:38
+#: ../../../YEAR-IN-REVIEW.md:45
 msgid "(2023-03-12) synapse-auto-compressor to periodically and automatically run [rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state), thanks to a PR by [Aine](https://gitlab.com/etke.cc) from [etke.cc](https://etke.cc/) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#synapse-auto-compressor-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:39
+#: ../../../YEAR-IN-REVIEW.md:46
 msgid "(2023-07-17) [matrix-media-repo](https://github.com/turt2live/matrix-media-repo),  thanks to a PR by [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), the creators of the [Circles app](https://circu.li/) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#matrix-media-repo-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:40
+#: ../../../YEAR-IN-REVIEW.md:47
 msgid "(2023-08-31) [SchildiChat Web](https://github.com/SchildiChat/schildichat-desktop) client app (fork of [Element Web)](https://github.com/element-hq/element-web), thanks to a PR by [Aine](https://gitlab.com/etke.cc) from [etke.cc](https://etke.cc/) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#schildichat-support))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:41
+#: ../../../YEAR-IN-REVIEW.md:48
 msgid "(2023-10-18) Postgres parameters auto-tuning, thanks to a PR by [Aine](https://gitlab.com/etke.cc) from [etke.cc](https://etke.cc/) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#postgres-parameters-are-automatically-tuned-now))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:42
+#: ../../../YEAR-IN-REVIEW.md:49
 msgid "(2023-10-23) Enabling federation of the room directory for Synapse (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#enabling-allow_public_rooms_over_federation-by-default-for-synapse))"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:44
+#: ../../../YEAR-IN-REVIEW.md:51
 msgid "The most recent change in the list above (Enabling federation of the room directory for Synapse) has been somewhat **controversial** as it goes against upstream defaults for Synapse. Nevertheless, we believe it **promotes the well-being of the Matrix Federation by improving room discovery**."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:46
+#: ../../../YEAR-IN-REVIEW.md:53
 msgid "**Matrix Federation Stats** (containing the percentage of servers publishing their room directory publicly) are posted to [TWIM](https://matrix.org/category/this-week-in-matrix/) each week by [Aine](https://gitlab.com/etke.cc) from [etke.cc](https://etke.cc/). The number of servers which [currently published their room directory publicly](https://matrix.org/blog/2023/12/2/this-week-in-matrix-2023-12-22/#matrix-federation-stats) stands at `26.6%`, which is:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:48
+#: ../../../YEAR-IN-REVIEW.md:55
 msgid "**2.4% more** than when it was when [first published to TWIM](https://matrix.org/blog/2023/11/03/this-week-in-matrix-2023-11-03/#matrix-federation-stats) (1 month earlier, in November)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:49
+#: ../../../YEAR-IN-REVIEW.md:56
 msgid "likely about **15+% more** than from before we flipped the switch (in October)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:51
+#: ../../../YEAR-IN-REVIEW.md:58
 msgid "Hopefully, Synapse defaults would also change the same way and we'd see the number of servers publicly listing their room directory grow faster."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:53
+#: ../../../YEAR-IN-REVIEW.md:60
 msgid "With this configuration change in place, projects like [MatrixRooms.info](https://matrixrooms.info/) (made by [etke.cc](https://etke.cc/)) and potentially others in the future, can discover, index the metadata (room address, title, topic, number of users, etc.) and make public rooms browsable & searchable across the whole Matrix Federation. It'd be great if users joining Matrix could more easily find interesting communities that match their interests!"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:55
+#: ../../../YEAR-IN-REVIEW.md:62
 msgid "On the **media side of things**, besides Jitsi getting better Matrix integration (via the aforementioned Matrix User Verification Service), we've also had some [coturn security tightening](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-tightening-coturn-security-can-lead-to-connectivity-issues) as well as [performance optimizations](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#coturn-can-now-use-host-networking) for configurations exposing lots of network ports."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:57
+#: ../../../YEAR-IN-REVIEW.md:64
 msgid "[Element Call](https://github.com/element-hq/element-call) seems to have become a nice and polished product lately (as proclaimed in [The Matrix Holiday Update 2023](https://matrix.org/blog/2023/12/25/the-matrix-holiday-update-2023/)), so 2024 is likely the year we'll see support for it in the playbook. Element Call depends on the [LiveKit](https://livekit.io/) streaming server (which is also useful to developers even by itself), so the first step is likely to see LiveKit support in mash-playbook via a reusable Ansible role. Such a LiveKit Ansible role could later easily land in matrix-docker-ansible-deploy and an Element Call static website could be hooked to it."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:59
+#: ../../../YEAR-IN-REVIEW.md:66
 msgid "Besides these highlights, there were many other relatively large changes announced in our [CHANGELOG](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md) and hundreds of other more minor (but still important) playbook changes that didn't get a mention."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:61
+#: ../../../YEAR-IN-REVIEW.md:68
 msgid "We have **hundreds of contributors to thank for their hard work** on making Matrix self-hosting better for all of us! It should be noted that **support comes in many shapes**, not only in raw code commits and financial help (via [donations](https://liberapay.com/s.pantaleev) or using the [etke.cc managed Matrix hosting service](https://etke.cc/) which is based on matrix-docker-ansible-deploy). It also comes in the shape of code reviews, helping others with [issues](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues), reporting new issues, participating in our support room on Matrix ([#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com)), etc. To everyone who has been there to make matrix-docker-ansible-deploy better in 2023, thank you! 🙇‍♂️"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:64
+#: ../../../YEAR-IN-REVIEW.md:71
 msgid "2022"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:66
+#: ../../../YEAR-IN-REVIEW.md:73
 msgid "For [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy/), 2022 started with **breaking the** [**Synapse**](https://github.com/element-hq/synapse) **monopoly** by [adding support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#dendrite-support) for the [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver in early January. This required various internal changes so that the [Ansible](https://www.ansible.com/) playbook would not be Synapse-centric anymore. This groundwork paved the way for continuing in this direction and we [added support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#conduit-support) for [Conduit](https://conduit.rs/) in August."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:68
+#: ../../../YEAR-IN-REVIEW.md:75
 msgid "When it comes to the `matrix-docker-ansible-deploy` Ansible playbook, 2022 was the year of the non-Synapse homeserver implementation. In practice, none of these homeserver implementations seem ready for prime-time yet and there is no migration path when coming from Synapse. Having done our job of adding support for these alternative homeserver implementations, we can say that we're not getting in the way of future progress. It's time for the Dendrite developers to push harder (development-wise) and for the Synapse developers to take a well-deserved long (infinite) break, and we may get to see more people migrating away from Synapse in the next year(s)."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:70
+#: ../../../YEAR-IN-REVIEW.md:77
 msgid "Support for the following new **bridges** was added:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:72
+#: ../../../YEAR-IN-REVIEW.md:79
 msgid "[Postmoogle](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#postmoogle-email-bridge-support) for bi-directional email bridging, which supersedes my old and simplistic [Email2Matrix](https://github.com/devture/email2matrix) one-way bridge-bot"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:73
+#: ../../../YEAR-IN-REVIEW.md:80
 msgid "[mautrix-discord](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#mautrix-discord-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:74
+#: ../../../YEAR-IN-REVIEW.md:81
 msgid "[go-skype-bridge](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#go-skype-bridge-bridging-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:75
+#: ../../../YEAR-IN-REVIEW.md:82
 msgid "[matrix-appservice-kakaotalk](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#matrix-appservice-kakaotalk-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:77
+#: ../../../YEAR-IN-REVIEW.md:84
 msgid "Support for the following new **bots** was added:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:79
+#: ../../../YEAR-IN-REVIEW.md:86
 msgid "[buscarron bot](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#buscarron-bot-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:80
+#: ../../../YEAR-IN-REVIEW.md:87
 msgid "[Honoroit bot](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#honoroit-bot-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:81
+#: ../../../YEAR-IN-REVIEW.md:88
 msgid "[matrix-registration-bot](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#matrix-registration-bot-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:82
+#: ../../../YEAR-IN-REVIEW.md:89
 msgid "[matrix-hookshot](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#matrix-hookshot-bridging-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:83
+#: ../../../YEAR-IN-REVIEW.md:90
 msgid "[maubot](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#maubot-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:85
+#: ../../../YEAR-IN-REVIEW.md:92
 msgid "Support for the following new **components and services** was added:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:87
+#: ../../../YEAR-IN-REVIEW.md:94
 msgid "[BorgBackup](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#borg-backup-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:88
+#: ../../../YEAR-IN-REVIEW.md:95
 msgid "[Cactus Comments](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#cactus-comments-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:89
+#: ../../../YEAR-IN-REVIEW.md:96
 msgid "[Cinny](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#cinny-support) client support"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:90
+#: ../../../YEAR-IN-REVIEW.md:97
 msgid "[ntfy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#ntfy-push-notifications-support) notifications"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:91
+#: ../../../YEAR-IN-REVIEW.md:98
 msgid "[matrix-ldap-registration-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#matrix-ldap-registration-proxy-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:92
+#: ../../../YEAR-IN-REVIEW.md:99
 msgid "[matrix\\_encryption\\_disabler support](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#matrix_encryption_disabler-support)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:93
+#: ../../../YEAR-IN-REVIEW.md:100
 msgid "[synapse-s3-storage-provider](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#synapse-s3-storage-provider-support) to stop the Synapse media store from being a scalability problem. This brought along [another feature](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#synapse-container-image-customization-support) - an easier way to customize the Synapse container image without having to fork and self-build all of it from scratch"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:95
+#: ../../../YEAR-IN-REVIEW.md:102
 msgid "Besides these major user-visible changes, a lot of work also happened **under the hood**:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:97
+#: ../../../YEAR-IN-REVIEW.md:104
 msgid "we made [major improvements to Synapse workers](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#potential-backward-compatibility-break-major-improvements-to-synapse-workers) - adding support for stream writers and for running multiple workers of various kinds (federation senders, pushers, background task processing workers, etc.)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:98
+#: ../../../YEAR-IN-REVIEW.md:105
 msgid "we [improved the compatibility of (Synapse + workers) with the rest of the playbook](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#backward-compatibility-break-changing-how-reverse-proxying-to-synapse-works---now-via-a-matrix-synapse-reverse-proxy-companion-service) by introducing a new `matrix-synapse-reverse-proxy-companion-service` service"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:99
+#: ../../../YEAR-IN-REVIEW.md:106
 msgid "we started [splitting various Ansible roles out of the Matrix playbook and into independent roles](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#the-playbook-now-uses-external-roles-for-some-things) (e.g. `matrix-postgres` -> [ansible-role-postgres](https://github.com/mother-of-all-self-hosting/ansible-role-postgres)), which could be included in other Ansible playbooks. In fact, these roles already power a few **interesting other sibling playbooks**:"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:100
+#: ../../../YEAR-IN-REVIEW.md:107
 msgid "[gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy), for deploying a [Gitea](https://gitea.io/) (self-hosted [Git](https://git-scm.com/) service) server"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:101
+#: ../../../YEAR-IN-REVIEW.md:108
 msgid "[nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy), for deploying a [Nextcloud](https://nextcloud.com/) groupware server"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:102
+#: ../../../YEAR-IN-REVIEW.md:109
 msgid "[vaultwarden-docker-ansible-deploy](https://github.com/spantaleev/vaultwarden-docker-ansible-deploy), for deploying a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password manager server (unofficial [Bitwarden](https://bitwarden.com/) compatible server)"
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:104
+#: ../../../YEAR-IN-REVIEW.md:111
 msgid "These sibling playbooks co-exist nicely with one another due to using [Traefik](https://traefik.io/) for reverse-proxying, instead of trying to overtake the whole server by running their own [nginx](https://nginx.org/) reverse-proxy. Hopefully soon, the Matrix playbook will follow suit and be powered by Traefik by default."
 msgstr ""

-#: ../../../YEAR-IN-REVIEW.md:106
+#: ../../../YEAR-IN-REVIEW.md:113
 msgid "Last, but not least, to optimize our [etke.cc managed Matrix hosting service](https://etke.cc/)'s performance (but also individual Ansible playbook runs for people self-hosting by themselves using the playbook), we've [improved playbook runtime 2-5x](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ba09705f7fbaf0108652ecbe209793b1d935eba7/CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) by employing various Ansible tricks."
 msgstr ""
--- a/i18n/translation-templates/docs/README.pot
+++ b/i18n/translation-templates/docs/README.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,154 +16,154 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/README.md:1
+#: ../../../docs/README.md:10
 msgid "Table of Contents"
 msgstr ""

-#: ../../../docs/README.md:3
-msgid "⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by \"Getting started\" on README.md -->"
+#: ../../../docs/README.md:12
+msgid "⬇️ Installation guides <!-- NOTE: the 🚀 emoji is used by \"Getting started\" on README.md -->"
 msgstr ""

-#: ../../../docs/README.md:5
+#: ../../../docs/README.md:14
 msgid "There are two installation guides available for beginners and advanced users."
 msgstr ""

-#: ../../../docs/README.md:7
+#: ../../../docs/README.md:16
 msgid "⚡ **[Quick start](quick-start.md) (for beginners)**: this is recommended for those who do not have an existing Matrix server and want to start quickly with \"opinionated defaults\"."
 msgstr ""

-#: ../../../docs/README.md:9
+#: ../../../docs/README.md:18
 msgid "**Full installation guide (for advanced users)**: if you need to import an existing Matrix server's data into the new server or want to learn more while setting up the server, follow this guide."
 msgstr ""

-#: ../../../docs/README.md:11
+#: ../../../docs/README.md:20
 msgid "[Prerequisites](prerequisites.md)"
 msgstr ""

-#: ../../../docs/README.md:13
-msgid "[Configuring your DNS settings](configuring-dns.md)"
+#: ../../../docs/README.md:22
+msgid "[Configuring DNS settings](configuring-dns.md)"
 msgstr ""

-#: ../../../docs/README.md:15
+#: ../../../docs/README.md:24
 msgid "[Getting the playbook](getting-the-playbook.md)"
 msgstr ""

-#: ../../../docs/README.md:17
+#: ../../../docs/README.md:26
 msgid "[Configuring the playbook](configuring-playbook.md)"
 msgstr ""

-#: ../../../docs/README.md:19
+#: ../../../docs/README.md:28
 msgid "[Installing](installing.md)"
 msgstr ""

-#: ../../../docs/README.md:21
+#: ../../../docs/README.md:30
 msgid "🛠️ Configuration options"
 msgstr ""

-#: ../../../docs/README.md:28
+#: ../../../docs/README.md:37
 msgid "You can check useful documentation for configuring components here: [Configuring the playbook](configuring-playbook.md)"
 msgstr ""

-#: ../../../docs/README.md:30
+#: ../../../docs/README.md:39
 msgid "[Administration](configuring-playbook.md#administration) — services that help you in administrating and monitoring your Matrix installation"
 msgstr ""

-#: ../../../docs/README.md:32
+#: ../../../docs/README.md:41
 msgid "[Authentication and user-related](configuring-playbook.md#authentication-and-user-related) — extend and modify how users are authenticated on your homeserver"
 msgstr ""

-#: ../../../docs/README.md:34
+#: ../../../docs/README.md:43
 msgid "[Bots](configuring-playbook.md#bots) — bots provide various additional functionality to your installation"
 msgstr ""

-#: ../../../docs/README.md:36
+#: ../../../docs/README.md:45
 msgid "[Bridges](configuring-playbook.md#bridging-other-networks) — bridges can be used to connect your Matrix installation with third-party communication networks"
 msgstr ""

-#: ../../../docs/README.md:38
+#: ../../../docs/README.md:47
 msgid "[Clients](configuring-playbook.md#clients) — web clients for Matrix that you can host on your own domains"
 msgstr ""

-#: ../../../docs/README.md:40
+#: ../../../docs/README.md:49
 msgid "[Core service adjustments](configuring-playbook.md#core-service-adjustments) — backbone of your Matrix system"
 msgstr ""

-#: ../../../docs/README.md:42
+#: ../../../docs/README.md:51
 msgid "[File Storage](configuring-playbook.md#file-storage) — use alternative file storage to the default `media_store` folder"
 msgstr ""

-#: ../../../docs/README.md:46
+#: ../../../docs/README.md:55
 msgid "[Other specialized services](configuring-playbook.md#other-specialized-services) — various services that don't fit any other categories"
 msgstr ""

-#: ../../../docs/README.md:48
+#: ../../../docs/README.md:57
 msgid "👨‍🔧 Maintenance"
 msgstr ""

-#: ../../../docs/README.md:50
+#: ../../../docs/README.md:59
 msgid "If your server and services experience issues, feel free to come to [our support room](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) and ask for help."
 msgstr ""

-#: ../../../docs/README.md:54
-msgid "[Checking if services work](maintenance-checking-services.md)"
-msgstr ""
-
-#: ../../../docs/README.md:56
+#: ../../../docs/README.md:63
 msgid "[Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)"
 msgstr ""

-#: ../../../docs/README.md:58
+#: ../../../docs/README.md:65
 msgid "[PostgreSQL maintenance](maintenance-postgres.md)"
 msgstr ""

-#: ../../../docs/README.md:60
+#: ../../../docs/README.md:67
 msgid "[Synapse maintenance](maintenance-synapse.md)"
 msgstr ""

-#: ../../../docs/README.md:62
+#: ../../../docs/README.md:69
 msgid "[Upgrading services](maintenance-upgrading-services.md)"
 msgstr ""

-#: ../../../docs/README.md:64
+#: ../../../docs/README.md:71
 msgid "Other documentation pages <!-- NOTE: this header's title and the section below need optimization -->"
 msgstr ""

-#: ../../../docs/README.md:66
+#: ../../../docs/README.md:73
 msgid "ℹ️ **[FAQ](faq.md)** — various Frequently Asked Questions about Matrix, with a focus on this Ansible playbook"
 msgstr ""

-#: ../../../docs/README.md:70
+#: ../../../docs/README.md:77
 msgid "[Alternative architectures](alternative-architectures.md)"
 msgstr ""

-#: ../../../docs/README.md:72
+#: ../../../docs/README.md:79
 msgid "[Container images used by the playbook](container-images.md)"
 msgstr ""

-#: ../../../docs/README.md:74
+#: ../../../docs/README.md:81
 msgid "[Obtaining an Access Token](obtaining-access-tokens.md)"
 msgstr ""

-#: ../../../docs/README.md:76
+#: ../../../docs/README.md:83
 msgid "[Playbook tags](playbook-tags.md)"
 msgstr ""

-#: ../../../docs/README.md:78
+#: ../../../docs/README.md:85
 msgid "[Registering users](registering-users.md)"
 msgstr ""

-#: ../../../docs/README.md:80
+#: ../../../docs/README.md:87
 msgid "[Running `just` commands](just.md)"
 msgstr ""

-#: ../../../docs/README.md:82
+#: ../../../docs/README.md:89
 msgid "[Self-building](self-building.md)"
 msgstr ""

-#: ../../../docs/README.md:84
+#: ../../../docs/README.md:91
 msgid "[Uninstalling](uninstalling.md)"
 msgstr ""

-#: ../../../docs/README.md:86
+#: ../../../docs/README.md:93
 msgid "[Updating users passwords](updating-users-passwords.md)"
 msgstr ""
+
+#: ../../../docs/README.md:95
+msgid "[Using Ansible for the playbook](ansible.md)"
+msgstr ""
--- a/i18n/translation-templates/docs/alternative-architectures.pot
+++ b/i18n/translation-templates/docs/alternative-architectures.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,42 +16,42 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/alternative-architectures.md:1
+#: ../../../docs/alternative-architectures.md:9
 msgid "Alternative architectures"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:3
+#: ../../../docs/alternative-architectures.md:11
 msgid "As stated in the [Prerequisites](prerequisites.md), currently only `amd64` (`x86_64`) is fully supported."
 msgstr ""

-#: ../../../docs/alternative-architectures.md:5
+#: ../../../docs/alternative-architectures.md:13
 msgid "The playbook automatically determines the target server's architecture (the `matrix_architecture` variable) to be one of the following:"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:7
+#: ../../../docs/alternative-architectures.md:15
 msgid "`amd64` (`x86_64`)"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:8
+#: ../../../docs/alternative-architectures.md:16
 msgid "`arm32`"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:9
+#: ../../../docs/alternative-architectures.md:17
 msgid "`arm64`"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:11
+#: ../../../docs/alternative-architectures.md:19
 msgid "Some tools and container images can be built on the host or other measures can be used to install on that architecture."
 msgstr ""

-#: ../../../docs/alternative-architectures.md:13
+#: ../../../docs/alternative-architectures.md:21
 msgid "Implementation details"
 msgstr ""

-#: ../../../docs/alternative-architectures.md:15
+#: ../../../docs/alternative-architectures.md:23
 msgid "For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building)."
 msgstr ""

-#: ../../../docs/alternative-architectures.md:17
+#: ../../../docs/alternative-architectures.md:25
 msgid "For other architecture (`arm64`, `arm32`), components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary."
 msgstr ""
--- a/i18n/translation-templates/docs/ansible.pot
+++ b/i18n/translation-templates/docs/ansible.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,165 +16,177 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/ansible.md:2
-msgid "Running this playbook"
+#: ../../../docs/ansible.md:11
+msgid "Using Ansible for the playbook"
 msgstr ""

-#: ../../../docs/ansible.md:4
+#: ../../../docs/ansible.md:13
 msgid "This playbook is meant to be run using [Ansible](https://www.ansible.com/)."
 msgstr ""

-#: ../../../docs/ansible.md:6
+#: ../../../docs/ansible.md:15
 msgid "Ansible typically runs on your local computer and carries out tasks on a remote server. If your local computer cannot run Ansible, you can also run Ansible on some server somewhere (including the server you wish to install to)."
 msgstr ""

-#: ../../../docs/ansible.md:8
+#: ../../../docs/ansible.md:17
 msgid "Supported Ansible versions"
 msgstr ""

-#: ../../../docs/ansible.md:10
+#: ../../../docs/ansible.md:19
 msgid "To manually check which version of Ansible you're on, run: `ansible --version`."
 msgstr ""

-#: ../../../docs/ansible.md:12
+#: ../../../docs/ansible.md:21
 msgid "For the **best experience**, we recommend getting the **latest version of Ansible available**."
 msgstr ""

-#: ../../../docs/ansible.md:14
-msgid "We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`)."
+#: ../../../docs/ansible.md:23
+msgid "We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`)."
 msgstr ""

-#: ../../../docs/ansible.md:16
+#: ../../../docs/ansible.md:25
 msgid "If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker)."
 msgstr ""

-#: ../../../docs/ansible.md:18
-msgid "Upgrading Ansible"
-msgstr ""
-
-#: ../../../docs/ansible.md:20
-msgid "Depending on your distribution, you may be able to upgrade Ansible in a few different ways:"
-msgstr ""
-
-#: ../../../docs/ansible.md:22
-msgid "by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website."
-msgstr ""
-
-#: ../../../docs/ansible.md:24
-msgid "by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`)."
-msgstr ""
-
-#: ../../../docs/ansible.md:26
-msgid "If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path."
-msgstr ""
-
-#: ../../../docs/ansible.md:28
-msgid "**Note**: Both of the above methods are a bad way to run system software such as Ansible. If you find yourself needing to resort to such hacks, please consider reporting a bug to your distribution and/or switching to a sane distribution, which provides up-to-date software."
+#: ../../../docs/ansible.md:27
+msgid "[!WARNING] One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory."
 msgstr ""

 #: ../../../docs/ansible.md:30
-msgid "Using Ansible via Docker"
+msgid "Upgrading Ansible"
 msgstr ""

 #: ../../../docs/ansible.md:32
-msgid "Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image)."
+msgid "Depending on your distribution, you may be able to upgrade Ansible in a few different ways:"
 msgstr ""

 #: ../../../docs/ansible.md:34
-msgid "This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook."
+msgid "by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website."
 msgstr ""

 #: ../../../docs/ansible.md:36
-msgid "You can either [run Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) or [run Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)."
+msgid "by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`)."
 msgstr ""

 #: ../../../docs/ansible.md:38
-msgid "Running Ansible in a container on the Matrix server itself"
+msgid "If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path."
 msgstr ""

 #: ../../../docs/ansible.md:40
-msgid "To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:"
+msgid "**Note**: Both of the above methods are a bad way to run system software such as Ansible. If you find yourself needing to resort to such hacks, please consider reporting a bug to your distribution and/or switching to a sane distribution, which provides up-to-date software."
 msgstr ""

 #: ../../../docs/ansible.md:42
-msgid "you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_playbook_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker"
+msgid "Using Ansible via Docker"
 msgstr ""

-#: ../../../docs/ansible.md:43
-msgid "**or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around"
+#: ../../../docs/ansible.md:44
+msgid "Alternatively, you can run Ansible inside a Docker container (powered by the [ghcr.io/devture/ansible](https://github.com/devture/docker-ansible/pkgs/container/ansible) Docker image)."
 msgstr ""

-#: ../../../docs/ansible.md:45
-msgid "Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/…`, etc.), as described in [configuring the playbook](configuring-playbook.md)."
+#: ../../../docs/ansible.md:46
+msgid "This ensures that:"
 msgstr ""

-#: ../../../docs/ansible.md:47
-msgid "You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the \"remote\" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH."
+#: ../../../docs/ansible.md:48
+msgid "you're using a very recent Ansible version, which is less likely to be incompatible with the playbook"
 msgstr ""

 #: ../../../docs/ansible.md:49
-msgid "Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter …`"
+msgid "you also get access to the [agru](https://github.com/etkecc/agru) tool for quicker Ansible role installation (when running `just roles`) compared to `ansible-galaxy`"
 msgstr ""

 #: ../../../docs/ansible.md:51
-#: ../../../docs/ansible.md:71
+msgid "You can either [run Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) or [run Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)."
+msgstr ""
+
+#: ../../../docs/ansible.md:53
+msgid "Running Ansible in a container on the Matrix server itself"
+msgstr ""
+
+#: ../../../docs/ansible.md:55
+msgid "To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:"
+msgstr ""
+
+#: ../../../docs/ansible.md:57
+msgid "you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_playbook_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker"
+msgstr ""
+
+#: ../../../docs/ansible.md:58
+msgid "**or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around"
+msgstr ""
+
+#: ../../../docs/ansible.md:60
+msgid "Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/…`, etc.), as described in [configuring the playbook](configuring-playbook.md)."
+msgstr ""
+
+#: ../../../docs/ansible.md:62
+msgid "You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the \"remote\" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH."
+msgstr ""
+
+#: ../../../docs/ansible.md:64
+msgid "Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `just install-all --connection=community.docker.nsenter` (or `ansible-playbook --connection=community.docker.nsenter …`)."
+msgstr ""
+
+#: ../../../docs/ansible.md:66
+#: ../../../docs/ansible.md:88
 msgid "Run this from the playbook's directory:"
 msgstr ""

-#: ../../../docs/ansible.md:63
-#: ../../../docs/ansible.md:84
+#: ../../../docs/ansible.md:80
+#: ../../../docs/ansible.md:103
 msgid "Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code."
 msgstr ""

-#: ../../../docs/ansible.md:65
-#: ../../../docs/ansible.md:86
+#: ../../../docs/ansible.md:82
+#: ../../../docs/ansible.md:105
 msgid "First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues)."
 msgstr ""

-#: ../../../docs/ansible.md:67
-msgid "Finally, you can execute `ansible-playbook …` (or `ansible-playbook --connection=community.docker.nsenter …`) commands as per normal now."
+#: ../../../docs/ansible.md:84
+msgid "Finally, you can execute `just` or `ansible-playbook …` (e.g. `ansible-playbook --connection=community.docker.nsenter …`) commands as per normal now."
 msgstr ""

-#: ../../../docs/ansible.md:69
+#: ../../../docs/ansible.md:86
 msgid "Running Ansible in a container on another computer (not the Matrix server)"
 msgstr ""

-#: ../../../docs/ansible.md:82
-msgid "The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that part."
+#: ../../../docs/ansible.md:101
+msgid "The above command tries to mount an SSH key (`$HOME/.ssh/id_ed25519`) into the container (at `/root/.ssh/id_ed25519`). If your SSH key is at a different path (not in `$HOME/.ssh/id_ed25519`), adjust that part."
 msgstr ""

-#: ../../../docs/ansible.md:88
-msgid "Finally, you execute `ansible-playbook …` commands as per normal now."
+#: ../../../docs/ansible.md:107
+msgid "Finally, you execute `just` or `ansible-playbook …` commands as per normal now."
 msgstr ""

-#: ../../../docs/ansible.md:90
+#: ../../../docs/ansible.md:109
 msgid "If you don't use SSH keys for authentication"
 msgstr ""

-#: ../../../docs/ansible.md:92
-msgid "If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`)."
+#: ../../../docs/ansible.md:111
+msgid "If you don't use SSH keys for authentication, simply remove that whole line (`--mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro`)."
 msgstr ""

-#: ../../../docs/ansible.md:94
+#: ../../../docs/ansible.md:113
 msgid "To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it …` command), run:"
 msgstr ""

-#: ../../../docs/ansible.md:100
-msgid "Then, to be asked for the password whenever running an  `ansible-playbook` command add `--ask-pass` to the arguments of the command."
+#: ../../../docs/ansible.md:119
+msgid "Then, to be asked for the password whenever running an `ansible-playbook` command add `--ask-pass` to the arguments of the command."
 msgstr ""

-#: ../../../docs/ansible.md:102
+#: ../../../docs/ansible.md:121
 msgid "Resolve directory ownership issues"
 msgstr ""

-#: ../../../docs/ansible.md:104
-msgid "Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:"
+#: ../../../docs/ansible.md:123
+msgid "Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:"
 msgstr ""

-#: ../../../docs/ansible.md:106
+#: ../../../docs/ansible.md:125
 msgid "fatal: unsafe repository ('/work' is owned by someone else) To add an exception for this directory, call:  git config --global --add safe.directory /work"
 msgstr ""

-#: ../../../docs/ansible.md:110
+#: ../../../docs/ansible.md:129
 msgid "These errors can be resolved by making `git` trust the playbook directory by running `git config --global --add safe.directory /work`"
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-captcha.pot
+++ b/i18n/translation-templates/docs/configuring-captcha.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,60 +16,60 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-captcha.md:1
+#: ../../../docs/configuring-captcha.md:10
 msgid "(Adapted from the [upstream project](https://github.com/element-hq/synapse/blob/develop/docs/CAPTCHA_SETUP.md))"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:3
+#: ../../../docs/configuring-captcha.md:12
 msgid "Overview"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:5
+#: ../../../docs/configuring-captcha.md:14
 msgid "Captcha can be enabled for this home server. This file explains how to do that."
 msgstr ""

-#: ../../../docs/configuring-captcha.md:7
+#: ../../../docs/configuring-captcha.md:16
 msgid "The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. If your homeserver is Dendrite then [hCapcha](https://www.hcaptcha.com) can be used instead."
 msgstr ""

-#: ../../../docs/configuring-captcha.md:9
+#: ../../../docs/configuring-captcha.md:18
 msgid "ReCaptcha"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:11
-#: ../../../docs/configuring-captcha.md:37
+#: ../../../docs/configuring-captcha.md:20
+#: ../../../docs/configuring-captcha.md:46
 msgid "Getting keys"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:13
-#: ../../../docs/configuring-captcha.md:39
+#: ../../../docs/configuring-captcha.md:22
+#: ../../../docs/configuring-captcha.md:48
 msgid "Requires a site/secret key pair from:"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:15
+#: ../../../docs/configuring-captcha.md:24
 msgid "<http://www.google.com/recaptcha/admin>"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:17
+#: ../../../docs/configuring-captcha.md:26
 msgid "Must be a reCAPTCHA **v2** key using the \"I'm not a robot\" Checkbox option"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:19
+#: ../../../docs/configuring-captcha.md:28
 msgid "Setting ReCaptcha keys"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:21
+#: ../../../docs/configuring-captcha.md:30
 msgid "Once registered as above, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:35
+#: ../../../docs/configuring-captcha.md:44
 msgid "hCaptcha"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:41
+#: ../../../docs/configuring-captcha.md:50
 msgid "<https://dashboard.hcaptcha.com/sites/new>"
 msgstr ""

-#: ../../../docs/configuring-captcha.md:43
+#: ../../../docs/configuring-captcha.md:52
 msgid "Setting hCaptcha keys"
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-dns.pot
+++ b/i18n/translation-templates/docs/configuring-dns.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,23 +16,23 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-dns.md:1
-msgid "Configuring your DNS settings"
+#: ../../../docs/configuring-dns.md:18
+msgid "Configuring DNS settings"
 msgstr ""

-#: ../../../docs/configuring-dns.md:3
-msgid "<sup>[Prerequisites](prerequisites.md) > Configuring your DNS settings > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>"
+#: ../../../docs/configuring-dns.md:20
+msgid "<sup>[Prerequisites](prerequisites.md) > Configuring DNS settings > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>"
 msgstr ""

-#: ../../../docs/configuring-dns.md:5
+#: ../../../docs/configuring-dns.md:22
 msgid "To set up Matrix on your domain, you'd need to do some DNS configuration."
 msgstr ""

-#: ../../../docs/configuring-dns.md:7
+#: ../../../docs/configuring-dns.md:24
 msgid "DNS settings for services enabled by default"
 msgstr ""

-#: ../../../docs/configuring-dns.md:9
+#: ../../../docs/configuring-dns.md:26
 msgid "To serve the base domain (`example.com`) and [Element Web](configuring-playbook-client-element-web.md) with the default subdomain, adjust DNS records as below."
 msgstr ""

@@ -73,7 +73,15 @@ msgid "-"
 msgstr ""

 #: ../../../docs/configuring-dns.md:0
-msgid "`matrix-server-IP`"
+msgid "`matrix-server-IPv4`"
+msgstr ""
+
+#: ../../../docs/configuring-dns.md:0
+msgid "AAAA"
+msgstr ""
+
+#: ../../../docs/configuring-dns.md:0
+msgid "`matrix-server-IPv6`"
 msgstr ""

 #: ../../../docs/configuring-dns.md:0
@@ -88,58 +96,62 @@ msgstr ""
 msgid "`matrix.example.com`"
 msgstr ""

-#: ../../../docs/configuring-dns.md:16
-msgid "As the table illustrates, you need to create 2 subdomains (`matrix.example.com` and `element.example.com`) and point both of them to your server's IP address (DNS `A` record or `CNAME` record is fine)."
+#: ../../../docs/configuring-dns.md:34
+msgid "As the table illustrates, you need to create 2 subdomains (`matrix.example.com` and `element.example.com`) and point both of them to your server's IPv4/IPv6 address."
 msgstr ""

-#: ../../../docs/configuring-dns.md:18
+#: ../../../docs/configuring-dns.md:36
+msgid "If you don't have IPv6 connectivity yet, you can skip the `AAAA` record. For more details about IPv6, see the [Configuring IPv6](./configuring-ipv6.md) documentation page."
+msgstr ""
+
+#: ../../../docs/configuring-dns.md:38
 msgid "The `element.example.com` subdomain is necessary, because this playbook installs the [Element Web](https://github.com/element-hq/element-web) client for you by default. If you'd rather instruct the playbook not to install Element Web (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.example.com` DNS record."
 msgstr ""

-#: ../../../docs/configuring-dns.md:20
+#: ../../../docs/configuring-dns.md:40
 msgid "Be mindful as to how long it will take for the DNS records to propagate."
 msgstr ""

-#: ../../../docs/configuring-dns.md:22
+#: ../../../docs/configuring-dns.md:42
 msgid "**Note**: if you are using Cloudflare DNS, make sure to disable the proxy and set all records to \"DNS only\". Otherwise, fetching certificates will fail."
 msgstr ""

-#: ../../../docs/configuring-dns.md:24
+#: ../../../docs/configuring-dns.md:44
 msgid "DNS setting for server delegation (optional)"
 msgstr ""

-#: ../../../docs/configuring-dns.md:26
+#: ../../../docs/configuring-dns.md:46
 msgid "In the sample `vars.yml` ([`examples/vars.yml`](../examples/vars.yml)), we recommend to use a short user ID like `@alice:example.com` instead of `@alice:matrix.example.com`."
 msgstr ""

-#: ../../../docs/configuring-dns.md:28
+#: ../../../docs/configuring-dns.md:48
 msgid "To use such an ID, you don't need to install anything on the actual `example.com` server. Instead, you need to instruct the Matrix network that Matrix services for `example.com` are redirected over to `matrix.example.com`. This redirection is also known as \"delegation\"."
 msgstr ""

-#: ../../../docs/configuring-dns.md:30
+#: ../../../docs/configuring-dns.md:50
 msgid "As we discuss in [Server Delegation](howto-server-delegation.md), server delegation can be configured in either of these ways:"
 msgstr ""

-#: ../../../docs/configuring-dns.md:32
+#: ../../../docs/configuring-dns.md:52
 msgid "Setting up a `/.well-known/matrix/server` file on the base domain (`example.com`)"
 msgstr ""

-#: ../../../docs/configuring-dns.md:33
+#: ../../../docs/configuring-dns.md:53
 msgid "Setting up a `_matrix._tcp` DNS SRV record"
 msgstr ""

-#: ../../../docs/configuring-dns.md:35
+#: ../../../docs/configuring-dns.md:55
 msgid "For simplicity reasons, this playbook recommends you to set up server delegation via a `/.well-known/matrix/server` file, instead of using a DNS SRV record."
 msgstr ""

-#: ../../../docs/configuring-dns.md:37
+#: ../../../docs/configuring-dns.md:57
 msgid "If you choose the recommended method (file-based delegation), you do not need to configure the DNS record to enable server delegation. You will need to add a necessary configuration later, when you [finalize the installation](installing.md#finalize-the-installation) after installing and starting Matrix services."
 msgstr ""

-#: ../../../docs/configuring-dns.md:39
+#: ../../../docs/configuring-dns.md:59
 msgid "On the other hand, if you choose this method (setting up a DNS SRV record), you need to configure the additional DNS record as well as adjust SSL certificate handling. Take a look at this documentation for more information: [Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)"
 msgstr ""

-#: ../../../docs/configuring-dns.md:43
+#: ../../../docs/configuring-dns.md:63
 msgid "[▶️](getting-the-playbook.md) When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md)."
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-ipv6.pot
+++ b/i18n/translation-templates/docs/configuring-ipv6.pot
@@ -0,0 +1,361 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
+# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: matrix-docker-ansible-deploy \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../../../docs/configuring-ipv6.md:6
+msgid "Configuring IPv6"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:8
+msgid "Since 2025-03-08, the [default example configuration](../examples/vars.yml) for the playbook recommends enabling [IPv6](https://en.wikipedia.org/wiki/IPv6) support for Docker's container networks."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:10
+msgid "**If you have IPv6 support on your server/network** (see [How do I check if my server has IPv6 connectivity?](#how-do-i-check-if-my-server-has-ipv6-connectivity)), then [enabling IPv6 support for the playbook](#enabling-ipv6-support-for-the-playbook) would give you:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:12
+msgid "📥 incoming IPv6 connectivity to the server via the server's IPv6 address/addresses (containers won't have their own individual publicly accessible IPs)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:13
+msgid "📤 outgoing IPv6 connectivity from the server via the server's IPv6 address/addresses (containers won't exit via their own individual IPv6 address)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:14
+msgid "🔄 IPv6 connectivity for cross-container communication"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:16
+msgid "**If you still don't have IPv6 support on your server/network**, then enabling IPv6 support for the playbook will only enable IPv6 connectivity for cross-container communication and shouldn't affect your server's incoming/outgoing communication. You may also be interested in reading if [there's a performance penalty to enabling IPv6 if the server/network doesn't support IPv6 connectivity?](#is-there-a-performance-penalty-to-enabling-ipv6-if-the-server-network-doesn-t-support-ipv6-connectivity)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:18
+msgid "As such, **we recommend that you follow the default example configuration and leave IPv6 support for Docker enabled in all cases**."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:20
+msgid "Enabling IPv6 consists of 2 steps:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:22
+msgid "[Enabling IPv6 support for the playbook](#enabling-ipv6-support-for-the-playbook)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:23
+msgid "[Configuring DNS records for IPv6](#configuring-dns-records-for-ipv6)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:25
+msgid "💡 If you've followed a recent version of our documentation, you would have already done these steps, so there's nothing else to do."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:27
+msgid "Enabling IPv6 support for the playbook"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:29
+msgid "You can enable IPv6 support for all components' Docker container networks by using the following `vars.yml` configuration:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:50
+msgid "Doing this:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:52
+msgid "all container networks will be IPv6-enabled"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:54
+msgid "NAT66 will be used, so that:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:55
+msgid "containers will get [Unique Local Addresses (ULA)](https://en.wikipedia.org/wiki/Unique_local_address)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:56
+msgid "the outgoing IPv6 address for containers will be the same as the one on the server"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:57
+msgid "traffic destined for the IPv6 address of the server will be forwarded to the containers that handle (and publish) that specific port"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:59
+msgid "[!WARNING] Without enabling this and assuming you have IPv6 `AAAA` DNS records pointing to the server (see [Configuring DNS records for IPv6](#configuring-dns-records-for-ipv6)), IPv6 traffic will still be handled, but NAT64 will be used instead of NAT66. As such, containers will only have an IPv4 address and all IPv6 traffic that reaches them will seem to originate from a local IP. Containers also won't be able to make outgoing (even cross-container) IPv6 requests."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:63
+msgid "To confirm connectivity, see the following other resources:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:65
+msgid "[How do I check if my server has IPv6 connectivity?](#how-do-i-check-if-my-server-has-ipv6-connectivity)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:66
+msgid "[How do I check outgoing IPv6 connectivity for containers?](#how-do-i-check-outgoing-ipv6-connectivity-for-containers)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:67
+msgid "[How do I check incoming IPv6 connectivity for containers?](#how-do-i-check-incoming-ipv6-connectivity-for-containers)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:68
+msgid "[How do I confirm if my container networks are IPv6-enabled?](#how-do-i-confirm-if-my-container-networks-are-ipv6-enabled)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:69
+msgid "Ensure that the [Federation Tester](https://federationtester.matrix.org/) reports that your server is reachable over IPv6."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:71
+msgid "Configuring DNS records for IPv6"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:73
+msgid "[Enabling IPv6 support for the playbook](#enabling-ipv6-support-for-the-playbook) tells you how to prepare for IPv6 on the container (Docker) side."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:75
+msgid "For full public IPv6 connectivity (and not just IPv6 connectivity for containers inside the container networks) you also need to **ensure that your domain names** (e.g. `matrix.example.com` and others) have IPv6 (`AAAA`) DNS records pointing to the server's IPv6 address."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:77
+msgid "Also see the [Configuring DNS settings](configuring-dns.md) documentation page for more details."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:79
+msgid "A note about old Docker"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:81
+msgid "With our [default example configuration](../examples/vars.yml), the playbook manages Docker for you and installs a modern-enough version."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:83
+msgid "Docker versions newer than 27.0.1 enable IPv6 integration at the Docker daemon level out of the box. This still requires that networks are created with IPv6 support as described in the [Enabling IPv6 support for the playbook](#enabling-ipv6-support-for-the-playbook) section above."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:85
+msgid "**If you're on an old Docker version** (Docker 27.0.0 or older) for some reason, it's likely that your Docker installation is not enabled for IPv6 at all. In such a case:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:87
+msgid "if Docker is managed by the playbook, you can tell it to force-enable IPv6 via `devture_systemd_docker_base_ipv6_daemon_options_changing_enabled: true`"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:89
+msgid "if Docker is managed by you manually, you can add `{\"experimental\": true, \"ip6tables\": true}` to the Docker daemon options and restart the Docker service (`docker.service`)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:91
+msgid "Frequently Asked Questions"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:93
+msgid "How do I check if my server has IPv6 connectivity?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:95
+msgid "With curl"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:97
+msgid "You can run `curl https://icanhazip.com` and see if it returns an [IPv6 address](https://en.wikipedia.org/wiki/IPv6_address) (an address with `:` characters in it, like `2001:db8:1234:5678::1`). If it does, then your server has IPv6 connectivity and prefers it over using IPv4. This is common."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:99
+msgid "If you see an IPv4 address instead (e.g. `1.2.3.4`), it may be that your server prefers IPv4 over IPv6 or that your network does not support IPv6. You can try forcing `curl` to use IPv6 by running `curl -6 https://icanhazip.com` and see if it returns an IPv6 address."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:101
+msgid "With other network utilities"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:103
+msgid "You can run `ip -6 addr` to see if you have any IPv6 addresses assigned to your server, besides the link-local (`fe80::*`) addresses that everyone has (unless they have force-disabled IPv6 support on their system)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:105
+msgid "If you do have an IPv6 address, it's still worth [using curl](#with-curl) to confirm that your server can successfully make outgoing requests over IPv6."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:107
+msgid "What does the `devture_systemd_docker_base_ipv6_enabled` setting actually do?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:109
+msgid "The `devture_systemd_docker_base_ipv6_enabled` setting controls whether container networks will be created with IPv6 support."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:111
+msgid "Changing this setting subsequently requires manual work (deleting all container networks). See [I've changed the `devture_systemd_docker_base_ipv6_enabled` setting, but it doesn't seem to have any effect](#i-ve-changed-the-devture_systemd_docker_base_ipv6_enabled-setting-but-it-doesn-t-seem-to-have-any-effect)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:114
+msgid "I've changed the `devture_systemd_docker_base_ipv6_enabled` setting, but it doesn't seem to have any effect."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:116
+msgid "If you're using an older Docker version (Docker 27.0.0 or older), see [A note about old Docker](#a-note-about-old-docker)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:118
+msgid "If you've previously installed with one `devture_systemd_docker_base_ipv6_enabled` value and then changed it to another, you need to:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:120
+msgid "stop all services (`just stop-all`)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:121
+msgid "delete all container networks on the server: `docker network rm $(docker network ls -q)`"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:122
+msgid "re-run the playbook fully: `just install-all`"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:124
+msgid "How do I confirm if my container networks are IPv6-enabled?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:126
+msgid "You can list container networks by running `docker network ls` on the server."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:128
+msgid "For each container network (e.g. `matrix-homeserver`), you can check if it has IPv6 connectivity by running a command like this: `docker network inspect matrix-homeserver`."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:130
+msgid "Ensure that there's an IPv6 subnet/gateway in the `IPAM.Config` section. If yes, you may wish to proceed with [How do I check outgoing IPv6 connectivity for containers?](#how-do-i-check-outgoing-ipv6-connectivity-for-containers)"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:132
+msgid "If there's no IPv6 subnet/gateway in the `IPAM.Config` section, this container network was not created with IPv6 support. See [I've changed the `devture_systemd_docker_base_ipv6_enabled` setting, but it doesn't seem to have any effect](#i-ve-changed-the-devture_systemd_docker_base_ipv6_enabled-setting-but-it-doesn-t-seem-to-have-any-effect)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:135
+msgid "How do I check outgoing IPv6 connectivity for containers?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:141
+msgid "💡 This one-off container is connected to the `matrix-homeserver` container network, not to the default Docker bridge network. The default Docker `bridge` network does not have IPv6 connectivity by default (yet) and is not influenced by the `devture_systemd_docker_base_ipv6_enabled` setting, so using that network (by omitting `--network=..` from the command above) will not show an IPv6 address"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:143
+msgid "✅ If this command returns an IPv6 address, you're all good."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:145
+msgid "❌ If this command doesn't return an IPv6 address, it may be that:"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:147
+msgid "your container network does not have IPv6 connectivity. See [How do I confirm if my container networks are IPv6-enabled?](#how-do-i-confirm-if-my-container-networks-are-ipv6-enabled) for more details."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:149
+msgid "your server does not have IPv6 connectivity. See [How do I check if my server has IPv6 connectivity?](#how-do-i-check-if-my-server-has-ipv6-connectivity) for more details. If you do have IPv6 connectivity, then the issue is with Docker's IPv6 configuration. Otherwise, you need to check your server's network configuration/firewall/routing and get back to configuring the playbook later on."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:151
+msgid "How do I check incoming IPv6 connectivity for containers?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:153
+msgid "Only containers that publish ports will be exposed (reachable) publicly on the server's own IPv6 address. Containers will not get their own individual public IPv6 address."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:155
+msgid "For this playbook, a commonly exposed container is the Traefik reverse-proxy container (unless [you're using your own webserver](./configuring-playbook-own-webserver.md))."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:157
+msgid "You can either do something like `curl -6 https://matrix.example.com` from an IPv6-enabled host (including the server itself) and see if it works."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:159
+msgid "An alternative is to use the [IPv6 Port Checker](https://port.tools/port-checker-ipv6/) with a hostname of `matrix.example.com` and a port of `443`."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:161
+msgid "💡 Trying to connect to `matrix.example.com` via IPv6 requires that you have already [configured the DNS records for IPv6](#configuring-dns-records-for-ipv6) as described above. If you wish to eliminate DNS as a potential issue, you can also try connecting to the server's own IPv6 address directly: `curl -6 -H 'Host: matrix.example.com' https://[2001:db8:1234:5678::1]` (we pass a `Host` header to tell Traefik which host we'd like it to serve)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:163
+msgid "Why enable IPv6 if my network doesn't support it yet?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:165
+msgid "Because when your network does get support for IPv6 later on (even if that's 5 years away), you won't have to change anything besides [configuring the DNS records for IPv6](#configuring-dns-records-for-ipv6)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:167
+msgid "Can I use a custom subnet for IPv6?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:169
+msgid "Not easily."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:171
+msgid "The playbook and the various roles only support passing an `enable_ipv6` flag (`true` or `false` value depending on the `devture_systemd_docker_base_ipv6_enabled` Ansible variable) when creating the Docker container networks."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:173
+msgid "There's no support for passing a custom subnet for IPv4 and IPv6. We let Docker auto-generate the subnets for us."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:175
+msgid "You can either create a Pull Request that adds support for this to the various playbook roles, or you can manually recreate the networks from the command-line (e.g. `docker network rm matrix-homeserver && docker network create --ipv6 --subnet=2001:db8:1234:5678::/64 matrix-homeserver`)."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:177
+msgid "Can I use Global Unicast Addresses (GUA) for IPv6?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:179
+msgid "No. You cannot have GUA addresses where each container is individually addressable over the public internet."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:181
+msgid "The playbook only supports NAT66, which should be good enough for most use cases."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:183
+msgid "Having containers get IPv6 addresses from your own GUA subnet requires complex configuration (ndp-proxy, etc.) and is not supported."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:185
+msgid "You may find [this Reddit post](https://www.reddit.com/r/ipv6/comments/1alpzmb/comment/kphpw11/) interesting."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:187
+msgid "Is there a performance penalty to enabling IPv6 if the server/network doesn't support IPv6 connectivity?"
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:189
+msgid "Probably a tiny one, as services may try to make (unsuccessful) outgoing requests over IPv6."
+msgstr ""
+
+#: ../../../docs/configuring-ipv6.md:191
+msgid "In practice, it's probably negligible."
+msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-alertmanager-receiver.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-alertmanager-receiver.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,182 +16,174 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:1
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:9
 msgid "Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:3
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:11
 msgid "The playbook can install and configure the [matrix-alertmanager-receiver](https://github.com/metio/matrix-alertmanager-receiver) service for you. It's a [client](https://prometheus.io/docs/alerting/latest/clients/) for Prometheus' [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), allowing you to deliver alerts to Matrix rooms."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:5
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:13
 msgid "See the project's [documentation](https://github.com/metio/matrix-alertmanager-receiver/blob/main/README.md) to learn what it does and why it might be useful to you."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:7
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:15
 msgid "This service is meant to be used with an external [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) instance. It's **not** meant to be integrated with the [Prometheus & Grafana stack](./configuring-playbook-prometheus-grafana.md) installed by this playbook, because the Alertmanager component is not installed by it."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:9
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:17
 msgid "Prerequisites"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:11
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:19
 msgid "Register the bot account"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:13
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:21
 msgid "This service uses a bot (with a username specified in `matrix_alertmanager_receiver_config_matrix_user_id_localpart`) for delivering messages."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:15
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:23
 msgid "The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:17
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:25
 msgid "Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:19
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:27
 msgid "You can use the playbook to [register a new user](registering-users.md):"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:25
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:33
 msgid "Obtain an access token"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:27
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:35
 msgid "The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:29
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:37
 msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:32
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:40
 msgid "Join to rooms as the bot manually"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:34
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:42
 msgid "ℹ️ **This bot does not accept room invitations automatically**. To deliver messages to rooms, the bot must be joined to all rooms manually."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:36
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:44
 msgid "For each new room you would like the bot to deliver alerts to, invite the bot to the room."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:38
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:46
 msgid "Then, log in as the bot using any Matrix client of your choosing, accept the room invitation from the bot's account, and log out."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:40
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:48
 msgid "Adjusting DNS records (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:42
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:50
 msgid "By default, this playbook installs matrix-alertmanager-receiver on the `matrix.` subdomain, at the `/matrix-alertmanager-receiver` path (https://matrix.example.com/matrix-alertmanager-receiver). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:44
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:52
 msgid "If you wish to adjust it, see the section [below](#adjusting-the-matrix-alertmanager-receiver-url-optional) for details about DNS configuration."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:46
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:54
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:48
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:56
 msgid "Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token)."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:69
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:77
 msgid "Adjusting the matrix-alertmanager-receiver URL (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:71
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:79
 msgid "By tweaking the `matrix_alertmanager_receiver_hostname` and `matrix_alertmanager_receiver_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:73
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:81
 msgid "Example additional configuration for your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:81
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:89
 msgid "If you've changed the default hostname, you may need to create a CNAME record for the matrix-alertmanager-receiver domain (`alertmanager.example.com`), which targets `matrix.example.com`."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:83
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:91
 msgid "When setting, replace `example.com` with your own."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:85
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:93
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:87
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:95
 msgid "There are some additional things you may wish to configure about the component."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:89
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:97
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:91
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:99
 msgid "`roles/custom/matrix-alertmanager-receiver/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:92
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:100
 msgid "`roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_alertmanager_receiver_configuration_extension_yaml` variable"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:94
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:102
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:96
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:104
 msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:103
-msgid "**Notes**:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:105
-msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:107
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:111
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:109
-msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:113
+msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:111
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:115
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:113
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:117
 msgid "Configure your Prometheus Alertmanager with configuration like this:"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:132
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:136
 msgid "where `URL_HERE` looks like `https://matrix.example.com/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/some-room-name` or `https://matrix.example.com/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/!qporfwt:example.com`."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:134
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:138
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:136
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:140
 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-alertmanager-receiver`."
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:138
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:142
 msgid "Increase logging verbosity"
 msgstr ""

-#: ../../../docs/configuring-playbook-alertmanager-receiver.md:140
+#: ../../../docs/configuring-playbook-alertmanager-receiver.md:144
 msgid "The default logging level for this component is `info`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-appservice-double-puppet.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-appservice-double-puppet.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,74 +16,66 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:1
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:8
 msgid "Setting up Appservice Double Puppet (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:3
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:10
 msgid "The playbook can install and configure the Appservice Double Puppet service for you. It is a homeserver appservice through which bridges (and potentially other services) can impersonate any user on the homeserver."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:5
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:12
 msgid "This is useful for performing [double-puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) via the appservice method. The service is an implementation of this approach."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:7
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:14
 msgid "Previously, bridges supported performing double-puppeting with the help of the [Shared Secret Auth password provider module](./configuring-playbook-shared-secret-auth.md), but this old and hacky solution has been superseded by this Appservice Double Puppet method."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:9
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:16
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:11
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:18
 msgid "To enable the Appservice Double Puppet service, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:17
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:24
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:19
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:26
 msgid "There are some additional things you may wish to configure about the service."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:21
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:28
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:23
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:30
 msgid "`roles/custom/matrix-appservice-double-puppet/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_double_puppet_registration_configuration_extension_yaml` variable"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:25
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:32
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:27
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:34
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:34
-msgid "**Notes**:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:36
-msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:38
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:41
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:40
-msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:43
+msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:42
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:45
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-double-puppet.md:44
+#: ../../../docs/configuring-playbook-appservice-double-puppet.md:47
 msgid "Installing the service will automatically enable double puppeting for all bridges that support double puppeting via the appservice method."
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-appservice-draupnir-for-all.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-appservice-draupnir-for-all.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,167 +16,167 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:1
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:8
 msgid "Setting up Draupnir for All/D4A (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:3
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:10
 msgid "The playbook can install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool for you in appservice mode."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:5
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:12
 msgid "Appservice mode can be used together with the regular [Draupnir bot](configuring-playbook-bot-draupnir.md) or independently. Details about the differences between the 2 modes are described below."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:7
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:14
 msgid "Draupnir Appservice mode compared to Draupnir bot mode"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:9
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:16
 msgid "The administrative functions for managing the appservice are alpha quality and very limited. However, the experience of using an appservice-provisioned Draupnir is on par with the experience of using Draupnir from bot mode except in the case of avatar customisation as described later on in this document."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:11
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:18
 msgid "Draupnir for all is the way to go if you need more than 1 Draupnir instance, but you don't need access to Synapse Admin features as they are not accessible through Draupnir for All (Even though the commands do show up in help)."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:13
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:20
 msgid "Draupnir for all in the playbook is rate-limit-exempt automatically as its appservice configuration file does not specify any rate limits."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:15
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:22
 msgid "Normal Draupnir does come with the benefit of access to Synapse Admin features. You are also able to more easily customise your normal Draupnir than D4A as D4A even on the branch with the Avatar command (To be Upstreamed to Mainline Draupnir) that command is clunky as it requires the use of things like Element Web devtools. In normal Draupnir this is a quick operation where you login to Draupnir with a normal client and set Avatar and Display name normally."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:17
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:24
 msgid "Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it can't access Draupnir's user account."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:19
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:26
 msgid "Prerequisites"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:21
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:28
 msgid "Create a main management room"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:23
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:30
 msgid "The playbook does not create a management room for your Main Draupnir. You **need to create the room manually** before setting up the bot."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:25
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:32
 msgid "Note that the room must be unencrypted."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:27
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:34
 msgid "The management room has to be given an alias, and your bot has to be invited to the room."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:29
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:36
 msgid "This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element clients call this powerlevel."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:31
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:38
 msgid "[!WARNING] Anyone in this room can control the bot so it is important that you only invite trusted users to this room."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:34
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:41
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:36
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:43
 msgid "Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `MANAGEMENT_ROOM_ALIAS_HERE`."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:44
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:51
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:46
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:53
 msgid "There are some additional things you may wish to configure about the component."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:48
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:55
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:50
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:57
 msgid "`roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_draupnir_for_all_configuration_extension_yaml` variable"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:52
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:59
 msgid "For example, to change Draupnir's `protectAllJoinedRooms` option to `true`, add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:66
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:73
 msgid "You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:68
-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:83
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:75
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:90
 msgid "**Notes**:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:70
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:77
 msgid "The playbook ships a full copy of the example config that does transfer to provisioned Draupnirs in the production-bots.yaml.j2 file in the template directory of the role."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:72
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:79
 msgid "Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyway. It instead touches the config passed to the Draupnirs that your Appservice creates. So the example above (`protectAllJoinedRooms: true`) makes all provisioned Draupnirs protect all joined rooms."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:74
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:81
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:76
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:83
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:85
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:92
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:87
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:94
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:89
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:96
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:91
-msgid "If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it."
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:98
+msgid "If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:93
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:100
 msgid "The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:95
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:102
 msgid "Granting Users the ability to use D4A"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:97
-msgid "Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended."
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:104
+msgid "Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:99
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:106
 msgid "The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:101
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:108
 msgid "To allow users or whole homeservers you type /plain !admin allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:103
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:110
 msgid "How to provision a D4A once you are allowed to"
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:105
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:112
 msgid "To provision a D4A, you need to start a chat with `@draupnir-main:example.com`. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience."
 msgstr ""

-#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:107
+#: ../../../docs/configuring-playbook-appservice-draupnir-for-all.md:114
 msgid "Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment."
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-backup-borg.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-backup-borg.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,174 +16,26 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-backup-borg.md:1
+#: ../../../docs/configuring-playbook-backup-borg.md:11
 msgid "Setting up BorgBackup (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-backup-borg.md:3
+#: ../../../docs/configuring-playbook-backup-borg.md:13
 msgid "The playbook can install and configure [BorgBackup](https://www.borgbackup.org/) (short: Borg) with [borgmatic](https://torsion.org/borgmatic/) for you."
 msgstr ""

-#: ../../../docs/configuring-playbook-backup-borg.md:5
+#: ../../../docs/configuring-playbook-backup-borg.md:15
 msgid "BorgBackup is a deduplicating backup program with optional compression and encryption. That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service."
 msgstr ""

-#: ../../../docs/configuring-playbook-backup-borg.md:7
-msgid "Prerequisites"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:9
-msgid "Set up a remote server for storing backups"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:11
-msgid "You will need a remote server where BorgBackup will store the backups. There are hosted, BorgBackup compatible solutions available, such as [BorgBase](https://www.borgbase.com)."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:13
-msgid "Check the Postgres version"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:15
-msgid "By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), backups with BorgBackup will also include dumps of your Postgres database."
-msgstr ""
-
 #: ../../../docs/configuring-playbook-backup-borg.md:17
-msgid "Unless you disable the Postgres-backup support, make sure that the Postgres version of your homeserver's database is compatible with borgmatic. You can check the compatible versions [here](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg/blob/main/defaults/main.yml)."
+msgid "The [Ansible role for BorgBackup](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring BorgBackup, you can check them via:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-backup-borg.md:18
+msgid "🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg/blob/main/docs/configuring-backup-borg.md) online"
 msgstr ""

 #: ../../../docs/configuring-playbook-backup-borg.md:19
-msgid "An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for BorgBackup using the `backup_borg_postgresql_enabled` variable."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:21
-msgid "Create a new SSH key"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:23
-msgid "Run the command below on any machine to create a new SSH key:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:29
-msgid "You don't need to place the key in the `.ssh` folder."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:31
-msgid "Add the public key"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:33
-msgid "Next, add the **public** part of this SSH key (the `matrix-borg-backup.pub` file) to your BorgBackup provider/server."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:35
-msgid "If you are using a hosted solution, follow their instructions. If you have your own server, copy the key to it with the command like below:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:45
-msgid "The **private** key needs to be added to `backup_borg_ssh_key_private` on your `inventory/host_vars/matrix.example.com/vars.yml` file as below."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:47
-msgid "Adjusting the playbook configuration"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:49
-msgid "To enable BorgBackup, add the following configuration to your `vars.yml` file (adapt to your needs):"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:76
-msgid "**Note**: `REPO` will be initialized on backup start, for example: `matrix`. See [Remote repositories](https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls) for the syntax."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:78
-msgid "Set backup archive name (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:80
-msgid "You can specify the backup archive name format. To set it, add the following configuration to your `vars.yml` file (adapt to your needs):"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:86
-msgid "Configure retention policy (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:88
-msgid "It is also possible to configure a retention strategy. To configure it, add the following configuration to your `vars.yml` file (adapt to your needs):"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:98
-msgid "Edit the backup schedule (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:100
-msgid "By default the backup will run 4 a.m. every day based on the `backup_borg_schedule` variable. It is defined in the format of systemd timer calendar."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:102
-msgid "To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:108
-msgid "**Note**: the actual job may run with a delay. See `backup_borg_schedule_randomized_delay_sec` [here](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg/blob/f5d5b473d48c6504be10b3d946255ef5c186c2a6/defaults/main.yml#L50) for its default value."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:110
-msgid "Set include and/or exclude directories (optional)"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:112
-msgid "`backup_borg_location_source_directories` defines the list of directories to back up. It's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:114
-msgid "You might also want to exclude certain directories or file patterns from the backup using the `backup_borg_location_exclude_patterns` variable."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:116
-msgid "Extending the configuration"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:118
-msgid "There are some additional things you may wish to configure about the component."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:120
-msgid "Take a look at:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:122
-msgid "[backup_borg role](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `backup_borg_configuration_extension_yaml` variable"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:124
-msgid "Installing"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:126
-msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:133
-msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:135
-msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:137
-msgid "Manually start a backup"
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:139
-msgid "Sometimes it can be helpful to run the backup as you'd like, avoiding to wait until 4 a.m., like when you test your configuration."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:141
-msgid "If you want to run it immediately, log in to the server with SSH and run `systemctl start matrix-backup-borg`."
-msgstr ""
-
-#: ../../../docs/configuring-playbook-backup-borg.md:143
-msgid "This will not return until the backup is done, so it can possibly take a long time. Consider using [tmux](https://en.wikipedia.org/wiki/Tmux) if your SSH connection is unstable."
+msgid "📁 `roles/galaxy/backup_borg/docs/configuring-backup-borg.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-base-domain-serving.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-base-domain-serving.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,142 +16,142 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-base-domain-serving.md:1
+#: ../../../docs/configuring-playbook-base-domain-serving.md:8
 msgid "Serving the base domain (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:3
+#: ../../../docs/configuring-playbook-base-domain-serving.md:10
 msgid "By default, this playbook sets up services on your Matrix server (`matrix.example.com`), but has it configured so that it presents itself as the base domain (`example.com`). To have this server officially be responsible for Matrix services for the base domain (`example.com`), you need to set up server delegation / redirection."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:5
+#: ../../../docs/configuring-playbook-base-domain-serving.md:12
 msgid "As we discuss in [Server Delegation](howto-server-delegation.md), server delegation / redirection can be configured in either of these ways:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:7
+#: ../../../docs/configuring-playbook-base-domain-serving.md:14
 msgid "Setting up a `/.well-known/matrix/server` file on the base domain (`example.com`)"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:8
+#: ../../../docs/configuring-playbook-base-domain-serving.md:15
 msgid "Setting up a `_matrix._tcp` DNS SRV record"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:10
+#: ../../../docs/configuring-playbook-base-domain-serving.md:17
 msgid "For simplicity reasons, this playbook recommends you to set up server delegation via a `/.well-known/matrix/server` file."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:12
+#: ../../../docs/configuring-playbook-base-domain-serving.md:19
 msgid "However, those who don't have a separate server to dedicate to the base domain have trouble arranging this."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:14
+#: ../../../docs/configuring-playbook-base-domain-serving.md:21
 msgid "Usually, there are 2 options:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:16
+#: ../../../docs/configuring-playbook-base-domain-serving.md:23
 msgid "either get a separate server for the base domain, just for serving the files necessary for [Server Delegation via a well-known file](howto-server-delegation.md#server-delegation-via-a-well-known-file)"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:18
+#: ../../../docs/configuring-playbook-base-domain-serving.md:25
 msgid "or, arrange for the Matrix server to serve the base domain. This either involves you [using your own webserver](configuring-playbook-own-webserver.md) or making the integrated webserver serve the base domain for you."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:20
+#: ../../../docs/configuring-playbook-base-domain-serving.md:27
 msgid "This documentation page tells you how to do the latter. With some easy changes, we make it possible to serve the base domain from the Matrix server via the integrated webserver."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:22
+#: ../../../docs/configuring-playbook-base-domain-serving.md:29
 msgid "Just [**adjust your DNS records**](configuring-dns.md), so that your base domain is pointed to the Matrix server's IP address (using a DNS `A` record) **and then add the following configuration** to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:28
+#: ../../../docs/configuring-playbook-base-domain-serving.md:35
 msgid "Doing this, the playbook will:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:30
+#: ../../../docs/configuring-playbook-base-domain-serving.md:37
 msgid "obtain an SSL certificate for the base domain, just like it does for all other domains (see [how we handle SSL certificates](configuring-playbook-ssl-certificates.md))"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:32
+#: ../../../docs/configuring-playbook-base-domain-serving.md:39
 msgid "serve the `/.well-known/matrix/*` files which are necessary for [Federation Server Discovery](configuring-well-known.md#federation-server-discovery) (also see [Server Delegation](howto-server-delegation.md)) and [Client-Server discovery](configuring-well-known.md#client-server-discovery)"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:34
+#: ../../../docs/configuring-playbook-base-domain-serving.md:41
 msgid "serve a simple homepage at `https://example.com` with content `Hello from example.com` (configurable via the `matrix_static_files_file_index_html_template` variable). You can also [serve a more complicated static website](#serving-a-static-website-at-the-base-domain)."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:36
+#: ../../../docs/configuring-playbook-base-domain-serving.md:43
 msgid "Serving a static website at the base domain"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:38
+#: ../../../docs/configuring-playbook-base-domain-serving.md:45
 msgid "By default, when \"serving the base domain\" is enabled, the playbook hosts a simple `index.html` webpage at `/matrix/static-files/public/index.html`. The content of this page is taken from the `matrix_static_files_file_index_html_template` variable."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:40
+#: ../../../docs/configuring-playbook-base-domain-serving.md:47
 msgid "If you'd like to host your own static website (more than a single `index.html` page) at the base domain, you can disable the creation of this default `index.html` page like this:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:54
+#: ../../../docs/configuring-playbook-base-domain-serving.md:61
 msgid "With this configuration, Ansible will no longer mess around with the `/matrix/static-files/public/index.html` file."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:56
+#: ../../../docs/configuring-playbook-base-domain-serving.md:63
 msgid "You are then free to upload any static website files to `/matrix/static-files/public` and they will get served at the base domain. You can do so manually or by using the [ansible-role-aux](https://github.com/mother-of-all-self-hosting/ansible-role-aux) Ansible role, which is part of this playbook already."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:58
+#: ../../../docs/configuring-playbook-base-domain-serving.md:65
 msgid "Serving a more complicated website at the base domain"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:60
+#: ../../../docs/configuring-playbook-base-domain-serving.md:67
 msgid "If you'd like to serve an even more complicated (dynamic) website from the Matrix server, relying on the playbook to serve the base domain is not the best choice."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:62
+#: ../../../docs/configuring-playbook-base-domain-serving.md:69
 msgid "You have 2 options."
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:64
+#: ../../../docs/configuring-playbook-base-domain-serving.md:71
 msgid "**One way is to host your base domain elsewhere**. This involves:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:65
+#: ../../../docs/configuring-playbook-base-domain-serving.md:72
 msgid "you stopping to serve it from the Matrix server: remove `matrix_static_files_container_labels_base_domain_enabled` from your configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:66
+#: ../../../docs/configuring-playbook-base-domain-serving.md:73
 msgid "[configuring Matrix Delegation via well-known](./configuring-well-known.md)"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:68
+#: ../../../docs/configuring-playbook-base-domain-serving.md:75
 msgid "**Another way is to serve the base domain from another (your own) container on the Matrix server**. This involves:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:69
+#: ../../../docs/configuring-playbook-base-domain-serving.md:76
 msgid "telling the playbook to only serve `example.com/.well-known/matrix` files by adjusting your `vars.yml` configuration like this:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:70
+#: ../../../docs/configuring-playbook-base-domain-serving.md:77
 msgid "keep `matrix_static_files_container_labels_base_domain_enabled: true`"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:71
+#: ../../../docs/configuring-playbook-base-domain-serving.md:78
 msgid "add an extra: `matrix_static_files_container_labels_base_domain_traefik_path_prefix: /.well-known/matrix`"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:72
+#: ../../../docs/configuring-playbook-base-domain-serving.md:79
 msgid "building and running a new container on the Matrix server:"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:73
+#: ../../../docs/configuring-playbook-base-domain-serving.md:80
 msgid "it should be connected to the `traefik` network, so that Traefik can reverse-proxy to it"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:74
+#: ../../../docs/configuring-playbook-base-domain-serving.md:81
 msgid "it should have appropriate [container labels](https://docs.docker.com/config/labels-custom-metadata/), which instruct Traefik to reverse-proxy to it"
 msgstr ""

-#: ../../../docs/configuring-playbook-base-domain-serving.md:76
+#: ../../../docs/configuring-playbook-base-domain-serving.md:83
 msgid "How you'll be managing building and running this container is up-to-you. You may use of the primitives from [ansible-role-aux](https://github.com/mother-of-all-self-hosting/ansible-role-aux) Ansible role to organize it yourself, or you can set it up in another way."
 msgstr ""
--- a/i18n/translation-templates/docs/configuring-playbook-bot-baibot.pot
+++ b/i18n/translation-templates/docs/configuring-playbook-bot-baibot.pot
@@ -1,5 +1,5 @@
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
+# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
 # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: matrix-docker-ansible-deploy \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 09:54+0200\n"
+"POT-Creation-Date: 2026-02-13 10:32+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,429 +16,433 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: ../../../docs/configuring-playbook-bot-baibot.md:1
+#: ../../../docs/configuring-playbook-bot-baibot.md:8
 msgid "Setting up baibot (optional)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:8
+#: ../../../docs/configuring-playbook-bot-baibot.md:15
 msgid "🤖 [baibot](https://github.com/etkecc/baibot) (pronounced bye-bot) is a [Matrix](https://matrix.org/) bot developed by [etke.cc](https://etke.cc/) that exposes the power of [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) to you. 🤖"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:10
+#: ../../../docs/configuring-playbook-bot-baibot.md:17
 msgid "It supports [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) models, as many well as other [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:12
+#: ../../../docs/configuring-playbook-bot-baibot.md:19
 msgid "It's designed as a more private and [✨ featureful](https://github.com/etkecc/baibot/?tab=readme-ov-file#-features) alternative to [matrix-chatgpt-bot](./configuring-playbook-bot-chatgpt.md). See the [baibot](https://github.com/etkecc/baibot) project and its documentation for more information."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:14
+#: ../../../docs/configuring-playbook-bot-baibot.md:21
 msgid "Prerequisites"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:16
+#: ../../../docs/configuring-playbook-bot-baibot.md:23
 msgid "API access to one or more LLM [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:18
+#: ../../../docs/configuring-playbook-bot-baibot.md:25
 msgid "Adjusting the playbook configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:20
+#: ../../../docs/configuring-playbook-bot-baibot.md:27
 msgid "There are **a lot of configuration options** (some required, some possibly required, some optional), so they're **split into multiple sections below**:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:23
+#: ../../../docs/configuring-playbook-bot-baibot.md:30
 msgid "[Base configuration](#base-configuration)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:24
+#: ../../../docs/configuring-playbook-bot-baibot.md:31
 msgid "[👮‍♂️ Administrator configuration](#️-administrator-configuration)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:25
+#: ../../../docs/configuring-playbook-bot-baibot.md:32
 msgid "[👥 Initial users configuration](#-initial-users-configuration)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:26
+#: ../../../docs/configuring-playbook-bot-baibot.md:33
 msgid "[🤖 Configuring agents via Ansible](#-configuring-agents-via-ansible)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:27
+#: ../../../docs/configuring-playbook-bot-baibot.md:34
 msgid "[🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:29
+#: ../../../docs/configuring-playbook-bot-baibot.md:36
 msgid "Depending on your current `vars.yml` file and desired configuration, **you may require more than just the [base configuration](#base-configuration)**."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:31
+#: ../../../docs/configuring-playbook-bot-baibot.md:38
 msgid "Base configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:33
+#: ../../../docs/configuring-playbook-bot-baibot.md:40
 msgid "To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:71
+#: ../../../docs/configuring-playbook-bot-baibot.md:78
 msgid "As mentioned above, **this may not be enough**. Continue with the configuration sections below."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:73
+#: ../../../docs/configuring-playbook-bot-baibot.md:80
 msgid "👮‍♂️ Administrator configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:75
-#: ../../../docs/configuring-playbook-bot-baibot.md:99
+#: ../../../docs/configuring-playbook-bot-baibot.md:82
+#: ../../../docs/configuring-playbook-bot-baibot.md:106
 msgid "This is an addition to the [base configuration](#base-configuration)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:77
+#: ../../../docs/configuring-playbook-bot-baibot.md:84
 msgid "To specify who is considered a bot [👮‍♂️ Administrator](https://github.com/etkecc/baibot/blob/main/docs/access.md#administrators), you either need to specify `matrix_bot_baibot_config_access_admin_patterns` or `matrix_admin`. The latter is a single variable which affects all bridges and bots."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:79
+#: ../../../docs/configuring-playbook-bot-baibot.md:86
 msgid "If `matrix_admin` is already configured in your `vars.yml` configuration, you can skip this section."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:81
-#: ../../../docs/configuring-playbook-bot-baibot.md:110
+#: ../../../docs/configuring-playbook-bot-baibot.md:88
+#: ../../../docs/configuring-playbook-bot-baibot.md:117
 msgid "**If necessary**, add the following configuration to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:95
+#: ../../../docs/configuring-playbook-bot-baibot.md:102
 msgid "👥 Initial users configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:97
+#: ../../../docs/configuring-playbook-bot-baibot.md:104
 msgid "By default, **all users on your homeserver are considered allowed users**. If that's OK, you can skip this section."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:101
+#: ../../../docs/configuring-playbook-bot-baibot.md:108
 msgid "To specify who is considered a bot [👥 User](https://github.com/etkecc/baibot/blob/main/docs/access.md#user), you may:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:103
+#: ../../../docs/configuring-playbook-bot-baibot.md:110
 msgid "define an **initial** value for `matrix_bot_baibot_config_initial_global_config_user_patterns` Ansible variable, as shown below"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:104
+#: ../../../docs/configuring-playbook-bot-baibot.md:111
 msgid "configure the list at runtime via the bot's `!bai access set-users SPACE_SEPARATED_PATTERNS` command"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:106
+#: ../../../docs/configuring-playbook-bot-baibot.md:113
 msgid "Configuring `matrix_bot_baibot_config_initial_global_config_user_patterns` is optional, but it can be useful to pre-configure the bot with a list of users who should have access to the bot's features."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:108
+#: ../../../docs/configuring-playbook-bot-baibot.md:115
 msgid "**Note**: Once initially configured, the allowed users list **cannot be managed via Ansible anymore**. It can only be managed subsequently via bot commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:122
+#: ../../../docs/configuring-playbook-bot-baibot.md:129
 msgid "🤖 Configuring agents via Ansible"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:124
+#: ../../../docs/configuring-playbook-bot-baibot.md:131
 msgid "You are **not required** to define agents [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration) via Ansible. **To get started quickly**, you can **skip this section and define agents at runtime via chat commands** (following the bot's guidance)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:126
+#: ../../../docs/configuring-playbook-bot-baibot.md:133
 msgid "Privileged users (like the [👮‍♂️ Administrator](#️-administrator-configuration), but potentially others too — see the upstream [🔒 access](https://github.com/etkecc/baibot/blob/main/docs/access.md) documentation) can **define agents dynamically at any time** via chat commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:128
+#: ../../../docs/configuring-playbook-bot-baibot.md:135
 msgid "The Ansible role includes preset variables for easily enabling some [🤖 agents](https://github.com/etkecc/baibot/blob/main/docs/agents.md) on various [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md) (e.g. OpenAI, etc)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:130
+#: ../../../docs/configuring-playbook-bot-baibot.md:137
 msgid "Besides the presets, the Ansible role also includes support for configuring additional statically-defined agents via the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:132
+#: ../../../docs/configuring-playbook-bot-baibot.md:139
 msgid "Agents defined statically and those created dynamically (via chat) are named differently, so **conflict cannot arise**."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:134
+#: ../../../docs/configuring-playbook-bot-baibot.md:141
 msgid "Depending on your propensity for [GitOps](https://en.wikipedia.org/wiki/DevOps#GitOps), you may prefer to define agents statically via Ansible, or you may wish to do it dynamically via chat."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:136
+#: ../../../docs/configuring-playbook-bot-baibot.md:143
 msgid "Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider). In short, it's probably best to go with [OpenAI](#openai)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:138
+#: ../../../docs/configuring-playbook-bot-baibot.md:145
 msgid "Anthropic"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:140
+#: ../../../docs/configuring-playbook-bot-baibot.md:147
 msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Anthropic provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#anthropic) with the help of the playbook's preset variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:142
-#: ../../../docs/configuring-playbook-bot-baibot.md:166
-#: ../../../docs/configuring-playbook-bot-baibot.md:197
-#: ../../../docs/configuring-playbook-bot-baibot.md:225
+#: ../../../docs/configuring-playbook-bot-baibot.md:149
+#: ../../../docs/configuring-playbook-bot-baibot.md:173
+#: ../../../docs/configuring-playbook-bot-baibot.md:204
+#: ../../../docs/configuring-playbook-bot-baibot.md:232
 msgid "Here's an example **addition** to your `vars.yml` file:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:158
-#: ../../../docs/configuring-playbook-bot-baibot.md:189
-#: ../../../docs/configuring-playbook-bot-baibot.md:215
-#: ../../../docs/configuring-playbook-bot-baibot.md:243
+#: ../../../docs/configuring-playbook-bot-baibot.md:165
+#: ../../../docs/configuring-playbook-bot-baibot.md:196
+#: ../../../docs/configuring-playbook-bot-baibot.md:222
+#: ../../../docs/configuring-playbook-bot-baibot.md:256
 msgid "If you'd like to use more than one model, take a look at the [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset) section below."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:160
-#: ../../../docs/configuring-playbook-bot-baibot.md:191
-#: ../../../docs/configuring-playbook-bot-baibot.md:217
-#: ../../../docs/configuring-playbook-bot-baibot.md:245
+#: ../../../docs/configuring-playbook-bot-baibot.md:167
+#: ../../../docs/configuring-playbook-bot-baibot.md:198
+#: ../../../docs/configuring-playbook-bot-baibot.md:224
+#: ../../../docs/configuring-playbook-bot-baibot.md:258
 msgid "💡 You may also wish to use this new agent for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:162
+#: ../../../docs/configuring-playbook-bot-baibot.md:169
 msgid "Groq"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:164
+#: ../../../docs/configuring-playbook-bot-baibot.md:171
 msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Groq provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#groq) with the help of the playbook's preset variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:187
+#: ../../../docs/configuring-playbook-bot-baibot.md:194
 msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/groq`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:193
+#: ../../../docs/configuring-playbook-bot-baibot.md:200
 msgid "Mistral"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:195
+#: ../../../docs/configuring-playbook-bot-baibot.md:202
 msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [🇫🇷 Mistral provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#mistral) with the help of the playbook's preset variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:213
+#: ../../../docs/configuring-playbook-bot-baibot.md:220
 msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/mistral`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:219
+#: ../../../docs/configuring-playbook-bot-baibot.md:226
 msgid "OpenAI"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:221
+#: ../../../docs/configuring-playbook-bot-baibot.md:228
 msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai) with the help of the playbook's preset variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:223
+#: ../../../docs/configuring-playbook-bot-baibot.md:230
 msgid "The OpenAI provider is **only meant to be used with OpenAI's official API** and compatibility with other services (which do not fully adhere to the OpenAI API spec completely) is limited. **If you're targeting an OpenAI-compatible service**, use the [OpenAI Compatible](#openai-compatible) provider instead."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:241
+#: ../../../docs/configuring-playbook-bot-baibot.md:254
 msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:247
+#: ../../../docs/configuring-playbook-bot-baibot.md:260
 msgid "OpenAI Compatible"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:249
+#: ../../../docs/configuring-playbook-bot-baibot.md:262
 msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI Compatible provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai-compatible) with the help of the playbook's preset variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:251
+#: ../../../docs/configuring-playbook-bot-baibot.md:264
 msgid "This provider allows you to use OpenAI-compatible API services like [OpenRouter](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openrouter), [Together AI](https://github.com/etkecc/baibot/blob/main/docs/providers.md#together-ai), etc."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:253
+#: ../../../docs/configuring-playbook-bot-baibot.md:266
 msgid "Some of these popular services already have **shortcut** providers (see [supported providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md#supported-providers) leading to this one behind the scenes — this make it easier to get started."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:255
+#: ../../../docs/configuring-playbook-bot-baibot.md:268
 msgid "As of this moment, the playbook does not include presets for any of these services, so you'll need to [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:257
+#: ../../../docs/configuring-playbook-bot-baibot.md:270
 msgid "Configuring additional agents (without a preset)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:259
+#: ../../../docs/configuring-playbook-bot-baibot.md:272
 msgid "The Ansible role may be lacking preset variables for some [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md), or you may wish to statically-define an agent on the same provider twice (or more) with different configuration."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:261
+#: ../../../docs/configuring-playbook-bot-baibot.md:274
 msgid "It's possible to inject your own agent configuration using the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:263
+#: ../../../docs/configuring-playbook-bot-baibot.md:276
 msgid "You can also define providers at runtime, by chatting with the bot, so using Ansible is not a requirement."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:265
+#: ../../../docs/configuring-playbook-bot-baibot.md:278
 msgid "Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:304
+#: ../../../docs/configuring-playbook-bot-baibot.md:317
 msgid "Because these are [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agents, they will be given a `static/` ID prefix and will be named `static/my-openai-gpt-3.5-turbo-agent` and `static/my-ollama-agent`, respectively."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:306
+#: ../../../docs/configuring-playbook-bot-baibot.md:319
 msgid "💡 To figure out what to put in the `config` section, refer to the [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md) page, which contains **sample configuration YAML for each provider**."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:308
+#: ../../../docs/configuring-playbook-bot-baibot.md:321
 msgid "As with any [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md), defining them means they exist. To actually make use of them, they need to be configured as handlers globally or in a specific room — see [Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:310
+#: ../../../docs/configuring-playbook-bot-baibot.md:323
 msgid "💡 You may also wish to use these new agents for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:312
+#: ../../../docs/configuring-playbook-bot-baibot.md:325
 msgid "🤝 Configuring initial default handlers"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:314
+#: ../../../docs/configuring-playbook-bot-baibot.md:327
 msgid "This section is only useful if you're [🤖 Configuring agents via Ansible](#-configuring-agents-via-ansible), as it lets you put these agents to use as soon as the bot starts (by adjusting the bot's **initial global configuration**)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:316
+#: ../../../docs/configuring-playbook-bot-baibot.md:329
 msgid "If you're not configuring agents via Ansible, you can skip this section."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:318
+#: ../../../docs/configuring-playbook-bot-baibot.md:331
 msgid "This section is only useful the first time around. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:320
+#: ../../../docs/configuring-playbook-bot-baibot.md:333
 msgid "baibot supports [various purposes](https://github.com/etkecc/baibot/blob/main/docs/features.md):"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:322
+#: ../../../docs/configuring-playbook-bot-baibot.md:335
 msgid "[💬 text-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-generation): communicating with you via text"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:324
+#: ../../../docs/configuring-playbook-bot-baibot.md:337
 msgid "[🦻 speech-to-text](https://github.com/etkecc/baibot/blob/main/docs/features.md#-speech-to-text): turning your voice messages into text"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:326
+#: ../../../docs/configuring-playbook-bot-baibot.md:339
 msgid "[🗣️ text-to-speech](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-to-speech): turning bot or users text messages into voice messages"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:328
+#: ../../../docs/configuring-playbook-bot-baibot.md:341
 msgid "[🖌️ image-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-image-generation): generating images based on instructions"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:330
+#: ../../../docs/configuring-playbook-bot-baibot.md:343
 msgid "❓ catch-all: special purposes, indicating use as a fallback (when no specific handler is configured)"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:332
+#: ../../../docs/configuring-playbook-bot-baibot.md:345
 msgid "[Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models) is made possible by the bot's ability to have different [🤝 handlers](https://github.com/etkecc/baibot/blob/main/docs/configuration/handlers.md) configured for different purposes."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:334
+#: ../../../docs/configuring-playbook-bot-baibot.md:347
 msgid "This configuration can be done as a global fallback, or per-room. Both of these [🛠️ configurations](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md) are managed at runtime (viat chat), but **the global configuration can have some initial defaults configured via Ansible**."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:336
+#: ../../../docs/configuring-playbook-bot-baibot.md:349
 msgid "You can configure the **initial values** for these via Ansible, via the `matrix_bot_baibot_config_initial_global_config_handler_*` variables."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:338
+#: ../../../docs/configuring-playbook-bot-baibot.md:351
 msgid "Example **additional** `vars.yml` configuration:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:355
+#: ../../../docs/configuring-playbook-bot-baibot.md:368
 msgid "**Note**: these are initial defaults for the bot's global configuration. As such, changing any of these values subsequently has no effect on the bot's behavior. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:357
+#: ../../../docs/configuring-playbook-bot-baibot.md:370
 msgid "Extending the configuration"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:359
+#: ../../../docs/configuring-playbook-bot-baibot.md:372
 msgid "There are some additional things you may wish to configure about the bot."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:361
+#: ../../../docs/configuring-playbook-bot-baibot.md:374
 msgid "Take a look at:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:363
+#: ../../../docs/configuring-playbook-bot-baibot.md:376
 msgid "`roles/custom/matrix-bot-baibot/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:364
+#: ../../../docs/configuring-playbook-bot-baibot.md:377
 msgid "`roles/custom/matrix-bot-baibot/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_baibot_configuration_extension_yaml` variable"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:366
+#: ../../../docs/configuring-playbook-bot-baibot.md:379
 msgid "Installing"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:368
+#: ../../../docs/configuring-playbook-bot-baibot.md:381
 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:375
+#: ../../../docs/configuring-playbook-bot-baibot.md:388
 msgid "**Notes**:"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:377
+#: ../../../docs/configuring-playbook-bot-baibot.md:390
 msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:379
+#: ../../../docs/configuring-playbook-bot-baibot.md:392
 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:381
+#: ../../../docs/configuring-playbook-bot-baibot.md:394
 msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:383
+#: ../../../docs/configuring-playbook-bot-baibot.md:396
 msgid "If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:385
+#: ../../../docs/configuring-playbook-bot-baibot.md:398
 msgid "Usage"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:387
+#: ../../../docs/configuring-playbook-bot-baibot.md:400
 msgid "To use the bot, invite it to any existing Matrix room (`/invite @baibot:example.com` where `example.com` is your base domain, not the `matrix.` domain)."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:389
+#: ../../../docs/configuring-playbook-bot-baibot.md:402
 msgid "If you're an allowed bot [👥 user](https://github.com/etkecc/baibot/blob/main/docs/access.md#user) (see [👥 Initial users configuration](#-initial-users-configuration)), the bot will accept your invitation and join the room."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:391
+#: ../../../docs/configuring-playbook-bot-baibot.md:404
 msgid "After joining, the bot will introduce itself and show information about the [✨ features](https://github.com/etkecc/baibot/blob/main/docs/features.md) that are enabled for it."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:393
+#: ../../../docs/configuring-playbook-bot-baibot.md:406
 msgid "If you've [🤖 configured one or more agents via Ansible](#-configuring-agents-via-ansible) and have [🤝 configured initial default handlers](#configuring-initial-default-handlers), the bot will immediately be able to make use of these agents for this new room. Otherwise, you will need to configure agents and/or handlers via chat commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:395
+#: ../../../docs/configuring-playbook-bot-baibot.md:408
 msgid "Send `!bai help` to the bot in the room to see the available commands."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:397
+#: ../../../docs/configuring-playbook-bot-baibot.md:410
 msgid "You can also refer to the upstream [baibot](https://github.com/etkecc/baibot) project's documentation."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:399
+#: ../../../docs/configuring-playbook-bot-baibot.md:412
 msgid "Troubleshooting"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:401
-msgid "As with all other services, you can find service logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by running something like `journalctl -fu matrix-bot-baibot`"
+#: ../../../docs/configuring-playbook-bot-baibot.md:414
+msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-baibot`."
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:403
-msgid "The default logging level for this service is `info`, but you can increase it to `debug` (or even `trace`) with the following additional configuration:"
+#: ../../../docs/configuring-playbook-bot-baibot.md:416
+msgid "Increase logging verbosity"
 msgstr ""

-#: ../../../docs/configuring-playbook-bot-baibot.md:417
+#: ../../../docs/configuring-playbook-bot-baibot.md:418
+msgid "The default logging level for this service is `info`. If you want to increase the verbosity to `debug` (or even `trace`), add the following configuration to your `vars.yml` file and re-run the playbook:"
+msgstr ""
+
+#: ../../../docs/configuring-playbook-bot-baibot.md:432
 msgid "**Alternatively**, you can use a single variable to set the logging level for all of the above (bot + all libraries):"
 msgstr ""
--- a/Show More
+++ b/Show More