Merge 3ca0f4221f9d0619c0ec09c861c49f9072b00d20 into ca8c1cf2b5416924c4379d43d5c943928377747d

Add support for Valkey and default to using it instead of KeyDB
Hopefully fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3544
2025-01-30 20:05:01 +01:00 · 2024-11-23 22:47:44 +09:00 · 2024-11-23 14:43:04 +02:00 · 2024-11-23 11:52:48 +02:00 · 2024-11-23 09:59:29 +02:00 · 2024-11-23 07:21:12 +02:00
28 changed files with 991 additions and 54 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,45 @@
 # 2024-11-23
 ## (Backward Compatibility Break) The playbook now defaults to Valkey, instead of KeyDB
 **TLDR**: if the playbook installed KeyDB (or Redis) as a dependency for you before, it will now replace it with [Valkey](https://valkey.io/) (a drop-in alternative). We [previously switched from Redis to KeyDB](#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis), but Valkey is a better alternative, so we're switching again.
 The playbook used to install Redis or KeyDB if services have a need for a Redis-compatible implementation ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), [enabling Hookshot encryption](docs/configuring-playbook-bridge-hookshot.md#end-to-bridge-encryption), etc.).
 Earlier this year, we switched from Redis to KeyDB - see [(Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis](#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis).
 Because Valkey seems to be a better successor to Redis (than KeyDB) and likely doesn't suffer from [issues like this one](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3544), we now replace KeyDB with Valkey.
 Valkey (like KeyDB and Redis in the past) is an implicitly enabled dependency - you don't need custom configuration in `vars.yml` to enable it.
 Next time your run the playbook (via the `setup-all` tag), **KeyDB will be automatically uninstalled and replaced with Valkey**. Some Synapse downtime may occur while the switch happens.
 Users on `arm32` should be aware that there's **neither a prebuilt `arm32` container image for Valkey**, nor the Valkey role supports self-building yet. Users on this architecture likely don't run Synapse with workers, etc., so they're likely in no need of Valkey (or Redis/KeyDB). If Redis is necessary in an `arm32` deployment, disabling Valkey and making the playbook fall back to Redis is possible (see below).
 **The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file:
 ```yml
 # Explicitly disable both Valkey and KeyDB.
 #
 # Redis will be auto-enabled if necessary,
 # because there's no other Redis-compatible implementation being enabled.
 valkey_enabled: false
 keydb_enabled: false
 ```
 **The playbook still supports KeyDB** and you can keep using KeyDB (for now) if you'd like, by adding this additional configuration to your `vars.yml` file:
 ```yml
 # Explicitly disable Valkey  enable KeyDB.
 #
 # Redis will not be auto-enabled beandcause a Redis-compatible implementation (KeyDB) is enabled.
 valkey_enabled: false
 keydb_enabled: true
 ```
 At some point in time in the future, we'll remove both KeyDB and Redis from the playbook, so we recommend that you migrate to Valkey earlier anyway.
 # 2024-11-14
 ## HTTP-compression support for Traefik-based setups
--- a/README.md
+++ b/README.md
@ -27,6 +27,8 @@ While the [list of supported services](#-supported-services) and documentation i
 - Starting with the basics. You can always add/remove or tweak services later on.
 - Following our guided installation, starting with the [Prerequisites](./docs/prerequisites.md) documentation page
 If you have never configured Matrix services, follow the [**quick start**](./docs/quick-start.md) guide to set up minimum core services on your server.
 ## ✔ Supported services
 Using this playbook, you can get the following list of services configured on your server. Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
--- a/docs/README.md
+++ b/docs/README.md
@ -2,6 +2,8 @@
 - [FAQ](faq.md) - lots of questions and answers. Jump to [Prerequisites](prerequisites.md) to avoid reading too much and to just start a guided installation.
 - [Quick start](quick-start.md) - follow the guide to set up minimum core services on your server
 - [Prerequisites](prerequisites.md) - go here to a guided installation using this Ansible playbook
 - [Configuring your DNS settings](configuring-dns.md)
--- a/docs/configuring-dns.md
+++ b/docs/configuring-dns.md
@ -1,6 +1,6 @@
 # Configuring your DNS settings
-<sup>⚡️[Quick start](README.md) | [Prerequisites](prerequisites.md) > Configuring your DNS settings > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
+<sup>⚡️[Quick start](quick-start.md) | [Prerequisites](prerequisites.md) > Configuring your DNS settings > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
 To set up Matrix on your domain, you'd need to do some DNS configuration.
@ -36,7 +36,7 @@ The `element.example.com` subdomain is necessary, because this playbook installs
 Be mindful as to how long it will take for the DNS records to propagate.
-If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
+If you are using Cloudflare DNS, make sure to disable the proxy and set all records to "DNS only". Otherwise, fetching certificates will fail.
 ## DNS settings for optional services/features
--- a/docs/configuring-playbook-fluffygate.md
+++ b/docs/configuring-playbook-fluffygate.md
@ -0,0 +1,147 @@
 # Setting up Fluffygate (optional)
 The playbook can install and configure [Fluffygate](https://github.com/krille-chan/fluffygate), a simple Push Gateway for Fluffychat.
 See the project's documentation to learn what it does and why it might be useful to you.
 **Note**: most people don't need to install their own gateway. This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves, as you'll need access to your own Firebase/FCM and APNS credentials.
 ## Adjusting the playbook configuration
 To enable Fluffygate, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_fluffygate_enabled: true
 # Basic app information
 matrix_fluffygate_app_name: "Your App Name"
 matrix_fluffygate_app_website: "https://example.com"
 # Firebase/FCM configuration (for Android / IOS)
 matrix_fluffygate_firebase_project: "your-firebase-project-id"
 matrix_fluffygate_firebase_key: |
  {
    # Your Firebase service account key JSON content
  }
 # Notification settings
 matrix_fluffygate_notification_title: "{count} new messages"
 matrix_fluffygate_notification_body: "{body}"
 # Android specific notification options
 matrix_fluffygate_android_notification_options:
  priority: high
  notification:
    sound: "default"
    icon: "notifications_icon"
    tag: "default_notification"
 # APNS specific notification options (for iOS)
 matrix_fluffygate_apns_notification_options:
  headers:
    apns-priority: "10"
  payload:
    aps:
      sound: "default"
      badge: "{count}"
      mutable-content: 1
 ```
 For a complete list of available configuration options, see the `defaults/main.yml` file in the role.
 ### Required Configuration
 The following settings are required and must be defined:
 - `matrix_fluffygate_hostname`
 - `matrix_fluffygate_path_prefix`
 - `matrix_fluffygate_container_network`
 - `matrix_fluffygate_app_name`
 - `matrix_fluffygate_app_website`
 ### Adjusting the Fluffygate URL
 By default, this playbook installs Fluffygate at the root path (`/`) of the configured hostname. You can customize both the hostname and path prefix using these variables:
 ```yaml
 # Configure the hostname where Fluffygate will be served
 matrix_fluffygate_hostname: "push.example.com"
 # Configure a custom path prefix (must either be '/' or not end with a slash)
 matrix_fluffygate_path_prefix: /push
 ```
 ### Traefik Integration
 Fluffygate includes built-in support for Traefik as a reverse proxy. The following settings control this integration:
 ```yaml
 # Enable/disable Traefik labels
 matrix_fluffygate_container_labels_traefik_enabled: true
 # Configure the Traefik network
 matrix_fluffygate_container_labels_traefik_docker_network: "{{ matrix_fluffygate_container_network }}"
 # Additional Traefik configuration
 matrix_fluffygate_container_labels_traefik_rule: "Host(`{{ matrix_fluffygate_container_labels_traefik_hostname }}`)"
 matrix_fluffygate_container_labels_traefik_priority: 0
 matrix_fluffygate_container_labels_traefik_entrypoints: web-secure
 ```
 ## Adjusting DNS records
 You will need to configure your DNS records to point the Fluffygate hostname to your server. This typically involves creating either:
 - an A record pointing to your server's IPv4 address
 - a CNAME record pointing to your server's hostname
 ## Installing
 After configuring the playbook and adjusting your DNS records, run the installation command:
 ```bash
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 To install only Fluffygate, you can use:
 ```bash
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-fluffygate,start
 ```
 ## Usage
 To make use of your Fluffygate installation:
 1. Configure your Matrix client application to use your Fluffygate URL as the push gateway
 2. Ensure your app uses the same Firebase/FCM credentials for Android notifications
 3. Ensure your app uses the same APNS certificates/credentials for iOS notifications
 4. Configure the notification templates and options as needed through the playbook variables
 ### Debugging
 If you need to troubleshoot issues:
 1. Enable debug logs by setting:
    ```yaml
    matrix_fluffygate_debug_logs: true
    ```
 2. Check the container logs:
    ```bash
    docker logs matrix-fluffygate
    ```
 ## Uninstalling
 To remove Fluffygate, first disable it in your `inventory/host_vars/matrix.example.com/vars.yml`:
 ```yaml
 matrix_fluffygate_enabled: false
 ```
 Then run the playbook:
 ```bash
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-fluffygate,start
 ```
 This will stop the service and remove all associated files.
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@ -1,6 +1,6 @@
 # Configuring the playbook
-<sup>⚡️[Quick start](README.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > Configuring the playbook > [Installing](installing.md)</sup>
+<sup>⚡️[Quick start](quick-start.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > Configuring the playbook > [Installing](installing.md)</sup>
 If you've configured your DNS records and retrieved the playbook's source code to your computer, you can start configuring the playbook. To do so, follow these steps inside the playbook directory:
--- a/docs/faq.md
+++ b/docs/faq.md
@ -80,6 +80,16 @@ Alternatively, you can download Ansible and the playbook itself directly on the
 To learn more, see our [dedicated Ansible documentation page](ansible.md).
 ### What is `just`?
 [`just`](https://github.com/casey/just) is a modern command-runner alternative to [make](https://www.gnu.org/software/make/). It can be used to invoke commands with less typing.
 The `just` utility executes shortcut commands (called "recipes"), which invoke `ansible-playbook`, `ansible-galaxy` or [`agru`](https://github.com/etkecc/agru) (depending on what is available in your system). The targets of the recipes are defined in [`justfile`](../justfile).
 For details about `just` commands, take a look at: [Running `just` commands](just.md).
 The playbook also contains a `Makefile` for the `make` tool, but most of the just recipes are not available as targets in the `Makefile`.
 ### Why use this playbook and not install Synapse and other things manually?
 There are various guides telling you how easy it is to install [Synapse](https://github.com/element-hq/synapse).
--- a/docs/getting-the-playbook.md
+++ b/docs/getting-the-playbook.md
@ -1,6 +1,6 @@
 # Getting the playbook
-<sup>⚡️[Quick start](README.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > Getting the playbook > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
+<sup>⚡️[Quick start](quick-start.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > Getting the playbook > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
 This Ansible playbook is meant to be executed on your own computer (not the Matrix server).
--- a/docs/installing.md
+++ b/docs/installing.md
@ -1,16 +1,21 @@
 # Installing
-<sup>⚡️[Quick start](README.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > Installing</sup>
+<sup>⚡️[Quick start](quick-start.md) | [Prerequisites](prerequisites.md) > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > Installing</sup>
 If you've configured your DNS records and the playbook, you can start the installation procedure.
 ## Update Ansible roles
-Before installing, you need to update the Ansible roles in this playbook by running `just roles`.
+Before installing, you need to update the Ansible roles that this playbook uses and fetches from outside.
-`just roles` is a shortcut (a `roles` target defined in [`justfile`](../justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [agru](https://github.com/etkecc/agru) or [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) (depending on what is available in your system) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`.
+To update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file), run:
-There's another shortcut (`just update`) which updates the playbook (`git pull`) and updates roles (`just roles`) at the same time.
+- either: `just update`
 - or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
 If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
 For details about `just` commands, take a look at: [Running `just` commands](just.md).
 ## Install Matrix server and services
@ -48,7 +53,7 @@ To do the installation **without** starting services, run `ansible-playbook` wit
 ansible-playbook -i inventory/hosts setup.yml --tags=install-all
 ```
-**Note**: do not run the just "recipe" `just install-all` instead, because it automatically starts services at the end of execution.
+**Note**: do not run the just "recipe" `just install-all` instead, because it automatically starts services at the end of execution. See: [Difference between playbook tags and shortcuts](just.md#difference-between-playbook-tags-and-shortcuts)
 When this command completes, services won't be running yet.
@ -74,18 +79,21 @@ As you have configured your brand new server and the client, you need to **creat
 After creating the user account, you can log in to it with [Element Web](configuring-playbook-client-element-web.md) that this playbook has installed for you at this URL: `https://element.example.com/`.
-To register a user via this Ansible playbook, run the command below on your local computer.
+To create your user account (as an administrator of the server) via this Ansible playbook, run the command below on your local computer.
 **Notes**:
- Before running it, make sure to edit `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
+- Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
- In the command below, `YOUR_USERNAME_HERE` is just a plain username (like `john`), not your full `@user:example.com` identifier
+- For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
 - Use `admin=yes` to make your user account an administrator of the Matrix server
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=<yes|no>' --tags=register-user
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
-# Example: `ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user`
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
 ```
 Feel free to create as many accounts (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your account only (with `admin=yes`), and others should be created with `admin=no`.
 For more information, see the documentation for [registering users](registering-users.md).
 ## Finalize the installation
@ -94,20 +102,21 @@ Now you've configured Matrix services and your user account, you need to **final
 This is required for federation to work! Without a proper configuration, your server will effectively not be part of the Matrix network.
-If you need the base domain for anything else such as hosting a website, you have to configure it manually, following the procedure described on the linked documentation.
+To configure the delegation, you have these two options. Choose one of them according to your situation.
-However, if you do not need the base domain for anything else, the easiest way of configuring it is to [serve the base domain](configuring-playbook-base-domain-serving.md) from the integrated web server. It will enable you to use a Matrix user identifier like `@<username>:example.com` while hosting services on a subdomain like `matrix.example.com`.
+- If you can afford to point the base domain at the Matrix server, follow the instructions below which guide you into [serving the base domain](configuring-playbook-base-domain-serving.md) from the integrated web server. It will enable you to use a Matrix user identifier like `@<username>:example.com` while hosting services on a subdomain like `matrix.example.com`.
 - Alternatively, if you're using the base domain for other purposes and cannot point it to the Matrix server (and thus cannot "serve the base domain" from it), you most likely need to [manually install well-known files on the base domain's server](configuring-well-known.md#manually-installing-well-known-files-on-the-base-domains-server), but feel free to familiarize yourself with all [server delegation (redirection) options](howto-server-delegation.md).
-To configure server delegation in this way, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+To have the base domain served from the integrated web server, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_static_files_container_labels_base_domain_enabled: true
 ```
-After configuring the playbook, run the installation command:
+After configuring the playbook, run the command below:
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
+ansible-playbook -i inventory/hosts setup.yml --tags=install-matrix-static-files,start
 ```
 ## Things to do next
@ -125,8 +134,12 @@ After finilizing the installation, you can:
 ### Maintaining your setup in the future
-Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match. To update the playbook and the Ansible roles in the playbook, simply run `just roles`.
+While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**.
-Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
+The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities.
-A way to invoke these `ansible-playbook` commands with less typing in the future is to use [just](https://github.com/casey/just) to run the "recipe": `just install-all` or `just setup-all`. See [our `justfile`](../justfile) for more information.
+Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date.
 For more information about upgrading or maintaining services with the playbook, take at look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)
 Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.
--- a/docs/just.md
+++ b/docs/just.md
@ -0,0 +1,38 @@
 # Running `just` commands
 We have previously used [make](https://www.gnu.org/software/make/) for easily running some playbook commands (e.g. `make roles` which triggers [`ansible-galaxy`](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html)). Our [`Makefile`](../Makefile) is still around, and you can still run these commands.
 In addition, we have added support for running commands via [`just`](https://github.com/casey/just) - a more modern command-runner alternative to `make`. It can be used to invoke `ansible-playbook` commands with less typing.
 The `just` utility executes shortcut commands (called as "recipes"), which invoke `ansible-playbook`, `ansible-galaxy` or [`agru`](https://github.com/etkecc/agru) (depending on what is available in your system). The targets of the recipes are defined in [`justfile`](../justfile). Most of the just recipes have no corresponding `Makefile` targets.
 For some recipes such as `just update`, our `justfile` recommends installing [`agru`](https://github.com/etkecc/agru) (a faster alternative to `ansible-galaxy`) to speed up the process.
 Here are some examples of shortcuts:
 | Shortcut                                      | Result                                                                                                         |
 |-----------------------------------------------|----------------------------------------------------------------------------------------------------------------|
 | `just roles`                                  | Install the necessary Ansible roles pinned in [`requirements.yml`](../requirements.yml)                        |
 | `just update`                                 | Run `git pull` (to update the playbook) and install the Ansible roles                                          |
 | `just install-all`                            | Run `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start`       |
 | `just setup-all`                              | Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`         |
 | `just install-all --ask-vault-pass`           | Run commands with additional arguments (`--ask-vault-pass` will be appended to the above installation command) |
 | `just run-tags install-mautrix-slack,start`   | Run specific playbook tags (here `install-mautrix-slack` and `start`)                                          |
 | `just install-service mautrix-slack`          | Run `just run-tags install-mautrix-slack,start` with even less typing                                          |
 | `just start-all`                              | (Re-)starts all services                                                                                       |
 | `just stop-group postgres`                    | Stop only the Postgres service                                                                                 |
 | `just register-user john secret-password yes` | Registers a `john` user with the `secret-password` password and admin access (admin = `yes`)                   |
 While [our documentation on prerequisites](prerequisites.md) lists `just` as one of the requirements for installation, using `just` is optional. If you find it difficult to install it, do not find it useful, or want to prefer raw `ansible-playbook` commands for some reason, feel free to run all commands manually. For example, you can run `ansible-galaxy` directly to install the Ansible roles: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`.
 ## Difference between playbook tags and shortcuts
 It is worth noting that `just` "recipes" are different from [playbook tags](playbook-tags.md). The recipes are shortcuts of commands defined in `justfile` and can be executed by the `just` program only, while the playbook tags are available for the raw `ansible-playbook` commands as well. Please be careful not to confuse them.
 For example, these two commands are different:
 - `just install-all`
 - `ansible-playbook -i inventory/hosts setup.yml --tags=install-all`
 The just recipe runs `ensure-matrix-users-created` and `start` tags after `install-all`, while the latter runs only `install-all` tag. The correct shortcut of the latter is `just run-tags install-all`.
 Such kind of difference sometimes matters. For example, when you install a Matrix server into which you will import old data (see [here](installing.md#installing-a-server-into-which-youll-import-old-data)), you are not supposed to run `just install-all` or `just setup-all`, because these commands start services immediately after installing components which may prevent your from importing old data.
--- a/docs/maintenance-checking-services.md
+++ b/docs/maintenance-checking-services.md
@ -10,4 +10,4 @@ ansible-playbook -i inventory/hosts setup.yml --tags=self-check
 If it's all green, everything is probably running correctly.
-Besides this self-check, you can also check your server using the [Federation Tester](https://federationtester.matrix.org/).
+Besides this self-check, you can also check whether your server federates with the Matrix network by using the [Federation Tester](https://federationtester.matrix.org/) against your base domain (`example.com`), not the `matrix.example.com` subdomain.
--- a/docs/maintenance-upgrading-services.md
+++ b/docs/maintenance-upgrading-services.md
@ -2,17 +2,39 @@
 This playbook not only installs the various Matrix services for you, but can also upgrade them as new versions are made available.
 While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**.
 The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities (for example, see [here](https://github.com/element-hq/element-web/security) for known ones on Element Web).
 Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date.
 The developers of this playbook strive to maintain the playbook updated, so that you can re-run the playbook to address such vulnerabilities. It is **your responsibility** to keep your server and the services on it up-to-date.
 If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
-To upgrade services:
+## Steps to upgrade the Matrix services
 Before updating the playbook and the Ansible roles in the playbook, take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of.
 If it looks good to you, go to the `matrix-docker-ansible-deploy` directory, then:
 - update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
  - either: `just update`
-  - or: a combination of `git pull` and `just roles` (or `make roles`)
+  - or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
+  If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
- re-run the [playbook setup](installing.md) and restart all services: `just install-all` or `just setup-all`
+  For details about `just` commands, take a look at: [Running `just` commands](just.md).
 - re-run the [playbook setup](installing.md#maintaining-your-setup-in-the-future) and restart all services:
  ```sh
  ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
  ```
 Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
 A way to invoke these `ansible-playbook` commands with less typing is to run the `just` "recipe": `just install-all` or `just setup-all`.
 **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
--- a/docs/playbook-tags.md
+++ b/docs/playbook-tags.md
@ -20,4 +20,6 @@ Here are some playbook tags that you should be familiar with:
 - `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
-`setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
+**Notes**:
 - `setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
 - Please be careful not to confuse the playbook tags with the `just` shortcut commands ("recipes"). For details about `just` commands, see: [Running `just` commands](just.md)
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@ -1,9 +1,11 @@
 # Prerequisites
-<sup>⚡️[Quick start](README.md) | Prerequisites > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
+<sup>⚡️[Quick start](quick-start.md) | Prerequisites > [Configuring your DNS settings](configuring-dns.md) > [Getting the playbook](getting-the-playbook.md) > [Configuring the playbook](configuring-playbook.md) > [Installing](installing.md)</sup>
 To install Matrix services using this Ansible playbook, you need to prepare several requirements both on your local computer (where you will run the playbook to configure the server) and the server (where the playbook will install the Matrix services for you). **These requirements need to be set up manually** before proceeding to the next step.
 We will be using `example.com` as the domain in the following instruction. Please remember to replace it with your own domain before running any commands.
 ## Your local computer
 - [Ansible](http://ansible.com/) program. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
@ -12,7 +14,7 @@ To install Matrix services using this Ansible playbook, you need to prepare seve
 - [`git`](https://git-scm.com/) as the recommended way to download the playbook. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- [`just`](https://github.com/casey/just) for running `just roles`, `just update`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually
+- [`just`](https://github.com/casey/just) for running `just roles`, `just update`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually. Take at look at this documentation for more information: [Running `just` commands](just.md).
 - Strong password (random strings) generator. The playbook often requires you to create a strong password and use it for settings on `vars.yml`, components, etc. As any tools should be fine, this playbook has adopted [`pwgen`](https://linux.die.net/man/1/pwgen) (running `pwgen -s 64 1`). [Password Tech](https://pwgen-win.sourceforge.io/), formerly known as "PWGen for Windows", is available as free and open source password generator for Windows. Generally, using a random generator available on the internet is not recommended.
--- a/docs/quick-start.md
+++ b/docs/quick-start.md
@ -0,0 +1,202 @@
 # Quick start
 <!--
 NOTE:
 - Let's keep it as tidy and simple as possible.
 - Because this documentation is intended to be referred by those who have not configured a Matrix server and services by using the playbook, from the educational point of view it intentionally avoids instructions based on just program's "recipes" in favor of ansible-playbook commands in most cases.
 -->
 This page explains how to use this Ansible playbook to install Matrix services on your server with a minimal set of core services.
 We will be using `example.com` as the "base domain" in the following instruction.
 By following the instruction on this page, you will set up:
 - **your own Matrix server** on a `matrix.example.com` server, which is configured to present itself as `example.com`
 - **your user account** like `@user:example.com` on the server
 - a **self-hosted Matrix client**, [Element Web](configuring-playbook-client-element-web.md) with the default subdomain at `element.example.com`
 - Matrix delegation, so that your `matrix.example.com` server (presenting itself as `example.com`) can join the Matrix Federation and communicate with any other server in the Matrix network
 Please remember to replace `example.com` with your own domain before running any commands.
 ## Prerequisites
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Prerequisites](prerequisites.md)</sup>
 At first, **check prerequisites** and prepare for installation by setting up programs [on your own computer](prerequisites.md#your-local-computer) and [your server](prerequisites.md#server). You also need `root` access on your server (a user that could elevate to `root` via `sudo` also works).
 <!--
 TODO: Add one liners (or instructions, a script, etc.) for easy and consistent installation of required software. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3757
 -->
 If you encounter an error during installation, please make sure that you have installed and configured programs correctly.
 One of the main reasons of basic errors is using an incompatible version of required software such as Ansible. Take a look at [our guide about Ansible](ansible.md) for more information. In short: installing the latest available version is recommended.
 ## Configure your DNS settings
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Configuring your DNS settings](configuring-dns.md)</sup>
 After installing and configuring prerequisites, you will need to **configure DNS records**.
 To configure Matrix services in the default settings, go to your DNS service provider, and adjust DNS records as below.
 | Type  | Host                         | Priority | Weight | Port | Target               |
 | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------|
 | A     | `matrix`                     | -        | -      | -    | `matrix-server-IP`   |
 | CNAME | `element`                    | -        | -      | -    | `matrix.example.com` |
 As the table illustrates, you need to create 2 subdomains (`matrix.example.com` and `element.example.com`) and point both of them to your server's IP address (DNS `A` record or `CNAME` record is fine).
 It might take some time for the DNS records to propagate after creation.
 **💡 Note**: if you are using Cloudflare DNS, make sure to disable the proxy and set all records to "DNS only"
 ## Get the playbook
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Getting the playbook](getting-the-playbook.md)</sup>
 Next, let's **get the playbook's source code**.
 We recommend to do so with [git](https://git-scm.com/) as it enables you to keep it up to date with the latest source code. While it is possible to download the playbook as a ZIP archive, it is not recommended.
 To get the playbook with git, install git on your computer, go to a directory, and run the command:
 ```sh
 git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git
 ```
 It will fetch the playbook to a new `matrix-docker-ansible-deploy` directory underneath the directory you are currently in.
 ## Configure the playbook
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Configuring the playbook](configuring-playbook.md)</sup>
 Now that the playbook was fetched, it is time to **configure** it per your needs.
 To install Matrix services with this playbook, you would at least need 2 configuration files.
 For your convenience, we have prepared example files of them ([`vars.yml`](../examples/vars.yml) and [`hosts`](../examples/hosts)).
 To start quickly based on these example files, go into the `matrix-docker-ansible-deploy` directory and follow the instructions below:
 1. Create a directory to hold your configuration: `mkdir -p inventory/host_vars/matrix.example.com` where `example.com` is your "base domain"
 2. Copy the sample configuration file: `cp examples/vars.yml inventory/host_vars/matrix.example.com/vars.yml`
 3. Copy the sample inventory hosts file: `cp examples/hosts inventory/hosts`
 4. Edit the configuration file (`inventory/host_vars/matrix.example.com/vars.yml`)
 5. Edit the inventory hosts file (`inventory/hosts`)
 Before editing these 2 files, make sure to read explanations on them to understand what needs to be configured.
 **💡 Notes:**
 - If you are not in control of anything on the base domain, you would need to set additional configuration on `vars.yml`. For more information, see [How do I install on matrix.example.com without involving the base domain?](faq.md#how-do-i-install-on-matrix-example-com-without-involving-the-base-domain) on our FAQ.
 - Certain configuration decisions (like the base domain configured in `matrix_domain` and homeserver implementation configured in `matrix_homeserver_implementation`) are final. If you make the wrong choice and wish to change it, you'll have to run the Uninstalling step and start over.
 - Instead of configuring a lot of things all at once, we recommend starting with the basic (default) settings in order to get yourself familiar with how the playbook works. After making sure that everything works as expected, you can add (and remove) advanced settings / features and run the playbook as many times as you wish.
 ## Install
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Installing](installing.md)</sup>
 After editing `vars.yml` and `hosts` files, let's start the **installation** procedure.
 ### Update Ansible roles
 Before installing, you need to update the Ansible roles that this playbook uses and fetches from outside.
 To update your playbook directory and all upstream Ansible roles, run:
 - either: `just update`
 - or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
 If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
 ### Run installation command
 Then, run the command below to start installation:
 ````sh
 ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start
 ````
 If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the command.
 If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the command.
 Wait until the command completes. If it's all green, everything should be running properly.
 ## Create your user account
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Registering users](registering-users.md)</sup>
 As you have configured your brand new server and the client, you need to **create your user account** on your Matrix server.
 To create your user account (as an administrator of the server) via this Ansible playbook, run the command below on your local computer.
 **💡 Notes**:
 - Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
 - For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
 # Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
 ```
 <!--
 NOTE: detailed instruction to add users can be found on docs/registering-users.md and installing.md, which include a note about usage of admin=yes and admin=no variables. In order to keep this guide as reasonably short as possible, let's not repeat the same instruction here.
 -->
 ## Finalize server installation
 <sup>This section is optimized for this quick-start guide and is derived from the following full-documentation page: [Server Delegation](howto-server-delegation.md)</sup>
 Now that you've configured Matrix services and your user account, you need to **finalize the installation process** by [setting up Matrix delegation (redirection)](howto-server-delegation.md), so that your Matrix server (`matrix.example.com`) can present itself as the base domain (`example.com`) in the Matrix network.
 **This is required for federation to work!** Without a proper configuration, your server will effectively not be part of the Matrix network.
 To configure the delegation, you have these two options. Choose one of them according to your situation.
 - If you can afford to point the base domain at the Matrix server, follow the instruction below which guides you into [serving the base domain](configuring-playbook-base-domain-serving.md) from the integrated web server.
 - Alternatively, if you're using the base domain for other purposes and cannot point it to the Matrix server (and thus cannot "serve the base domain" from it), you most likely need to [manually install well-known files on the base domain's server](configuring-well-known.md#manually-installing-well-known-files-on-the-base-domains-server).
 To have the base domain served from the integrated web server, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 ```yaml
 matrix_static_files_container_labels_base_domain_enabled: true
 ```
 After configuring the playbook, run the command below and wait until it finishes:
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=install-matrix-static-files,start
 ```
 💡 Running the `install-matrix-static-files` playbook tag (as done here) is an optimized version of running [the full setup command](#run-the-installation-command).
 After the command finishes, you can also check whether your server federates with the Matrix network by using the [Federation Tester](https://federationtester.matrix.org/) against your base domain (`example.com`), not the `matrix.example.com` subdomain.
 If you think something is off with the server configuration, feel free to [re-run the full setup command](#run-the-installation-command) any time.
 ## Log in to your user account
 Finally, let's make sure that you can log in to the created account with the specified password.
 You should be able to log in to it with your own [Element Web](configuring-playbook-client-element-web.md) client which you have set up at `element.example.com` by running the playbook. Open the URL (`https://element.example.com`) in a web browser and enter your credentials to log in.
 **If you successfully logged in to your account, installing and configuring is complete**🎉
 Come say Hi👋 in our support room - [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
 ## Things to do next
 Once you get familiar with the playbook, you might probably want to set up additional services such as a bridge on your server.
 As this page intends to be a quick start guide which explains how to start the core Matrix services, it does not cover a topic like how to set them up. Take a look at the list of [things to do next](installing.md#things-to-do-next) to learn more.
 ### ⚠️Keep the playbook and services up-to-date
 While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**.
 Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date.
 For more information about upgrading or maintaining services with the playbook, take at look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@ -1,6 +1,6 @@
 # Registering users
-This documentation page tells you how to create user account on your Matrix server.
+This documentation page tells you how to create user accounts on your Matrix server.
 Table of contents:
@ -14,7 +14,10 @@ Table of contents:
 ## Registering users manually
-**Note**: in the commands below, `<your-username>` is just a plain username (like `john`), not your full `@<username>:example.com` identifier.
+**Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
 - For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
 - Use `admin=yes` or `admin=no` depending on whether you wish to make the user an administrator of the Matrix server
 After registering a user (using one of the methods below), **you can log in with that user** via the [Element Web](configuring-playbook-client-element-web.md) service that this playbook has installed for you at a URL like this: `https://element.example.com/`.
@ -22,10 +25,10 @@ After registering a user (using one of the methods below), **you can log in with
 It's best to register users via the Ansible playbook, because it works regardless of homeserver implementation (Synapse, Dendrite, etc) or usage of [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) (MAS).
-To register a user via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+To register a user via this Ansible playbook:
 ```sh
-just register-user <your-username> <your-password> <admin access: yes or no>
+just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
 # Example: `just register-user john secret-password yes`
 ```
@ -33,39 +36,41 @@ just register-user <your-username> <your-password> <admin access: yes or no>
 **or** by invoking `ansible-playbook` manually:
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE admin=<yes|no>' --tags=register-user
-# Example: `ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user`
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
 ```
 Feel free to register as many users (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your user account only (with `admin=yes`), and others should be created with `admin=no`.
 ⚠️ **Warning**: If you're registering users against Matrix Authentication Service, do note that it [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information.
 ### Registering users manually for Synapse
-If you're using the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default), you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
+If you're using the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default), you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
 ```sh
-/matrix/synapse/bin/register-user <your-username> <your-password> <admin access: 0 or 1>
+/matrix/synapse/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 # Example: `/matrix/synapse/bin/register-user john secret-password 1`
 ```
 ### Registering users manually for Dendrite
-If you're using the [Dendrite](./configuring-playbook-dendrite.md) homeserver implementation, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
+If you're using the [Dendrite](./configuring-playbook-dendrite.md) homeserver implementation, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
 ```sh
-/matrix/dendrite/bin/create-account <your-username> <your-password> <admin access: 0 or 1>
+/matrix/dendrite/bin/create-account USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 # Example: `/matrix/dendrite/bin/create-account john secret-password 1`
 ```
 ### Registering users manually for Matrix Authentication Service
-If you're using the [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) and your existing homeserver (most likely [Synapse](./configuring-playbook-synapse.md)) is delegating authentication to it, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
+If you're using the [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) and your existing homeserver (most likely [Synapse](./configuring-playbook-synapse.md)) is delegating authentication to it, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
 ```sh
-/matrix/matrix-authentication-service/bin/register-user <your-username> <your-password> <admin access: 0 or 1>
+/matrix/matrix-authentication-service/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 # Example: `/matrix/matrix-authentication-service/bin/register-user john secret-password 1`
 ```
--- a/docs/updating-users-passwords.md
+++ b/docs/updating-users-passwords.md
@ -2,14 +2,16 @@
 ## Option 1 (if you are using the integrated Postgres database):
-You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+**Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
 - For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
 You can reset a user's password via the Ansible playbook:
 ```
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE' --tags=update-user-password
 ```
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:example.com` identifier.
 **You can then log in with that user** via Element Web that this playbook has created for you at a URL like this: `https://element.example.com/`.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -436,6 +436,8 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': (keydb_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'keydb']}] if keydb_enabled else [])
    +
    ([{'name': (valkey_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'valkey']}] if valkey_enabled else [])
    +
    ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
    +
    ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
@ -2203,12 +2205,14 @@ matrix_hookshot_systemd_wanted_services_list: |
    ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
    +
    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
    +
    ([(valkey_identifier + '.service')] if valkey_enabled and matrix_hookshot_cache_redis_host == valkey_identifier else [])
  }}
 # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
 # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
 # because connectivity is still potentially troublesome and is to be investigated.
-matrix_hookshot_cache_redis_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
+matrix_hookshot_cache_redis_host: "{{ valkey_identifier if valkey_enabled else (redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '')) }}"
 matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
@ -2221,6 +2225,8 @@ matrix_hookshot_container_additional_networks_auto: |
      +
      ([keydb_container_network] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
      +
      ([valkey_container_network] if valkey_enabled and matrix_hookshot_cache_redis_host == valkey_identifier else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
    ) | unique
  }}
@ -4393,11 +4399,11 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
 ######################################################################
 #
-# etke/redis
+# redis
 #
 ######################################################################
-redis_enabled: "{{ not keydb_enabled and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}"
+redis_enabled: "{{ not (keydb_enabled or valkey_enabled) and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}"
 redis_identifier: matrix-redis
@ -4408,7 +4414,7 @@ redis_base_path: "{{ matrix_base_data_path }}/redis"
 ######################################################################
 #
-# /etke/redis
+# /redis
 #
 ######################################################################
@ -4418,7 +4424,7 @@ redis_base_path: "{{ matrix_base_data_path }}/redis"
 #
 ######################################################################
-keydb_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
+keydb_enabled: false
 keydb_identifier: matrix-keydb
@ -4442,6 +4448,31 @@ keydb_arch: |-
 #
 ######################################################################
 ######################################################################
 #
 # valkey
 #
 ######################################################################
 valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
 valkey_identifier: matrix-valkey
 valkey_uid: "{{ matrix_user_uid }}"
 valkey_gid: "{{ matrix_user_gid }}"
 valkey_base_path: "{{ matrix_base_data_path }}/valkey"
 valkey_arch: "{{ matrix_architecture }}"
 ######################################################################
 #
 # valkey
 #
 ######################################################################
 ######################################################################
 #
 # matrix-client-element
@ -4664,6 +4695,8 @@ matrix_synapse_container_additional_networks_auto: |
      +
      ([keydb_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
      +
      ([valkey_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
      +
      ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
      +
      ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
@ -4751,6 +4784,8 @@ matrix_synapse_systemd_required_services_list_auto: |
    +
    ([keydb_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
    +
    ([valkey_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
    +
    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
    +
    (['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else [])
@ -4764,9 +4799,9 @@ matrix_synapse_systemd_wanted_services_list_auto: |
  }}
 # Synapse workers (used for parallel load-scaling) need Redis for IPC.
-matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}"
+matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled or valkey_enabled }}"
-matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '') }}"
+matrix_synapse_redis_host: "{{ valkey_identifier if valkey_enabled else (redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '')) }}"
-matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '') }}"
+matrix_synapse_redis_password: "{{ valkey_connection_password if valkey_enabled else (redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '')) }}"
 matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
 matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
--- a/requirements.yml
+++ b/requirements.yml
@ -75,3 +75,6 @@
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.8.3-5
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
  version: v8.0.1-0
  name: valkey
--- a/roles/custom/matrix-fluffygate/defaults/main.yml
+++ b/roles/custom/matrix-fluffygate/defaults/main.yml
@ -0,0 +1,137 @@
 ---
 # Fluffygate is a reference Push Gateway for Matrix.
 # To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app.
 # Project source code URL: https://github.com/matrix-org/fluffygate
 matrix_fluffygate_enabled: true
 matrix_fluffygate_identifier: 'matrix-fluffygate'
 # App information
 matrix_fluffygate_app_name: "Fluffygate"
 matrix_fluffygate_app_website: "https://example.com"
 matrix_fluffygate_debug_logs: false
 # Notification settings
 matrix_fluffygate_notification_title: "{count} new messages"
 matrix_fluffygate_notification_body: "{body}"
 # Android notification options
 matrix_fluffygate_android_notification_options:
  priority: high
  notification:
    sound: "default"
    icon: "notifications_icon"
    tag: "default_notification"
 # APNS notification options
 matrix_fluffygate_apns_notification_options:
  headers:
    apns-priority: "10"
  payload:
    aps:
      sound: "default"
      badge: "{count}"
      mutable-content: 1
 matrix_fluffygate_firebase_key: ''  # JSON key file contents
 matrix_fluffygate_firebase_project: ''  # Firebase project ID
 # The hostname at which Fluffygate is served.
 matrix_fluffygate_hostname: ''
 # The path at which Fluffygate is exposed.
 # This value must either be `/` or not end with a slash (e.g. `/fluffygate`).
 matrix_fluffygate_path_prefix: /
 # renovate: datasource=docker depName=matrixdotorg/fluffygate
 matrix_fluffygate_version: 1.0.3
 matrix_fluffygate_base_path: "{{ matrix_base_data_path }}/fluffygate"
 matrix_fluffygate_config_path: "{{ matrix_fluffygate_base_path }}/config"
 matrix_fluffygate_data_path: "{{ matrix_fluffygate_base_path }}/data"
 # List of systemd services that matrix-fluffygate.service depends on.
 matrix_fluffygate_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
 # List of systemd services that matrix-fluffygate.service wants
 matrix_fluffygate_systemd_wanted_services_list: []
 matrix_fluffygate_docker_image: "{{ matrix_fluffygate_docker_image_registry_prefix }}djangoflow/fluffygate:{{ matrix_fluffygate_docker_image_tag }}"
 matrix_fluffygate_docker_image_tag: "{{ matrix_fluffygate_version }}"
 matrix_fluffygate_docker_image_registry_prefix: "{{ matrix_container_global_registry_prefix }}"
 matrix_fluffygate_docker_image_force_pull: "{{ matrix_fluffygate_docker_image.endswith(':latest') }}"
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_fluffygate_container_network: "{{ traefik_container_network }}"
 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_fluffygate_container_additional_networks: []
 # Controls whether the matrix-fluffygate container exposes its HTTP port (tcp/6000 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6000"), or empty string to not expose.
 matrix_fluffygate_container_http_host_bind_port: ''
 # matrix_fluffygate_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
 # To inject your own other container labels, see `matrix_fluffygate_container_labels_additional_labels`.
 matrix_fluffygate_container_labels_traefik_enabled: true
 matrix_fluffygate_container_labels_traefik_docker_network: "{{ matrix_fluffygate_container_network }}"
 matrix_fluffygate_container_labels_traefik_hostname: "{{ matrix_fluffygate_hostname }}"
 # The path prefix must either be `/` or not end with a slash (e.g. `/fluffygate`).
 matrix_fluffygate_container_labels_traefik_path_prefix: "{{ matrix_fluffygate_path_prefix }}"
 matrix_fluffygate_container_labels_traefik_rule: "Host(`{{ matrix_fluffygate_container_labels_traefik_hostname }}`){% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_fluffygate_container_labels_traefik_path_prefix }}`){% endif %}"
 matrix_fluffygate_container_labels_traefik_priority: 0
 matrix_fluffygate_container_labels_traefik_entrypoints: web-secure
 matrix_fluffygate_container_labels_traefik_tls: "{{ matrix_fluffygate_container_labels_traefik_entrypoints != 'web' }}"
 matrix_fluffygate_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 # Controls which additional headers to attach to all HTTP responses.
 # To add your own headers, use `matrix_fluffygate_container_labels_traefik_additional_response_headers_custom`
 matrix_fluffygate_container_labels_traefik_additional_response_headers: "{{ matrix_fluffygate_container_labels_traefik_additional_response_headers_auto | combine(matrix_fluffygate_container_labels_traefik_additional_response_headers_custom) }}"
 matrix_fluffygate_container_labels_traefik_additional_response_headers_auto: {}
 matrix_fluffygate_container_labels_traefik_additional_response_headers_custom: {}
 # matrix_fluffygate_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
 # Example:
 # matrix_fluffygate_container_labels_additional_labels: |
 #   my.label=1
 #   another.label="here"
 matrix_fluffygate_container_labels_additional_labels: ''
 # A list of extra arguments to pass to the container
 matrix_fluffygate_container_extra_arguments: []
 matrix_fluffygate_metrics_prometheus_enabled: false
 # Default Fluffygate configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_fluffygate_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_fluffygate_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 matrix_fluffygate_configuration_extension_yaml: |
  # Your custom YAML configuration for Fluffygate goes here.
  # This configuration extends the default starting configuration (`matrix_fluffygate_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_fluffygate_configuration_yaml`.
  #
  # Example configuration extension follows:
  # metrics:
  #   opentracing:
  #     enabled: true
 matrix_fluffygate_configuration_extension: "{{ matrix_fluffygate_configuration_extension_yaml | from_yaml if matrix_fluffygate_configuration_extension_yaml | from_yaml is mapping else {} }}"
 # Holds the final fluffygate configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_fluffygate_configuration_yaml`.
 matrix_fluffygate_configuration: "{{ matrix_fluffygate_configuration_yaml | from_yaml | combine(matrix_fluffygate_configuration_extension, recursive=True) }}"
--- a/roles/custom/matrix-fluffygate/tasks/install.yml
+++ b/roles/custom/matrix-fluffygate/tasks/install.yml
@ -0,0 +1,62 @@
 ---
 - name: Ensure Fluffygate paths exists
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - "{{ matrix_fluffygate_base_path }}"
    - "{{ matrix_fluffygate_config_path }}"
    - "{{ matrix_fluffygate_data_path }}"
 - name: Ensure Fluffygate config installed
  ansible.builtin.copy:
    content: "{{ matrix_fluffygate_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_fluffygate_config_path }}/config.yaml"
    mode: 0640
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure Firebase key file is created when enabled
  ansible.builtin.copy:
    content: "{{ matrix_fluffygate_firebase_key }}"
    dest: "{{ matrix_fluffygate_data_path }}/firebase-key.json"
    mode: 0600
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  when: matrix_fluffygate_firebase_key != ''
 - name: Ensure Fluffygate labels installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/labels.j2"
    dest: "{{ matrix_fluffygate_base_path }}/labels"
    mode: 0640
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
 - name: Ensure Fluffygate image is pulled
  community.docker.docker_image:
    name: "{{ matrix_fluffygate_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_fluffygate_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_fluffygate_docker_image_force_pull }}"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed
 - name: Ensure Fluffygate container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_fluffygate_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 - name: Ensure matrix-fluffygate.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-fluffygate.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
    mode: 0644
--- a/roles/custom/matrix-fluffygate/tasks/main.yml
+++ b/roles/custom/matrix-fluffygate/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - tags:
    - setup-all
    - setup-fluffygate
    - install-all
    - install-fluffygate
  block:
    - when: matrix_fluffygate_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
    - when: matrix_fluffygate_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
 - tags:
    - setup-all
    - setup-fluffygate
  block:
    - when: not matrix_fluffygate_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
--- a/roles/custom/matrix-fluffygate/tasks/uninstall.yml
+++ b/roles/custom/matrix-fluffygate/tasks/uninstall.yml
@ -0,0 +1,25 @@
 ---
 - name: Check existence of matrix-fluffygate service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
  register: matrix_fluffygate_service_stat
 - when: matrix_fluffygate_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-fluffygate is stopped
      ansible.builtin.service:
        name: matrix-fluffygate
        state: stopped
        enabled: false
        daemon_reload: true
    - name: Ensure matrix-fluffygate.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
        state: absent
    - name: Ensure Fluffygate base directory doesn't exist
      ansible.builtin.file:
        path: "{{ matrix_fluffygate_base_path }}"
        state: absent
--- a/roles/custom/matrix-fluffygate/tasks/validate_config.yml
+++ b/roles/custom/matrix-fluffygate/tasks/validate_config.yml
@ -0,0 +1,40 @@
 ---
 - name: Fail if required Fluffygate settings not defined
  ansible.builtin.fail:
    msg: >
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - matrix_fluffygate_hostname
    - matrix_fluffygate_path_prefix
    - matrix_fluffygate_container_network
 - when: matrix_fluffygate_container_labels_traefik_enabled | bool
  block:
    - name: Fail if required Fluffygate Traefik settings not defined
      ansible.builtin.fail:
        msg: >-
          You need to define a required configuration setting (`{{ item }}`).
      when: "vars[item] == ''"
      with_items:
        - matrix_fluffygate_container_labels_traefik_hostname
        - matrix_fluffygate_container_labels_traefik_path_prefix
    # We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
    # Knowing that `matrix_fluffygate_container_labels_traefik_path_prefix` does not end with a slash
    # ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
    - name: Fail if matrix_fluffygate_container_labels_traefik_path_prefix ends with a slash
      ansible.builtin.fail:
        msg: >-
          matrix_fluffygate_container_labels_traefik_path_prefix (`{{ matrix_fluffygate_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/fluffygate`).
      when: "matrix_fluffygate_container_labels_traefik_path_prefix != '/' and matrix_fluffygate_container_labels_traefik_path_prefix[-1] == '/'"
 - name: Fail if required Fluffygate settings not defined
  ansible.builtin.fail:
    msg: >
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - matrix_fluffygate_app_name
    - matrix_fluffygate_app_website
--- a/roles/custom/matrix-fluffygate/templates/config.yaml.j2
+++ b/roles/custom/matrix-fluffygate/templates/config.yaml.j2
@ -0,0 +1,26 @@
 port: 8080
 bindAddress: "0.0.0.0"
 # Information about the corresponding app
 appName: "{{ matrix_fluffygate_app_name }}"
 appWebsite: "{{ matrix_fluffygate_app_website }}"
 # (Optional) Display logs for debugging
 debugLogs: {{ matrix_fluffygate_debug_logs | to_json }}
 # The default notification title and body. {count} will be replaced by the unread
 # count of the push notification. Won't be set by default for clearing notifications.
 notificationTitle: "{{ matrix_fluffygate_notification_title }}"
 notificationBody: "{{ matrix_fluffygate_notification_body }}"
 # Add json keys to send to fcm for android and apns configurations
 androidNotificationOptions: {{ matrix_fluffygate_android_notification_options | to_json }}
 apnsNotificationOptions: {{ matrix_fluffygate_apns_notification_options | to_json }}
 # You firebase project ID and the path to the key file for your service account.
 {% if matrix_fluffygate_firebase_project %}
 projectId: "{{ matrix_fluffygate_firebase_project }}"
 {% endif %}
 {% if matrix_fluffygate_firebase_key %}
 fcmKeyFilePath: "/data/firebase-key.json"
 {% endif %}
--- a/roles/custom/matrix-fluffygate/templates/labels.j2
+++ b/roles/custom/matrix-fluffygate/templates/labels.j2
@ -0,0 +1,46 @@
 {% if matrix_fluffygate_container_labels_traefik_enabled %}
 traefik.enable=true
 {% if matrix_fluffygate_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_fluffygate_container_labels_traefik_docker_network }}
 {% endif %}
 traefik.http.services.matrix-fluffygate.loadbalancer.server.port=8080
 {% set middlewares = [] %}
 {% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %}
 traefik.http.middlewares.matrix-fluffygate-slashless-redirect.redirectregex.regex=({{ matrix_fluffygate_container_labels_traefik_path_prefix | quote }})$
 traefik.http.middlewares.matrix-fluffygate-slashless-redirect.redirectregex.replacement=${1}/
 {% set middlewares = middlewares + ['matrix-fluffygate-slashless-redirect'] %}
 {% endif %}
 {% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %}
 traefik.http.middlewares.matrix-fluffygate-strip-prefix.stripprefix.prefixes={{ matrix_fluffygate_container_labels_traefik_path_prefix }}
 {% set middlewares = middlewares + ['matrix-fluffygate-strip-prefix'] %}
 {% endif %}
 {% if matrix_fluffygate_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
 {% for name, value in matrix_fluffygate_container_labels_traefik_additional_response_headers.items() %}
 traefik.http.middlewares.matrix-fluffygate-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
 {% endfor %}
 {% set middlewares = middlewares + ['matrix-fluffygate-add-headers'] %}
 {% endif %}
 traefik.http.routers.matrix-fluffygate.rule={{ matrix_fluffygate_container_labels_traefik_rule }}
 {% if matrix_fluffygate_container_labels_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-fluffygate.priority={{ matrix_fluffygate_container_labels_traefik_priority }}
 {% endif %}
 traefik.http.routers.matrix-fluffygate.service=matrix-fluffygate
 {% if middlewares | length > 0 %}
 traefik.http.routers.matrix-fluffygate.middlewares={{ middlewares | join(',') }}
 {% endif %}
 traefik.http.routers.matrix-fluffygate.entrypoints={{ matrix_fluffygate_container_labels_traefik_entrypoints }}
 traefik.http.routers.matrix-fluffygate.tls={{ matrix_fluffygate_container_labels_traefik_tls | to_json }}
 {% if matrix_fluffygate_container_labels_traefik_tls %}
 traefik.http.routers.matrix-fluffygate.tls.certResolver={{ matrix_fluffygate_container_labels_traefik_tls_certResolver }}
 {% endif %}
 {% endif %}
 {{ matrix_fluffygate_container_labels_additional_labels }}
--- a/roles/custom/matrix-fluffygate/templates/systemd/matrix-fluffygate.service.j2
+++ b/roles/custom/matrix-fluffygate/templates/systemd/matrix-fluffygate.service.j2
@ -0,0 +1,51 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Fluffygate
 {% for service in matrix_fluffygate_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_fluffygate_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-fluffygate 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-fluffygate 2>/dev/null || true'
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-fluffygate \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_fluffygate_container_network }} \
 			{% if matrix_fluffygate_container_http_host_bind_port %}
 			-p {{ matrix_fluffygate_container_http_host_bind_port }}:6000 \
 			{% endif %}
 			--label-file={{ matrix_fluffygate_base_path }}/labels \
 			--mount type=bind,src={{ matrix_fluffygate_config_path }},dst=/etc/fluffygate \
 			--mount type=bind,src={{ matrix_fluffygate_data_path }},dst=/data \
 			{% for arg in matrix_fluffygate_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_fluffygate_docker_image }}
 {% for network in matrix_fluffygate_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-fluffygate
 {% endfor %}
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-fluffygate
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-fluffygate 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-fluffygate 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-fluffygate
 [Install]
 WantedBy=multi-user.target
--- a/setup.yml
+++ b/setup.yml
@ -49,6 +49,8 @@
    - galaxy/redis
    - galaxy/keydb
    - galaxy/valkey
    - role: custom/matrix-authentication-service
    - custom/matrix-corporal
    - custom/matrix-appservice-draupnir-for-all
@ -126,6 +128,7 @@
    - custom/matrix-sliding-sync
    - custom/matrix-email2matrix
    - custom/matrix-sygnal
    - custom/matrix-fluffygate
    - galaxy/ntfy
    - custom/matrix-static-files
    - custom/matrix-coturn
Author	SHA1	Message	Date
Alexis Yushin	89a277e230	Merge 3ca0f4221f9d0619c0ec09c861c49f9072b00d20 into ca8c1cf2b5416924c4379d43d5c943928377747d	2024-11-23 22:47:44 +09:00
Slavi Pantaleev	ca8c1cf2b5	Add support for Valkey and default to using it instead of KeyDB Hopefully fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3544	2024-11-23 14:43:04 +02:00
Suguru Hirahara	e36115a5b9	Add docs/just.md (#3811 ) * Add docs/just.md as dedicated documentation of "just" commands This is partially based on fb60ba67f646288b40818a555bb716405e144956 (announcement of adoption of "just" program). It also refers descriptions on installing.md. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Create a table for examples Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Fix entries on the table Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Move the anchor link to "agru" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Edit docs/faq.md: add an entry for the just It is based on the existing explanation of the just on docs/maintenance-upgrading-services.md. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add links to docs/just.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/just.md: add a common note Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Clarify "What is just" section on FAQ * Update just.md * Mention install-service --------- Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Slavi Pantaleev <slavi@devture.com>	2024-11-23 11:52:48 +02:00
Suguru Hirahara	194a3ca461	Add "Quick start" guide (#3801 ) * Add docs/quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add description about keeping the playbook and services up-to-date Also: move descriptions about difference between the playbook tags (setup-all and install-all) and about the just "recipe" from installing.md to maintenance-upgrading-services.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Replace <your-username> with YOUR_USERNAME_HERE This is a common expression and should avoid misunderstanding that `<` and `>` would need to be included Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Replace <your-password> with YOUR_PASSWORD_HERE Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Change the link to 'Quick start' on the breadcrumbs from README.md to quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add a link to quick-start.md on the "Getting started" section Since I am not quite sure whether the link to prerequisites.md should be replaced in favor of this link, this commit leaves it as it is for now. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add a link to quick-start.md on docs/README.md Since I am not quite sure whether the link to prerequisites.md should be replaced in favor of this link, this commit leaves it as it is for now. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add note about using "example.com" as an example domain Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Remove backticks from command examples to register a user Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Improve notes for instruction to create a user account Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add details about delegation to installing.md and quick-start.md Some information is omitted on quick-start.md in favor of installing.md to keep the quick start guide simple. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/quick-start.md: add the breadcrumb header Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Edit docs/quick-start.md: run the setup command with install-all by default Refer docs/maintenance-upgrading-services.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Revert "Update docs/quick-start.md: add the breadcrumb header" This reverts commit 9a6e1cf14c7638953fc8fbb8b487ea0afd0a41ad. As the quick start guide is standalone. * Update docs/quick-start.md: add headers inside the install section These headers should make it perfectly clear that there are two steps to be done to install with the playbook Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update quick-start.md * Update docs/registering-users.md: notes for manual user registeration Copy the same notes from quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Reword some things in quick start * Add alternative to `just roles` * Update docs/configuring-dns.md: sync with docs/quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/quick-start.md: add a link to docs/registering-users.md for an instruction to add user accounts Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/registering-users.md and docs/updating-users-passwords.md: remove "your" from username and password placeholders These documentations, unlike docs/installing.md and docs/quick-start.md, describe how to handle users (registering them or changing their passwords), some of whom are yours, while others are not. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/installing.md: add "your" to make it clear that it is "your" account that is going to be created Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/installing.md and docs/quick-start.md: mention "make roles" This commit adds mentions to "make roles" and a note about the preference of ansible-playbook commands over the just "recipes". quick-start.md intends to be referred by those who have never used the playbook to set up a server, so it is safer to regard that it is not clear to them what exactly the just "recipes" are made of, ie. it takes some time and experience until someone understands simplicity of them. For beginners, I believe that we should prefer the basics over simplicity, from the educational point of view. If someone feels tired of using the same command repetitively, then the person will have been already well accustomed to the way how the playbook works and how the server is supposed to be maintained, and the person is "qualified" to use the just "recipes", and should be able to use them with confidence, distinguishing the playbook tags from the "recipes", for example, from "just install-all" and "ansible-playbook -i inventory/hosts setup.yml --tags=install-all". Such level of familiarity and experience should not be expected on the quick start guide. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update instructions to update Ansible roles Also: move the detailed explanation about "just roles" from installing.md to maintenance-upgrading-services.md TBD: create a dedicated documentation for the "just" program and the concept of its "recipe" (shortcut of commands) Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add a note about cases to create multiple accounts/users Since one of the quick start guide's goals is to set up an own user account, this commit adds the note about creating multiple accounts/users to installing.md and registering-users.md only. It should be fine as registering-users.md is linked from quick-start.md Also: - On installing.md and quick-start.md, change instruction from what encourages to select "admin=yes" or "admin=no" to what encourages to use "admin=yes", since your user account will be the sole user on the server, as long as you set up the server by following the documentation - Remove the link to registering-users.md from quick-start.md as the documentation is already linked above, under the header of the section - Sync docs/installing.md with other documentation Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Remove a line about setting "admin=yes" to reduce the amount of information Because quick-start.md is getting longer with much information, it removes the note in favor of the linked registering-users.md documentation. The note is available on installing.md as well, and details about adding user accounts for other people can (and should) be checked on those documentations. Also, this commit edits lines above these notes to make it clear that your user account will be an administrator of the server. With this commit, the amount of the information about adding user accounts will be: registering-users.md > installing.md > quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Fix a broken anchor link on docs/installing.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Replace repetitive information about upgrading with an anchor link to docs/maintenance-upgrading-services.md Because details to update/upgrade the Matrix services is not necessary for quick start and the amount of information should be reduced from the viewpoint of maintainability, this commit removes details to update/upgrade from quick-start.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/quick-start.md: add a note about keeping it tidy and simple Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/maintenance-checking-services.md and docs/quick-start.md: add instruction to use federation tester against the base domain Per Slavi's suggestion. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/installing.md and docs/quick-start.md: replace commands to finalize the installation Per Slavi's suggestion. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Clarify install-matrix-static-files to avoid confusion with install-all; Minor consistency improvements --------- Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Slavi Pantaleev <slavi@devture.com>	2024-11-23 09:59:29 +02:00
Slavi Pantaleev	7b6972aea5	Merge pull request #3810 from luixxiul/fix Update docs/registering-users.md: fix broken anchor links	2024-11-23 07:21:12 +02:00
Suguru Hirahara	d617f4247c	Update docs/registering-users.md: fix broken anchor links The anchor link has stopped working with 30c53cdea2055bf2ab6e7727a0a12295d9ba9eab. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>	2024-11-23 13:41:04 +09:00
Alexis Yushin	3ca0f4221f	Merge branch 'feature-fluffygate' of github.com:apexive/matrix-docker-ansible-deploy into feature-fluffygate	2024-11-09 19:21:23 -05:00
Alexis Yushin	74e7f41aea	cleanup	2024-11-09 19:21:20 -05:00
Alexis Yushin	614dc4a51b	Update docs/configuring-playbook-fluffygate.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>	2024-11-09 16:20:12 -08:00
Alexis Yushin	934deda88a	Update docs/configuring-playbook-fluffygate.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>	2024-11-09 16:20:07 -08:00
Alexis Yushin	fc9dac763d	connect to traefik network by default	2024-10-24 10:10:43 -04:00
Alexis Yushin	d628b7f9d3	fixed default fluffygate port	2024-10-24 09:40:32 -04:00
Alexis Yushin	5b76b662cb	optional role for matrix-fluffygate	2024-10-24 09:21:39 -04:00
`@ -10,4 +10,4 @@ ansible-playbook -i inventory/hosts setup.yml --tags=self-check`

	`If it's all green, everything is probably running correctly.`	`If it's all green, everything is probably running correctly.`

	`Besides this self-check, you can also check your server using the [Federation Tester](https://federationtester.matrix.org/).`	Besides this self-check, you can also check whether your server federates with the Matrix network by using the [Federation Tester](https://federationtester.matrix.org/) against your base domain (`example.com`), not the `matrix.example.com` subdomain.