matrix-docker-ansible-deploy/group_vars/matrix_servers

---

# This variables file wires together the various components (roles) used by the playbook.
#
# Roles used by playbook are pretty minimal and kept independent of one another as much as possible.
# To deliver a turnkey fully-featured Matrix server, this playbook needs
# to connect them all together. It does so by overriding role variables.
#
# You can also override ANY variable (seen here or in any given role),
# by re-defining it in your own configuration file (`inventory/host_vars/matrix.example.com`).

########################################################################
#                                                                      #
# Playbook                                                             #
#                                                                      #
########################################################################

# Controls whether to install Docker or not
# Also see `devture_docker_sdk_for_python_installation_enabled`.
matrix_playbook_docker_installation_enabled: true

matrix_playbook_docker_installation_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options_auto | combine(matrix_playbook_docker_installation_daemon_options_custom, recursive=True) }}"

# Since Docker 27.0.1, Docker daemon options do not need to be changed to enable IPv6 support on the daemon side.
# See: https://docs.docker.com/engine/release-notes/27/#ipv6
# We only enable `ip6tables` and `experimental` for people who explicitly request it (perhaps due to running an old Docker version).
#
# Despite IPv6-enablement at the Docker level being a thing, for IPv6 to work for containers
# networks need to be created with IPv6 explicitly enabled.
# This is controlled by the `devture_systemd_docker_base_ipv6_enabled` variable and it's up to the various roles to
# respect this variable when creating their networks.
matrix_playbook_docker_installation_daemon_options_auto: |
  {{
    ({'experimental': true, 'ip6tables': true} if devture_systemd_docker_base_ipv6_daemon_options_changing_enabled else {})
  }}

matrix_playbook_docker_installation_daemon_options_custom: {}

matrix_playbook_docker_installation_daemon_options_file_path: /etc/docker/daemon.json

# Controls whether to attach Traefik labels to services.
# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
# yet still use Traefik installed in another way.
matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"

matrix_playbook_reverse_proxy_container_network: "{{ traefik_container_network if traefik_enabled else 'traefik' if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] else '' }}"
matrix_playbook_reverse_proxy_hostname: "{{ traefik_identifier if traefik_enabled else 'traefik' }}"

matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled: "{{ traefik_config_http_middlewares_compression_enabled if (traefik_enabled and traefik_config_http_middlewares_compression_enabled) else false }}"
matrix_playbook_reverse_proxy_traefik_middleware_compression_name: "{{ (traefik_config_http_middlewares_compression_middleware_name + '@file') if traefik_enabled else '' }}"

# A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [traefik_config_entrypoint_web_port, traefik_config_entrypoint_web_secure_port] }}"

# We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled.
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ traefik_config_entrypoint_web_secure_http3_enabled }}"

# `traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not.
# `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not,
# and affects how services configure their public URLs.
matrix_federation_traefik_entrypoint_tls: "{{ traefik_config_entrypoint_web_secure_enabled }}"

########################################################################
#                                                                      #
# /Playbook                                                            #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# aux                                                                  #
#                                                                      #
########################################################################

aux_directory_default_owner: "{{ matrix_user_username }}"
aux_directory_default_group: "{{ matrix_user_groupname }}"

aux_file_default_owner: "{{ matrix_user_username }}"
aux_file_default_group: "{{ matrix_user_groupname }}"

########################################################################
#                                                                      #
# /aux                                                                 #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# base                                                                 #
#                                                                      #
########################################################################

matrix_homeserver_container_extra_arguments_auto: |
  {{
    (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_double_puppet_config_path + '/registration.yaml,dst=/matrix-appservice-double-puppet-registration.yaml,ro'] if matrix_appservice_double_puppet_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_bluesky_config_path + '/registration.yaml,dst=/matrix-mautrix-bluesky-registration.yaml,ro'] if matrix_mautrix_bluesky_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_meta_messenger_config_path + '/registration.yaml,dst=/matrix-mautrix-meta-messenger-registration.yaml,ro'] if matrix_mautrix_meta_messenger_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_meta_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-meta-instagram-registration.yaml,ro'] if matrix_mautrix_meta_instagram_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/androidsms-registration.yaml,dst=/matrix-mautrix-androidsms-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/imessage-registration.yaml,dst=/matrix-mautrix-imessage-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
  }}

matrix_homeserver_app_service_config_files_auto: |
  {{
    (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
    +
    (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else [])
    +
    (['/matrix-appservice-double-puppet-registration.yaml'] if matrix_appservice_double_puppet_enabled else [])
    +
    (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
    +
    (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
    +
    (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
    +
    (['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
    +
    (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
    +
    (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
    +
    (['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else [])
    +
    (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
    +
    (['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
    +
    (['/matrix-mautrix-bluesky-registration.yaml'] if matrix_mautrix_bluesky_enabled else [])
    +
    (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
    +
    (['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else [])
    +
    (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
    +
    (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
    +
    (['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
    +
    (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
    +
    (['/matrix-mautrix-meta-messenger-registration.yaml'] if matrix_mautrix_meta_messenger_enabled else [])
    +
    (['/matrix-mautrix-meta-instagram-registration.yaml'] if matrix_mautrix_meta_instagram_enabled else [])
    +
    (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
    +
    (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
    +
    (['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else [])
    +
    (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
    +
    (['/matrix-mautrix-androidsms-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
    +
    (['/matrix-mautrix-imessage-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
    +
    (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
    +
    (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
    +
    (['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
    +
    (['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
    +
    (['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
    +
    (['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
    +
    (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
    +
    (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
  }}

matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_reverse_proxy_hostname + ':' + matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port | string) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_url }}"
matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}"

# Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features.
matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit'] else '') }}"

########################################################################
#                                                                      #
# /base                                                                #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# com.devture.ansible.role.systemd_service_manager                     #
#                                                                      #
########################################################################

# This list is not exhaustive and final.
# Synapse workers are still injected into the list at runtime.
# Additional JVB workers (jitsi_jvb.yml — roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
#
# Priority levels are like this:
# - Traefik starts first with a level of 250, so that:
#   - it can get an early start on obtaining SSL certificates and routing to other services as soon as they start (later)
#   - so that addon services (starting later) can communicte with the homeserver via Traefik's internal entrypoint
#     (see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled`)
# - core services (the homeserver) get a level of ~1000
# - services that the homeserver depends on (database, Redis, ntfy, coturn, etc.) get a lower level — between 500 and 1000
# - coturn gets a higher level if `devture_systemd_service_manager_service_restart_mode == 'one-by-one'` to intentionally delay it, because:
#  - starting services one by one means that the service manager role waits for each service to fully start before proceeding to the next one
#  - if coturn has a lower priority than the homeserver, it would be started before it
#  - since coturn is started before the homeserver, there's no container label telling Traefik to get a `matrix.example.com` certificate
#  - thus, coturn would spin and wait for a certificate until it fails. We'd get a playbook failure due to it, but service manager will proceed to start all other services anyway.
#  - only later, when the homeserver actually starts, would that certificate be fetched and dumped
# - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
#   - they can start before the reverse-proxy
#   - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
# - monitoring services (Prometheus, Grafana, …) get a level of 4000 — they can start later than all-of-Matrix
# - services which aren't time-sensitive (various crons and timers) get a level of 5000 — they can start later than all-of-Matrix
devture_systemd_service_manager_services_list_auto: |
  {{
    ([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
    +
    ([{'name': 'matrix-alertmanager-receiver.service', 'priority': 2200, 'groups': ['matrix', 'alertmanager-receiver']}] if matrix_alertmanager_receiver_enabled else [])
    +
    ([{'name': 'matrix-authentication-service.service', 'priority': 2200, 'groups': ['matrix', 'matrix-authentication-service']}] if matrix_authentication_service_enabled else [])
    +
    ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
    +
    ([{'name': 'matrix-bot-baibot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'baibot', 'bot-baibot']}] if matrix_bot_baibot_enabled else [])
    +
    ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
    +
    ([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit', 'bot-honoroit']}] if matrix_bot_honoroit_enabled else [])
    +
    ([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot', 'bot-matrix-registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
    +
    ([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot', 'bot-matrix-reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
    +
    ([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot', 'bot-maubot']}] if matrix_bot_maubot_enabled else [])
    +
    ([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir', 'bot-mjolnir']}] if matrix_bot_mjolnir_enabled else [])
    +
    ([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
    +
    ([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
    +
    ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
    +
    ([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else [])
    +
    ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
    +
    ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
    +
    ([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else [])
    +
    ([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else [])
    +
    ([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else [])
    +
    ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
    +
    ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
    +
    ([{'name': 'matrix-wechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
    +
    ([{'name': 'matrix-wechat-agent.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
    +
    ([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
    +
    ([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot']}] if matrix_hookshot_enabled else [])
    +
    ([{'name': 'matrix-mautrix-bluesky.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-bluesky']}] if matrix_mautrix_bluesky_enabled else [])
    +
    ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
    +
    ([{'name': 'matrix-mautrix-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-slack']}] if matrix_mautrix_slack_enabled else [])
    +
    ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
    +
    ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
    +
    ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
    +
    ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
    +
    ([{'name': (matrix_mautrix_meta_messenger_identifier + '.service'), 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-meta', 'mautrix-meta-messenger']}] if matrix_mautrix_meta_messenger_enabled else [])
    +
    ([{'name': (matrix_mautrix_meta_instagram_identifier + '.service'), 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-meta', 'mautrix-meta-instagram']}] if matrix_mautrix_meta_instagram_enabled else [])
    +
    ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
    +
    ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
    +
    ([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else [])
    +
    ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
    +
    ([{'name': 'matrix-mautrix-wsproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy']}] if matrix_mautrix_wsproxy_enabled else [])
    +
    ([{'name': 'matrix-mautrix-wsproxy-syncproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy-syncproxy']}] if matrix_mautrix_wsproxy_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else [])
    +
    ([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else [])
    +
    ([{'name': 'matrix-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bridges', 'postmoogle']}] if matrix_postmoogle_enabled else [])
    +
    ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
    +
    ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
    +
    ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
    +
    ([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny', 'client-cinny']}] if matrix_client_cinny_enabled else [])
    +
    ([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element', 'client-element']}] if matrix_client_element_enabled else [])
    +
    ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
    +
    ([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
    +
    ([{'name': 'matrix-client-fluffychat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'fluffychat', 'client-fluffychat']}] if matrix_client_fluffychat_enabled else [])
    +
    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
    +
    ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
    +
    ([{'name': 'matrix-coturn.service', 'priority': (900 if devture_systemd_service_manager_service_restart_mode == 'clean-stop-start' else 1500), 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
    +
    ([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else [])
    +
    ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
    +
    ([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
    +
    ([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else [])
    +
    ([{'name': (etherpad_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if etherpad_enabled else [])
    +
    ([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
    +
    ([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
    +
    ([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
    +
    ([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
    +
    ([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
    +
    ([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
    +
    ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
    +
    ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
    +
    ([{'name': (exim_relay_identifier ~ '.service'), 'priority': 800, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
    +
    ([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else [])
    +
    ([{'name': (postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if postgres_enabled else [])
    +
    ([{'name': (postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if postgres_backup_enabled else [])
    +
    ([{'name': (prometheus_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus']}] if prometheus_enabled else [])
    +
    ([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
    +
    ([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-postgres-exporter']}] if prometheus_postgres_exporter_enabled else [])
    +
    ([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-nginxlog-exporter']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
    +
    ([{'name': (valkey_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'valkey']}] if valkey_enabled else [])
    +
    ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
    +
    ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
    +
    ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
    +
    ([{'name': (livekit_server_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'livekit-server']}] if livekit_server_enabled else [])
    +
    ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
    +
    ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
    +
    ([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
    +
    ([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
    +
    ([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
    +
    ([{'name': 'matrix-synapse-auto-compressor.timer', 'priority': 5000, 'groups': ['matrix', 'synapse-auto-compressor']}] if matrix_synapse_auto_compressor_enabled else [])
    +
    ([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
    +
    ([{'name': (matrix_synapse_usage_exporter_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'synapse-usage-exporter']}] if matrix_synapse_usage_exporter_enabled else [])
    +
    ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
    +
    ([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
    +
    ([{'name': (matrix_static_files_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else [])
    +
    ([{'name': (container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if container_socket_proxy_enabled else [])
    +
    ([{'name': (traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if traefik_enabled else [])
    +
    ([{'name': (traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if traefik_certs_dumper_enabled else [])
  }}

########################################################################
#                                                                      #
# /com.devture.ansible.role.systemd_service_manager                    #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# com.devture.ansible.role.timesync                                    #
#                                                                      #
########################################################################

# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.

########################################################################
#                                                                      #
# /com.devture.ansible.role.timesync                                   #
#                                                                      #
########################################################################


######################################################################
#
# com.devture.ansible.role.playbook_state_preserver
#
######################################################################

# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.

devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}"
devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}"

devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml"

devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml"

######################################################################
#
# /com.devture.ansible.role.playbook_state_preserver
#
######################################################################


########################################################################
#                                                                      #
# geerlingguy/ansible-role-docker                                      #
#                                                                      #
########################################################################

docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}"

########################################################################
#                                                                      #
# /geerlingguy/ansible-role-docker                                     #
#                                                                      #
########################################################################


######################################################################
#
# matrix-base
#
######################################################################

matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"

matrix_homeserver_systemd_services_list: |-
  {{
    (
      ([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation != 'synapse' else [])
      +
      ([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation == 'synapse' and not matrix_synapse_reverse_proxy_companion_enabled else [])
      +
      (['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
    ) | unique
  }}

matrix_homeserver_container_client_api_endpoint: |-
  {{
    {
      'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)),
      'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
      'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
      'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
    }[matrix_homeserver_implementation]
  }}

matrix_homeserver_container_federation_api_endpoint: |-
  {{
    {
      'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)),
      'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
      'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
      'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
    }[matrix_homeserver_implementation]
  }}

matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"

######################################################################
#
# /matrix-base
#
######################################################################


######################################################################
#
# matrix-alertmanager-receiver
#
######################################################################

# We don't enable this by default.
matrix_alertmanager_receiver_enabled: false

matrix_alertmanager_receiver_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_alertmanager_receiver_container_image_registry_prefix_upstream_default }}"

matrix_alertmanager_receiver_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_alertmanager_receiver_container_network: "{{ matrix_addons_container_network }}"

matrix_alertmanager_receiver_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_alertmanager_receiver_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_alertmanager_receiver_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_alertmanager_receiver_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"

matrix_alertmanager_receiver_config_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_alertmanager_receiver_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_alertmanager_receiver_metrics_proxying_enabled: "{{ matrix_alertmanager_receiver_config_http_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_alertmanager_receiver_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_alertmanager_receiver_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-alertmanager-receiver"

######################################################################
#
# /matrix-alertmanager-receiver
#
######################################################################


######################################################################
#
# matrix-authentication-service
#
######################################################################

matrix_authentication_service_enabled: false

matrix_authentication_service_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_authentication_service_path_prefix: /auth

matrix_authentication_service_config_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_authentication_service_config_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mas.db', rounds=655555) | to_uuid }}"

matrix_authentication_service_config_matrix_homeserver: "{{ matrix_domain }}"
matrix_authentication_service_config_matrix_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mas.hs.secret', rounds=655555) | to_uuid }}"
matrix_authentication_service_config_matrix_endpoint: "{{ matrix_homeserver_container_url }}"

# We're using a non-default configuration which:
# - allows passwords from Synapse (hashed with bcrypt) to be imported with scheme version 1 so existing users will be able to login
# - as soon as they do one login, the hash will be 'upgraded' to argon2id
matrix_authentication_service_config_passwords_schemes:
  - version: 1
    secret: "{{ matrix_synapse_password_config_pepper }}"
    algorithm: bcrypt
  - version: 2
    algorithm: argon2id

matrix_authentication_service_config_clients_auto: |-
  {{
    ([
      {
        'client_id': matrix_synapse_experimental_features_msc3861_client_id,
        'client_auth_method': matrix_synapse_experimental_features_msc3861_client_auth_method,
        'client_secret': matrix_synapse_experimental_features_msc3861_client_secret,
      }
    ] if matrix_synapse_experimental_features_msc3861_enabled else [])
  }}

matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}"
matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}"
matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}"
matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}"

matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"

matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"

matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_authentication_service_container_network: "{{ matrix_homeserver_container_network }}"

matrix_authentication_service_container_additional_networks_auto: |-
  {{
    (
      ([postgres_container_network] if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else [])
      +
      ([exim_relay_container_network] if (exim_relay_enabled and matrix_authentication_service_config_email_transport == 'smtp' and matrix_authentication_service_config_email_hostname == exim_relay_identifier and matrix_authentication_service_container_network != exim_relay_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_authentication_service_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_authentication_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_authentication_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_authentication_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_authentication_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_authentication_service_container_labels_public_compatibility_layer_enabled: "{{ not matrix_authentication_service_migration_in_progress}}"
matrix_authentication_service_container_labels_public_compatibility_layer_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_authentication_service_container_labels_internal_compatibility_layer_enabled: "{{ not matrix_authentication_service_migration_in_progress}}"
matrix_authentication_service_container_labels_internal_compatibility_layer_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

# MAS somewhat depends on the homeserver service, but the homeserver also depends on MAS.
# To avoid a circular dependency, we make MAS not depend on the homeserver here.
# The homeserver is more lost without MAS than MAS is without the homeserver, so we'll define the dependency on the homeserver side.
# We'll put our dependency on the homeserver as a "want", rather than a requirement.
matrix_authentication_service_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else [])
  }}

# See more information about this homeserver "want" in the comment for `matrix_authentication_service_systemd_required_services_list_auto` above.
matrix_authentication_service_systemd_wanted_services_list_auto: |
  {{
    ['matrix-' + matrix_homeserver_implementation + '.service']
    +
    ([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_authentication_service_config_email_transport == 'smtp' and matrix_authentication_service_config_email_hostname == exim_relay_identifier and matrix_authentication_service_container_network != exim_relay_container_network) else [])
  }}

matrix_authentication_service_syn2mas_container_network: "{{ postgres_container_network if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else matrix_authentication_service_container_network }}"

matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "{{ matrix_synapse_config_dir_path + '/homeserver.yaml' if matrix_synapse_enabled else '' }}"

######################################################################
#
# /matrix-authentication-service
#
######################################################################




######################################################################
#
# matrix-bridge-appservice-discord
#
######################################################################

# We don't enable bridges by default.
matrix_appservice_discord_enabled: false

matrix_appservice_discord_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_discord_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_appservice_discord_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_discord_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_discord_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9005') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_appservice_discord_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_discord_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_appservice_discord_database_hostname == postgres_connection_hostname and matrix_appservice_discord_container_network != postgres_container_network) else [])
    ) | unique
  }}

# If the homeserver disables presence, it's likely better (less wasteful) to also disable presence on the bridge side.
matrix_appservice_discord_bridge_disablePresence: "{{ (not matrix_synapse_presence_enabled) if matrix_homeserver_implementation == 'synapse' else false }}"

matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"

matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"

# We only make this use Postgres if our own Postgres server is enabled.
# It's only then (for now) that we can automatically create the necessary database and user for this service.
matrix_appservice_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_appservice_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-appservice-discord
#
######################################################################


######################################################################
#
# matrix-appservice-webhooks
#
######################################################################

# We don't enable bridges by default.
matrix_appservice_webhooks_enabled: false

matrix_appservice_webhooks_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_appservice_webhooks_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_appservice_webhooks_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_webhooks_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_appservice_webhooks_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_webhooks_matrix_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_appservice_webhooks_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_webhooks_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_webhooks_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_appservice_webhooks_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_webhooks_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"

matrix_appservice_webhooks_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"

matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-appservice-webhooks
#
######################################################################


######################################################################
#
# matrix-appservice-slack
#
######################################################################

# We don't enable bridges by default.
matrix_appservice_slack_enabled: false

matrix_appservice_slack_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_appservice_slack_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_appservice_slack_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_slack_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_appservice_slack_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_slack_slack_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_appservice_slack_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_slack_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname and matrix_appservice_slack_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_slack_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_appservice_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"

matrix_appservice_slack_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"

matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"

# Postgres is the default, except if not using internal Postgres server
matrix_appservice_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'nedb' }}"
matrix_appservice_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
matrix_appservice_slack_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}"

######################################################################
#
# /matrix-bridge-appservice-slack
#
######################################################################

######################################################################
#
# matrix-bridge-appservice-irc
#
######################################################################

# We don't enable bridges by default.
matrix_appservice_irc_enabled: false

matrix_appservice_irc_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_appservice_irc_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_irc_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_irc_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_appservice_irc_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9999') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_appservice_irc_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_irc_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname and matrix_appservice_irc_container_network != postgres_container_network) else [])
    ) | unique
  }}

# The IRC bridge docs say that if homeserver presence is disabled, it's better to also disable
# IRC bridge presence, for performance reasons.
matrix_appservice_irc_homeserver_enablePresence: "{{ matrix_synapse_presence_enabled if matrix_homeserver_implementation == 'synapse' else true }}"

matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"

matrix_appservice_irc_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"

matrix_appservice_irc_database_engine: "{{ 'postgres' if postgres_enabled else 'nedb' }}"
matrix_appservice_irc_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
matrix_appservice_irc_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}"

######################################################################
#
# /matrix-bridge-appservice-irc
#
######################################################################

######################################################################
#
# matrix-bridge-appservice-kakaotalk
#
######################################################################

# We don't enable bridges by default.
matrix_appservice_kakaotalk_enabled: false

matrix_appservice_kakaotalk_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_kakaotalk_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_kakaotalk_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname and matrix_appservice_kakaotalk_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"

matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"

matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_appservice_kakaotalk_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-appservice-kakaotalk
#
######################################################################


######################################################################
#
# matrix-bridge-beeper-linkedin
#
######################################################################

# We don't enable bridges by default.
matrix_beeper_linkedin_enabled: false

matrix_beeper_linkedin_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_beeper_linkedin_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default }}"

matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_beeper_linkedin_container_network: "{{ matrix_addons_container_network }}"

matrix_beeper_linkedin_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname and matrix_beeper_linkedin_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"

matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"

matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |-
  {{
    ({
      matrix_beeper_linkedin_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
    else (
      {matrix_beeper_linkedin_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
      else {}
    )
  }}

matrix_beeper_linkedin_bridge_presence: "{{ (matrix_synapse_presence_enabled if matrix_synapse_enabled else true) if matrix_homeserver_implementation == 'synapse' else true }}"

matrix_beeper_linkedin_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-beeper-linkedin
#
######################################################################


######################################################################
#
# matrix-bridge-go-skype-bridge
#
######################################################################

# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false

matrix_go_skype_bridge_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_go_skype_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_go_skype_bridge_docker_image_registry_prefix_upstream_default }}"

matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_go_skype_bridge_container_network: "{{ matrix_addons_container_network }}"

matrix_go_skype_bridge_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname and matrix_go_skype_bridge_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"

matrix_go_skype_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"

matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

# Postgres is the default, except if not using internal Postgres server
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_go_skype_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-go-skype-bridge
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-bluesky
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_bluesky_enabled: false

matrix_mautrix_bluesky_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_bluesky_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_bluesky_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_bluesky_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_bluesky_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname and matrix_mautrix_bluesky_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_bluesky_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_mautrix_bluesky_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_bluesky_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_bluesky_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_bluesky_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}"

matrix_mautrix_bluesky_double_puppet_secrets_auto: |-
  {{
    ({
      matrix_mautrix_bluesky_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_bluesky_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_bluesky_metrics_proxying_enabled: "{{ matrix_mautrix_bluesky_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky"

matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_bluesky_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"

######################################################################
#
# /matrix-bridge-mautrix-bluesky
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-discord
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_discord_enabled: false

matrix_mautrix_discord_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_discord_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mautrix_discord_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_discord_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_discord_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_discord_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_discord_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_discord_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_discord_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_discord_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_discord_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"

matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"

matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}"

matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_discord_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_mautrix_discord_bridge_login_shared_secret_map_auto: |-
  {{
    ({
      matrix_mautrix_discord_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
    else (
      {matrix_mautrix_discord_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
      else {}
    )
  }}

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-discord
#
######################################################################


######################################################################
#
# matrix-bridge-mautrix-slack
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_slack_enabled: false

matrix_mautrix_slack_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_slack_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_slack_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mautrix_slack_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_slack_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname and matrix_mautrix_slack_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.as.tok', rounds=655555) | to_uuid }}"

matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"

matrix_mautrix_slack_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_slack_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}"

matrix_mautrix_slack_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.pmed', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-slack
#
######################################################################


######################################################################
#
# matrix-bridge-mautrix-facebook
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false

matrix_mautrix_facebook_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_facebook_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_facebook_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_facebook_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_mautrix_facebook_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_facebook_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname and matrix_mautrix_facebook_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_facebook_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_facebook_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_facebook_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_facebook_appservice_public_enabled: true
matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"

matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mautrix_facebook_bridge_presence: "{{ (matrix_synapse_presence_enabled if matrix_synapse_enabled else true) if matrix_homeserver_implementation == 'synapse' else true }}"

matrix_mautrix_facebook_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_facebook_metrics_proxying_enabled: "{{ matrix_mautrix_facebook_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_facebook_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_facebook_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-facebook"

# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_facebook_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-facebook
#
######################################################################


######################################################################
#
# matrix-bridge-mautrix-googlechat
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_googlechat_enabled: false

matrix_mautrix_googlechat_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_googlechat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_googlechat_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_googlechat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9007') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_mautrix_googlechat_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_googlechat_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname and matrix_mautrix_googlechat_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_googlechat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_googlechat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_googlechat_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_googlechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_googlechat_login_shared_secret: |-
  {{
    ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    if matrix_appservice_double_puppet_enabled
    else (
      matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
      else ""
    )
  }}

matrix_mautrix_googlechat_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_googlechat_metrics_proxying_enabled: "{{ matrix_mautrix_googlechat_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_googlechat_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_googlechat_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-googlechat"

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-googlechat
#
######################################################################



######################################################################
#
# matrix-bridge-mautrix-instagram
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_instagram_enabled: false

matrix_mautrix_instagram_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_instagram_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_instagram_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_instagram_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_instagram_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname and matrix_mautrix_instagram_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_instagram_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_mautrix_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mautrix_instagram_bridge_presence: "{{ (matrix_synapse_presence_enabled if matrix_synapse_enabled else true) if matrix_homeserver_implementation == 'synapse' else true }}"

matrix_mautrix_instagram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_instagram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-instagram"

# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_instagram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-instagram
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-signal
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_signal_enabled: false

matrix_mautrix_signal_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_signal_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_signal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_signal_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mautrix_signal_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_signal_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_signal_database_hostname == postgres_connection_hostname and matrix_mautrix_signal_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_signal_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_mautrix_signal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_signal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_signal_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_signal_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal"

matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"

matrix_mautrix_signal_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.pmed', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-signal
#
######################################################################


######################################################################
#
# matrix-bridge-mautrix-meta-messenger
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_meta_messenger_enabled: false

matrix_mautrix_meta_messenger_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_meta_messenger_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_meta_messenger_container_image_registry_prefix_upstream_default }}"

matrix_mautrix_meta_messenger_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_meta_messenger_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_meta_messenger_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname and matrix_mautrix_meta_messenger_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_messenger_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_meta_messenger_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_meta_messenger_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_meta_messenger_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.as', rounds=655555) | to_uuid }}"

matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"

matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_meta_messenger_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_meta_messenger_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_meta_messenger_metrics_proxying_enabled: "{{ matrix_mautrix_meta_messenger_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger"

# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
matrix_mautrix_meta_messenger_database_hostname: "{{ postgres_connection_hostname if (postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}"
matrix_mautrix_meta_messenger_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}"

######################################################################
#
# /matrix-bridge-mautrix-meta-messenger
#
######################################################################



######################################################################
#
# matrix-bridge-mautrix-meta-instagram
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_meta_instagram_enabled: false

matrix_mautrix_meta_instagram_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_meta_instagram_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_meta_instagram_container_image_registry_prefix_upstream_default }}"

matrix_mautrix_meta_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_meta_instagram_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_meta_instagram_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname and matrix_mautrix_meta_instagram_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_instagram_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_meta_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_meta_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_meta_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.as', rounds=655555) | to_uuid }}"

matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"

matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_meta_instagram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_meta_instagram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_meta_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_meta_instagram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram"

# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
matrix_mautrix_meta_instagram_database_hostname: "{{ postgres_connection_hostname if (postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}"
matrix_mautrix_meta_instagram_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}"

######################################################################
#
# /matrix-bridge-mautrix-meta-instagram
#
######################################################################


######################################################################
#
# matrix-bridge-mautrix-telegram
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_telegram_enabled: false

matrix_mautrix_telegram_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_telegram_path_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"

matrix_mautrix_telegram_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_telegram_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_docker_image_registry_prefix_upstream_default }}"

# Images are multi-arch (amd64 and arm64, but not arm32).
matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_telegram_lottieconverter_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"

matrix_mautrix_telegram_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9006') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_mautrix_telegram_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_telegram_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname and matrix_mautrix_telegram_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_telegram_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_telegram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
  {{
    ({
      matrix_mautrix_telegram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
    else (
      {matrix_mautrix_telegram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
      else {}
    )
  }}

matrix_mautrix_telegram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_telegram_metrics_proxying_enabled: "{{ matrix_mautrix_telegram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram"

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-telegram
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-twitter
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_twitter_enabled: false

matrix_mautrix_twitter_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_twitter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_twitter_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_mautrix_twitter_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_twitter_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname and matrix_mautrix_twitter_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_twitter_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_mautrix_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"

matrix_mautrix_twitter_double_puppet_secrets_auto: |-
  {{
    ({
      matrix_mautrix_twitter_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter"

matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"

######################################################################
#
# /matrix-bridge-mautrix-twitter
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-gmessages
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_gmessages_enabled: false

matrix_mautrix_gmessages_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_gmessages_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_gmessages_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mautrix_gmessages_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_gmessages_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_gmessages_database_hostname == postgres_connection_hostname and matrix_mautrix_gmessages_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mautrix_gmessages_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_gmessages_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_gmessages_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-gmessages
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-wsproxy
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_wsproxy_enabled: false

matrix_mautrix_wsproxy_systemd_required_services_list_default: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}"

matrix_mautrix_wsproxy_syncproxy_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_mautrix_wsproxy_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_wsproxy_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_wsproxy_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_wsproxy_container_additional_networks: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_mautrix_wsproxy_container_network) else [])
    ) | unique
  }}

matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wsproxy.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-wsproxy
#
######################################################################

######################################################################
#
# matrix-bridge-wechat
#
######################################################################

# We don't enable bridges by default.
matrix_wechat_enabled: false

matrix_wechat_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_wechat_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_wechat_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_wechat_container_image_registry_prefix_upstream_default }}"

matrix_wechat_agent_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_wechat_agent_container_image_registry_prefix_upstream_default }}"

matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_wechat_agent_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_wechat_container_network: "{{ matrix_addons_container_network }}"

matrix_wechat_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_wechat_database_hostname == postgres_connection_hostname and matrix_wechat_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.as.token', rounds=655555) | to_uuid }}"

matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"

matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"

# Postgres is the default, except if not using internal Postgres server
matrix_wechat_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_wechat_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_wechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gowechat.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-wechat
#
######################################################################

######################################################################
#
# matrix-bridge-mautrix-whatsapp
#
######################################################################

# We don't enable bridges by default.
matrix_mautrix_whatsapp_enabled: false

matrix_mautrix_whatsapp_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_whatsapp_docker_image_registry_prefix_upstream_default }}"

matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mautrix_whatsapp_container_network: "{{ matrix_addons_container_network }}"

matrix_mautrix_whatsapp_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if postgres_enabled and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_whatsapp_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_mautrix_whatsapp_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_whatsapp_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname else [])
  }}

matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"

matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_whatsapp_double_puppet_secrets_auto: |-
  {{
    {
      matrix_mautrix_whatsapp_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    }
    if matrix_appservice_double_puppet_enabled
    else {}
  }}

matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"

# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mautrix-whatsapp
#
######################################################################

######################################################################
#
# matrix-sms-bridge
#
######################################################################

# We don't enable bridges by default.
matrix_sms_bridge_enabled: false

matrix_sms_bridge_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_sms_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sms_bridge_docker_image_registry_prefix_upstream_default }}"

matrix_sms_bridge_container_network: "{{ matrix_addons_container_network }}"

matrix_sms_bridge_container_additional_networks_auto: |-
  {{
    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
  }}

matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"

matrix_sms_bridge_homeserver_hostname: "{{ (matrix_homeserver_container_client_api_endpoint | split(':'))[0] }}"
matrix_sms_bridge_homeserver_port: "{{ (matrix_homeserver_container_client_api_endpoint | split(':'))[1] }}"
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-sms-bridge
#
######################################################################

######################################################################
#
# matrix-bridge-heisenbridge
#
######################################################################

# We don't enable bridges by default.
matrix_heisenbridge_enabled: false

matrix_heisenbridge_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_heisenbridge_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"

matrix_heisenbridge_container_network: "{{ matrix_addons_container_network }}"

matrix_heisenbridge_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_heisenbridge_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []
    ) | unique
  }}

matrix_heisenbridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"

matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"

matrix_heisenbridge_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

######################################################################
#
# /matrix-bridge-heisenbridge
#
######################################################################

######################################################################
#
# matrix-bridge-hookshot
#
######################################################################

# We don't enable bridges by default.
matrix_hookshot_enabled: false

matrix_hookshot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_hookshot_docker_image_registry_prefix_upstream_default }}"

matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"

matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"

matrix_hookshot_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_hookshot_systemd_wanted_services_list: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([(valkey_identifier + '.service')] if valkey_enabled and matrix_hookshot_cache_redis_host == valkey_identifier else [])
  }}

# Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
# We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
# because connectivity is still potentially troublesome and is to be investigated.
matrix_hookshot_cache_redis_host: "{{ valkey_identifier if valkey_enabled else '' }}"

matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"

matrix_hookshot_container_additional_networks_auto: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([valkey_container_network] if valkey_enabled and matrix_hookshot_cache_redis_host == valkey_identifier else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_hookshot_container_http_host_bind_ports_defaultmapping:
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
  - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"

matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"

matrix_hookshot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"

matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_hookshot_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/hookshot"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"

######################################################################
#
# /matrix-bridge-hookshot
#
######################################################################


######################################################################
#
# matrix-bridge-mx-puppet-slack
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_slack_enabled: false

matrix_mx_puppet_slack_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_mx_puppet_slack_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_slack_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_slack_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_mx_puppet_slack_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_slack_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname and matrix_mx_puppet_slack_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_slack_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mx_puppet_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mx_puppet_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_slack_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-slack
#
######################################################################

######################################################################
#
# matrix-bridge-mx-puppet-twitter
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_twitter_enabled: false

matrix_mx_puppet_twitter_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_mx_puppet_twitter_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_twitter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_twitter_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_mx_puppet_twitter_appservice_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_mx_puppet_twitter_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_twitter_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname and matrix_mx_puppet_twitter_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_twitter_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_mx_puppet_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mx_puppet_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_twitter_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-twitter
#
######################################################################


######################################################################
#
# matrix-bridge-mx-puppet-instagram
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_instagram_enabled: false

matrix_mx_puppet_instagram_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_instagram_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_instagram_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_mx_puppet_instagram_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_instagram_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname and matrix_mx_puppet_instagram_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_instagram_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_instagram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-instagram
#
######################################################################

######################################################################
#
# matrix-bridge-mx-puppet-discord
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_discord_enabled: false

matrix_mx_puppet_discord_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_discord_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_discord_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_mx_puppet_discord_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_discord_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname and matrix_mx_puppet_discord_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_discord_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-discord
#
######################################################################

######################################################################
#
# matrix-bridge-mx-puppet-steam
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_steam_enabled: false

matrix_mx_puppet_steam_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_steam_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_steam_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_mx_puppet_steam_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_steam_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname and matrix_mx_puppet_steam_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_steam_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_steam_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_steam_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-steam
#
######################################################################


######################################################################
#
# matrix-bridge-mx-puppet-groupme
#
######################################################################

# We don't enable bridges by default.
matrix_mx_puppet_groupme_enabled: false

matrix_mx_puppet_groupme_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_mx_puppet_groupme_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_groupme_docker_image_registry_prefix_upstream_default }}"

matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_mx_puppet_groupme_container_network: "{{ matrix_addons_container_network }}"

matrix_mx_puppet_groupme_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname and matrix_mx_puppet_groupme_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"

matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

matrix_mx_puppet_groupme_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_groupme_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bridge-mx-puppet-groupme
#
######################################################################

######################################################################
#
# matrix-bridge-postmoogle
#
######################################################################

# We don't enable bridges by default.
matrix_postmoogle_enabled: false

matrix_postmoogle_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_postmoogle_docker_image_registry_prefix_upstream_default }}"

matrix_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_postmoogle_ssl_path: |-
  {{
    {
      'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''),
      'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

matrix_playbook_bridge_postmoogle_traefik_tls_cert: "{% for domain in matrix_postmoogle_domains %}/ssl/{{ domain }}/certificate.crt {% endfor %}"
matrix_playbook_bridge_postmoogle_traefik_key: "{% for domain in matrix_postmoogle_domains %}/ssl/{{ domain }}/privatekey.key {% endfor %}"

matrix_postmoogle_tls_cert: |-
  {{
    {
      'playbook-managed-traefik': (matrix_playbook_bridge_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''),
      'other-traefik-container': (matrix_playbook_bridge_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

matrix_postmoogle_tls_key: |-
  {{
    {
      'playbook-managed-traefik': (matrix_playbook_bridge_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''),
      'other-traefik-container': (matrix_playbook_bridge_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

matrix_playbook_bridge_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_postmoogle_domains %}{{ traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}"

matrix_postmoogle_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_postmoogle_database_hostname == matrix_postmoogle_database_hostname else [])
    +
    (matrix_playbook_bridge_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled else [])
  }}

# Postgres is the default, except if not using internal Postgres server
matrix_postmoogle_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_postmoogle_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"

matrix_postmoogle_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_postmoogle_container_network: "{{ matrix_addons_container_network }}"

matrix_postmoogle_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else [])
    ) | unique
  }}

######################################################################
#
# /matrix-bridge-postmoogle
#
######################################################################

######################################################################
#
# matrix-bot-matrix-reminder-bot
#
######################################################################

# We don't enable bots by default.
matrix_bot_matrix_reminder_bot_enabled: false

matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else [])
  }}

matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"

matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_bot_matrix_reminder_bot_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_matrix_reminder_bot_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else [])
    ) | unique
  }}

matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

# Postgres is the default, except if not using internal Postgres server
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"

matrix_bot_matrix_reminder_bot_allowlist_enabled: true
matrix_bot_matrix_reminder_bot_allowlist_regexes_auto:
  - "@[a-z0-9-_.]+:{{ matrix_domain }}"

######################################################################
#
# /matrix-bot-matrix-reminder-bot
#
######################################################################


######################################################################
#
# matrix-bot-matrix-registration-bot
#
######################################################################

# We don't enable bots by default.
matrix_bot_matrix_registration_bot_enabled: false

matrix_bot_matrix_registration_bot_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default }}"

matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_bot_matrix_registration_bot_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_matrix_registration_bot_container_additional_networks_auto: |-
  {{
    ([matrix_homeserver_container_network] if matrix_bot_matrix_registration_bot_container_network != matrix_homeserver_container_network else [])
  }}

# Using `matrix_addons_homeserver_client_api_url` would not work here,
# because `matrix-traefik:8008` (matrix-internal-client-api) does not expose any `/_synapse` paths.
matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_container_url }}"

######################################################################
#
# /matrix-bot-matrix-registration-bot
#
######################################################################

######################################################################
#
# matrix-bot-maubot
#
######################################################################

# We don't enable bots by default.
matrix_bot_maubot_enabled: false

matrix_bot_maubot_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_bot_maubot_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_bot_maubot_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_bot_maubot_homeserver_secret: |-
  {{
    {
      'synapse': matrix_synapse_registration_shared_secret | default(''),
      'dendrite': matrix_dendrite_client_api_registration_shared_secret | default(''),
    }[matrix_homeserver_implementation] | default('')
  }}

matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}"

matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_bot_maubot_container_management_interface_http_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_bot_maubot_server_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_bot_maubot_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_maubot_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_bot_maubot_database_hostname == postgres_connection_hostname and matrix_bot_maubot_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_maubot_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_bot_maubot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_bot_maubot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_bot_maubot_container_labels_management_hostname: "{{ matrix_server_fqn_matrix }}"

# Postgres is the default, except if not using internal Postgres server
matrix_bot_maubot_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_bot_maubot_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bot-maubot
#
######################################################################


######################################################################
#
# matrix-bot-honoroit
#
######################################################################

# We don't enable bots by default.
matrix_bot_honoroit_enabled: false

matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_bot_honoroit_path_prefix: /honoroit

matrix_bot_honoroit_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_honoroit_database_hostname == postgres_connection_hostname else [])
  }}

matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"

matrix_bot_honoroit_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_honoroit_container_additional_networks: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_bot_honoroit_database_hostname == postgres_connection_hostname and matrix_bot_honoroit_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_honoroit_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

# For consistency with other things hosted at the Matrix FQN, we adjust the metrics endpoint
# so that metrics would be served at something like `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`).
matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ matrix_metrics_exposure_path_prefix }}/honoroit"

matrix_bot_honoroit_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"

# Postgres is the default, except if not using internal Postgres server
matrix_bot_honoroit_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_bot_honoroit_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

######################################################################
#
# /matrix-bot-honoroit
#
######################################################################

######################################################################
#
# matrix-bot-buscarron
#
######################################################################

# We don't enable bots by default.
matrix_bot_buscarron_enabled: false

matrix_bot_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"

matrix_bot_buscarron_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"

matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_bot_buscarron_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_buscarron_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_bot_buscarron_database_hostname == postgres_connection_hostname and matrix_bot_buscarron_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_buscarron_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_bot_buscarron_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"

# Postgres is the default, except if not using internal Postgres server
matrix_bot_buscarron_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-bot-buscarron
#
######################################################################


######################################################################
#
# matrix-bot-baibot
#
######################################################################

# We don't enable bots by default.
matrix_bot_baibot_enabled: false

matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

matrix_bot_baibot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_bot_baibot_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_bot_baibot_config_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_bot_baibot_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_baibot_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
    ) | unique
  }}

######################################################################
#
# /matrix-bot-baibot
#
######################################################################

######################################################################
#
# matrix-bot-chatgpt
#
######################################################################

# We don't enable bots by default.
matrix_bot_chatgpt_enabled: false

matrix_bot_chatgpt_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_chatgpt_container_image_registry_prefix_upstream_default }}"

matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_bot_chatgpt_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_chatgpt_container_additional_networks_auto: "{{ [] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network] }}"

matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_bot_chatgpt_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"

######################################################################
#
# /matrix-bot-chatgpt
#
######################################################################


######################################################################
#
# matrix-bot-go-neb
#
######################################################################

# We don't enable bots by default.
matrix_bot_go_neb_enabled: false

matrix_bot_go_neb_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"

matrix_bot_go_neb_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_bot_go_neb_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_go_neb_container_image_registry_prefix_upstream_default }}"

matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_bot_go_neb_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_go_neb_container_additional_networks: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_go_neb_container_labels_traefik_enabled else [])
    ) | unique
  }}

matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-bot-go-neb
#
######################################################################


######################################################################
#
# matrix-bot-mjolnir
#
######################################################################

# We don't enable bots by default.
matrix_bot_mjolnir_enabled: false

matrix_bot_mjolnir_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    (['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else [])
  }}

matrix_bot_mjolnir_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default }}"

matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_bot_mjolnir_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_mjolnir_container_additional_networks_auto: |-
  {{
    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
  }}

matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
######################################################################
#
# /matrix-bot-mjolnir
#
######################################################################


######################################################################
#
# matrix-bot-draupnir
#
######################################################################

# We don't enable bots by default.
matrix_bot_draupnir_enabled: false

matrix_bot_draupnir_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8769') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_bot_draupnir_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    (['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else [])
  }}

matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"

matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"

matrix_bot_draupnir_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else
        [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if
        (matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_draupnir_container_labels_traefik_enabled) else [])
      +
      ([matrix_pantalaimon_container_network] if (matrix_bot_draupnir_pantalaimon_use and matrix_pantalaimon_container_network != matrix_bot_draupnir_container_network) else [])
    ) | unique
  }}

matrix_bot_draupnir_config_homeserverUrl: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"  # noqa var-naming
matrix_bot_draupnir_config_rawHomeserverUrl: "{{ matrix_addons_homeserver_client_api_url }}"  # noqa var-naming

matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_config_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-bot-draupnir
#
######################################################################


######################################################################
#
# matrix-appservice-draupnir-for-all
#
######################################################################

# We don't enable bots by default.
matrix_appservice_draupnir_for_all_enabled: false

matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"

matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_appservice_draupnir_for_all_container_network: "{{ matrix_addons_container_network }}"

matrix_appservice_draupnir_for_all_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != postgres_container_network) else [])
    ) | unique
  }}

matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}"

matrix_appservice_draupnir_for_all_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-appservice-draupnir-for-all
#
######################################################################


######################################################################
#
# matrix-appservice-double-puppet
#
######################################################################

matrix_appservice_double_puppet_enabled: false

matrix_appservice_double_puppet_registration_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.doub.pup', rounds=655555) | to_uuid }}"
matrix_appservice_double_puppet_registration_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hs.doub.pup', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-appservice-double-puppet
#
######################################################################


######################################################################
#
# matrix-pantalaimon
#
######################################################################

matrix_pantalaimon_enabled: false

matrix_pantalaimon_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_pantalaimon_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_pantalaimon_docker_image_registry_prefix_upstream_default }}"

matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}"

matrix_pantalaimon_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_pantalaimon_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

######################################################################
#
# /matrix-pantalaimon
#
######################################################################


######################################################################
#
# etke/backup_borg
#
######################################################################

backup_borg_enabled: false

backup_borg_identifier: matrix-backup-borg
backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}

backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"

backup_borg_username: "{{ matrix_user_username }}"
backup_borg_uid: "{{ matrix_user_uid }}"
backup_borg_gid: "{{ matrix_user_gid }}"

backup_borg_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else backup_borg_docker_image_registry_prefix_upstream_default }}"

backup_borg_container_network: "{{ postgres_container_network if postgres_enabled else backup_borg_identifier }}"

backup_borg_postgresql_version_detection_postgres_role_name: "{{ 'galaxy/postgres' if postgres_enabled else '' }}"

backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"

backup_borg_postgresql_enabled: "{{ postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ postgres_connection_username if postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ postgres_connection_password if postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}"
backup_borg_postgresql_databases_auto: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}"

backup_borg_location_source_directories:
  - "{{ matrix_base_data_path }}"

backup_borg_location_exclude_patterns: |
  {{
    ([matrix_synapse_media_store_path + '/remote_content', matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
    +
    ([postgres_data_path] if postgres_enabled else [])
  }}

backup_borg_systemd_required_services_list: |
  {{
    [devture_systemd_docker_base_docker_service_name]
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled else [])
  }}

######################################################################
#
# /etke/backup_borg
#
######################################################################


######################################################################
#
# matrix-cactus-comments
#
######################################################################

matrix_cactus_comments_enabled: false

matrix_cactus_comments_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_cactus_comments_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_cactus_comments_docker_image_registry_prefix_upstream_default }}"

matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_cactus_comments_container_network: "{{ matrix_addons_container_network }}"

matrix_cactus_comments_container_additional_networks_auto: |-
  {{
    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
  }}

matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"

matrix_cactus_comments_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

######################################################################
#
# /matrix-cactus-comments
#
######################################################################

######################################################################
#
# matrix-cactus-comments-client
#
######################################################################

matrix_cactus_comments_client_enabled: "{{ matrix_cactus_comments_enabled }}"

matrix_cactus_comments_client_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_cactus_comments_client_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_cactus_comments_client_container_image_registry_prefix_upstream_default }}"

matrix_cactus_comments_client_container_network: "{{ matrix_addons_container_network }}"

matrix_cactus_comments_client_container_additional_networks_auto: |-
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_cactus_comments_client_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_cactus_comments_client_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-cactus-comments-client
#
######################################################################

######################################################################
#
# matrix-corporal
#
######################################################################

matrix_corporal_enabled: false

matrix_corporal_systemd_required_services_list_auto: |
  {{
    (['matrix-' + matrix_homeserver_implementation + '.service'])
  }}

matrix_corporal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_corporal_docker_image_registry_prefix_upstream_default }}"

matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_corporal_container_http_gateway_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_corporal_container_http_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41081') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_corporal_container_network: matrix-corporal

matrix_corporal_container_additional_networks: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([matrix_homeserver_container_network] if matrix_corporal_container_network != matrix_homeserver_container_network else [])
    ) | unique
  }}

matrix_corporal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_corporal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_corporal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"

matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"

# This is only useful if there's REST auth provider to make use of it.
matrix_corporal_http_gateway_internal_rest_auth_enabled: "{{ matrix_synapse_ext_password_provider_rest_auth_enabled }}"

matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}"

######################################################################
#
# /matrix-corporal
#
######################################################################


######################################################################
#
# matrix-rageshake
#
######################################################################

# We don't enable rageshake by default.
matrix_rageshake_enabled: false

matrix_rageshake_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"

matrix_rageshake_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_rageshake_container_image_registry_prefix_upstream_default }}"

matrix_rageshake_container_network: matrix-rageshake

matrix_rageshake_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9110') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rageshake_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-rageshake
#
######################################################################

######################################################################
#
# matrix-coturn
#
######################################################################

matrix_coturn_enabled: true

matrix_coturn_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_coturn_docker_image_registry_prefix_upstream_default }}"

matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"

# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case.
# Users are free to set `matrix_coturn_turn_external_ip_address` to an empty string
# to allow auto-detection (via an EchoIP service) to happen at runtime.
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"

matrix_coturn_turn_static_auth_secret: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'auth-secret' else '' }}"

matrix_coturn_lt_cred_mech_username: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.user', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'lt-cred-mech' else '' }}"
matrix_coturn_lt_cred_mech_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.pass', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'lt-cred-mech' else '' }}"

matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}"

matrix_coturn_tls_cert_path: |-
  {{
    {
      'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
      'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

matrix_coturn_tls_key_path: |-
  {{
    {
      'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
      'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

matrix_coturn_container_additional_volumes: |
  {{
    (
      [
       {
         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + matrix_server_fqn_matrix + '/certificate.crt'),
         'dst': '/certificate.crt',
         'options': 'ro',
       },
       {
         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + matrix_server_fqn_matrix + '/privatekey.key'),
         'dst': '/privatekey.key',
         'options': 'ro',
       },
      ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else []
    )
  }}

matrix_coturn_systemd_required_services_list: |
  {{
    [devture_systemd_docker_base_docker_service_name]
    +
    ([traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
  }}

######################################################################
#
# /matrix-coturn
#
######################################################################

######################################################################
#
# matrix-dimension
#
######################################################################

matrix_dimension_enabled: false

matrix_dimension_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_dimension_hostname: "{{ matrix_server_fqn_dimension }}"

matrix_dimension_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_dimension_docker_image_registry_prefix_upstream_default }}"

matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_dimension_container_network: "{{ matrix_addons_container_network }}"

# Dimension is connected both to `matrix_addons_homeserver_container_network` and `matrix_homeserver_container_network`,
# because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
# going to different places.
matrix_dimension_container_additional_networks: |
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_dimension_container_network else [])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_dimension_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_dimension_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
    ) | unique
  }}

matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8184') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dimension_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_dimension_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
matrix_dimension_homeserver_mediaUrl: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"

# Dimension depends both on `matrix_addons_homeserver_systemd_services_list` and on the homeserver service,
# because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
# going to different places.
matrix_dimension_systemd_required_services_list_auto: |
  {{
    (
      matrix_addons_homeserver_systemd_services_list
      +
      ['matrix-' + matrix_homeserver_implementation + '.service']
      +
      ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_dimension_database_hostname == postgres_connection_hostname) else [])
    ) | unique
  }}

# Postgres is the default, except if not using internal Postgres server
matrix_dimension_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_dimension_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-dimension
#
######################################################################

######################################################################
#
# etherpad
#
######################################################################

etherpad_enabled: false

etherpad_identifier: matrix-etherpad

etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"

etherpad_framing_enabled: "{{ matrix_dimension_enabled or jitsi_enabled }}"

etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"

etherpad_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else etherpad_container_image_registry_prefix_upstream_default }}"

etherpad_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

etherpad_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9001') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

etherpad_container_network: "{{ matrix_addons_container_network }}"

etherpad_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([postgres_container_network] if postgres_enabled and postgres_container_network != etherpad_container_network else [])
    ) | unique
  }}

etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
etherpad_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
etherpad_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

etherpad_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if postgres_enabled else [])
  }}

etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad
etherpad_database_username: matrix_etherpad
etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /etherpad
#
######################################################################

######################################################################
#
# matrix-dynamic-dns
#
######################################################################

matrix_dynamic_dns_enabled: false

matrix_dynamic_dns_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_dynamic_dns_docker_image_registry_prefix_upstream_default }}"

matrix_dynamic_dns_container_network: matrix-dynamic-dns

######################################################################
#
# /matrix-dynamic-dns
#
######################################################################

######################################################################
#
# jitsi
#
######################################################################

jitsi_enabled: false

jitsi_architecture: "{{ matrix_architecture }}"

jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"

jitsi_identifier: matrix-jitsi

jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"

jitsi_uid: "{{ matrix_user_uid }}"
jitsi_gid: "{{ matrix_user_gid }}"

jitsi_user_username: "{{ matrix_user_username }}"

jitsi_web_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_web_container_image_registry_prefix_upstream_default }}"

jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

jitsi_web_container_additional_networks_auto: |
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
  }}

jitsi_jvb_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_jvb_container_image_registry_prefix_upstream_default }}"

jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

jitsi_jvb_container_additional_networks_auto: |
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
  }}

jitsi_prosody_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_prosody_container_image_registry_prefix_upstream_default }}"

jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

jitsi_prosody_container_additional_networks_auto: |
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
  }}

jitsi_jicofo_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_jicofo_container_image_registry_prefix_upstream_default }}"

jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"

jitsi_web_stun_servers: |
  {{
    [
      'stun:' + matrix_server_fqn_matrix + ':5349',
      'stun:' + matrix_server_fqn_matrix + ':3478',
    ]
    if matrix_coturn_enabled
    else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
  }}

# The Jitsi instance installed by this playbook is meant for embedding into Matrix clients, so framing is allowed.
jitsi_web_framing_enabled: true

# Jitsi (Prosody) only seems to support authenticating with coturn using `auth-secret`, not `lt-cred-mech`.
# See: https://prosody.im/doc/coturn
jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
jitsi_turn_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turns_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port_tcp.split(':')[-1] if matrix_coturn_enabled else '' }}"
jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port_tcp.split(':')[-1] if matrix_coturn_enabled else '' }}"

# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
# unless explicitly disabled by setting `jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `jitsi_etherpad_enabled` to true,
# while also setting `etherpad_enabled` to false.
jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"

# Allow verification using JWT and matrix-UVS
jitsi_prosody_auth_matrix_uvs_sync_power_levels: "{{ matrix_user_verification_service_enabled }}"
jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"

jitsi_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

# Gravatar is enabled by default upstream, but there's no need to leak data there needlessly
# when embedding Jitsi in Matrix rooms.
jitsi_disable_gravatar: true

######################################################################
#
# /jitsi
#
######################################################################


######################################################################
#
# matrix-ldap-registration-proxy
#
######################################################################

# This is only for users with a specific LDAP setup
matrix_ldap_registration_proxy_enabled: false

matrix_ldap_registration_proxy_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_ldap_registration_proxy_matrix_server_url: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_ldap_registration_proxy_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
  }}

matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream_default }}"

matrix_ldap_registration_proxy_container_network: "{{ matrix_addons_container_network }}"

matrix_ldap_registration_proxy_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ldap_registration_proxy_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_ldap_registration_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-ldap-registration-proxy
#
######################################################################


########################################################################
#                                                                      #
# exim-relay                                                           #
#                                                                      #
########################################################################

# We set up an Exim email relay by default.
# This is so that the homeserver and various other services can send emails through it.
# To completely disable this service, use: `exim_relay_enabled: false`

exim_relay_identifier: "matrix-exim-relay"

exim_relay_base_path: "{{ matrix_base_data_path }}/exim-relay"

exim_relay_uid: "{{ matrix_user_uid }}"
exim_relay_gid: "{{ matrix_user_gid }}"

exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"

exim_relay_sender_address: "matrix@{{ exim_relay_hostname }}"

exim_relay_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else exim_relay_container_image_registry_prefix_upstream_default }}"

exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"

########################################################################
#                                                                      #
# /exim-relay                                                          #
#                                                                      #
########################################################################


######################################################################
#
# matrix-ma1sd
#
######################################################################

# We no longer install the ma1sd identity server by default.
#
# The main reason we used to install ma1sd by default in the past was to
# prevent Element from talking to the `matrix.org` / `vector.im` identity servers,
# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead,
# thus preventing contact list leaks.
#
# Since Element no longer defaults to using a public identity server if another one is not provided,
# we can stop installing ma1sd.
matrix_ma1sd_enabled: false

matrix_ma1sd_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_ma1sd_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_ma1sd_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ma1sd_docker_image_registry_prefix_upstream_default }}"

matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_ma1sd_container_network: "{{ matrix_homeserver_container_network }}"

matrix_ma1sd_container_additional_networks_auto: |
  {{
    (
      ([matrix_homeserver_container_network] if (matrix_ma1sd_container_network != matrix_homeserver_container_network) else [])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname and matrix_ma1sd_container_network != postgres_container_network) else [])
      +
      ([exim_relay_container_network] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier and matrix_ma1sd_container_network != exim_relay_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ma1sd_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_ma1sd_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_ma1sd_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

# We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define
# your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
matrix_ma1sd_synapsesql_enabled: true
matrix_ma1sd_synapsesql_type: postgresql
matrix_ma1sd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}

matrix_ma1sd_dns_overwrite_enabled: true
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: "{{ matrix_addons_homeserver_client_api_url }}"

# By default, we send mail through the exim relay service.
matrix_ma1sd_threepid_medium_email_identity_from: "{{ exim_relay_sender_address }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "{{ exim_relay_identifier }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0

matrix_ma1sd_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

matrix_ma1sd_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_ma1sd_systemd_wanted_services_list_auto: |
  {{
    ([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier) else [])
  }}

# Postgres is the default, except if not using internal Postgres server
matrix_ma1sd_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_ma1sd_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-ma1sd
#
######################################################################

######################################################################
#
# matrix-media-repo
#
######################################################################

matrix_media_repo_enabled: false

matrix_media_repo_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_media_repo_docker_image_registry_prefix_upstream_default }}"

matrix_media_repo_container_network: "{{ matrix_homeserver_container_network }}"

matrix_media_repo_container_additional_networks: |
  {{
    (
      ([matrix_homeserver_container_network] if (matrix_media_repo_container_network != matrix_homeserver_container_network) else [])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_media_repo_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_media_repo_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_media_repo_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_media_repo_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_media_repo_metrics_proxying_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_media_repo_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-media-repo"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_media_repo_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_media_repo_database_username: matrix_media_repo
matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
matrix_media_repo_database_name: matrix_media_repo

matrix_media_repo_systemd_required_services_list_auto: |
  {{
    matrix_addons_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname else [])
  }}

matrix_media_repo_generate_signing_key: "{{ matrix_homeserver_implementation == 'synapse' or matrix_homeserver_implementation == 'dendrite'}}"
matrix_media_repo_homeserver_signing_key: "{{ matrix_media_repo_synapse_signing_key if matrix_homeserver_implementation == 'synapse' else (matrix_media_repo_dendrite_signing_key if matrix_homeserver_implementation == 'dendrite' else '') }}"
matrix_media_repo_synapse_signing_key: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key"
matrix_media_repo_dendrite_signing_key: "{{ matrix_dendrite_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.pem"

# Auto configured server setup by the playbook
matrix_media_repo_homeservers_auto:
  -  # Keep the dash from this line.

    # This should match the server_name of your homeserver, and the Host header
    # provided to the media repo.
    name: "{{ matrix_domain }}"

    # The base URL to where the homeserver can actually be reached by MMR.
    csApi: "{{ matrix_homeserver_container_url }}"

    # The number of consecutive failures in calling this homeserver before the
    # media repository will start backing off. This defaults to 10 if not given.
    backoffAt: 10

    # The admin API interface supported by the homeserver. MMR uses a subset of the admin API
    # during certain operations, like attempting to purge media from a room or validating server
    # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set
    # to "matrix", most functionality requiring the admin API will not work.
    adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"

    # The signing key to use for authorizing outbound federation requests. If not specified,
    # requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
    # for details.
    signingKeyPath: "{{ '/config/' + matrix_media_repo_identifier + '.signing.key' if matrix_media_repo_generate_signing_key else '' }}"

matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

######################################################################
#
# /matrix-media-repo
#
######################################################################


########################################################################
#                                                                      #
# postgres                                                             #
#                                                                      #
########################################################################

# To completely disable installing Postgres, use `postgres_enabled: false`.

postgres_identifier: matrix-postgres

postgres_architecture: "{{ matrix_architecture }}"

postgres_base_path: "{{ matrix_base_data_path }}/postgres"

postgres_uid: "{{ matrix_user_uid }}"
postgres_gid: "{{ matrix_user_gid }}"

postgres_connection_username: matrix
postgres_db_name: matrix

postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (postgres_identifier + '.service')) }}"

postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}"

postgres_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else postgres_container_image_registry_prefix_upstream_default }}"

postgres_pgloader_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else postgres_pgloader_container_image_registry_prefix_upstream_default }}"

postgres_managed_databases_auto: |
  {{
    ([{
      'name': matrix_synapse_database_database,
      'username': matrix_synapse_database_user,
      'password': matrix_synapse_database_password,
    }] if (matrix_synapse_enabled and matrix_synapse_database_host == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_dendrite_federation_api_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_key_server_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_media_api_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_room_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_sync_api_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_user_api_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_relay_api_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_push_server_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    },{
      'name': matrix_dendrite_mscs_database,
      'username': matrix_dendrite_database_user,
      'password': matrix_dendrite_database_password,
    }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_authentication_service_config_database_database,
      'username': matrix_authentication_service_config_database_username,
      'password': matrix_authentication_service_config_database_password,
    }] if (matrix_authentication_service_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_sliding_sync_database_name,
      'username': matrix_sliding_sync_database_username,
      'password': matrix_sliding_sync_database_password,
    }] if (matrix_sliding_sync_enabled) else [])
    +
    ([{
      'name': matrix_ma1sd_database_name,
      'username': matrix_ma1sd_database_username,
      'password': matrix_ma1sd_database_password,
    }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_bot_matrix_reminder_bot_database_name,
      'username': matrix_bot_matrix_reminder_bot_database_username,
      'password': matrix_bot_matrix_reminder_bot_database_password,
    }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_bot_honoroit_database_name,
      'username': matrix_bot_honoroit_database_username,
      'password': matrix_bot_honoroit_database_password,
    }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_postmoogle_database_name,
      'username': matrix_postmoogle_database_username,
      'password': matrix_postmoogle_database_password,
    }] if (matrix_postmoogle_enabled and matrix_postmoogle_database_engine == 'postgres' and matrix_postmoogle_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_bot_maubot_database_name,
      'username': matrix_bot_maubot_database_username,
      'password': matrix_bot_maubot_database_password,
    }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_bot_buscarron_database_name,
      'username': matrix_bot_buscarron_database_username,
      'password': matrix_bot_buscarron_database_password,
    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_registration_database_name,
      'username': matrix_registration_database_username,
      'password': matrix_registration_database_password,
    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_discord_database_name,
      'username': matrix_appservice_discord_database_username,
      'password': matrix_appservice_discord_database_password,
    }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_draupnir_for_all_database_name,
      'username': matrix_appservice_draupnir_for_all_database_username,
      'password': matrix_appservice_draupnir_for_all_database_password,
    }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_slack_database_name,
      'username': matrix_appservice_slack_database_username,
      'password': matrix_appservice_slack_database_password,
    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_irc_database_name,
      'username': matrix_appservice_irc_database_username,
      'password': matrix_appservice_irc_database_password,
    }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_appservice_kakaotalk_database_name,
      'username': matrix_appservice_kakaotalk_database_username,
      'password': matrix_appservice_kakaotalk_database_password,
    }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_beeper_linkedin_database_name,
      'username': matrix_beeper_linkedin_database_username,
      'password': matrix_beeper_linkedin_database_password,
    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_go_skype_bridge_database_name,
      'username': matrix_go_skype_bridge_database_username,
      'password': matrix_go_skype_bridge_database_password,
    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_wechat_database_name,
      'username': matrix_wechat_database_username,
      'password': matrix_wechat_database_password,
    }] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_bluesky_database_name,
      'username': matrix_mautrix_bluesky_database_username,
      'password': matrix_mautrix_bluesky_database_password,
    }] if (matrix_mautrix_bluesky_enabled and matrix_mautrix_bluesky_database_engine == 'postgres' and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_facebook_database_name,
      'username': matrix_mautrix_facebook_database_username,
      'password': matrix_mautrix_facebook_database_password,
    }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_googlechat_database_name,
      'username': matrix_mautrix_googlechat_database_username,
      'password': matrix_mautrix_googlechat_database_password,
    }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_instagram_database_name,
      'username': matrix_mautrix_instagram_database_username,
      'password': matrix_mautrix_instagram_database_password,
    }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_signal_database_name,
      'username': matrix_mautrix_signal_database_username,
      'password': matrix_mautrix_signal_database_password,
    }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_meta_messenger_database_name,
      'username': matrix_mautrix_meta_messenger_database_username,
      'password': matrix_mautrix_meta_messenger_database_password,
    }] if (matrix_mautrix_meta_messenger_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres' and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_meta_instagram_database_name,
      'username': matrix_mautrix_meta_instagram_database_username,
      'password': matrix_mautrix_meta_instagram_database_password,
    }] if (matrix_mautrix_meta_instagram_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres' and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_wsproxy_syncproxy_database_name,
      'username': matrix_mautrix_wsproxy_syncproxy_database_username,
      'password': matrix_mautrix_wsproxy_syncproxy_database_password,
    }] if (matrix_mautrix_wsproxy_enabled and matrix_mautrix_wsproxy_syncproxy_database_engine == 'postgres' and matrix_mautrix_wsproxy_syncproxy_database_hostname == 'matrix-postgres') else [])
    +
    ([{
      'name': matrix_mautrix_telegram_database_name,
      'username': matrix_mautrix_telegram_database_username,
      'password': matrix_mautrix_telegram_database_password,
    }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_twitter_database_name,
      'username': matrix_mautrix_twitter_database_username,
      'password': matrix_mautrix_twitter_database_password,
    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_gmessages_database_name,
      'username': matrix_mautrix_gmessages_database_username,
      'password': matrix_mautrix_gmessages_database_password,
    }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_whatsapp_database_name,
      'username': matrix_mautrix_whatsapp_database_username,
      'password': matrix_mautrix_whatsapp_database_password,
    }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_discord_database_name,
      'username': matrix_mautrix_discord_database_username,
      'password': matrix_mautrix_discord_database_password,
    }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mautrix_slack_database_name,
      'username': matrix_mautrix_slack_database_username,
      'password': matrix_mautrix_slack_database_password,
    }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_slack_database_name,
      'username': matrix_mx_puppet_slack_database_username,
      'password': matrix_mx_puppet_slack_database_password,
    }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_twitter_database_name,
      'username': matrix_mx_puppet_twitter_database_username,
      'password': matrix_mx_puppet_twitter_database_password,
    }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_instagram_database_name,
      'username': matrix_mx_puppet_instagram_database_username,
      'password': matrix_mx_puppet_instagram_database_password,
    }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_discord_database_name,
      'username': matrix_mx_puppet_discord_database_username,
      'password': matrix_mx_puppet_discord_database_password,
    }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_steam_database_name,
      'username': matrix_mx_puppet_steam_database_username,
      'password': matrix_mx_puppet_steam_database_password,
    }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_mx_puppet_groupme_database_name,
      'username': matrix_mx_puppet_groupme_database_username,
      'password': matrix_mx_puppet_groupme_database_password,
    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_dimension_database_name,
      'username': matrix_dimension_database_username,
      'password': matrix_dimension_database_password,
    }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': etherpad_database_name,
      'username': etherpad_database_username,
      'password': etherpad_database_password,
    }] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': prometheus_postgres_exporter_database_name,
      'username': prometheus_postgres_exporter_database_username,
      'password': prometheus_postgres_exporter_database_password,
    }] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname) else [])
    +
    ([{
      'name': matrix_media_repo_database_name,
      'username': matrix_media_repo_database_username,
      'password': matrix_media_repo_database_password,
    }] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname) else [])

   }}

########################################################################
#                                                                      #
# /postgres                                                            #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# postgres_backup                                                      #
#                                                                      #
########################################################################

postgres_backup_enabled: false

postgres_backup_identifier: matrix-postgres-backup

postgres_backup_architecture: "{{ matrix_architecture }}"

postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup"

postgres_backup_systemd_required_services_list_auto: |
  {{
    ([(postgres_identifier + '.service')] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else [])
  }}

postgres_backup_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else postgres_backup_container_image_registry_prefix_upstream_default }}"

postgres_backup_container_network: "{{ (postgres_container_network if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else postgres_backup_identifier) }}"

postgres_backup_container_additional_networks_auto: |-
  {{
      ([postgres_container_network] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname and postgres_backup_container_network != postgres_container_network) else [])
  }}

postgres_backup_uid: "{{ matrix_user_uid }}"
postgres_backup_gid: "{{ matrix_user_gid }}"

postgres_backup_connection_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
postgres_backup_connection_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}"
postgres_backup_connection_username: "{{ postgres_connection_username if postgres_enabled else '' }}"
postgres_backup_connection_password: "{{ postgres_connection_password if postgres_enabled else '' }}"

postgres_backup_postgres_data_path: "{{ postgres_data_path if postgres_enabled else '' }}"
postgres_backup_postgres_role_include_name: galaxy/postgres

postgres_backup_databases_auto: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}"

########################################################################
#                                                                      #
# /postgres_backup                                                     #
#                                                                      #
########################################################################


######################################################################
#
# matrix-sygnal
#
######################################################################

# Most people don't need their own push-server, because they also need their own app to utilize it from.
matrix_sygnal_enabled: false

matrix_sygnal_metrics_prometheus_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"

matrix_sygnal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sygnal_docker_image_registry_prefix_upstream_default }}"

matrix_sygnal_container_network: "{{ matrix_homeserver_container_network }}"

matrix_sygnal_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '6000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sygnal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-sygnal
#
######################################################################

######################################################################
#
# ntfy
#
######################################################################

ntfy_enabled: false

ntfy_identifier: matrix-ntfy

ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"

ntfy_uid: "{{ matrix_user_uid }}"
ntfy_gid: "{{ matrix_user_gid }}"

ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"

ntfy_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ntfy_container_image_registry_prefix_upstream_default }}"

ntfy_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
ntfy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
ntfy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
  {{
    [matrix_server_fqn_matrix]
  }}

######################################################################
#
# /ntfy
#
######################################################################


######################################################################
#
# valkey
#
######################################################################

valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}"

valkey_identifier: matrix-valkey

valkey_uid: "{{ matrix_user_uid }}"
valkey_gid: "{{ matrix_user_gid }}"

valkey_base_path: "{{ matrix_base_data_path }}/valkey"

valkey_arch: "{{ matrix_architecture }}"

valkey_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else valkey_container_image_registry_prefix_upstream_default }}"

######################################################################
#
# valkey
#
######################################################################


######################################################################
#
# matrix-client-element
#
######################################################################

# By default, this playbook installs the Element Web on the `matrix_server_fqn_element` domain.
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_client_element_enabled: true

matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_client_element_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_element_docker_image_registry_prefix_upstream_default }}"

matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_client_element_container_network: "{{ matrix_addons_container_network }}"

matrix_client_element_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_element_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_element_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_client_element_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_client_element_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled }}"
matrix_client_element_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_name if matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled else '' }}"

matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"

# Use Dimension if enabled, otherwise fall back to Scalar
matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"

matrix_client_element_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"

matrix_client_element_enable_presence_by_hs_url: |-
  {{
    none
    if matrix_synapse_presence_enabled
    else {matrix_client_element_default_hs_url: false}
  }}

matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"

matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}"

matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}"
matrix_client_element_element_call_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}"

######################################################################
#
# /matrix-client-element
#
######################################################################

######################################################################
#
# matrix-client-hydrogen
#
######################################################################

matrix_client_hydrogen_enabled: false

matrix_client_hydrogen_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_hydrogen_docker_image_registry_prefix_upstream_default }}"

matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_client_hydrogen_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8768') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_client_hydrogen_container_network: "{{ matrix_addons_container_network }}"

matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_hydrogen_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_client_hydrogen_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled }}"
matrix_client_hydrogen_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_name if matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled else '' }}"

matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"

matrix_client_hydrogen_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

######################################################################
#
# /matrix-client-hydrogen
#
######################################################################

######################################################################
#
# matrix-client-cinny
#
######################################################################

matrix_client_cinny_enabled: false

matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"

matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_client_cinny_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_client_cinny_container_network: "{{ matrix_addons_container_network }}"

matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_cinny_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_cinny_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_client_cinny_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled }}"
matrix_client_cinny_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_name if matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled else '' }}"

matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"

matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

######################################################################
#
# /matrix-client-cinny
#
######################################################################

######################################################################
#
# matrix-client-schildichat
#
######################################################################

matrix_client_schildichat_enabled: false

matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"

matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_client_schildichat_container_network: "{{ matrix_addons_container_network }}"

matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_schildichat_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"

# Use Dimension if enabled, otherwise fall back to Scalar
matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"

matrix_client_schildichat_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"

matrix_client_schildichat_enable_presence_by_hs_url: |-
  {{
    none
    if matrix_synapse_presence_enabled
    else {matrix_client_schildichat_default_hs_url: false}
  }}

matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"

######################################################################
#
# /matrix-client-schildichat
#
######################################################################

######################################################################
#
# matrix-client-fluffychat
#
######################################################################

matrix_client_fluffychat_enabled: false

matrix_client_fluffychat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"

matrix_client_fluffychat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_client_fluffychat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8770') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_client_fluffychat_container_network: "{{ matrix_addons_container_network }}"

matrix_client_fluffychat_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_fluffychat_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_client_fluffychat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_fluffychat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_client_fluffychat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_client_fluffychat_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

######################################################################
#
# /matrix-client-fluffychat
#
######################################################################

######################################################################
#
# matrix-synapse
#
######################################################################

matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"

matrix_synapse_username: "{{ matrix_user_username }}"
matrix_synapse_uid: "{{ matrix_user_uid }}"
matrix_synapse_gid: "{{ matrix_user_gid }}"

matrix_synapse_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

matrix_synapse_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_docker_image_registry_prefix_upstream_default }}"

matrix_s3_goofys_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_s3_goofys_docker_image_registry_prefix_upstream_default }}"

matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream_default }}"

matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url: "{{ ('http://matrix-ma1sd:' + matrix_ma1sd_container_port| string) }}"

# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
matrix_synapse_account_threepid_delegates_msisdn: "{{ matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url if matrix_ma1sd_enabled else '' }}"

# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
#
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
matrix_synapse_container_metrics_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9100') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"
#
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9000') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_synapse_container_network: "{{ matrix_homeserver_container_network }}"

matrix_synapse_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([postgres_container_network] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else [])
      +
      ([valkey_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
      +
      ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
      +
      ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
    ) | unique
  }}

matrix_synapse_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_synapse_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled }}"
matrix_synapse_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_name if matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled else '' }}"

matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}"

matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"

matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_synapse_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
matrix_synapse_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_synapse_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

# For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}"

matrix_synapse_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"

matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"

# We do not enable TLS in Synapse by default, since it's handled by Traefik.
matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~

matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"

matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_synapse_metrics_proxying_enabled: "{{ matrix_synapse_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_synapse_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_synapse_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/synapse"

matrix_synapse_email_enabled: "{{ exim_relay_enabled }}"
matrix_synapse_email_smtp_host: "{{ exim_relay_identifier }}"
matrix_synapse_email_smtp_port: 8025
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <{{ exim_relay_sender_address }}>"

matrix_synapse_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_synapse_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_synapse_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"

matrix_synapse_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

matrix_synapse_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else [])
    +
    ([valkey_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
    +
    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
    +
    (['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else [])
  }}

matrix_synapse_systemd_wanted_services_list_auto: |
  {{
    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
    +
    ([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
  }}

# Synapse workers (used for parallel load-scaling) need Redis for IPC.
matrix_synapse_redis_enabled: "{{ valkey_enabled }}"
matrix_synapse_redis_host: "{{ valkey_identifier if valkey_enabled else '' }}"
matrix_synapse_redis_password: "{{ valkey_connection_password if valkey_enabled else '' }}"

matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"

# Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"

# Enable Synapse statistics reporting when using synapse-usage-exporter
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"

matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}"

matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}"
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"

matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"

matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}"

matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}"

# Disable password authentication when delegating authentication to Matrix Authentication Service.
# Unless this is done, Synapse fails on startup with:
# > Error in configuration at 'password_config.enabled':
# > Password auth cannot be enabled when OAuth delegation is enabled
matrix_synapse_password_config_enabled: "{{ not matrix_synapse_experimental_features_msc3861_enabled }}"

matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user"

######################################################################
#
# /matrix-synapse
#
######################################################################


######################################################################
#
# matrix-synapse-auto-compressor
#
######################################################################

# Not enabled by default, for now
matrix_synapse_auto_compressor_enabled: false

matrix_synapse_auto_compressor_uid: "{{ matrix_user_uid }}"
matrix_synapse_auto_compressor_gid: "{{ matrix_user_gid }}"

matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_use }}"

matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}"

matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"

matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_hostname: "{{ matrix_synapse_database_host if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_port: "{{ matrix_synapse_database_port if matrix_synapse_enabled else '5432' }}"
matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_database if matrix_synapse_enabled else '' }}"

matrix_synapse_auto_compressor_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == postgres_container_network) else [])
  }}

######################################################################
#
# /matrix-synapse-auto-compressor
#
######################################################################


######################################################################
#
# matrix-synapse-reverse-proxy-companion
#
######################################################################

matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled and matrix_synapse_workers_enabled }}"

matrix_synapse_reverse_proxy_companion_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_reverse_proxy_companion_container_image_registry_prefix_upstream_default }}"

matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_synapse_container_network }}"

matrix_synapse_reverse_proxy_companion_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([matrix_prometheus_nginxlog_exporter_container_network] if (matrix_prometheus_nginxlog_exporter_enabled and matrix_prometheus_nginxlog_exporter_container_network != matrix_synapse_reverse_proxy_companion_container_network) else [])
      +
      ([] if matrix_homeserver_container_network in ['', matrix_synapse_reverse_proxy_companion_container_network] else [matrix_homeserver_container_network])
    ) | unique
  }}

matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"

matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8048') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_synapse_reverse_proxy_companion_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compression_name if matrix_playbook_reverse_proxy_traefik_middleware_compression_enabled else '' }}"

matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"

matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_container_labels_public_federation_api_traefik_tls }}"

matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_internal_client_api_traefik_entrypoints }}"

matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_synapse_reverse_proxy_companion_synapse_room_worker_client_server_locations: "{{ matrix_synapse_workers_room_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_room_worker_federation_locations: "{{ matrix_synapse_workers_room_worker_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_sync_worker_client_server_locations: "{{ matrix_synapse_workers_sync_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_client_reader_client_server_locations: "{{ matrix_synapse_workers_client_reader_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_federation_reader_federation_locations: "{{ matrix_synapse_workers_federation_reader_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"

matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_identifier | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"

######################################################################
#
# /matrix-synapse-reverse-proxy-companion
#
######################################################################

######################################################################
#
# matrix-synapse-admin
#
######################################################################

matrix_synapse_admin_enabled: false

matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"

matrix_synapse_admin_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8766') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

matrix_synapse_admin_container_network: "{{ matrix_addons_container_network }}"

matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_synapse_admin_config_asManagedUsers_auto: |
  {{
    ([
      '^@'+(matrix_alertmanager_receiver_config_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_alertmanager_receiver_enabled else [])
    +
    ([
      '^@'+(matrix_appservice_draupnir_for_all_user_prefix | default('') | regex_escape) +'_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_appservice_draupnir_for_all_enabled else [])
    +
    ([
      '^@'+(matrix_bot_baibot_config_user_mxid_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_baibot_enabled else [])
    +
    ([
      '^@'+(matrix_bot_buscarron_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_buscarron_enabled else [])
    +
    ([
      '^@'+(matrix_bot_draupnir_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_draupnir_enabled else [])
    +
    ([
      '^@'+(matrix_bot_chatgpt_matrix_bot_username_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_chatgpt_enabled else [])
    +
    ([
      '^@'+(matrix_bot_honoroit_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_honoroit_enabled else [])
    +
    ([
      '^@'+(matrix_bot_matrix_registration_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_matrix_registration_bot_enabled else [])
    +
    ([
      '^@'+(matrix_bot_matrix_reminder_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_matrix_reminder_bot_enabled else [])
    +
    ([
      '^@'+(matrix_bot_maubot_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_bot_maubot_enabled else [])
    +
    ([
      '^@'+(matrix_postmoogle_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
    ] if matrix_postmoogle_enabled else [])
    +
    ([
      '^@_discord_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_appservice_discord_enabled else [])
    +
    ([
      '^@'+(matrix_appservice_slack_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@'+(matrix_appservice_slack_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_appservice_slack_enabled else [])
    +
    ([
      '^@'+(matrix_appservice_webhooks_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@'+(matrix_appservice_webhooks_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_appservice_webhooks_enabled else [])
    +
    ([
      '^@'+(matrix_beeper_linkedin_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@linkedin_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_beeper_linkedin_enabled else [])
    +
    ([
      '^@'+(matrix_go_skype_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@skype_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_go_skype_bridge_enabled else [])
    +
    ([
      '^@heisenbridge:'+(matrix_domain | regex_escape)+'$',
      '^@hbirc_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_heisenbridge_enabled else [])
    +
    ([
      '^@hookshot:'+(matrix_domain | regex_escape)+'$',
      '^@_github_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
      '^@_gitlab_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
      '^@_jira_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
      '^@'+(matrix_hookshot_generic_userIdPrefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_hookshot_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_bluesky_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@bluesky_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_bluesky_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_discord_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@discord_[0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_discord_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_facebook_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@facebook_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_facebook_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_gmessages_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@gmessages_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_gmessages_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_googlechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@googlechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_googlechat_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_instagram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@instagram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_instagram_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_meta_instagram_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@'+(matrix_mautrix_meta_instagram_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_meta_instagram_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_meta_messenger_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@'+(matrix_mautrix_meta_messenger_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_meta_messenger_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_signal_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@signal_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_signal_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_slack_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@slack_[a-zA-Z0-9\-]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_slack_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_telegram_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_twitter_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@twitter_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_twitter_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_whatsapp_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@whatsapp_[0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_whatsapp_enabled else [])
    +
    ([
      '^@'+(matrix_mautrix_imessage_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@imessage_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mautrix_wsproxy_enabled else [])
    +
    ([
      '^@_discordpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_discord_enabled else [])
    +
    ([
      '^@_groupmepuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_groupme_enabled else [])
    +
    ([
      '^@_instagrampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_instagram_enabled else [])
    +
    ([
      '^@_slackpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_slack_enabled else [])
    +
    ([
      '^@_steampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_steam_enabled else [])
    +
    ([
      '^@'+(matrix_mx_puppet_twitter_bot_localpart | default('') | regex_escape)+':'+ (matrix_domain | regex_escape)+'$',
      '^@'+(matrix_mx_puppet_twitter_namespace_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_mx_puppet_twitter_enabled else [])
    +
    ([
      '^@smsbot:'+(matrix_domain | regex_escape)+'$',
      '^@sms_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_sms_bridge_enabled else [])
    +
    ([
      '^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_wechat_enabled else [])
  }}

######################################################################
#
# /matrix-synapse-admin
#
######################################################################

######################################################################
#
# matrix-synapse-usage-exporter
#
######################################################################

matrix_synapse_usage_exporter_enabled: false

matrix_synapse_usage_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_usage_exporter_container_image_registry_prefix_upstream_default }}"

matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container_network }}"

matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

######################################################################
#
# /matrix-synapse-usage-exporter
#
######################################################################

######################################################################
#
# prometheus_node_exporter
#
######################################################################

prometheus_node_exporter_enabled: false

prometheus_node_exporter_identifier: matrix-prometheus-node-exporter

prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node-exporter"

prometheus_node_exporter_uid: "{{ matrix_user_uid }}"
prometheus_node_exporter_gid: "{{ matrix_user_gid }}"

prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}"

prometheus_node_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_node_exporter_docker_image_registry_prefix_upstream_default }}"

prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_network }}"

prometheus_node_exporter_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

######################################################################
#
# /prometheus_node_exporter
#
######################################################################


######################################################################
#
# prometheus_postgres_exporter
#
######################################################################

prometheus_postgres_exporter_enabled: false

prometheus_postgres_exporter_identifier: matrix-prometheus-postgres-exporter

prometheus_postgres_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-postgres-exporter"

prometheus_postgres_exporter_uid: "{{ matrix_user_uid }}"
prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}"

prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}"

prometheus_postgres_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_postgres_exporter_docker_image_registry_prefix_upstream_default }}"

prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}"

prometheus_postgres_exporter_container_additional_networks: |
  {{
    ([postgres_container_network] if (postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname and prometheus_postgres_exporter_container_network != postgres_container_network) else [])
    +
    ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_traefik_enabled else [])
  }}

prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

prometheus_postgres_exporter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
prometheus_postgres_exporter_database_name: matrix_prometheus_postgres_exporter

prometheus_postgres_exporter_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname) else [])
  }}

######################################################################
#
# /prometheus_postgres_exporter
#
######################################################################


######################################################################
#
# matrix-prometheus-nginxlog-exporter
#
######################################################################

matrix_prometheus_nginxlog_exporter_enabled: false

matrix_prometheus_nginxlog_exporter_identifier: matrix-prometheus-nginxlog-exporter

matrix_prometheus_nginxlog_exporter_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream_default }}"

matrix_prometheus_nginxlog_exporter_container_network: "{{ matrix_monitoring_container_network }}"

matrix_prometheus_nginxlog_exporter_container_additional_networks_auto: |-
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled) else [])
  }}

matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_prometheus_nginxlog_exporter_config_namespaces_matrix_source_tags_auto: |
  {{
    ([matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_tag] if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled else [])
  }}

######################################################################
#
# /matrix-prometheus-nginxlog-exporter
#
######################################################################


######################################################################
#
# prometheus
#
######################################################################

prometheus_enabled: false

prometheus_identifier: matrix-prometheus

prometheus_base_path: "{{ matrix_base_data_path }}/prometheus"

prometheus_uid: "{{ matrix_user_uid }}"
prometheus_gid: "{{ matrix_user_gid }}"

prometheus_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_container_image_registry_prefix_upstream_default }}"

prometheus_container_network: "{{ matrix_monitoring_container_network }}"

prometheus_container_additional_networks_auto: |
  {{
    (
      ([prometheus_node_exporter_container_network] if prometheus_self_node_scraper_enabled and prometheus_node_exporter_container_network != prometheus_container_network else [])
      +
      ([matrix_synapse_container_network] if matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_synapse_container_network != prometheus_container_network else [])
      +
      ([prometheus_postgres_exporter_container_network] if matrix_prometheus_services_connect_scraper_postgres_enabled and prometheus_postgres_exporter_container_network != prometheus_container_network else [])
      +
      ([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else [])
      +
      ([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
      +
      ([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
      +
      ([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
    ) | unique
  }}

prometheus_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

prometheus_config_rule_files_auto: |
  {{
    (['synapse-v2.rules'] if matrix_prometheus_services_connect_synapse_rules_enabled else [])
  }}

prometheus_self_node_scraper_enabled: "{{ prometheus_node_exporter_enabled }}"
prometheus_self_node_scraper_static_configs_target: "{{ (prometheus_node_exporter_identifier + ':9100') if prometheus_node_exporter_enabled else '' }}"

prometheus_config_scrape_configs_auto: |
  {{
    (matrix_prometheus_services_connect_scraper_synapse_configs if matrix_prometheus_services_connect_scraper_synapse_enabled else [])
    +
    (matrix_prometheus_services_connect_scraper_postgres_scrape_configs if matrix_prometheus_services_connect_scraper_postgres_enabled else [])
    +
    (matrix_prometheus_services_connect_scraper_hookshot_scrape_configs if matrix_prometheus_services_connect_scraper_hookshot_enabled else [])
    +
    (matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
    +
    (matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
    +
    (matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
  }}

######################################################################
#
# /prometheus
#
######################################################################


######################################################################
#
# matrix-prometheus-services-connect
#
######################################################################

matrix_prometheus_services_connect_synapse_enabled: "{{ prometheus_enabled and matrix_synapse_enabled }}"

matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: "{{ prometheus_config_path }}"
matrix_prometheus_services_connect_synapse_rules_download_owner: "{{ prometheus_uid }}"
matrix_prometheus_services_connect_synapse_rules_download_group: "{{ prometheus_gid }}"

matrix_prometheus_services_connect_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"

matrix_prometheus_services_connect_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_postgres_static_configs_target: "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port | string }}"

matrix_prometheus_services_connect_scraper_hookshot_enabled: "{{ matrix_hookshot_enabled and matrix_hookshot_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port | string }}"

matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_identifier }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"

matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"

matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: "{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}"

######################################################################
#
# /matrix-prometheus-services-connect
#
######################################################################


######################################################################
#
# grafana
#
######################################################################

grafana_enabled: false

grafana_identifier: matrix-grafana

grafana_uid: "{{ matrix_user_uid }}"
grafana_gid: "{{ matrix_user_gid }}"

grafana_hostname: "{{ matrix_server_fqn_grafana }}"

grafana_base_path: "{{ matrix_base_data_path }}/grafana"

grafana_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else grafana_container_image_registry_prefix_upstream_default }}"

grafana_container_network: "{{ matrix_monitoring_container_network }}"

grafana_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and grafana_container_labels_traefik_enabled else [])
      +
      ([prometheus_container_network] if prometheus_enabled and prometheus_container_network != grafana_container_network else [])
    ) | unique
  }}

grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

grafana_provisioning_datasources: |
  {{
    ([{
      'name': (matrix_server_fqn_matrix + ' - Prometheus'),
      'type': 'prometheus',
      'access': 'proxy',
      'url': ('http://' + prometheus_identifier + ':9090'),
      'jsonData': {
        'timeInterval': prometheus_config_global_scrape_interval,
      }
    }] if prometheus_enabled else [])
  }}

grafana_dashboard_download_urls: |
  {{
    (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
    +
    (prometheus_node_exporter_dashboard_urls if prometheus_node_exporter_enabled else [])
    +
    (prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else [])
    +
    (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
    +
    (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
    +
    (matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
  }}

grafana_provisioning_dashboard_template_files: |
  {{
    ([{
        'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
        'name': 'nginx-proxy.json',
    }] if matrix_prometheus_nginxlog_exporter_enabled else [])
  }}

grafana_default_home_dashboard_path: |-
  {{
    {
      'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled and matrix_synapse_metrics_enabled else ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else '')),
      'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
      'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
      'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
    }[matrix_homeserver_implementation]
  }}

######################################################################
#
# /grafana
#
######################################################################


######################################################################
#
# matrix-registration
#
######################################################################

matrix_registration_enabled: false

matrix_registration_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_registration_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_registration_path_prefix: /matrix-registration

matrix_registration_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_registration_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_registration_docker_image_registry_prefix_upstream_default }}"

matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

matrix_registration_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8767') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

matrix_registration_container_network: "{{ matrix_addons_container_network }}"

matrix_registration_container_additional_networks_auto: |-
  {{
    (
      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname and matrix_mautrix_facebook_container_network != postgres_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_registration_container_labels_traefik_enabled) else [])
    ) | unique
  }}

matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_registration_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_registration_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"

matrix_registration_shared_secret: |-
  {{
    {
      'synapse': matrix_synapse_registration_shared_secret | default (''),
      'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
      'conduit': '',
      'conduwuit': '',
    }[matrix_homeserver_implementation]
  }}

matrix_registration_server_location: "{{ matrix_addons_homeserver_client_api_url }}"

matrix_registration_api_validate_certs: "{{ matrix_playbook_ssl_enabled }}"

# Postgres is the default, except if not using internal Postgres server
matrix_registration_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_registration_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-registration
#
######################################################################


######################################################################
#
# matrix-sliding-sync
#
######################################################################

# We don't enable the sliding sync proxy by default.
matrix_sliding_sync_enabled: false

matrix_sliding_sync_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_sliding_sync_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_sliding_sync_path_prefix: /sliding-sync

matrix_sliding_sync_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sliding_sync_container_image_registry_prefix_upstream_default }}"

matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_sliding_sync_container_network: "{{ matrix_homeserver_container_network }}"

matrix_sliding_sync_container_additional_networks: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_sliding_sync_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([] if matrix_homeserver_container_network in ['', matrix_sliding_sync_container_network] else [matrix_homeserver_container_network])
      +
      ([postgres_container_network] if postgres_enabled and postgres_container_network != matrix_sliding_sync_container_network else [])
    ) | unique
  }}

matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_sliding_sync_systemd_required_services_list_auto: |
  {{
    matrix_homeserver_systemd_services_list
    +
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_sliding_sync_database_hostname == postgres_connection_hostname) else [])
  }}

matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.secret', rounds=655555) | to_uuid }}"

matrix_sliding_sync_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"

matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync"

#####################################################################
#
# /matrix-sliding-sync
#
######################################################################


######################################################################
#
# matrix-dendrite
#
######################################################################

matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}"

matrix_dendrite_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_dendrite_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

matrix_dendrite_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_dendrite_docker_image_registry_prefix_upstream_default }}"

matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}"

matrix_dendrite_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_dendrite_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([postgres_container_network] if (postgres_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_dendrite_container_network) else [])
    ) | unique
  }}

matrix_dendrite_container_http_host_bind_address: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_dendrite_http_bind_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite_https_bind_port or not matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_service_host_bind_interface_prefix + matrix_dendrite_https_bind_port | string) }}"

matrix_dendrite_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dendrite_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"

matrix_dendrite_container_labels_public_client_root_redirection_enabled: "{{ matrix_dendrite_container_labels_public_client_root_redirection_url != '' }}"
matrix_dendrite_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"

matrix_dendrite_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_dendrite_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"

matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_dendrite_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

matrix_dendrite_metrics_proxying_enabled: "{{ matrix_dendrite_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_dendrite_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_dendrite_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/dendrite"

matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"

matrix_dendrite_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"

matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"

matrix_dendrite_client_api_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
matrix_dendrite_client_api_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_dendrite_client_api_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_dendrite_client_api_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"

matrix_dendrite_disable_tls_validation: "{{ not matrix_playbook_ssl_enabled }}"

matrix_dendrite_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}"

matrix_dendrite_systemd_required_services_list_auto: |
  {{
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname) else [])
    +
    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
  }}

matrix_dendrite_systemd_wanted_services_list_auto: |
  {{
    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
  }}

matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"

######################################################################
#
# /matrix-dendrite
#
######################################################################


######################################################################
#
# matrix-conduit
#
######################################################################

matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"

matrix_conduit_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_conduit_allow_federation: "{{ matrix_homeserver_federation_enabled }}"

matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_conduit_docker_image_registry_prefix_upstream_default }}"

matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"

matrix_conduit_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_conduit_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
    ) | unique
  }}

matrix_conduit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_conduit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_conduit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_conduit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_public_client_root_redirection_url != '' }}"
matrix_conduit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"

matrix_conduit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
matrix_conduit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_conduit_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"

matrix_conduit_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_conduit_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_conduit_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
matrix_conduit_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_conduit_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_conduit_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"

######################################################################
#
# /matrix-conduit
#
######################################################################


######################################################################
#
# matrix-conduwuit
#
######################################################################

matrix_conduwuit_enabled: "{{ matrix_homeserver_implementation == 'conduwuit' }}"

matrix_conduwuit_hostname: "{{ matrix_server_fqn_matrix }}"

matrix_conduwuit_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"

matrix_conduwuit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_conduwuit_docker_image_registry_prefix_upstream_default }}"

matrix_conduwuit_container_network: "{{ matrix_homeserver_container_network }}"

matrix_conduwuit_container_additional_networks_auto: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_conduwuit_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
    ) | unique
  }}

matrix_conduwuit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_conduwuit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_conduwuit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_conduwuit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduwuit_container_labels_public_client_root_redirection_url != '' }}"
matrix_conduwuit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"

matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_conduwuit_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"

matrix_conduwuit_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_conduwuit_config_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
matrix_conduwuit_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_conduwuit_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_conduwuit_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"

matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"

######################################################################
#
# /matrix-conduwuit
#
######################################################################


######################################################################
#
# matrix-user-creator
#
######################################################################

matrix_user_creator_users_auto: |
  {{
    ([{
      'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
      'initial_password': matrix_bot_matrix_registration_bot_bot_password,
      'initial_type': 'admin',
    }] if matrix_bot_matrix_registration_bot_enabled else [])
    +
    ([{
      'username': matrix_bot_baibot_config_user_mxid_localpart,
      'initial_password': matrix_bot_baibot_config_user_password,
      'initial_type': 'bot',
    }] if matrix_bot_baibot_enabled else [])
    +
    ([{
      'username': matrix_bot_chatgpt_matrix_bot_username_localpart,
      'initial_password': matrix_bot_chatgpt_matrix_bot_password,
      'initial_type': 'bot',
    }] if matrix_bot_chatgpt_enabled and matrix_bot_chatgpt_matrix_bot_password | length > 0 else [])
    +
    ([{
      'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
      'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
      'initial_type': 'bot',
    }] if matrix_bot_matrix_reminder_bot_enabled else [])
    +
    ([{
      'username': matrix_bot_honoroit_login,
      'initial_password': matrix_bot_honoroit_password,
      'initial_type': 'bot',
    }] if matrix_bot_honoroit_enabled else [])
    +
    ([{
      'username': matrix_postmoogle_login,
      'initial_password': matrix_postmoogle_password,
      'initial_type': 'bot',
    }] if matrix_postmoogle_enabled else [])
    +
    ([{
      'username': matrix_bot_buscarron_login,
      'initial_password': matrix_bot_buscarron_password,
      'initial_type': 'bot',
    }] if matrix_bot_buscarron_enabled else [])
    +
    ([{
      'username': matrix_bot_maubot_login,
      'initial_password': matrix_bot_maubot_initial_password,
      'initial_type': 'bot',
    }] if matrix_bot_maubot_enabled else [])
        +
    ([{
      'username': matrix_bot_draupnir_login,
      'initial_password': matrix_bot_draupnir_password,
      'initial_type': 'bot',
    }] if matrix_bot_draupnir_enabled and matrix_bot_draupnir_password else [])
  }}

######################################################################
#
# /matrix-user-creator
#
######################################################################


######################################################################
#
# matrix-user-verification-service
#
######################################################################

matrix_user_verification_service_enabled: false

matrix_user_verification_service_systemd_required_services_list: |
  {{
    [devture_systemd_docker_base_docker_service_name]
    +
    (['matrix-' + matrix_homeserver_implementation + '.service'])
  }}

matrix_user_verification_service_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_user_verification_service_docker_image_registry_prefix_upstream_default }}"

matrix_user_verification_service_container_network: "{{ matrix_addons_container_network }}"

matrix_user_verification_service_container_additional_networks: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else [])
    ) | unique
  }}

# If Jitsi is managed by this playbook we can use the docker network — no need to expose a port.
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
# matrix-user-verfification-services's client-server port to port 3003.
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
matrix_user_verification_service_container_http_host_bind_port: "{{  '' if (jitsi_enabled | bool and jitsi_enable_auth | bool and jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"

# URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{  matrix_user_verification_service_container_name }}:3000"

matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

# We connect via the container network (private IPs), so we need to disable IP checks
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"

matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"

######################################################################
#
# /matrix-user-verification-service
#
######################################################################


########################################################################
#                                                                      #
# matrix-static-files                                                  #
#                                                                      #
########################################################################

matrix_static_files_enabled: true

matrix_static_files_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_static_files_container_image_registry_prefix_upstream_default }}"

matrix_static_files_container_network: "{{ (matrix_static_files_identifier if matrix_playbook_reverse_proxy_type == 'none' else matrix_playbook_reverse_proxy_container_network) }}"

matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_static_files_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_static_files_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}"

# Base domain serving is not enabled by default (see `matrix_static_files_container_labels_base_domain_enabled`),
# but we pass the hostname, so that enabling it is easy.
matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_domain }}"

# If we're not serving a static webpage, serve a redirect instead of a 404.
matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}"
matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}/${1}"

matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"

matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"

matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: "{{ matrix_authentication_service_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: "{{ matrix_authentication_service_config_http_issuer if matrix_authentication_service_enabled else '' }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url }}"

matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"

# We set this regardless of whether synapse-admin is enabled, because people may wish to use a hosted (externally) synapse-admin installation and still have it auto-configured.
# See: https://github.com/etkecc/synapse-admin/pull/126
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}"

matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |-
  {{
    (
      [{'type': 'livekit', 'livekit_service_url': matrix_livekit_jwt_service_public_url}] if matrix_livekit_jwt_service_enabled else []
    )
  }}

matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"

matrix_static_files_file_element_element_json_property_call_widget_url: "{{ matrix_element_call_public_url if matrix_element_call_enabled else '' }}"

matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"

########################################################################
#                                                                      #
# /matrix-static-files                                                 #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# container-socket-proxy                                               #
#                                                                      #
########################################################################

container_socket_proxy_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"

container_socket_proxy_identifier: matrix-container-socket-proxy

container_socket_proxy_base_path: "{{ matrix_base_data_path }}/container-socket-proxy"

container_socket_proxy_uid: "{{ matrix_user_uid }}"
container_socket_proxy_gid: "{{ matrix_user_gid }}"

# Traefik requires read access to the containers APIs to do its job
container_socket_proxy_api_containers_enabled: true

container_socket_proxy_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else container_socket_proxy_container_image_registry_prefix_upstream_default }}"

########################################################################
#                                                                      #
# /container-socket-proxy                                              #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# traefik                                                              #
#                                                                      #
########################################################################

traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"

traefik_identifier: matrix-traefik

traefik_base_path: "{{ matrix_base_data_path }}/traefik"

traefik_uid: "{{ matrix_user_uid }}"
traefik_gid: "{{ matrix_user_gid }}"

# It's common for setups to deal with large file uploads which may take longer than the default readTimeout (60s).
# This override (for the `web` entrypoint) also cascades to overriding the `web-secure` entrypoint and the `matrix-federation` entrypoint.
traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s

traefik_additional_entrypoints_auto: |
  {{
    ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])
    +
    ([matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition] if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else [])
  }}

traefik_config_providers_docker_endpoint: "{{ container_socket_proxy_endpoint if container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"

traefik_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_container_image_registry_prefix_upstream_default }}"

traefik_container_additional_networks_auto: |
  {{
    ([container_socket_proxy_container_network] if container_socket_proxy_enabled else [])
  }}

traefik_systemd_required_services_list: |
  {{
    ([devture_systemd_docker_base_docker_service_name])
    +
    ([container_socket_proxy_identifier + '.service'] if container_socket_proxy_enabled else [])
  }}

########################################################################
#                                                                      #
# /traefik                                                             #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# traefik_certs_dumper                                                 #
#                                                                      #
########################################################################

traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and traefik_config_entrypoint_web_secure_enabled and traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"

traefik_certs_dumper_identifier: matrix-traefik-certs-dumper

traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper"

traefik_certs_dumper_uid: "{{ matrix_user_uid }}"
traefik_certs_dumper_gid: "{{ matrix_user_gid }}"

traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}"

traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}"

########################################################################
#                                                                      #
# /traefik_certs_dumper                                                #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# matrix-element-call                                                  #
#                                                                      #
########################################################################

matrix_element_call_enabled: false

matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_element_call_container_network: "{{ matrix_addons_container_network }}"

matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_element_call_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_element_call_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_service_public_url if matrix_livekit_jwt_service_enabled else '' }}"

########################################################################
#                                                                      #
# /matrix-element-call                                                 #
#                                                                      #
########################################################################

########################################################################
#                                                                      #
# livekit-server                                                       #
#                                                                      #
########################################################################

livekit_server_enabled: "{{ matrix_element_call_enabled }}"

livekit_server_identifier: matrix-livekit-server

livekit_server_uid: "{{ matrix_user_uid }}"
livekit_server_gid: "{{ matrix_user_gid }}"

livekit_server_base_path: "{{ matrix_base_data_path }}/livekit-server"

livekit_server_hostname: "{{ matrix_server_fqn_matrix }}"
livekit_server_path_prefix: "/livekit-server"

livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

livekit_server_container_network: "{{ matrix_addons_container_network }}"
livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

livekit_server_config_keys_auto: |-
  {{
    {}
    | combine(
      {matrix_livekit_jwt_service_environment_variable_livekit_key: matrix_livekit_jwt_service_environment_variable_livekit_secret}
      if matrix_livekit_jwt_service_enabled else {}
    )
  }}

# The playbook intentionally uses a non-standard port than the default used by the role (5349),
# because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
livekit_server_config_turn_tls_port: 5350

# The playbook intentionally uses a non-standard port than the default used by the role (3478),
# because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
livekit_server_config_turn_udp_port: 3479

########################################################################
#                                                                      #
# /livekit-server                                                      #
#                                                                      #
########################################################################


########################################################################
#                                                                      #
# matrix-livekit-jwt-service                                           #
#                                                                      #
########################################################################

matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}"

matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

matrix_livekit_jwt_service_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"

matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}"

matrix_livekit_jwt_service_container_additional_networks_auto: |
  {{
    ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_livekit_jwt_service_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [])
  }}

matrix_livekit_jwt_service_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_livekit_jwt_service_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_livekit_jwt_service_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_livekit_jwt_service_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

matrix_livekit_jwt_service_environment_variable_livekit_url: "{{ livekit_server_websocket_public_url }}"

matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.key', rounds=655555) | to_uuid }}"

matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"

########################################################################
#                                                                      #
# /matrix-livekit-jwt-service                                          #
#                                                                      #
########################################################################