Merge 9862f384b083bd4277cc7dc288b88df10cf2a072 into 5c2b33ab91163bc8e66624e46d8206165885eb3d

Merge remote-tracking branch 'upstream/master' into fix
Merge pull request #3877 from luixxiul/patch-1
2025-02-11 17:48:57 +01:00 · 2024-12-17 11:02:43 +00:00 · 2024-12-17 20:02:27 +09:00 · 2024-12-17 12:25:21 +02:00 · 2024-12-17 12:13:14 +02:00 · 2024-12-17 12:09:30 +02:00
50 changed files with 530 additions and 257 deletions
--- a/docs/configuring-playbook-alertmanager-receiver.md
+++ b/docs/configuring-playbook-alertmanager-receiver.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [matrix-alertmanager-receiver](https://github.com/metio/matrix-alertmanager-receiver) service for you. It's a [client](https://prometheus.io/docs/alerting/latest/clients/) for Prometheus' [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), allowing you to deliver alerts to Matrix rooms.

-See the project's [documentation](https://github.com/metio/matrix-alertmanager-receiver) to learn more about what this component does and why it might be useful to you.
+See the project's [documentation](https://github.com/metio/matrix-alertmanager-receiver/blob/main/README.md) to learn what it does and why it might be useful to you.

 At the moment, **setting up this service's bot requires some manual actions** as described below in [Account and room preparation](#account-and-room-preparation).

--- a/docs/configuring-playbook-bot-draupnir.md
+++ b/docs/configuring-playbook-bot-draupnir.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation bot for you.

-See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/the-draupnir-project/Draupnir/blob/main/README.md) to learn what it does and why it might be useful to you.

 This documentation page is about installing Draupnir in bot mode. As an alternative, you can run a multi-instance Draupnir deployment by installing [Draupnir in appservice mode](./configuring-playbook-appservice-draupnir-for-all.md) (called Draupnir-for-all) instead.

--- a/docs/configuring-playbook-bot-go-neb.md
+++ b/docs/configuring-playbook-bot-go-neb.md
@ -6,7 +6,7 @@ The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go

 Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.

-See the project's [documentation](https://github.com/matrix-org/go-neb) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/go-neb/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Registering the bot account

--- a/docs/configuring-playbook-bot-honoroit.md
+++ b/docs/configuring-playbook-bot-honoroit.md
@ -4,7 +4,7 @@ The playbook can install and configure [Honoroit](https://github.com/etkecc/hono

 It's a bot you can use to setup **your own helpdesk on matrix**

-See the project's [documentation](https://github.com/etkecc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
+See the project's [documentation](https://github.com/etkecc/honoroit/blob/main/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@ -4,7 +4,7 @@ The playbook can install and configure [matrix-registration-bot](https://github.

 The bot allows you to easily **create and manage registration tokens** aka. invitation codes. It can be used for an invitation-based server, where you invite someone by sending them a registration token (tokens look like this: `rbalQ0zkaDSRQCOp`). They can register as per normal but have to provide a valid registration token in the final step of the registration process.

-See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/moan0s/matrix-registration-bot/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Configuration

--- a/docs/configuring-playbook-bot-matrix-reminder-bot.md
+++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md
@ -4,7 +4,7 @@ The playbook can install and configure [matrix-reminder-bot](https://github.com/

 It's a bot you can use to **schedule one-off & recurring reminders and alarms**.

-See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bot-mjolnir.md
+++ b/docs/configuring-playbook-bot-mjolnir.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [Mjolnir](https://github.com/matrix-org/mjolnir) moderation bot for you.

-See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/mjolnir/blob/main/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisites

--- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md
+++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md
@ -4,7 +4,7 @@ The playbook can install and configure [matrix-appservice-kakaotalk](https://src

 ⚠️ **Warning**: there have been recent reports (~2022-09-16) that **using this bridge may get your account banned**.

-See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk/src/branch/master/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisite (optional)

--- a/docs/configuring-playbook-bridge-go-skype-bridge.md
+++ b/docs/configuring-playbook-bridge-go-skype-bridge.md
@ -2,7 +2,7 @@

 The playbook can install and configure [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/kelaresg/go-skype-bridge/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bridge-heisenbridge.md
+++ b/docs/configuring-playbook-bridge-heisenbridge.md
@ -4,7 +4,7 @@

 The playbook can install and configure [Heisenbridge](https://github.com/hifi/heisenbridge) - the bouncer-style [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat) bridge for you.

-See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you. You can also take a look at [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I).
+See the project's [documentation](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you. You can also take a look at [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I).

 ## Configuration

--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@ -4,7 +4,7 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr

 Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.

-See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you.
+See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does and why it might be useful to you.

 **Note**: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however was deprecated by its author.

--- a/docs/configuring-playbook-bridge-matrix-bridge-sms.md
+++ b/docs/configuring-playbook-bridge-matrix-bridge-sms.md
@ -2,7 +2,7 @@

 The playbook can install and configure [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/benkuly/matrix-sms-bridge/blob/master/README.md) to learn what it does and why it might be useful to you.

 **The bridge uses [android-sms-gateway-server](https://github.com/RebekkaMa/android-sms-gateway-server). You need to configure it first.**

--- a/docs/configuring-playbook-bridge-mautrix-twitter.md
+++ b/docs/configuring-playbook-bridge-mautrix-twitter.md
@ -4,11 +4,13 @@

 The playbook can install and configure [mautrix-twitter](https://github.com/mautrix/twitter) for you.

-See the project's [documentation](https://github.com/mautrix/twitter) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/mautrix/twitter/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisite (optional)

-If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+### Enable Appservice Double Puppet (optional)
+
+If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.

 For details about configuring Double Puppeting for this bridge, see the section below: [Set up Double Puppeting](#-set-up-double-puppeting)

@ -50,14 +52,18 @@ After successfully enabling bridging, you may wish to set up [Double Puppeting](

 To set it up, you have 2 ways of going about it.

-#### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+#### Method 1: automatically, by enabling Appservice Double Puppet

-The bridge automatically performs Double Puppeting if [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service is configured and enabled on the server for this playbook.
+The bridge automatically performs Double Puppeting if [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service is configured and enabled on the server for this playbook.

-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.

 #### Method 2: manually, by asking each user to provide a working access token

-This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/mautrix/twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
+When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
+
+- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
+
+- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
+
+- make sure you don't log out the `Mautrix-Slack` device some time in the future, as that would break the Double Puppeting feature
--- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md
+++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md
@ -2,7 +2,7 @@

 The playbook can install and configure [mautrix-wsproxy](https://github.com/mautrix/wsproxy) for you.

-See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/mautrix/wsproxy/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bridge-mx-puppet-discord.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md
@ -6,7 +6,7 @@

 The playbook can install and configure [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md
@ -2,7 +2,7 @@

 The playbook can install and configure [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bridge-mx-puppet-slack.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md
@ -4,7 +4,7 @@

 The playbook can install and configure [mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisite

--- a/docs/configuring-playbook-bridge-mx-puppet-steam.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md
@ -2,7 +2,7 @@

 The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/icewind1991/mx-puppet-steam/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-bridge-mx-puppet-twitter.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md
@ -4,7 +4,7 @@

 The playbook can install and configure [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/Sorunome/mx-puppet-twitter/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisite

--- a/docs/configuring-playbook-bridge-postmoogle.md
+++ b/docs/configuring-playbook-bridge-postmoogle.md
@ -6,7 +6,7 @@ The playbook can install and configure [Postmoogle](https://github.com/etkecc/po

 Postmoogle is a bridge you can use to have its bot user forward emails to Matrix rooms. It runs an SMTP email server and allows you to assign mailbox addresses to the rooms.

-See the project's [documentation](https://github.com/etkecc/postmoogle) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/etkecc/postmoogle/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Prerequisites

--- a/docs/configuring-playbook-bridge-wechat.md
+++ b/docs/configuring-playbook-bridge-wechat.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [matrix-wechat](https://github.com/duo/matrix-wechat) bridge for you (for bridging to the [WeChat](https://www.wechat.com/) network).

-See the project page to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/duo/matrix-wechat/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-ldap-auth.md
+++ b/docs/configuring-playbook-ldap-auth.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you.

-See that project's documentation to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/matrix-synapse-ldap3/blob/main/README.rst) to learn what it does and why it might be useful to you.

 If you decide that you'd like to let this playbook install it for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):

--- a/docs/configuring-playbook-ma1sd.md
+++ b/docs/configuring-playbook-ma1sd.md
@ -6,7 +6,7 @@ The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity

 ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). It is private by default, potentially at the expense of user discoverability.

-See the project's [documentation](https://github.com/ma1uta/ma1sd) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/ma1uta/ma1sd/blob/master/README.md) to learn what it does and why it might be useful to you.

 **Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).

--- a/docs/configuring-playbook-matrix-corporal.md
+++ b/docs/configuring-playbook-matrix-corporal.md
@ -8,7 +8,9 @@

 The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.

-In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment. See that project's documentation to learn what it does and why it might be useful to you.
+In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
+
+See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you.

 If you decide that you'd like to let this playbook install it for you, you'd need to also:
 - (required) [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md)
--- a/docs/configuring-playbook-pantalaimon.md
+++ b/docs/configuring-playbook-pantalaimon.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you.

-See the project's [documentation](https://github.com/matrix-org/pantalaimon) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/pantalaimon/blob/master/README.md) to learn what it does and why it might be useful to you.

 This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [Draupnir](configuring-playbook-bot-draupnir.md) and [Mjolnir](configuring-playbook-bot-mjolnir.md) roles (and possibly others) can use it.

--- a/docs/configuring-playbook-rest-auth.md
+++ b/docs/configuring-playbook-rest-auth.md
@ -2,7 +2,7 @@

 The playbook can install and configure [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) for you.

-See that project's documentation to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/ma1uta/matrix-synapse-rest-password-provider/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-shared-secret-auth.md
+++ b/docs/configuring-playbook-shared-secret-auth.md
@ -2,7 +2,7 @@

 The playbook can install and configure [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) for you.

-See that project's documentation to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/devture/matrix-synapse-shared-secret-auth/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-sygnal.md
+++ b/docs/configuring-playbook-sygnal.md
@ -2,7 +2,7 @@

 The playbook can install and configure the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.

-See the project's [documentation](https://github.com/matrix-org/sygnal) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/sygnal/blob/master/README.md) to learn what it does and why it might be useful to you.

 **Note**: most people don't need to install their own gateway. As Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) documentation says:

--- a/docs/configuring-playbook-synapse-auto-accept-invite.md
+++ b/docs/configuring-playbook-synapse-auto-accept-invite.md
@ -2,7 +2,9 @@

 The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you.

-See that project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite) to learn what it does and why it might be useful to you. In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
+In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
+
+See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you.

 **Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.

--- a/docs/configuring-playbook-synapse-auto-compressor.md
+++ b/docs/configuring-playbook-synapse-auto-compressor.md
@ -4,7 +4,7 @@ The playbook can install and configure [synapse_auto_compressor](https://github.

 It's a CLI tool that automatically compresses Synapse's `state_groups` database table in the background.

-See the project's [documentation](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/matrix-org/rust-synapse-compress-state/blob/master/README.md#automated-tool-synapse_auto_compressor) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/docs/configuring-playbook-synapse-simple-antispam.md
+++ b/docs/configuring-playbook-synapse-simple-antispam.md
@ -2,7 +2,9 @@

 The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you.

-See that project's documentation to learn what it does and why it might be useful to you. In short, it lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
+It lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
+
+See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you.

 ## Adjusting the playbook configuration

--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -1835,17 +1835,15 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"

-matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_twitter_double_puppet_secrets_auto: |-
  {{
    ({
      matrix_mautrix_twitter_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
    })
    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_twitter_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
    else {}
-    )
  }}

 matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
--- a/12
+++ b/12
@ -1,6 +1,6 @@
 # Shows help
 default:
-    @just --list --justfile {{ justfile() }}
+    @{{ just_executable() }} --list --justfile {{ justfile() }}

 # Pulls external Ansible roles
 roles:
@ -17,7 +17,7 @@ roles:
 update *flags: update-playbook-only
    #!/usr/bin/env sh
    if [ -x "$(command -v agru)" ]; then
-        echo {{ if flags == "" { "Installing roles pinned in requirements.yml…" } else if flags == "-u" { "Updating roles and pinning new versions in requirements.yml…" } else { "Unknown flags passed" } }}
+        echo {{ if flags == "" { "Installing roles pinned in requirements.yml…" } else { if flags == "-u" { "Updating roles and pinning new versions in requirements.yml…" } else { "Unknown flags passed" } } }}
        agru {{ flags }}
    else
        echo "[NOTE] You are using the standard ansible-galaxy tool to install roles, which is slow and lacks other features. We recommend installing the 'agru' tool to speed up the process: https://github.com/etkecc/agru#where-to-get"
@ -42,7 +42,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star

 # Runs installation tasks for a single service
 install-service service *extra_args:
-    just --justfile {{ justfile() }} run \
+    {{ just_executable() }} --justfile {{ justfile() }} run \
    --tags=install-{{ service }},start-group \
    --extra-vars=group={{ service }} \
    --extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
@ -56,7 +56,7 @@ run +extra_args:

 # Runs the playbook with the given list of comma-separated tags and optional arguments
 run-tags tags *extra_args:
-    just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
+    {{ just_executable() }} --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}

 # Runs the playbook in user-registration mode
 register-user username password admin_yes_or_no *extra_args:
@ -67,14 +67,14 @@ start-all *extra_args: (run-tags "start-all" extra_args)

 # Starts a specific service group
 start-group group *extra_args:
-    @just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
+    @{{ just_executable() }} --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}

 # Stops all services
 stop-all *extra_args: (run-tags "stop-all" extra_args)

 # Stops a specific service group
 stop-group group *extra_args:
-    @just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
+    @{{ just_executable() }} --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}

 # Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
 rebuild-mautrix-meta-instagram:
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
-matrix_mautrix_discord_version: v0.7.1
+matrix_mautrix_discord_version: v0.7.2

 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@ -57,6 +57,8 @@ matrix_mautrix_discord_homeserver_token: ''

 matrix_mautrix_discord_appservice_bot_username: discordbot

+matrix_mautrix_discord_provisioning_shared_secret: disable
+
 # Minimum severity of journal log messages.
 # Options: debug, info, warn, error, fatal
 matrix_mautrix_discord_logging_level: 'warn'
--- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
@ -277,7 +277,7 @@ bridge:
        prefix: /_matrix/provision
        # Shared secret for authentication. If set to "generate", a random secret will be generated,
        # or if set to "disable", the provisioning API will be disabled.
-        shared_secret: generate
+        shared_secret: {{ matrix_mautrix_discord_provisioning_shared_secret | to_json }}

    # Permissions for using the bridge.
    # Permitted values:
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.5.2
+matrix_mautrix_gmessages_version: v0.6.0

 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.4.2
+matrix_mautrix_meta_instagram_version: v0.4.3

 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@ -156,6 +156,8 @@ matrix_mautrix_meta_instagram_meta_mode: instagram
 # When in `instagram` mode (see `matrix_mautrix_meta_instagram_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats?
 matrix_mautrix_meta_instagram_meta_ig_e2ee: false

+matrix_mautrix_meta_instagram_provisioning_shared_secret: disable
+
 # Whether or not metrics endpoint should be enabled.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
 # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_instagram_metrics_proxying_enabled`.
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
@ -263,7 +263,7 @@ provisioning:
    prefix: /_matrix/provision
    # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
    # or if set to "disable", the provisioning API will be disabled.
-    shared_secret: disable
+    shared_secret: {{ matrix_mautrix_meta_instagram_provisioning_shared_secret | to_json }}
    # Whether to allow provisioning API requests to be authed using Matrix access tokens.
    # This follows the same rules as double puppeting to determine which server to contact to check the token,
    # which means that by default, it only works for users on the same server as the bridge.
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.4.2
+matrix_mautrix_meta_messenger_version: v0.4.3

 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@ -156,6 +156,8 @@ matrix_mautrix_meta_messenger_meta_mode: messenger
 # When in `instagram` mode (see `matrix_mautrix_meta_messenger_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats?
 matrix_mautrix_meta_messenger_meta_ig_e2ee: false

+matrix_mautrix_meta_messenger_provisioning_shared_secret: disable
+
 # Whether or not metrics endpoint should be enabled.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
 # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_messenger_metrics_proxying_enabled`.
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
@ -263,7 +263,7 @@ provisioning:
    prefix: /_matrix/provision
    # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
    # or if set to "disable", the provisioning API will be disabled.
-    shared_secret: disable
+    shared_secret: {{ matrix_mautrix_meta_messenger_provisioning_shared_secret | to_json }}
    # Whether to allow provisioning API requests to be authed using Matrix access tokens.
    # This follows the same rules as double puppeting to determine which server to contact to check the token,
    # which means that by default, it only works for users on the same server as the bridge.
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.7.3
+matrix_mautrix_signal_version: v0.7.4

 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
--- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
 matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
-matrix_mautrix_slack_version: v0.1.3
+matrix_mautrix_slack_version: v0.1.4
 # See: https://mau.dev/mautrix/slack/container_registry
 matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
 matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@ -136,6 +136,8 @@ matrix_mautrix_telegram_systemd_wanted_services_list: []
 matrix_mautrix_telegram_appservice_token: ''
 matrix_mautrix_telegram_homeserver_token: ''

+matrix_mautrix_telegram_provisioning_shared_secret: disable
+
 # Whether or not metrics endpoint should be enabled.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
 # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_telegram_metrics_proxying_enabled`.
--- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
@ -71,7 +71,7 @@ appservice:
        prefix: /_matrix/provision/v1
        # The shared secret to authorize users of the API.
        # Set to "generate" to generate and save a new token.
-        shared_secret: generate
+        shared_secret: {{ matrix_mautrix_telegram_provisioning_shared_secret | to_json }}

    # The unique ID of this appservice.
    id: telegram
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.1.8
+matrix_mautrix_twitter_version: v0.2.0
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
@ -24,7 +24,10 @@ matrix_mautrix_twitter_homeserver_address: ""
 matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'

-matrix_mautrix_twitter_command_prefix: "!tw"
+# A public address that external services can use to reach this appservice.
+matrix_mautrix_twitter_appservice_public_address: ''
+
+matrix_mautrix_twitter_bridge_command_prefix: "!tw"

 matrix_mautrix_twitter_bridge_permissions: |
  {{
@ -84,7 +87,7 @@ matrix_mautrix_twitter_homeserver_token: ''

 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
-matrix_mautrix_twitter_federate_rooms: true
+matrix_mautrix_twitter_matrix_federate_rooms: true

 # Database-related configuration fields.
 #
@ -97,23 +100,38 @@ matrix_mautrix_twitter_database_password: 'some-password'
 matrix_mautrix_twitter_database_hostname: ''
 matrix_mautrix_twitter_database_port: 5432
 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
+matrix_mautrix_twitter_database_sslmode: disable

-matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}'
+matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}?sslmode={{ matrix_mautrix_twitter_database_sslmode }}'

-matrix_mautrix_twitter_appservice_database: "{{
+matrix_mautrix_twitter_database_uri: "{{
 	{
 		'postgres': matrix_mautrix_twitter_database_connection_string,
 	}[matrix_mautrix_twitter_database_engine]
 }}"

-matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ matrix_mautrix_twitter_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_twitter_bridge_login_shared_secret_map_custom) }}"
-matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: {}
-matrix_mautrix_twitter_bridge_login_shared_secret_map_custom: {}
+matrix_mautrix_twitter_double_puppet_secrets: "{{ matrix_mautrix_twitter_double_puppet_secrets_auto | combine(matrix_mautrix_twitter_double_puppet_secrets_custom) }}"
+matrix_mautrix_twitter_double_puppet_secrets_auto: {}
+matrix_mautrix_twitter_double_puppet_secrets_custom: {}

 matrix_mautrix_twitter_appservice_bot_username: twitterbot
+matrix_mautrix_twitter_appservice_bot_displayname: Twitter bridge bot
+matrix_mautrix_twitter_appservice_bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn

-# Specifies the default log level for all bridge loggers.
-matrix_mautrix_twitter_logging_level: WARNING
+matrix_mautrix_twitter_backfill_enabled: true
+# Maximum number of messages to backfill in empty rooms
+matrix_mautrix_twitter_backfill_max_initial_messages: 50
+
+# Maximum number of missed messages to backfill after bridge restarts
+matrix_mautrix_twitter_backfill_max_catchup_messages: 500
+
+# Shared secret for authentication of provisioning API requests.
+# If set to "disable", the provisioning API will be disabled.
+matrix_mautrix_twitter_provisioning_shared_secret: disable
+
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_twitter_logging_level: 'warn'

 # Whether or not metrics endpoint should be enabled.
 # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
@ -162,10 +180,15 @@ matrix_mautrix_twitter_registration_yaml: |
  sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }}
  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
+  receive_ephemeral: true

 matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"

 # Enable End-to-bridge encryption
 matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
+matrix_mautrix_twitter_bridge_encryption_require: false
+matrix_mautrix_twitter_bridge_encryption_appservice: false
 matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
+# This pickle key value is compatible with the old mautrix-twitter bridge (before bridgev2).
+matrix_mautrix_twitter_bridge_encryption_pickle_key: mautrix.bridge.e2ee
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
@ -22,3 +22,9 @@
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_mautrix_twitter_login_shared_secret', 'new': '<removed>'}
+    - {'old': 'matrix_mautrix_twitter_appservice_database', 'new': 'matrix_mautrix_twitter_database_uri'}
+    - {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map', 'new': 'matrix_mautrix_twitter_double_puppet_secrets'}
+    - {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map_auto', 'new': 'matrix_mautrix_twitter_double_puppet_secrets_auto'}
+    - {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map_custom', 'new': 'matrix_mautrix_twitter_double_puppet_secrets_custom'}
+    - {'old': 'matrix_mautrix_twitter_federate_rooms', 'new': 'matrix_mautrix_twitter_matrix_federate_rooms'}
+    - {'old': 'matrix_mautrix_twitter_command_prefix', 'new': 'matrix_mautrix_twitter_bridge_command_prefix'}
--- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
@ -1,202 +1,428 @@
 #jinja2: lstrip_blocks: "True"
-# Homeserver details
-homeserver:
-    # The address that this appservice can use to connect to the homeserver.
-    address: {{ matrix_mautrix_twitter_homeserver_address }}
-    # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_mautrix_twitter_homeserver_domain }}
-    # Whether or not to verify the SSL certificate of the homeserver.
-    # Only applies if address starts with https://
-    verify_ssl: true
-    asmux: false
+# Network-specific config options
+network:
+    # Proxy to use for all Twitter connections.
+    proxy: null
+    # Alternative to proxy: an HTTP endpoint that returns the proxy URL to use for Twitter connections.
+    get_proxy_url: null

-# Application service host/registration related details
-# Changing these values requires regeneration of the registration.
-appservice:
-    # The address that the homeserver can use to connect to this appservice.
-    address: {{ matrix_mautrix_twitter_appservice_address }}
-    # When using https:// the TLS certificate and key files for the address.
-    tls_cert: false
-    tls_key: false
-
-    # The hostname and port where this appservice should listen.
-    hostname: 0.0.0.0
-    port: 29327
-    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
-    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
-    max_body_size: 1
-
-    # The full URI to the database. Only Postgres is currently supported.
-    database: {{ matrix_mautrix_twitter_appservice_database|to_json }}
-    # Additional arguments for asyncpg.create_pool()
-    # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
-    database_opts:
-        min_size: 5
-        max_size: 10
-
-    # Provisioning API part of the web server for automated portal creation and fetching information.
-    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
-    provisioning:
-        # Whether or not the provisioning API should be enabled.
-        enabled: true
-        # The prefix to use in the provisioning API endpoints.
-        prefix: /_matrix/provision/v1
-        # The shared secret to authorize users of the API.
-        # Set to "generate" to generate and save a new token.
-        shared_secret: generate
-
-    # The unique ID of this appservice.
-    id: twitter
-    # Username of the appservice bot.
-    bot_username: {{ matrix_mautrix_twitter_appservice_bot_username|to_json }}
-    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
-    # to leave display name/avatar as-is.
-    bot_displayname: Twitter bridge bot
-    bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn
-
-    # Whether or not to receive ephemeral events via appservice transactions.
-    # Requires MSC2409 support (i.e. Synapse 1.22+).
-    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
-    ephemeral_events: false
-
-    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
-    as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
-    hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
-
-# Prometheus telemetry config. Requires prometheus-client to be installed.
-metrics:
-    enabled: {{ matrix_mautrix_twitter_metrics_enabled | to_json }}
-    listen_port: 8000
-
-# Bridge config
-bridge:
-    # Localpart template of MXIDs for Twitter users.
-    # {userid} is replaced with the user ID of the Twitter user.
-    username_template: "twitter_{userid}"
    # Displayname template for Twitter users.
-    # {displayname} is replaced with the display name of the Twitter user.
-    # {username} is replaced with the username of the Twitter user.
-    displayname_template: "{displayname} (Twitter)"
+    # {% raw %}
+    # {{ .DisplayName }} is replaced with the display name of the Twitter user.
+    # {{ .Username }} is replaced with the username of the Twitter user.
+    # {% endraw %}
+    displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"

-    # Maximum length of displayname
-    displayname_max_length: 100
+    # Maximum number of conversations to sync on startup
+    conversation_sync_limit: 20

-    # Number of conversations to sync (and create portals for) on login.
-    # Set 0 to disable automatic syncing.
-    initial_conversation_sync: 10
-    # Whether or not to use /sync to get read receipts and typing notifications
-    # when double puppeting is enabled
-    sync_with_custom_puppets: true
-    # Whether or not to update the m.direct account data event when double puppeting is enabled.
-    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
-    # and is therefore prone to race conditions.
-    sync_direct_chat_list: false
-    # Allow using double puppeting from any server with a valid client .well-known file.
-    double_puppet_allow_discovery: false
-    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
-    double_puppet_server_map: {}
-    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
-    #
-    # If set, custom puppets will be enabled automatically for local users
-    # instead of users having to find an access token and run `login-matrix`
-    # manually.
-    # If using this for other servers than the bridge's server,
-    # you must also set the URL in the double_puppet_server_map.
-    login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }}
-    # Whether or not created rooms should have federation enabled.
-    # If false, created portal rooms will never be federated.
-    federate_rooms: {{ matrix_mautrix_twitter_federate_rooms|to_json }}
-    # Settings for backfilling messages from Twitter.
-    #
-    # Missed message backfilling is currently based on receiving them from the Twitter polling API,
-    # rather than manually asking for messages in each conversation. Due to this, there's no way to
-    # set a limit for missed message backfilling.
-    backfill:
-        # Whether or not the Twitter users of logged in Matrix users should be
-        # invited to private chats when backfilling history from Twitter. This is
-        # usually needed to prevent rate limits and to allow timestamp massaging.
-        invite_own_puppet: true
-        # Maximum number of messages to backfill initially.
-        # Set to 0 to disable backfilling when creating portal.
-        initial_limit: 0
-        # If using double puppeting, should notifications be disabled
-        # while the initial backfill is in progress?
-        disable_notifications: true
-    # End-to-bridge encryption support options. You must install the e2be optional dependency for
-    # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
-    encryption:
-        # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: {{ matrix_mautrix_twitter_bridge_encryption_allow|to_json }}
-        # Default to encryption, force-enable encryption in all portals the bridge creates
-        # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: {{ matrix_mautrix_twitter_bridge_encryption_default|to_json }}
-        # Options for automatic key sharing.
-        key_sharing:
-            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
-            # You must use a client that supports requesting keys from other users to use this feature.
-            allow: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow|to_json }}
-            # Require the requesting device to have a valid cross-signing signature?
-            # This doesn't require that the bridge has verified the device, only that the user has verified it.
-            # Not yet implemented.
-            require_cross_signing: false
-            # Require devices to be verified by the bridge?
-            # Verification by the bridge is not yet implemented.
-            require_verification: true
-    # Whether or not to explicitly set the avatar and room name for private
-    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
-    private_chat_portal_meta: false
-    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
-    # been sent to Twitter.
-    delivery_receipts: false
-    # Whether or not delivery errors should be reported as messages in the Matrix room.
-    delivery_error_reports: true
-    # Whether or not non-fatal polling errors should send notices to the notice room.
-    temporary_disconnect_notices: true
-    # Number of seconds to sleep more than the previous error when a polling error occurs.
-    # Growth is capped at 15 minutes.
-    error_sleep: 5
-    # Maximum number of polling errors before giving up. Set to -1 to retry forever.
-    max_poll_errors: 12
-    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
-    # This field will automatically be changed back to false after it,
-    # except if the config file is not writable.
+
+# Config options that affect the central bridge module.
+bridge:
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: {{ matrix_mautrix_twitter_bridge_command_prefix | to_json }}
+    # Should the bridge create a space for each login containing the rooms that account is in?
+    personal_filtering_spaces: true
+    # Whether the bridge should set names and avatars explicitly for DM portals.
+    # This is only necessary when using clients that don't support MSC4171.
+    private_chat_portal_meta: true
+    # Should events be handled asynchronously within portal rooms?
+    # If true, events may end up being out of order, but slow events won't block other ones.
+    # This is not yet safe to use.
+    async_events: false
+    # Should every user have their own portals rather than sharing them?
+    # By default, users who are in the same group on the remote network will be
+    # in the same Matrix room bridged to that group. If this is set to true,
+    # every user will get their own Matrix room instead.
+    split_portals: false
+    # Should the bridge resend `m.bridge` events to all portals on startup?
    resend_bridge_info: false

-    # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}"
+    # Should leaving Matrix rooms be bridged as leaving groups on the remote network?
+    bridge_matrix_leave: false
+    # Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
+    # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
+    tag_only_on_create: true
+    # List of tags to allow bridging. If empty, no tags will be bridged.
+    only_bridge_tags: [m.favourite, m.lowpriority]
+    # Should room mute status only be synced when creating the portal?
+    # Like tags, mutes can't currently be synced back to the remote network.
+    mute_only_on_create: true
+
+    # What should be done to portal rooms when a user logs out or is logged out?
+    # Permitted values:
+    #   nothing - Do nothing, let the user stay in the portals
+    #   kick - Remove the user from the portal rooms, but don't delete them
+    #   unbridge - Remove all ghosts in the room and disassociate it from the remote chat
+    #   delete - Remove all ghosts and users from the room (i.e. delete it)
+    cleanup_on_logout:
+        # Should cleanup on logout be enabled at all?
+        enabled: false
+        # Settings for manual logouts (explicitly initiated by the Matrix user)
+        manual:
+            # Action for private portals which will never be shared with other Matrix users.
+            private: nothing
+            # Action for portals with a relay user configured.
+            relayed: nothing
+            # Action for portals which may be shared, but don't currently have any other Matrix users.
+            shared_no_users: nothing
+            # Action for portals which have other logged-in Matrix users.
+            shared_has_users: nothing
+        # Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
+        # Keys have the same meanings as in the manual section.
+        bad_credentials:
+            private: nothing
+            relayed: nothing
+            shared_no_users: nothing
+            shared_has_users: nothing
+
+    # Settings for relay mode
+    relay:
+        # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
+        # authenticated user into a relaybot for that chat.
+        enabled: false
+        # Should only admins be allowed to set themselves as relay users?
+        # If true, non-admins can only set users listed in default_relays as relays in a room.
+        admin_only: true
+        # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
+        default_relays: []
+        # The formats to use when sending messages via the relaybot.
+        # Available variables:
+        #   .Sender.UserID - The Matrix user ID of the sender.
+        #   .Sender.Displayname - The display name of the sender (if set).
+        #   .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
+        #   .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
+        #                               plus the user ID in parentheses if the displayname is not unique.
+        #                               If the displayname is not set, this is just the user ID.
+        #   .Message - The `formatted_body` field of the message.
+        #   .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
+        #   .FileName - The name of the file being sent.
+        message_formats:
+            m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
+            m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
+            m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+            m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
+        # For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
+        # This has all the Sender variables available under message_formats (but without the .Sender prefix).
+        # Note that you need to manually remove the displayname from message_formats above.
+        displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"

    # Permissions for using the bridge.
    # Permitted values:
-    #       user - Use the bridge with puppeting.
-    #      admin - Use and administrate the bridge.
+    #    relay - Talk through the relaybot (if enabled), no access otherwise
+    # commands - Access to use commands in the bridge, but not login.
+    #     user - Access to use the bridge with puppeting.
+    #    admin - Full access, user level with some additional administration tools.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
-    permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }}
+    permissions: {{ matrix_mautrix_twitter_bridge_permissions | to_json }}

+# Config for the bridge's database.
+database:
+    # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+    type: postgres
+    # The database URI.
+    #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+    #           https://github.com/mattn/go-sqlite3#connection-string
+    #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+    #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+    uri: {{ matrix_mautrix_twitter_database_uri | to_json }}
+    # Maximum number of connections.
+    max_open_conns: 5
+    max_idle_conns: 1
+    # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+    # Parsed with https://pkg.go.dev/time#ParseDuration
+    max_conn_idle_time: null
+    max_conn_lifetime: null

-# Python logging configuration.
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
+    # but https also works if they run on different machines.
+    address: {{ matrix_mautrix_twitter_homeserver_address | to_json }}
+    # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+    domain: {{ matrix_mautrix_twitter_homeserver_domain | to_json }}
+
+    # What software is the homeserver running?
+    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+    software: standard
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint:
+    # Endpoint for reporting per-message status.
+    # If set, the bridge will make POST requests to this URL when processing a message from Matrix.
+    # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
+    # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
+    # The bridge will use the appservice as_token to authorize requests.
+    message_send_checkpoint_endpoint:
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: false
+
+    # Should the bridge use a websocket for connecting to the homeserver?
+    # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+    # mautrix-asmux (deprecated), and hungryserv (proprietary).
+    websocket: false
+    # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+    ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration (except when noted otherwise)
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    # Like the homeserver address, a local non-https address is recommended when the bridge is on the same machine.
+    # If the bridge is elsewhere, you must secure the connection yourself (e.g. with https or wireguard)
+    # If you want to use https, you need to use a reverse proxy. The bridge does not have TLS support built in.
+    address: {{ matrix_mautrix_twitter_appservice_address | to_json }}
+    # A public address that external services can use to reach this appservice.
+    # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
+    # This value doesn't affect the registration file.
+    public_address: {{ matrix_mautrix_twitter_appservice_public_address | to_json }}
+
+    # The hostname and port where this appservice should listen.
+    # For Docker, you generally have to change the hostname to 0.0.0.0.
+    hostname: 0.0.0.0
+    port: 29327
+
+    # The unique ID of this appservice.
+    id: twitter
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_mautrix_twitter_appservice_bot_username | to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: {{ matrix_mautrix_twitter_appservice_bot_displayname | to_json }}
+        avatar: {{ matrix_mautrix_twitter_appservice_bot_avatar | to_json }}
+
+    # Whether to receive ephemeral events via appservice transactions.
+    ephemeral_events: true
+    # Should incoming events be handled asynchronously?
+    # This may be necessary for large public instances with lots of messages going through.
+    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+    # This value doesn't affect the registration file.
+    async_transactions: false
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    msc4190: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }}
+    hs_token: {{ matrix_mautrix_twitter_homeserver_token | to_json }}
+
+    # Localpart template of MXIDs for remote users.
+    # {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
+    username_template: "{% raw %}twitter_{{.}}{% endraw %}"
+
+# Config options that affect the Matrix connector of the bridge.
+matrix:
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send a read receipt after successfully bridging a message.
+    delivery_receipts: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
+    # Whether the bridge should update the m.direct account data event when double puppeting is enabled.
+    sync_direct_chat_list: true
+    # Whether created rooms should have federation enabled. If false, created portal rooms
+    # will never be federated. Changing this option requires recreating rooms.
+    federate_rooms: {{ matrix_mautrix_twitter_matrix_federate_rooms | to_json }}
+    # The threshold as bytes after which the bridge should roundtrip uploads via the disk
+    # rather than keeping the whole file in memory.
+    upload_file_threshold: 5242880
+
+# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
+analytics:
+    # API key to send with tracking requests. Tracking is disabled if this is null.
+    token: null
+    # Address to send tracking requests to.
+    url: https://api.segment.io/v1/track
+    # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
+    user_id: null
+
+# Settings for provisioning API
+provisioning:
+    # Prefix for the provisioning API paths.
+    prefix: /_matrix/provision
+    # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
+    # or if set to "disable", the provisioning API will be disabled.
+    shared_secret: {{ matrix_mautrix_twitter_provisioning_shared_secret | to_json }}
+    # Whether to allow provisioning API requests to be authed using Matrix access tokens.
+    # This follows the same rules as double puppeting to determine which server to contact to check the token,
+    # which means that by default, it only works for users on the same server as the bridge.
+    allow_matrix_auth: true
+    # Enable debug API at /debug with provisioning authentication.
+    debug_endpoints: false
+
+# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
+# These settings control whether the bridge will provide such public media access.
+public_media:
+    # Should public media be enabled at all?
+    # The public_address field under the appservice section MUST be set when enabling public media.
+    enabled: false
+    # A key for signing public media URLs.
+    # If set to "generate", a random key will be generated.
+    signing_key: ""
+    # Number of seconds that public media URLs are valid for.
+    # If set to 0, URLs will never expire.
+    expiry: 0
+    # Length of hash to use for public media URLs. Must be between 0 and 32.
+    hash_length: 32
+
+# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
+# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
+direct_media:
+    # Should custom mxc:// URIs be used instead of reuploading media?
+    enabled: false
+    # The server name to use for the custom mxc:// URIs.
+    # This server name will effectively be a real Matrix server, it just won't implement anything other than media.
+    # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
+    server_name: discord-media.example.com
+    # Optionally a custom .well-known response. This defaults to `server_name:443`
+    well_known_response:
+    # Optionally specify a custom prefix for the media ID part of the MXC URI.
+    media_id_prefix:
+    # If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
+    # media download redirects if the requester supports it. Optionally, you can force redirects
+    # and not allow proxying at all by setting this to false.
+    # This option does nothing if the remote network does not support media downloads over HTTP.
+    allow_proxy: true
+    # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
+    # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
+    server_key: ""
+
+# Settings for backfilling messages.
+# Note that the exact way settings are applied depends on the network connector.
+# See https://docs.mau.fi/bridges/general/backfill.html for more details.
+backfill:
+    # Whether to do backfilling at all.
+    enabled: {{ matrix_mautrix_twitter_backfill_enabled | to_json }}
+    # Maximum number of messages to backfill in empty rooms.
+    max_initial_messages: {{ matrix_mautrix_twitter_backfill_max_initial_messages | to_json }}
+    # Maximum number of missed messages to backfill after bridge restarts.
+    max_catchup_messages: {{ matrix_mautrix_twitter_backfill_max_catchup_messages | to_json }}
+    # If a backfilled chat is older than this number of hours,
+    # mark it as read even if it's unread on the remote network.
+    unread_hours_threshold: 720
+    # Settings for backfilling threads within other backfills.
+    threads:
+        # Maximum number of messages to backfill in a new thread.
+        max_initial_messages: 50
+    # Settings for the backwards backfill queue. This only applies when connecting to
+    # Beeper as standard Matrix servers don't support inserting messages into history.
+    queue:
+        # Should the backfill queue be enabled?
+        enabled: false
+        # Number of messages to backfill in one batch.
+        batch_size: 100
+        # Delay between batches in seconds.
+        batch_delay: 20
+        # Maximum number of batches to backfill per portal.
+        # If set to -1, all available messages will be backfilled.
+        max_batches: -1
+        # Optional network-specific overrides for max batches.
+        # Interpretation of this field depends on the network connector.
+        max_batches_override: {}
+
+# Settings for enabling double puppeting
+double_puppet:
+    # Servers to always allow double puppeting from.
+    # This is only for other servers and should NOT contain the server the bridge is on.
+    servers: {}
+    # Whether to allow client API URL discovery for other servers. When using this option,
+    # users on other servers can use double puppeting even if their server URLs aren't
+    # explicitly added to the servers map above.
+    allow_discovery: false
+    # Shared secrets for automatic double puppeting.
+    # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
+    secrets: {{ matrix_mautrix_twitter_double_puppet_secrets | to_json }}
+
+# End-to-bridge encryption support options.
 #
-# See section 16.7.2 of the Python documentation for more info:
-# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
+# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+encryption:
+    # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
+    allow: {{ matrix_mautrix_twitter_bridge_encryption_allow | to_json }}
+    # Whether to force-enable encryption in all bridged rooms.
+    default: {{ matrix_mautrix_twitter_bridge_encryption_default | to_json }}
+    # Whether to require all messages to be encrypted and drop any unencrypted messages.
+    require: {{ matrix_mautrix_twitter_bridge_encryption_require | to_json }}
+    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
+    appservice: {{ matrix_mautrix_twitter_bridge_encryption_appservice | to_json }}
+    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+    # You must use a client that supports requesting keys from other users to use this feature.
+    allow_key_sharing: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow | to_json }}
+    # Pickle key for encrypting encryption keys in the bridge database.
+    # If set to generate, a random key will be generated.
+    pickle_key: {{ matrix_mautrix_twitter_bridge_encryption_pickle_key | to_json }}
+    # Options for deleting megolm sessions from the bridge.
+    delete_keys:
+        # Beeper-specific: delete outbound sessions when hungryserv confirms
+        # that the user has uploaded the key to key backup.
+        delete_outbound_on_ack: false
+        # Don't store outbound sessions in the inbound table.
+        dont_store_outbound: false
+        # Ratchet megolm sessions forward after decrypting messages.
+        ratchet_on_decrypt: false
+        # Delete fully used keys (index >= max_messages) after decrypting messages.
+        delete_fully_used_on_decrypt: false
+        # Delete previous megolm sessions from same device when receiving a new one.
+        delete_prev_on_new_session: false
+        # Delete megolm sessions received from a device when the device is deleted.
+        delete_on_device_delete: false
+        # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+        periodically_delete_expired: false
+        # Delete inbound megolm sessions that don't have the received_at field used for
+        # automatic ratcheting and expired session deletion. This is meant as a migration
+        # to delete old keys prior to the bridge update.
+        delete_outdated_inbound: false
+    # What level of device verification should be required from users?
+    #
+    # Valid levels:
+    #   unverified - Send keys to all device in the room.
+    #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+    #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+    #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+    #                           Note that creating user signatures from the bridge bot is not currently possible.
+    #   verified - Require manual per-device verification
+    #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+    verification_levels:
+        # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
+        receive: unverified
+        # Minimum level that the bridge should accept for incoming Matrix messages.
+        send: unverified
+        # Minimum level that the bridge should require for accepting key requests.
+        share: cross-signed-tofu
+    # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
+    # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
+    rotation:
+        # Enable custom Megolm room key rotation settings. Note that these
+        # settings will only apply to rooms created after this option is set.
+        enable_custom: false
+        # The maximum number of milliseconds a session should be used
+        # before changing it. The Matrix spec recommends 604800000 (a week)
+        # as the default.
+        milliseconds: 604800000
+        # The maximum number of messages that should be sent with a given a
+        # session before changing it. The Matrix spec recommends 100 as the
+        # default.
+        messages: 100
+        # Disable rotating keys when a user's devices change?
+        # You should not enable this option unless you understand all the implications.
+        disable_device_change_key_rotation: false
+
+# Logging config. See https://github.com/tulir/zeroconfig for details.
 logging:
-    version: 1
-    formatters:
-        colored:
-            (): mautrix_twitter.util.ColorFormatter
-            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
-        normal:
-            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
-    handlers:
-        console:
-            class: logging.StreamHandler
-            formatter: colored
-    loggers:
-        mau:
-            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
-        aiohttp:
-            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
-    root:
-        level: {{ matrix_mautrix_twitter_logging_level|to_json }}
-        handlers: [console]
+    min_level: {{ matrix_mautrix_twitter_logging_level | to_json }}
+    writers:
+        - type: stdout
+          format: pretty-colored
--- a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2
@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_twitter_docker_image }} \
-			python3 -m mautrix_twitter -c /config/config.yaml --no-update
+			/usr/bin/mautrix-twitter -c /config/config.yaml -r /config/registration.yaml --no-update

 {% for network in matrix_mautrix_twitter_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-twitter
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.11.1
+matrix_mautrix_whatsapp_version: v0.11.2

 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@ -384,7 +384,7 @@ direct_media:
    allow_proxy: true
    # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
    # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
-    server_key: generate
+    server_key: ""

 # Settings for backfilling messages.
 # Note that the exact way settings are applied depends on the network connector.
Author	SHA1	Message	Date
Suguru Hirahara	6a2acdb7a2	Merge 9862f384b083bd4277cc7dc288b88df10cf2a072 into 5c2b33ab91163bc8e66624e46d8206165885eb3d	2024-12-17 11:02:43 +00:00
Suguru Hirahara	9862f384b0	Merge remote-tracking branch 'upstream/master' into fix	2024-12-17 20:02:27 +09:00
Slavi Pantaleev	5c2b33ab91	Merge pull request #3877 from luixxiul/patch-1 Update docs: consistent introduction to encourage readers to check projects' documentation	2024-12-17 12:25:21 +02:00
Slavi Pantaleev	f5cc79bc88	Fix lint errors	2024-12-17 12:13:14 +02:00
Slavi Pantaleev	bf9bd1f5fb	Adapt mautrix-twitter to bridgev2 configuration Fixup for 784a5aaef46ec43622bf6e425cfc5c8f4572d406.	2024-12-17 12:09:30 +02:00
Slavi Pantaleev	beeb8a7933	Remove some "generate" values from various mautrix bridges We do not let bridges update config files, so generation cannot happen. We don't want the bridge to manage the config file anyway.	2024-12-17 12:00:39 +02:00
Suguru Hirahara	3dc0e3f5ef	Update docs: adopt common expressions to encourage readers to check projects' documentation - Replace links to the documentation with ones to projects' README files, if these have been linked to the project directly Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2024-12-17 18:50:53 +09:00
Suguru Hirahara	e9e1e603ea	Update docs: "See that" → "See the" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2024-12-17 18:43:20 +09:00
Aine	8ab4315484	make justfile compatible with different 'just' implementations, fixes #3866	2024-12-17 11:15:25 +02:00
Aine	784a5aaef4	mautrix twitter v0.2.0	2024-12-17 10:43:23 +02:00
Aine	7f7871f100	Merge pull request #3878 from spantaleev/renovate/dock.mau.dev-mautrix-whatsapp-0.x chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.11.2	2024-12-17 08:40:53 +00:00
Aine	40f1ed8450	Merge pull request #3879 from spantaleev/renovate/dock.mau.dev-mautrix-gmessages-0.x chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.6.0	2024-12-17 08:40:37 +00:00
Aine	58c6a262d1	Merge pull request #3873 from spantaleev/renovate/dock.mau.dev-mautrix-meta-0.x chore(deps): update dock.mau.dev/mautrix/meta docker tag to v0.4.3	2024-12-17 08:40:21 +00:00
Aine	703ba5ea68	Merge pull request #3874 from spantaleev/renovate/dock.mau.dev-mautrix-signal-0.x chore(deps): update dock.mau.dev/mautrix/signal docker tag to v0.7.4	2024-12-17 08:39:40 +00:00
renovate[bot]	1032cbd11a	chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.6.0	2024-12-17 08:39:34 +00:00
renovate[bot]	8283225a0e	chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.11.2	2024-12-17 08:39:28 +00:00
Aine	21bf12b921	Merge pull request #3875 from spantaleev/renovate/dock.mau.dev-mautrix-discord-0.x chore(deps): update dock.mau.dev/mautrix/discord docker tag to v0.7.2	2024-12-17 08:39:18 +00:00
Aine	5e2cc46615	Merge pull request #3876 from spantaleev/renovate/dock.mau.dev-mautrix-slack-0.x chore(deps): update dock.mau.dev/mautrix/slack docker tag to v0.1.4	2024-12-17 08:38:46 +00:00
Suguru Hirahara	f3cf8a8095	Update docs: small edits for consistency The common strings are: "to learn what it does and why it might be useful to you." Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2024-12-17 13:56:55 +09:00
renovate[bot]	59c348e0bd	chore(deps): update dock.mau.dev/mautrix/slack docker tag to v0.1.4	2024-12-16 21:34:45 +00:00
renovate[bot]	743417c6f1	chore(deps): update dock.mau.dev/mautrix/discord docker tag to v0.7.2	2024-12-16 21:34:39 +00:00
renovate[bot]	1953b89db2	chore(deps): update dock.mau.dev/mautrix/signal docker tag to v0.7.4	2024-12-16 18:42:34 +00:00
renovate[bot]	666830a6c2	chore(deps): update dock.mau.dev/mautrix/meta docker tag to v0.4.3	2024-12-16 18:42:30 +00:00