Fix typo in variable name

Regression since bfc5374fc84d430414ef9b40b050954e390cc0fe

docs/configuring-playbook-bot-maubot.md

@@ -41,9 +41,9 @@ After configuring the playbook, run the [installation](installing.md) command: `
 You can visit `matrix.<your-domain>/_matrix/maubot/` to manage your available plugins, clients and instances.
 
 You should start in the following order
-1. **Create one or more clients:** A client is a matrix account which the bot will use to message. By default, the playbook creates a `bot.maubot` account (as per the configuration above). You only need to [obtain an access token](#obtaining-an-access-token) for it
+1. **Create one or more clients**: A client is a matrix account which the bot will use to message. By default, the playbook creates a `bot.maubot` account (as per the configuration above). You only need to [obtain an access token](#obtaining-an-access-token) for it
-2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source.
+2. **Upload some Plugins**: Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source.
-3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use
+3. **Create an instance**: An instance is the actual bot. You have to specify a client which the bot instance will use
 and the plugin (how the bot will behave)
 
 ## Obtaining an access token

docs/configuring-playbook-cactus-comments.md

@@ -53,10 +53,12 @@ After configuring the playbook, run the [installation](installing.md) command: `
 Upon starting Cactus Comments, a `bot.cactusbot` user account is created automatically.
 
 To get started, send a `help` message to the `@bot.cactusbot:your-homeserver.com` bot to confirm it's working.
+
 Then, register a site by typing: `register <sitename>`. You will then be invited into a moderation room.
+
 Now you are good to go and can include the comment section on your website!
 
-**Careful:** To really make use of self-hosting you need change a few things in comparison to the official docs!
+**Careful**: To really make use of self-hosting you need change a few things in comparison to the official docs!
 
 Insert the following snippet into you page and make sure to replace `example.com` with your base domain!
 

docs/configuring-playbook-client-element.md

@@ -1,7 +1,6 @@
 # Configuring Element (optional)
 
-By default, this playbook installs the [Element](https://github.com/element-hq/element-web) Matrix web client for you.
+By default, this playbook installs the [Element](https://github.com/element-hq/element-web) Matrix web client for you. If that's okay, you can skip this document.
-If that's okay, you can skip this document.
 
 
 ## Disabling Element

docs/configuring-playbook-email2matrix.md

@@ -49,29 +49,40 @@ After doing the preparation steps above, add the following configuration to your
 matrix_email2matrix_enabled: true
 
 matrix_email2matrix_matrix_mappings:
-  - MailboxName: "my-mailbox"
+  - MailboxName: "mailbox1"
-    MatrixRoomId: "!someRoom:DOMAIN"
+    MatrixRoomId: "!someRoom:{{ matrix_domain }}"
-    MatrixHomeserverUrl: "https://matrix.DOMAIN"
+    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
-    MatrixUserId: "@email2matrix:DOMAIN"
+    MatrixUserId: "@email2matrix:{{ matrix_domain }}"
-    MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE"
+    MatrixAccessToken: "MATRIX_ACCESS_TOKEN_HERE"
     IgnoreSubject: false
     IgnoreBody: false
     SkipMarkdown: false
 
-  - MailboxName: "my-mailbox2"
+  - MailboxName: "mailbox2"
-    MatrixRoomId: "!anotherRoom:DOMAIN"
+    MatrixRoomId: "!anotherRoom:{{ matrix_domain }}"
-    MatrixHomeserverUrl: "https://matrix.DOMAIN"
+    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
-    MatrixUserId: "@email2matrix:DOMAIN"
+    MatrixUserId: "@email2matrix:{{ matrix_domain }}"
-    MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE"
+    MatrixAccessToken: "MATRIX_ACCESS_TOKEN_HERE"
     IgnoreSubject: true
     IgnoreBody: false
     SkipMarkdown: true
 ```
 
-You can also set `MatrixHomeserverUrl` to the container URL where your homeserver's Client-Server API lives by using the `{{ matrix_addons_homeserver_client_api_url }}` variable, instead of the public `https://matrix.DOMAIN` endpoint.
+where:
+
+* MailboxName - local-part of the email address, through which emails are bridged to the room whose ID is defined with MatrixRoomId
+* MatrixRoomId - internal ID of the room, to which received emails are sent as Matrix message
+* MatrixHomeserverUrl - URL of your Matrix homeserver, through which to send Matrix messages. You can also set `MatrixHomeserverUrl` to the container URL where your homeserver's Client-Server API lives by using the `{{ matrix_addons_homeserver_client_api_url }}` variable
+* MatrixUserId - the full ID of the sender user which sends bridged messages to the room
+* MatrixAccessToken - sender user's access token
+* IgnoreSubject - if set to "true", the subject is not bridged to Matrix
+* IgnoreBody - if set to "true", the message body is not bridged to Matrix
+* SkipMarkdown - if set to "true", emails are bridged as plain text Matrix message instead of Markdown (actually HTML)
+
+Refer to the official documentation [here](https://github.com/devture/email2matrix/blob/master/docs/configuration.md).
 
 ## Installing
 
 To enable Email2Matrix, run the [installation](installing.md) command (`--tags=setup-email2matrix,start`).
 
-After installation, you may wish to send a test email to `my-mailbox@matrix.DOMAIN` to make sure that Email2Matrix works as expected.
+After installation, you may wish to send a test email to the email address assigned to `mailbox1` (default: `mailbox1@matrix.DOMAIN`) to make sure that Email2Matrix works as expected.

docs/configuring-playbook-external-postgres.md

@@ -1,7 +1,6 @@
 # Using an external PostgreSQL server (optional)
 
-By default, this playbook would set up a PostgreSQL database server on your machine, running in a Docker container.
+By default, this playbook would set up a PostgreSQL database server on your machine, running in a Docker container. If that's okay, you can skip this document.
-If that's alright, you can skip this.
 
 **Note**: using **an external Postgres server is currently [not very seamless](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682#issuecomment-1061461683) when it comes to enabling various other playbook services** - you will need to create a new database/credentials for each service and to point each service to its corresponding database using custom `vars.yml` configuration. **For the best experience with the playbook, stick to using the integrated Postgres server**.
 
@@ -18,11 +17,10 @@ matrix_synapse_database_database: "your-postgres-server-database-name"
 
 # Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server.
 # Each service expects to have its own dedicated database on the Postgres server
-# and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
+# and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml`) for configuring Postgres connectivity.
 ```
 
-The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials.
+The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. It must be empty or contain a valid Synapse database. If empty, Synapse would populate it the first time it runs.
-It must be empty or contain a valid Synapse database. If empty, Synapse would populate it the first time it runs.
 
 **Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible.
 

docs/configuring-playbook-jitsi.md

@@ -61,7 +61,7 @@ jitsi_prosody_auth_internal_accounts:
     password: "another-password"
 ```
 
-**Caution:** Accounts added here and subsequently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
+**Caution**: Accounts added here and subsequently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
 
 **If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
 
@@ -268,7 +268,7 @@ To enable Gravatar set:
 jitsi_disable_gravatar: false
 ```
 
-**Beware:** This leaks information to a third party, namely the Gravatar-Service (unless configured otherwise: gravatar.com).
+**Beware**: This leaks information to a third party, namely the Gravatar-Service (unless configured otherwise: gravatar.com).
 Besides metadata, this includes the matrix user_id and possibly the room identifier (via `referrer` header).
 
 ## Installing

docs/configuring-playbook-own-webserver.md

@@ -1,8 +1,6 @@
 # Using your own webserver, instead of this playbook's Traefik reverse-proxy (optional, advanced)
 
-By default, this playbook installs its own [Traefik](https://traefik.io/) reverse-proxy server (in a Docker container) which listens on ports 80 and 443.
+By default, this playbook installs its own [Traefik](https://traefik.io/) reverse-proxy server (in a Docker container) which listens on ports 80 and 443. If that's okay, you can skip this document.
-
-If that's alright, you can skip this.
 
 ## Traefik
 

docs/configuring-playbook-s3.md

@@ -1,7 +1,6 @@
 # Storing Synapse media files on Amazon S3 or another compatible Object Storage (optional)
 
-By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
+By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem. If that's okay, you can skip this document.
-If that's alright, you can skip this.
 
 As an alternative to storing media files on the local filesystem, you can store them on [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store.
 

docs/configuring-playbook-synapse.md

@@ -1,7 +1,6 @@
 # Configuring Synapse (optional)
 
-By default, this playbook configures the [Synapse](https://github.com/element-hq/synapse) Matrix server, so that it works for the general case.
+By default, this playbook configures the [Synapse](https://github.com/element-hq/synapse) Matrix server, so that it works for the general case. If that's okay, you can skip this document.
-If that's enough for you, you can skip this document.
 
 The playbook provides lots of customization variables you could use to change Synapse's settings.
 

group_vars/matrix_servers

@@ -1969,17 +1969,13 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_whatsapp_double_puppet_secrets_auto: |-
   {{
-    ({
+    {
       matrix_mautrix_whatsapp_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
+    }
     if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_whatsapp_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
     else {}
-    )
   }}
 
 matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.10.9
+matrix_mautrix_whatsapp_version: v0.11.0
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -122,7 +122,7 @@ matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_maut
 
 matrix_mautrix_whatsapp_appservice_database_type: "{{
 	{
-		'sqlite': 'sqlite3',
+		'sqlite': 'sqlite3-fk-wal',
 		'postgres':'postgres',
 	}[matrix_mautrix_whatsapp_database_engine]
 }}"
@@ -134,19 +134,24 @@ matrix_mautrix_whatsapp_appservice_database_uri: "{{
 	}[matrix_mautrix_whatsapp_database_engine]
 }}"
 
-matrix_mautrix_whatsapp_bridge_login_shared_secret_map: "{{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_whatsapp_bridge_login_shared_secret_map_custom) }}"
+matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_double_puppet_secrets_auto | combine(matrix_mautrix_whatsapp_double_puppet_secrets_custom) }}"
-matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: {}
+matrix_mautrix_whatsapp_double_puppet_secrets_auto: {}
-matrix_mautrix_whatsapp_bridge_login_shared_secret_map_custom: {}
+matrix_mautrix_whatsapp_double_puppet_secrets_custom: {}
 
 # Enable End-to-bridge encryption
 matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
+matrix_mautrix_whatsapp_bridge_encryption_require: false
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
+# This pickle key value is backward-compatible with the old bridge.
+# See: https://github.com/mautrix/whatsapp/blob/v0.11.0/cmd/mautrix-whatsapp/legacymigrate.go#L44
+matrix_mautrix_whatsapp_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsapp
 
 matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
-matrix_mautrix_whatsapp_bridge_mute_bridging: true
+matrix_mautrix_whatsapp_bridge_enable_status_broadcast: true
-matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
+
-matrix_mautrix_whatsapp_bridge_allow_user_invite: true
+matrix_mautrix_whatsapp_provisioning_shared_secret: ''
+matrix_mautrix_whatsapp_public_media_signing_key: ''
 
 matrix_mautrix_whatsapp_bridge_permissions: |
   {{
@@ -160,6 +165,12 @@ matrix_mautrix_whatsapp_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }
 # Only allow admins on this home server to set themselves as a relay user
 matrix_mautrix_whatsapp_bridge_relay_admin_only: true
 
+# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
+matrix_mautrix_whatsapp_bridge_relay_default_relays: []
+
+# Controls whether to do backfilling at all.
+matrix_mautrix_whatsapp_backfill_enabled: true
+
 # Default mautrix-whatsapp configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml

@@ -20,3 +20,7 @@
   with_items:
     - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'}
     - {'old': 'matrix_mautrix_whatsapp_login_shared_secret', 'new': '<removed>'}
+    - {'old': 'matrix_mautrix_whatsapp_bridge_login_shared_secret_map', 'new': '<superseded by matrix_mautrix_whatsapp_double_puppet_secrets>'}
+    - {'old': 'matrix_mautrix_whatsapp_bridge_double_puppet_server_map', 'new': '<removed>'}
+    - {'old': 'matrix_mautrix_whatsapp_bridge_allow_user_invite', 'new': '<removed>'}
+    - {'old': 'matrix_mautrix_whatsapp_bridge_mute_bridging', 'new': '<removed>'}

roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -1,261 +1,37 @@
 #jinja2: lstrip_blocks: "True"
-# Homeserver details.
+# Network-specific config options
-homeserver:
+network:
-    # The address that this appservice can use to connect to the homeserver.
-    address: {{ matrix_mautrix_whatsapp_homeserver_address }}
-    # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
-    # What software is the homeserver running?
-    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
-    software: standard
-    # The URL to push real-time bridge status to.
-    # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
-    # The bridge will use the appservice as_token to authorize requests.
-    status_endpoint: null
-    # Endpoint for reporting per-message status.
-    message_send_checkpoint_endpoint: null
-    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-    async_media: false
-
-# Application service host/registration related details.
-# Changing these values requires regeneration of the registration.
-appservice:
-    # The address that the homeserver can use to connect to this appservice.
-    address: {{ matrix_mautrix_whatsapp_appservice_address }}
-    # The hostname and port where this appservice should listen.
-    hostname: 0.0.0.0
-    port: 8080
-    # Database config.
-    database:
-        # The database type. "sqlite3" and "postgres" are supported.
-        type: {{ matrix_mautrix_whatsapp_appservice_database_type|to_json }}
-        # The database URI.
-        #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
-        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
-        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
-        uri: {{ matrix_mautrix_whatsapp_appservice_database_uri|to_json }}
-        # Maximum number of connections. Mostly relevant for Postgres.
-        max_open_conns: 20
-        max_idle_conns: 2
-        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
-        # Parsed with https://pkg.go.dev/time#ParseDuration
-        max_conn_idle_time: null
-        max_conn_lifetime: null
-    # The unique ID of this appservice.
-    id: whatsapp
-    # Appservice bot details.
-    bot:
-        # Username of the appservice bot.
-        username: {{ matrix_mautrix_whatsapp_appservice_bot_username|to_json }}
-        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
-        # to leave display name/avatar as-is.
-        displayname: WhatsApp bridge bot
-        avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
-
-    # Whether or not to receive ephemeral events via appservice transactions.
-    # Requires MSC2409 support (i.e. Synapse 1.22+).
-    ephemeral_events: true
-
-    # Should incoming events be handled asynchronously?
-    # This may be necessary for large public instances with lots of messages going through.
-    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
-    async_transactions: false
-
-    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
-    as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
-    hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
-
-# Prometheus config.
-metrics:
-    # Enable prometheus metrics?
-    enabled: {{ matrix_mautrix_whatsapp_metrics_enabled | to_json }}
-    # IP and port where the metrics listener should be. The path is always /metrics
-    listen: 0.0.0.0:8001
-
-# Config for things that are directly sent to WhatsApp.
-whatsapp:
     # Device name that's shown in the "WhatsApp Web" section in the mobile app.
     os_name: Mautrix-WhatsApp bridge
     # Browser name that determines the logo shown in the mobile app.
     # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
-    # List of valid browser names: https://github.com/tulir/whatsmeow/blob/8b34d886d543b72e5f4699cf5b2797f68d598f78/binary/proto/def.proto#L38-L51
+    # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
     browser_name: unknown
 
-# Bridge config
+    # Proxy to use for all WhatsApp connections.
-bridge:
+    proxy: null
-    # Localpart template of MXIDs for WhatsApp users.
+    # Alternative to proxy: an HTTP endpoint that returns the proxy URL to use for WhatsApp connections.
-    # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
+    get_proxy_url: null
-    username_template: "{{ 'whatsapp_{{.}}' }}"
+    # Whether the proxy options should only apply to the login websocket and not to authenticated connections.
+    proxy_only_login: false
+
     # Displayname template for WhatsApp users.
-    # {{ '{{.PushName}}' }}     - nickname set by the WhatsApp user
+    # {% raw %}
-    # {{ '{{.BusinessName}}' }} - validated WhatsApp business name
+    # {{.PushName}}     - nickname set by the WhatsApp user
-    # {{ '{{.Phone}}' }}        - phone number (international format)
+    # {{.BusinessName}} - validated WhatsApp business name
-    # The following variables are also available, but will cause problems on multi-user instances:
+    # {{.Phone}}        - phone number (international format)
-    # {{ '{{.FullName}}' }}  - full name from contact list
+    # {{.FullName}}     - Name you set in the contacts list
-    # {{ '{{.FirstName}}' }} - first name from contact list
+    # {% endraw %}
-    displayname_template: "{{ '{{or .BusinessName .PushName .JID}} (WhatsApp)' }}"
+    displayname_template: "{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}"
-    # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+
-    # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
-    personal_filtering_spaces: {{ matrix_mautrix_whatsapp_bridge_personal_filtering_spaces | to_json }}
-    # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
-    delivery_receipts: false
-    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
-    message_status_events: false
-    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
-    message_error_notices: true
     # Should incoming calls send a message to the Matrix room?
     call_start_notices: true
     # Should another user's cryptographic identity changing send a message to Matrix?
     identity_change_notices: false
-    portal_message_buffer: 128
-    # Settings for handling history sync payloads.
-    history_sync:
-        # Enable backfilling history sync payloads from WhatsApp?
-        backfill: true
-        # The maximum number of initial conversations that should be synced.
-        # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
-        max_initial_conversations: -1
-        # Maximum number of messages to backfill in each conversation.
-        # Set to -1 to disable limit.
-        message_count: 50
-        # Should the bridge request a full sync from the phone when logging in?
-        # This bumps the size of history syncs from 3 months to 1 year.
-        request_full_sync: false
-        # Configuration parameters that are sent to the phone along with the request full sync flag.
-        # By default (when the values are null or 0), the config isn't sent at all.
-        full_sync_config:
-            # Number of days of history to request.
-            # The limit seems to be around 3 years, but using higher values doesn't break.
-            days_limit: null
-            # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
-            size_mb_limit: null
-            # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
-            storage_quota_mb: null
-        # If this value is greater than 0, then if the conversation's last message was more than
-        # this number of hours ago, then the conversation will automatically be marked it as read.
-        # Conversations that have a last message that is less than this number of hours ago will
-        # have their unread status synced from WhatsApp.
-        unread_hours_threshold: 0
-
-        ###############################################################################
-        # The settings below are only applicable for backfilling using batch sending, #
-        # which is no longer supported in Synapse.                                    #
-        ###############################################################################
-
-        # Settings for media requests. If the media expired, then it will not
-        # be on the WA servers.
-        # Media can always be requested by reacting with the ♻️ (recycle) emoji.
-        # These settings determine if the media requests should be done
-        # automatically during or after backfill.
-        media_requests:
-            # Should expired media be automatically requested from the server as
-            # part of the backfill process?
-            auto_request_media: true
-            # Whether to request the media immediately after the media message
-            # is backfilled ("immediate") or at a specific time of the day
-            # ("local_time").
-            request_method: immediate
-            # If request_method is "local_time", what time should the requests
-            # be sent (in minutes after midnight)?
-            request_local_time: 120
-        # Settings for immediate backfills. These backfills should generally be
-        # small and their main purpose is to populate each of the initial chats
-        # (as configured by max_initial_conversations) with a few messages so
-        # that you can continue conversations without loosing context.
-        immediate:
-            # The number of concurrent backfill workers to create for immediate
-            # backfills. Note that using more than one worker could cause the
-            # room list to jump around since there are no guarantees about the
-            # order in which the backfills will complete.
-            worker_count: 1
-            # The maximum number of events to backfill initially.
-            max_events: 10
-        # Settings for deferred backfills. The purpose of these backfills are
-        # to fill in the rest of the chat history that was not covered by the
-        # immediate backfills. These backfills generally should happen at a
-        # slower pace so as not to overload the homeserver.
-        # Each deferred backfill config should define a "stage" of backfill
-        # (i.e. the last week of messages). The fields are as follows:
-        # - start_days_ago: the number of days ago to start backfilling from.
-        #     To indicate the start of time, use -1. For example, for a week ago, use 7.
-        # - max_batch_events: the number of events to send per batch.
-        # - batch_delay: the number of seconds to wait before backfilling each batch.
-        deferred:
-            # Last Week
-            - start_days_ago: 7
-              max_batch_events: 20
-              batch_delay: 5
-            # Last Month
-            - start_days_ago: 30
-              max_batch_events: 50
-              batch_delay: 10
-            # Last 3 months
-            - start_days_ago: 90
-              max_batch_events: 100
-              batch_delay: 10
-            # The start of time
-            - start_days_ago: -1
-              max_batch_events: 500
-              batch_delay: 10
-              
-    # Should puppet avatars be fetched from the server even if an avatar is already set?
-    user_avatar_sync: true
-    # Should Matrix users leaving groups be bridged to WhatsApp?
-    bridge_matrix_leave: true
-    # Should the bridge update the m.direct account data event when double puppeting is enabled.
-    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
-    # and is therefore prone to race conditions.
-    sync_direct_chat_list: false
-    # Should the bridge use MSC2867 to bridge manual "mark as unread"s from
-    # WhatsApp and set the unread status on initial backfill?
-    # This will only work on clients that support the m.marked_unread or
-    # com.famedly.marked_unread room account data.
-    sync_manual_marked_unread: true
-    # When double puppeting is enabled, users can use `!wa toggle` to change whether
-    # presence and read receipts are bridged. These settings set the default values.
-    # Existing users won't be affected when these are changed.
-    default_bridge_presence: true
     # Send the presence as "available" to whatsapp when users start typing on a portal.
     # This works as a workaround for homeservers that do not support presence, and allows
     # users to see when the whatsapp user on the other side is typing during a conversation.
     send_presence_on_typing: false
-    # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
-    # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
-    #
-    # By default, the bridge acts like WhatsApp web, which only sends active delivery
-    # receipts when it's in the foreground.
-    force_active_delivery_receipts: false
-    # Servers to always allow double puppeting from
-    double_puppet_server_map:
-        "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }}
-    # Allow using double puppeting from any server with a valid client .well-known file.
-    double_puppet_allow_discovery: false
-    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
-    #
-    # If set, double puppeting will be enabled automatically for local users
-    # instead of users having to find an access token and run `login-matrix`
-    # manually.
-    login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }}
-    # Should the bridge explicitly set the avatar and room name for private chat portal rooms?
-    # This is implicitly enabled in encrypted rooms.
-    private_chat_portal_meta: default
-    # Should group members be synced in parallel? This makes member sync faster
-    parallel_member_sync: false
-    # Should Matrix m.notice-type messages be bridged?
-    bridge_notices: true
-    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
-    # This field will automatically be changed back to false after it, except if the config file is not writable.
-    resend_bridge_info: false
-    # When using double puppeting, should muted chats be muted in Matrix?
-    mute_bridging: {{ matrix_mautrix_whatsapp_bridge_mute_bridging | to_json }}
-    # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
-    # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
-    # This can be set to a tag (e.g. m.lowpriority), or null to disable.
-    archive_tag: null
-    # Same as above, but for pinned chats. The favorite tag is called m.favourite
-    pinned_tag: null
-    # Should mute status and tags only be bridged when the portal room is created?
-    tag_only_on_create: true
     # Should WhatsApp status messages be bridged into a Matrix room?
     # Disabling this won't affect already created status broadcast rooms.
     enable_status_broadcast: {{ matrix_mautrix_whatsapp_bridge_enable_status_broadcast | to_json }}
@@ -270,79 +46,411 @@ bridge:
     # Should the bridge use thumbnails from WhatsApp?
     # They're disabled by default due to very low resolution.
     whatsapp_thumbnail: false
-    # Allow invite permission for user. User can invite any bots to room with whatsapp
-    # users (private chat and groups)
-    allow_user_invite: {{ matrix_mautrix_whatsapp_bridge_allow_user_invite | to_json }}
-    # Whether or not created rooms should have federation enabled.
-    # If false, created portal rooms will never be federated.
-    federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}
-    # Should the bridge never send alerts to the bridge management room?
-    # These are mostly things like the user being logged out.
-    disable_bridge_alerts: false
-    # Should the bridge stop if the WhatsApp server says another user connected with the same session?
-    # This is only safe on single-user bridges.
-    crash_on_stream_replaced: false
     # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
     # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
     # key in the event content even if this is disabled.
     url_previews: false
-    # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+    # Should polls be sent using unstable MSC3381 event types?
-    # This is currently not supported in most clients.
-    caption_in_message: false
-    # Send galleries as a single event? This is not an MSC (yet).
-    beeper_galleries: false
-    # Should polls be sent using MSC3381 event types?
     extev_polls: {{ matrix_mautrix_whatsapp_extev_polls | to_json }}
-    # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
+    # Should view-once messages be disabled entirely?
-    cross_room_replies: false
+    disable_view_once: false
-    # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
+    # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
-    # but they're being phased out and will be completely removed in the future.
+    # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
-    disable_reply_fallbacks: false
+    #
-    # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
+    # By default, the bridge acts like WhatsApp web, which only sends active delivery
-    # Null means there's no enforced timeout.
+    # receipts when it's in the foreground.
-    message_handling_timeout:
+    force_active_delivery_receipts: false
-        # Send an error message after this timeout, but keep waiting for the response until the deadline.
-        # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
-        # If the message is older than this when it reaches the bridge, the message won't be handled at all.
-        error_after: null
-        # Drop messages after this timeout. They may still go through if the message got sent to the servers.
-        # This is counted from the time the bridge starts handling the message.
-        deadline: 120s
 
+    # Settings for converting animated stickers.
+    animated_sticker:
+        # Format to which animated stickers should be converted.
+        # disable - No conversion, just unzip and send raw lottie JSON
+        # png - converts to non-animated png (fastest)
+        # gif - converts to animated gif
+        # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
+        # webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
+        target: webp
+        # Arguments for converter. All converters take width and height.
+        args:
+            width: 320
+            height: 320
+            fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
+
+    # Settings for handling history sync payloads.
+    history_sync:
+        # How many conversations should the bridge create after login?
+        # If -1, all conversations received from history sync will be bridged.
+        # Other conversations will be backfilled on demand when receiving a message.
+        max_initial_conversations: -1
+        # Should the bridge request a full sync from the phone when logging in?
+        # This bumps the size of history syncs from 3 months to 1 year.
+        request_full_sync: false
+        # Configuration parameters that are sent to the phone along with the request full sync flag.
+        # By default, (when the values are null or 0), the config isn't sent at all.
+        full_sync_config:
+            # Number of days of history to request.
+            # The limit seems to be around 3 years, but using higher values doesn't break.
+            days_limit: null
+            # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
+            size_mb_limit: null
+            # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
+            storage_quota_mb: null
+        # Settings for media requests. If the media expired, then it will not be on the WA servers.
+        # Media can always be requested by reacting with the ♻ (recycle) emoji.
+        # These settings determine if the media requests should be done automatically during or after backfill.
+        media_requests:
+            # Should the expired media be automatically requested from the server as part of the backfill process?
+            auto_request_media: true
+            # Whether to request the media immediately after the media message is backfilled ("immediate")
+            # or at a specific time of the day ("local_time").
+            request_method: immediate
+            # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
+            request_local_time: 120
+            # Maximum number of media request responses to handle in parallel per user.
+            max_async_handle: 2
+
+
+# Config options that affect the central bridge module.
+bridge:
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}"
+    command_prefix: {{ matrix_mautrix_whatsapp_command_prefix | to_json }}
+    # Should the bridge create a space for each login containing the rooms that account is in?
+    personal_filtering_spaces: {{ matrix_mautrix_whatsapp_bridge_personal_filtering_spaces | to_json }}
+    # Whether the bridge should set names and avatars explicitly for DM portals.
+    # This is only necessary when using clients that don't support MSC4171.
+    private_chat_portal_meta: true
+    # Should events be handled asynchronously within portal rooms?
+    # If true, events may end up being out of order, but slow events won't block other ones.
+    # This is not yet safe to use.
+    async_events: false
+    # Should every user have their own portals rather than sharing them?
+    # By default, users who are in the same group on the remote network will be
+    # in the same Matrix room bridged to that group. If this is set to true,
+    # every user will get their own Matrix room instead.
+    split_portals: false
+    # Should the bridge resend `m.bridge` events to all portals on startup?
+    resend_bridge_info: false
 
-    # Messages sent upon joining a management room.
+    # Should leaving Matrix rooms be bridged as leaving groups on the remote network?
-    # Markdown is supported. The defaults are listed below.
+    bridge_matrix_leave: false
-    management_room_text:
+    # Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
-        # Sent when joining a room.
+    # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
-        welcome: "Hello, I'm a WhatsApp bridge bot."
+    tag_only_on_create: true
-        # Sent when joining a management room and the user is already logged in.
+    # Should room mute status only be synced when creating the portal?
-        welcome_connected: "Use `help` for help."
+    # Like tags, mutes can't currently be synced back to the remote network.
-        # Sent when joining a management room and the user is not logged in.
+    mute_only_on_create: true
-        welcome_unconnected: "Use `help` for help or `login` to log in."
+
-        # Optional extra text sent when joining a management room.
+    # What should be done to portal rooms when a user logs out or is logged out?
-        additional_help: ""
+    # Permitted values:
+    #   nothing - Do nothing, let the user stay in the portals
+    #   kick - Remove the user from the portal rooms, but don't delete them
+    #   unbridge - Remove all ghosts in the room and disassociate it from the remote chat
+    #   delete - Remove all ghosts and users from the room (i.e. delete it)
+    cleanup_on_logout:
+        # Should cleanup on logout be enabled at all?
+        enabled: false
+        # Settings for manual logouts (explicitly initiated by the Matrix user)
+        manual:
+            # Action for private portals which will never be shared with other Matrix users.
+            private: nothing
+            # Action for portals with a relay user configured.
+            relayed: nothing
+            # Action for portals which may be shared, but don't currently have any other Matrix users.
+            shared_no_users: nothing
+            # Action for portals which have other logged-in Matrix users.
+            shared_has_users: nothing
+        # Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
+        # Keys have the same meanings as in the manual section.
+        bad_credentials:
+            private: nothing
+            relayed: nothing
+            shared_no_users: nothing
+            shared_has_users: nothing
+
+    # Settings for relay mode
+    relay:
+        # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
+        # authenticated user into a relaybot for that chat.
+        enabled: {{ matrix_mautrix_whatsapp_bridge_relay_enabled | to_json }}
+        # Should only admins be allowed to set themselves as relay users?
+        # If true, non-admins can only set users listed in default_relays as relays in a room.
+        admin_only: {{ matrix_mautrix_whatsapp_bridge_relay_admin_only | to_json }}
+        # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
+        default_relays: {{ matrix_mautrix_whatsapp_bridge_relay_default_relays | to_json }}
+        # The formats to use when sending messages via the relaybot.
+        # Available variables:
+        #   .Sender.UserID - The Matrix user ID of the sender.
+        #   .Sender.Displayname - The display name of the sender (if set).
+        #   .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
+        #   .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
+        #                               plus the user ID in parentheses if the displayname is not unique.
+        #                               If the displayname is not set, this is just the user ID.
+        #   .Message - The `formatted_body` field of the message.
+        #   .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
+        #   .FileName - The name of the file being sent.
+        message_formats:
+            m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
+            m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+        # For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
+        # This has all the Sender variables available under message_formats (but without the .Sender prefix).
+        # Note that you need to manually remove the displayname from message_formats above.
+        displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #    relay - Talk through the relaybot (if enabled), no access otherwise
+    # commands - Access to use commands in the bridge, but not login.
+    #     user - Access to use the bridge with puppeting.
+    #    admin - Full access, user level with some additional administration tools.
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }}
+
+# Config for the bridge's database.
+database:
+    # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+    type: {{ matrix_mautrix_whatsapp_appservice_database_type | to_json }}
+    # The database URI.
+    #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+    #           https://github.com/mattn/go-sqlite3#connection-string
+    #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+    #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+    uri: {{ matrix_mautrix_whatsapp_appservice_database_uri | to_json }}
+    # Maximum number of connections.
+    max_open_conns: 20
+    max_idle_conns: 2
+    # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+    # Parsed with https://pkg.go.dev/time#ParseDuration
+    max_conn_idle_time: null
+    max_conn_lifetime: null
+
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
+    # but https also works if they run on different machines.
+    address: {{ matrix_mautrix_whatsapp_homeserver_address | to_json }}
+    # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+    domain: {{ matrix_mautrix_whatsapp_homeserver_domain | to_json }}
+
+    # What software is the homeserver running?
+    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+    software: standard
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint:
+    # Endpoint for reporting per-message status.
+    # If set, the bridge will make POST requests to this URL when processing a message from Matrix.
+    # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
+    # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
+    # The bridge will use the appservice as_token to authorize requests.
+    message_send_checkpoint_endpoint:
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: false
+
+    # Should the bridge use a websocket for connecting to the homeserver?
+    # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+    # mautrix-asmux (deprecated), and hungryserv (proprietary).
+    websocket: false
+    # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+    ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration (except when noted otherwise)
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    # Like the homeserver address, a local non-https address is recommended when the bridge is on the same machine.
+    # If the bridge is elsewhere, you must secure the connection yourself (e.g. with https or wireguard)
+    # If you want to use https, you need to use a reverse proxy. The bridge does not have TLS support built in.
+    address: {{ matrix_mautrix_whatsapp_appservice_address | to_json }}
+    # A public address that external services can use to reach this appservice.
+    # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
+    # This value doesn't affect the registration file.
+    public_address: ""
+
+    # The hostname and port where this appservice should listen.
+    # For Docker, you generally have to change the hostname to 0.0.0.0.
+    hostname: 0.0.0.0
+    port: 8080
+
+    # The unique ID of this appservice.
+    id: whatsapp
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_mautrix_whatsapp_appservice_bot_username | to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: WhatsApp bridge bot
+        avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
+
+    # Whether to receive ephemeral events via appservice transactions.
+    ephemeral_events: true
+    # Should incoming events be handled asynchronously?
+    # This may be necessary for large public instances with lots of messages going through.
+    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+    # This value doesn't affect the registration file.
+    async_transactions: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: {{ matrix_mautrix_whatsapp_appservice_token | to_json }}
+    hs_token: {{ matrix_mautrix_whatsapp_homeserver_token | to_json }}
+
+    # Localpart template of MXIDs for remote users.
+    # {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
+    username_template: "{% raw %}whatsapp_{{.}}{% endraw %}"
+
+# Config options that affect the Matrix connector of the bridge.
+matrix:
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send a read receipt after successfully bridging a message.
+    delivery_receipts: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
+    # Whether the bridge should update the m.direct account data event when double puppeting is enabled.
+    sync_direct_chat_list: true
+    # Whether created rooms should have federation enabled. If false, created portal rooms
+    # will never be federated. Changing this option requires recreating rooms.
+    federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}
+    # The threshold as bytes after which the bridge should roundtrip uploads via the disk
+    # rather than keeping the whole file in memory.
+    upload_file_threshold: 5242880
+
+# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
+analytics:
+    # API key to send with tracking requests. Tracking is disabled if this is null.
+    token: null
+    # Address to send tracking requests to.
+    url: https://api.segment.io/v1/track
+    # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
+    user_id: null
+
+# Settings for provisioning API
+provisioning:
+    # Prefix for the provisioning API paths.
+    prefix: /_matrix/provision
+    # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
+    # or if set to "disable", the provisioning API will be disabled.
+    shared_secret: {{ matrix_mautrix_whatsapp_provisioning_shared_secret | to_json }}
+    # Whether to allow provisioning API requests to be authed using Matrix access tokens.
+    # This follows the same rules as double puppeting to determine which server to contact to check the token,
+    # which means that by default, it only works for users on the same server as the bridge.
+    allow_matrix_auth: true
+    # Enable debug API at /debug with provisioning authentication.
+    debug_endpoints: false
+
+# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
+# These settings control whether the bridge will provide such public media access.
+public_media:
+    # Should public media be enabled at all?
+    # The public_address field under the appservice section MUST be set when enabling public media.
+    enabled: false
+    # A key for signing public media URLs.
+    # If set to "generate", a random key will be generated.
+    signing_key: {{ matrix_mautrix_whatsapp_public_media_signing_key | to_json }}
+    # Number of seconds that public media URLs are valid for.
+    # If set to 0, URLs will never expire.
+    expiry: 0
+    # Length of hash to use for public media URLs. Must be between 0 and 32.
+    hash_length: 32
+
+# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
+# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
+direct_media:
+    # Should custom mxc:// URIs be used instead of reuploading media?
+    enabled: false
+    # The server name to use for the custom mxc:// URIs.
+    # This server name will effectively be a real Matrix server, it just won't implement anything other than media.
+    # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
+    server_name: discord-media.example.com
+    # Optionally a custom .well-known response. This defaults to `server_name:443`
+    well_known_response:
+    # Optionally specify a custom prefix for the media ID part of the MXC URI.
+    media_id_prefix:
+    # If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
+    # media download redirects if the requester supports it. Optionally, you can force redirects
+    # and not allow proxying at all by setting this to false.
+    # This option does nothing if the remote network does not support media downloads over HTTP.
+    allow_proxy: true
+    # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
+    # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
+    server_key: generate
+
+# Settings for backfilling messages.
+# Note that the exact way settings are applied depends on the network connector.
+# See https://docs.mau.fi/bridges/general/backfill.html for more details.
+backfill:
+    # Whether to do backfilling at all.
+    enabled: {{ matrix_mautrix_whatsapp_backfill_enabled | to_json }}
+    # Maximum number of messages to backfill in empty rooms.
+    max_initial_messages: 50
+    # Maximum number of missed messages to backfill after bridge restarts.
+    max_catchup_messages: 500
+    # If a backfilled chat is older than this number of hours,
+    # mark it as read even if it's unread on the remote network.
+    unread_hours_threshold: 720
+    # Settings for backfilling threads within other backfills.
+    threads:
+        # Maximum number of messages to backfill in a new thread.
+        max_initial_messages: 50
+    # Settings for the backwards backfill queue. This only applies when connecting to
+    # Beeper as standard Matrix servers don't support inserting messages into history.
+    queue:
+        # Should the backfill queue be enabled?
+        enabled: false
+        # Number of messages to backfill in one batch.
+        batch_size: 100
+        # Delay between batches in seconds.
+        batch_delay: 20
+        # Maximum number of batches to backfill per portal.
+        # If set to -1, all available messages will be backfilled.
+        max_batches: -1
+        # Optional network-specific overrides for max batches.
+        # Interpretation of this field depends on the network connector.
+        max_batches_override: {}
+
+# Settings for enabling double puppeting
+double_puppet:
+    # Servers to always allow double puppeting from.
+    # This is only for other servers and should NOT contain the server the bridge is on.
+    servers: {}
+    # Whether to allow client API URL discovery for other servers. When using this option,
+    # users on other servers can use double puppeting even if their server URLs aren't
+    # explicitly added to the servers map above.
+    allow_discovery: false
+    # Shared secrets for automatic double puppeting.
+    # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
+    secrets: {{ matrix_mautrix_whatsapp_double_puppet_secrets | to_json }}
 
 # End-to-bridge encryption support options.
 #
 # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
 encryption:
-        # Allow encryption, work in group chat rooms with e2ee enabled
+    # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
     allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow | to_json }}
-        # Default to encryption, force-enable encryption in all portals the bridge creates
+    # Whether to force-enable encryption in all bridged rooms.
-        # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        # It is recommended to also set private_chat_portal_meta to true when using this.
     default: {{ matrix_mautrix_whatsapp_bridge_encryption_default | to_json }}
+    # Whether to require all messages to be encrypted and drop any unencrypted messages.
+    require: {{ matrix_mautrix_whatsapp_bridge_encryption_require | to_json }}
     # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
     appservice: false
-        # Require encryption, drop any unencrypted messages.
-        require: false
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }}
-        # Should users mentions be in the event wire content to enable the server to send push notifications?
+    # Pickle key for encrypting encryption keys in the bridge database.
-        plaintext_mentions: false
+    # If set to generate, a random key will be generated.
+    pickle_key: {{ matrix_mautrix_whatsapp_bridge_encryption_pickle_key | to_json }}
     # Options for deleting megolm sessions from the bridge.
     delete_keys:
         # Beeper-specific: delete outbound sessions when hungryserv confirms
@@ -375,20 +483,17 @@ bridge:
     #   verified - Require manual per-device verification
     #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
     verification_levels:
-            # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+        # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
         receive: unverified
         # Minimum level that the bridge should accept for incoming Matrix messages.
         send: unverified
         # Minimum level that the bridge should require for accepting key requests.
         share: cross-signed-tofu
-        # Options for Megolm room key rotation. These options allow you to
+    # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
-        # configure the m.room.encryption event content. See:
+    # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
-        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
-        # more information about that event.
     rotation:
         # Enable custom Megolm room key rotation settings. Note that these
-            # settings will only apply to rooms created after this option is
+        # settings will only apply to rooms created after this option is set.
-            # set.
         enable_custom: false
         # The maximum number of milliseconds a session should be used
         # before changing it. The Matrix spec recommends 604800000 (a week)
@@ -398,61 +503,13 @@ bridge:
         # session before changing it. The Matrix spec recommends 100 as the
         # default.
         messages: 100
-
         # Disable rotating keys when a user's devices change?
         # You should not enable this option unless you understand all the implications.
         disable_device_change_key_rotation: false
 
-    # Settings for provisioning API
+# Logging config. See https://github.com/tulir/zeroconfig for details.
-    provisioning:
-        # Prefix for the provisioning API paths.
-        prefix: /_matrix/provision
-        # Shared secret for authentication. If set to "generate", a random secret will be generated,
-        # or if set to "disable", the provisioning API will be disabled.
-        shared_secret: generate
-
-    # Permissions for using the bridge.
-    # Permitted values:
-    #    relay - Talk through the relaybot (if enabled), no access otherwise
-    #     user - Access to use the bridge to chat with a WhatsApp account.
-    #    admin - User level and some additional administration tools
-    # Permitted keys:
-    #        * - All Matrix users
-    #   domain - All users on that homeserver
-    #     mxid - Specific user
-    permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }}
-
-    # Settings for relay mode
-    relay:
-        # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
-        # authenticated user into a relaybot for that chat.
-        enabled: {{ matrix_mautrix_whatsapp_bridge_relay_enabled | to_json }}
-        # Should only admins be allowed to set themselves as relay users?
-        admin_only: {{ matrix_mautrix_whatsapp_bridge_relay_admin_only | to_json }}
-        # The formats to use when sending messages to WhatsApp via the relaybot.
-        message_formats:
-            m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
-            m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
-            m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
-            m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
-            m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
-            m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
-            m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
-            m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
-
-# Logging config.
 logging:
-    # The directory for log files. Will be created if not found.
+    min_level: {{ matrix_mautrix_whatsapp_logging_level | to_json }}
-    directory: ./logs
+    writers:
-    # Available variables: .Date for the file date and .Index for different log files on the same day.
+        - type: stdout
-    # Set this to null to disable logging to file.
+          format: pretty-colored
-    file_name_format: null
-    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
-    file_date_format: "2006-01-02"
-    # Log file permissions.
-    file_mode: 0o600
-    # Timestamp format for log entries in the Go time format.
-    timestamp_format: "Jan _2, 2006 15:04:05"
-    # Minimum severity for log messages printed to stdout/stderr. This doesn't affect the log file.
-    # Options: debug, info, warn, error, fatal
-    print_level: {{ matrix_mautrix_whatsapp_logging_level }}

roles/custom/matrix-email2matrix/defaults/main.yml

@@ -46,18 +46,22 @@ matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}"
 # Example:
 # matrix_email2matrix_matrix_mappings:
 #  - MailboxName: "mailbox1"
-#    MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com"
+#    MatrixRoomId: "!someRoom:{{ matrix_domain }}"
 #    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
-#    MatrixUserId": "@email2matrix:{{ matrix_domain }}"
+#    MatrixUserId: "@email2matrix:{{ matrix_domain }}"
-#    MatrixAccessToken": "TOKEN_HERE"
+#    MatrixAccessToken: "MATRIX_ACCESS_TOKEN_HERE"
 #    IgnoreSubject: false
+#    IgnoreBody: false
+#    SkipMarkdown: false
 #
 #  - MailboxName: "mailbox2"
-#    MatrixRoomId: "!another:example.com"
+#    MatrixRoomId: "!anotherRoom:{{ matrix_domain }}"
 #    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
-#    MatrixUserId": "@email2matrix:{{ matrix_domain }}"
+#    MatrixUserId: "@email2matrix:{{ matrix_domain }}"
-#    MatrixAccessToken": "TOKEN_HERE"
+#    MatrixAccessToken: "MATRIX_ACCESS_TOKEN_HERE"
 #    IgnoreSubject: true
+#    IgnoreBody: false
+#    SkipMarkdown: true
 matrix_email2matrix_matrix_mappings: []
 
 matrix_email2matrix_misc_debug: false