Merge 4cef8cbb9f39dbb4be251c047394b4d69be66fba into da08975ca851dcf7872012e33d49c21c1f907ebb

Update docs/faq.md

CHANGELOG.md

@@ -174,7 +174,7 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
 
@@ -199,7 +199,7 @@ All non-deprecated mautrix bridges in the playbook have been reworked to support
 
 We recommend **enabling double-puppeting via the new Appservice method** by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_appservice_double_puppet_enabled: true
 ```
 
@@ -231,7 +231,7 @@ This upgrade necessitates configuration policy changes as described in [matrix-c
 
 If you'd like to remain on the old (v2) version of matrix-corporal, you can do so by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_corporal_version: 2.8.0
 ```
 
@@ -287,7 +287,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
 
 To **disable HTTP/3**, you can use the following configuration:
 
-```yml
+```yaml
 traefik_config_entrypoint_web_secure_http3_enabled: false
 
 # Disabling HTTP/3 for the web-secure entrypoint (above),
@@ -301,7 +301,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_ena
 
 If you are using [your own webserver](./docs/configuring-playbook-own-webserver.md) (in front of Traefik), port binding on UDP port `8448` by default due to HTTP/3 is either unnecessary or [may get in the way](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3402). If it does, you can disable it:
 
-```yml
+```yaml
 # Disable HTTP/3 for the federation entrypoint.
 # If you'd like HTTP/3, consider configuring it for your other reverse-proxy.
 #
@@ -322,7 +322,7 @@ The playbook has just started making use of this feature. **From now on, your sy
 
 If you'd like **to go back to the old unrestricted behavior**, use the following configuration:
 
-```yml
+```yaml
 # Use this configuration to allow synapse-admin to manage any homeserver instance.
 matrix_synapse_admin_config_restrictBaseUrl: []
 ```
@@ -387,7 +387,7 @@ Users on `arm32` should be aware that there's **neither a prebuilt `arm32` conta
 
 **The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file:
 
-```yml
+```yaml
 # Explicitly disable KeyDB, which will auto-enable Redis
 # if the playbook requires it as a dependency for its operation.
 keydb_enabled: false
@@ -1354,7 +1354,7 @@ Our [justfile](justfile) already defines some additional helpful **shortcut** co
 - `just run-tags install-mautrix-slack,start` - to run specific playbook tags
 - `just start-all` - (re-)starts all services
 - `just stop-group postgres` - to stop only the Postgres service
-- `just register-user john secret-password yes` - registers a `john` user with the `secret-password` password and admin access (admin = `yes`)
+- `just register-user alice secret-password yes` - registers an `alice` user with the `secret-password` password and admin access (admin = `yes`)
 
 Additional helpful commands and shortcuts may be defined in the future.
 
@@ -2800,7 +2800,7 @@ You can now customize the server name string that Riot-web displays in its login
 
 These playbook variables, with these default values, have been added:
 
-```
+```yaml
 matrix_riot_web_default_server_name: "{{ matrix_domain }}"
 ```
 
@@ -2828,7 +2828,7 @@ Still, we might become affected in the future. In any case, it's imminent that S
 
 To avoid future problems, we recommend that you run the following command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres --extra-vars='{"postgres_force_upgrade": true}'
 ```
 
@@ -3289,7 +3289,7 @@ The certificates from the Matrix domain will be used for the Coturn server.
 This feature is enabled by default for new installations.
 To make use of TLS support for your existing Matrix server's Coturn, make sure to rebuild both Coturn and Synapse:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-coturn,setup-synapse,start
 ```
 
@@ -3628,7 +3628,7 @@ The playbook now allows you to set the log levels used by Synapse. The default l
 
 You can now override following variables with any of the supported log levels listed here: https://docs.python.org/3/library/logging.html#logging-levels
 
-```
+```yaml
 matrix_synapse_log_level: "INFO"
 matrix_synapse_storage_sql_log_level: "INFO"
 matrix_synapse_root_log_level: "INFO"
@@ -3641,7 +3641,7 @@ matrix_synapse_root_log_level: "INFO"
 
 You can now customize some parts of Riot's `config.json`. These playbook variables, with these default values, have been added:
 
-```
+```yaml
 matrix_riot_web_disable_custom_urls: true
 matrix_riot_web_disable_guests: true
 matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
@@ -3652,7 +3652,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/wid
 
 This now allows you use a custom integration manager like [Dimension](https://dimension.t2bot.io). For example, if you wish to use the Dimension instance hosted at dimension.t2bot.io, you can set the following in your vars.yml file:
 
-```
+```yaml
 matrix_riot_web_integrations_ui_url: "https://dimension.t2bot.io/riot"
 matrix_riot_web_integrations_rest_url: "https://dimension.t2bot.io/api/v1/scalar"
 matrix_riot_web_integrations_widgets_urls: "https://dimension.t2bot.io/widgets"

docs/ansible.md

@@ -55,7 +55,7 @@ Alternatively, you can leave your `inventory/hosts` as is and specify the connec
 
 Run this from the playbook's directory:
 
-```bash
+```sh
 docker run -it --rm \
 --privileged \
 --pid=host \
@@ -76,7 +76,7 @@ Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connecti
 
 Run this from the playbook's directory:
 
-```bash
+```sh
 docker run -it --rm \
 -w /work \
 -v `pwd`:/work \
@@ -99,7 +99,7 @@ Finally, you execute `ansible-playbook ...` commands as per normal now.
 If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
 
 To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
-```bash
+```sh
 apk add sshpass
 ```
 Then, to be asked for the password whenever running an  `ansible-playbook` command add `--ask-pass` to the arguments of the command.

docs/configuring-playbook-alertmanager-receiver.md

@@ -12,7 +12,7 @@ This service is meant to be used with an external [Alertmanager](https://prometh
 
 To enable matrix-alertmanager-receiver, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 matrix_alertmanager_receiver_enabled: true
 
 # If you'd like to change the username for this bot, uncomment and adjust. Otherwise, remove.
@@ -85,7 +85,7 @@ Then, you can proceed to [Usage](#usage).
 
 Configure your Prometheus Alertmanager with configuration like this:
 
-```yml
+```yaml
 receivers:
   - name: matrix
     webhook_configs:

docs/configuring-playbook-appservice-double-puppet.md

@@ -10,7 +10,7 @@ Previously, bridges supported performing [double-puppeting](https://docs.mau.fi/
 
 To enable the Appservice Double Puppet service, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 matrix_appservice_double_puppet_enabled: true
 ```
 

docs/configuring-playbook-appservice-draupnir-for-all.md

@@ -51,7 +51,7 @@ matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-backup-borg.md

@@ -18,7 +18,7 @@ By default, if you're using the integrated Postgres database server (as opposed
 
 2. Create a new SSH key:
 
-    ```bash
+    ```sh
     ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix
     ```
 
@@ -28,7 +28,7 @@ By default, if you're using the integrated Postgres database server (as opposed
 
     If you plan to use a hosted solution, follow their instructions. If you have your own server, copy the key over:
 
-    ```bash
+    ```sh
     # example to append the new PUBKEY contents, where:
     # PUBKEY is path to the public key,
     # USER is a ssh user on a provider / server
@@ -73,7 +73,7 @@ Check the [backup_borg role](https://github.com/mother-of-all-self-hosting/ansib
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-baibot.md

@@ -84,7 +84,7 @@ If `matrix_admin` is already configured in your `vars.yml` configuration, you ca
 
 **If necessary**, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Uncomment to add one or more admins to this bridge:
 #
 # matrix_bot_baibot_config_access_admin_patterns:
@@ -113,7 +113,7 @@ Configuring `matrix_bot_baibot_config_initial_global_config_user_patterns` is op
 
 **If necessary**, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Uncomment and adjust the bot users if necessary:
 #
 # Subsequent changes to `matrix_bot_baibot_config_initial_global_config_user_patterns` do not affect the bot's behavior.
@@ -146,7 +146,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_anthropic_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: "YOUR_API_KEY_HERE"
@@ -173,7 +173,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_groq_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key: "YOUR_API_KEY_HERE"
@@ -207,7 +207,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE"
@@ -238,7 +238,7 @@ The OpenAI provider is **only meant to be used with OpenAI's official API** and
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_openai_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE"
@@ -282,7 +282,7 @@ You can also define providers at runtime, by chatting with the bot, so using Ans
 
 Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_custom:
   # This agent will use the GPT 3.5 model and will only support text-generation,
   # even though the `openai` provider could support other features (e.g. image-generation).
@@ -356,7 +356,7 @@ You can configure the **initial values** for these via Ansible, via the `matrix_
 
 Example **additional** `vars.yml` configuration:
 
-```yml
+```yaml
 # Note: these are initial defaults for the bot's global configuration.
 # As such, changing any of these values subsequently has no effect on the bot's behavior.
 # Once initially configured, the global configuration is managed via bot commands, not via Ansible.

docs/configuring-playbook-bot-chatgpt.md

@@ -16,7 +16,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 

docs/configuring-playbook-bot-draupnir.md

@@ -19,7 +19,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -117,7 +117,7 @@ That is all you need to do due to that Draupnir can complete migration on its ow
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-go-neb.md

@@ -19,7 +19,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -221,7 +221,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-matrix-registration-bot.md

@@ -46,6 +46,6 @@ If you have any questions, or if you need help setting it up, read the [troublsh
 
 To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc... you can use:
 
-```bash
+```sh
 just run-tags bot-matrix-registration-bot-clean-cache
 ```

docs/configuring-playbook-bot-mjolnir.md

@@ -15,7 +15,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -119,7 +119,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-appservice-kakaotalk.md

@@ -21,7 +21,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mautrix-discord.md

@@ -29,7 +29,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -97,7 +97,7 @@ The easiest way to do this may be to use [sshuttle](https://sshuttle.readthedocs
 
 Example command for proxying your traffic through the Matrix server:
 
-```
+```sh
 sshuttle -r root@matrix.example.com:22 0/0
 ```
 

docs/configuring-playbook-bridge-mautrix-slack.md

@@ -32,7 +32,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mx-puppet-slack.md

@@ -25,7 +25,7 @@ matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-dimension.md

@@ -20,8 +20,8 @@ These users can modify the integrations this Dimension supports. Add this to you
 
 ```yaml
 matrix_dimension_admins:
-  - "@user1:{{ matrix_domain }}"
-  - "@user2:{{ matrix_domain }}"
+  - "@alice:{{ matrix_domain }}"
+  - "@bob:{{ matrix_domain }}"
 ```
 
 The admin interface is accessible within Element Web by accessing it in any room and clicking the cog wheel/settings icon in the top right. Currently, Dimension can be opened in Element Web by the "Add widgets, bridges, & bots" link in the room information.
@@ -71,7 +71,7 @@ By default, you will need to create a CNAME record for `dimension`. See [Configu
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-federation.md

@@ -57,7 +57,7 @@ Why? This change could be useful for people running small Synapse instances on s
 
 The following changes in the configuration file (`inventory/host_vars/matrix.example.com/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
 
-```
+```yaml
 matrix_synapse_http_listener_resource_names: ["client","federation"]
 # Any port can be used but in this case we use 443
 matrix_federation_public_port: 443

docs/configuring-playbook-jitsi.md

@@ -172,18 +172,18 @@ By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-vid
 There is an ansible playbook that can be run with the following tag: `ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start`
 
 For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example:
-```
+```INI
 [jitsi_jvb_servers]
 <your jvb hosts> ansible_host=<ip address of the jvb host>
 ```
 
 Each JVB will require a server ID to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB. The server ID is set with the variable `jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container. This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
 
-``` yaml
+```yaml
 jitsi_jvb_server_id: 'jvb-2'
 ```
 
-``` INI
+```INI
 [jitsi_jvb_servers]
 jvb-2.example.com ansible_host=192.168.0.2 jitsi_jvb_server_id=jvb-2
 jvb-3.example.com ansible_host=192.168.0.3 jitsi_jvb_server_id=jvb-2
@@ -271,7 +271,7 @@ jitsi_disable_gravatar: false
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-matrix-authentication-service.md

@@ -364,7 +364,7 @@ The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` on the M
 
 To tell `syn2mas` how the Synapse-configured OIDC provider maps to the new MAS-configured OIDC provider, add this additional configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Adjust the mapping below to match your provider IDs on the Synapse side and the MAS side.
 # Don't forget that Synapse automatically adds an `oidc-` prefix to provider ids defined in its configuration.
 matrix_authentication_service_syn2mas_process_extra_arguments:

docs/configuring-playbook-matrix-registration.md

@@ -54,7 +54,7 @@ If you've decided to use the default hostname, you won't need to do any extra DN
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 
@@ -72,7 +72,7 @@ We make the most common APIs easy to use via the playbook (see below).
 
 To **create a new user registration token (link)**, use this command:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=generate-matrix-registration-token \
 --extra-vars="one_time=yes ex_date=2021-12-31"
@@ -87,7 +87,7 @@ Share the unique registration link (generated by the command above) with users t
 
 To **list the existing user registration tokens**, use this command:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=list-matrix-registration-tokens
 ```

docs/configuring-playbook-ntfy.md

@@ -52,7 +52,7 @@ By default, you will need to create a CNAME record for `ntfy`. See [Configuring
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-postgres-backup.md

@@ -31,6 +31,6 @@ Refer to the table below for additional configuration variables and their defaul
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

docs/configuring-playbook-prometheus-grafana.md

@@ -16,7 +16,7 @@ prometheus_node_exporter_enabled: true
 prometheus_postgres_exporter_enabled: true
 
 # You can remove this, if unnecessary.
-matrix_prometheus_nginxlog_exporter_enabled: true
+matrix_prometheus_traefik_exporter_enabled: true
 
 grafana_enabled: true
 
@@ -64,7 +64,7 @@ Name | Description
 `prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
 `prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
 `prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
-`matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus.
+`matrix_prometheus_traefik_exporter_enabled`|Export [Traefik metrics](https://doc.traefik.io/traefik/observability/metrics/prometheus) to Prometheus and add Grafana dashboard for them.
 `grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.example.com` subdomain) the dashboards with the graphs that we're interested in
 `grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
 `grafana_default_admin_user`<br>`grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@@ -100,6 +100,7 @@ Name | Description
 `prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.example.com/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
+`matrix_prometheus_traefik_exporter_enabled`|Set this to `true` to export [Traefik metrics](https://doc.traefik.io/traefik/observability/metrics/prometheus) (locally, on the container network) and add Grafana dashboard for them.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
 `matrix_sliding_sync_metrics_enabled`|Set this to `true` to make [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) expose metrics (locally, on the container network)
 `matrix_sliding_sync_metrics_proxying_enabled`|Set this to `true` to expose the [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) metrics on `https://matrix.example.com/metrics/sliding-sync`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.

docs/configuring-playbook-rageshake.md

@@ -53,7 +53,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-sygnal.md

@@ -79,7 +79,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-synapse-auto-accept-invite.md

@@ -34,7 +34,7 @@ Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.1
 
 Here's example configuration for using the **native** Synapse feature:
 
-```yml
+```yaml
 matrix_synapse_auto_accept_invites_enabled: true
 
 # Default settings below. Uncomment and adjust this part if necessary.

docs/configuring-playbook-synapse-auto-compressor.md

@@ -20,7 +20,7 @@ matrix_synapse_auto_compressor_enabled: true
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-synapse.md

@@ -98,7 +98,7 @@ For more detailed documentation on available options and how to setup keycloak,
 
 In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
 
-```yml
+```yaml
 matrix_synapse_oidc_enabled: true
 
 matrix_synapse_oidc_providers:

docs/configuring-playbook-turn.md

@@ -40,7 +40,7 @@ The playbook uses the [`auth-secret` authentication method](https://github.com/c
 
 To do so, add this override to your configuration:
 
-```yml
+```yaml
 matrix_coturn_authentication_method: lt-cred-mech
 ```
 

docs/configuring-playbook-user-verification-service.md

@@ -92,7 +92,7 @@ This will instruct UVS to verify the OpenID token against any domain given in a
 
 After these variables have been set, run the [installation](installing.md) command to restart UVS:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-matrix-user-verification-service,start
 ```
 

docs/faq.md

@@ -121,6 +121,10 @@ Besides Synapse, you'd need other things - a Postgres database, likely the [Elem
 
 Using the playbook, you get all these components in a way that works well together out of the box.
 
+### Occasionally I see some people are talking about "MDAD". What is it?
+
+It is the acronym of us: **m**atrix-**d**ocker-**a**nsible-**d**eploy.
+
 ### What's different about this Ansible playbook compared to [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy)?
 
 This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
@@ -193,7 +197,7 @@ The only thing we need on the distro is systemd and Python (we install Docker ou
 
 Instead of using [docker-compose](https://docs.docker.com/compose/), we prefer installing systemd services and scheduling those independently.
 
-There are people who have worked on turning this setup into a docker-compose-based one. See these experiments [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/64#issuecomment-603164625).
+There are people who have worked on turning this setup into a docker-compose-based one. See these experiments [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/64#issuecomment-603164625). There is also a demo project ([element-docker-demo](https://github.com/element-hq/element-docker-demo)) by Element.
 
 ### Can I run this on a distro without systemd?
 
@@ -232,11 +236,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 
 It's the same with email servers. Your email address is likely `name@company.com`, not `name@mail.company.com`, even though it's `mail.company.com` that is really handling your data for `@company.com` email to work.
 
-Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc.
-
-We allow `matrix.example.com` to be the Matrix server handling Matrix stuff for `example.com` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
-
-If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.example.com without involving the base domain?](#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain)
+Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc. Therefore, this playbook sets up services on your Matrix server (`matrix.example.com`) by default.
 
 ### I don't control anything on the base domain and can't set up delegation to matrix.example.com. What do I do?
 
@@ -248,11 +248,7 @@ If you really can't obtain an HTTPS certificate for your base domain, you can ta
 
 ### How do I install on matrix.example.com without involving the base domain?
 
-This Ansible playbook guides you into installing a server for `example.com` (user identifiers are like this: `@user:example.com`), while the server is at `matrix.example.com`.
-
-We allow `matrix.example.com` to be the Matrix server handling Matrix stuff for `example.com` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
-
-If you're fine with uglier identifiers (`@user:matrix.example.com`, which is the equivalent of having an email address like `bob@mail.company.com`, instead of just `bob@company.com`), you can do that as well using the following configuration in your `vars.yml` file:
+Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
 ```yaml
 # This is what your identifiers are like (e.g. `@bob:matrix.example.com`).
@@ -267,17 +263,20 @@ matrix_server_fqn_matrix: "matrix.example.com"
 # Feel free to use `element.matrix.example.com`, if you'd prefer that.
 matrix_server_fqn_element: "element.example.com"
 
-# This is where you access Dimension (if enabled via `matrix_dimension_enabled: true`; NOT enabled by default).
+# This is where you access Etherpad (if enabled via `etherpad_enabled: true`; NOT enabled by default).
 #
-# Feel free to use `dimension.matrix.example.com`, if you'd prefer that.
-matrix_server_fqn_dimension: "dimension.example.com"
-
-# This is where you access Jitsi (if enabled via `jitsi_enabled: true`; NOT enabled by default).
-#
-# Feel free to use `jitsi.matrix.example.com`, if you'd prefer that.
-matrix_server_fqn_jitsi: "jitsi.example.com"
+# Feel free to use `etherpad.matrix.example.com`, if you'd prefer that.
+matrix_server_fqn_etherpad: "etherpad.example.com"
 ```
 
+After configuring the playbook, run the [installation](installing.md) command:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+**Note**: without setting up [server delegation](howto-server-delegation.md) to `matrix.example.com`, your user identifiers will be like `@user:matrix.example.com`. This is equivalent to having an email address like `bob@mail.company.com`, instead of just `bob@company.com`.
+
 ### I don't use the base domain for anything. How am I supposed to set up Server Delegation for Matrix services?
 
 If you don't use your base domain for anything, then it's hard for you to "serve files over HTTPS" on it -- something we ask you to do for the [.well-known](configuring-well-known.md) setup (needed for [Server Delegation](howto-server-delegation.md)).
@@ -462,12 +461,10 @@ We haven't documented this properly yet, but the general advice is to:
 
 - back up all `/matrix` files, except for `/matrix/postgres/data` (you already have a dump) and `/matrix/postgres/data-auto-upgrade-backup` (this directory may exist and contain your old data if you've [performed a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql)).
 
-You can later restore these roughly like this:
+You can later restore these by:
 
-- restore the `/matrix` directory and files on the new server manually
-- run the playbook again (see [Installing](installing.md)), but **don't** start services yet (**don't run** `... --tags=start`). This step will fix any file permission mismatches and will also set up additional software (Docker, etc.) and files on the server (systemd service, etc.).
-- perform a Postgres database import (see [Importing Postgres](importing-postgres.md)) to restore your database backup
-- start services (see [Finalize the installation](installing.md#finalize-the-installation))
+- Restoring the `/matrix` directory and files on the new server manually
+- Following the instruction described on [Installing a server into which you'll import old data](installing.md#installing-a-server-into-which-youll-import-old-data)
 
 If your server's IP address has changed, you may need to [set up DNS](configuring-dns.md) again.
 

docs/getting-the-playbook.md

@@ -19,7 +19,7 @@ We recommend using the [git](https://git-scm.com/) tool to get the playbook's so
 
 Once you've installed git on your computer, you can go to any directory of your choosing and run the following command to retrieve the playbook's source code:
 
-```bash
+```sh
 git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git
 ```
 

docs/importing-postgres.md

@@ -94,7 +94,7 @@ Once the database is clear and the ownership of the tables has been fixed in the
 
 Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
 
-```
+```sh
 /usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:15.0-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
 ```
 

docs/installing.md

@@ -83,13 +83,13 @@ To create your user account (as an administrator of the server) via this Ansible
 
 **Notes**:
 - Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
-- For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
+- For `YOUR_USERNAME_HERE`, use a plain username like `alice`, not your full identifier (`@alice:example.com`)
 - Use `admin=yes` to make your user account an administrator of the Matrix server
 
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 Feel free to create as many accounts (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your account only (with `admin=yes`), and others should be created with `admin=no`.

docs/just.md

@@ -10,18 +10,18 @@ For some recipes such as `just update`, our `justfile` recommends installing [`a
 
 Here are some examples of shortcuts:
 
-| Shortcut                                      | Result                                                                                                         |
-|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------|
-| `just roles`                                  | Install the necessary Ansible roles pinned in [`requirements.yml`](../requirements.yml)                        |
-| `just update`                                 | Run `git pull` (to update the playbook) and install the Ansible roles                                          |
-| `just install-all`                            | Run `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start`       |
-| `just setup-all`                              | Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`         |
-| `just install-all --ask-vault-pass`           | Run commands with additional arguments (`--ask-vault-pass` will be appended to the above installation command) |
-| `just run-tags install-mautrix-slack,start`   | Run specific playbook tags (here `install-mautrix-slack` and `start`)                                          |
-| `just install-service mautrix-slack`          | Run `just run-tags install-mautrix-slack,start` with even less typing                                          |
-| `just start-all`                              | (Re-)starts all services                                                                                       |
-| `just stop-group postgres`                    | Stop only the Postgres service                                                                                 |
-| `just register-user john secret-password yes` | Registers a `john` user with the `secret-password` password and admin access (admin = `yes`)                   |
+| Shortcut                                       | Result                                                                                                         |
+|------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
+| `just roles`                                   | Install the necessary Ansible roles pinned in [`requirements.yml`](../requirements.yml)                        |
+| `just update`                                  | Run `git pull` (to update the playbook) and install the Ansible roles                                          |
+| `just install-all`                             | Run `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start`       |
+| `just setup-all`                               | Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`         |
+| `just install-all --ask-vault-pass`            | Run commands with additional arguments (`--ask-vault-pass` will be appended to the above installation command) |
+| `just run-tags install-mautrix-slack,start`    | Run specific playbook tags (here `install-mautrix-slack` and `start`)                                          |
+| `just install-service mautrix-slack`           | Run `just run-tags install-mautrix-slack,start` with even less typing                                          |
+| `just start-all`                               | (Re-)starts all services                                                                                       |
+| `just stop-group postgres`                     | Stop only the Postgres service                                                                                 |
+| `just register-user alice secret-password yes` | Registers an `alice` user with the `secret-password` password and admin access (admin = `yes`)                 |
 
 While [our documentation on prerequisites](prerequisites.md) lists `just` as one of the requirements for installation, using `just` is optional. If you find it difficult to install it, do not find it useful, or want to prefer raw `ansible-playbook` commands for some reason, feel free to run all commands manually. For example, you can run `ansible-galaxy` directly to install the Ansible roles: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`.
 

docs/maintenance-and-troubleshooting.md

@@ -3,7 +3,7 @@
 ## How to see the current status of your services
 
 You can check the status of your services by using `systemctl status`. Example:
-```
+```sh
 sudo systemctl status matrix-synapse
 
 ● matrix-synapse.service - Synapse server
@@ -41,7 +41,7 @@ Re-run the playbook after making these configuration changes.
 ## Remove unused Docker data
 
 You can free some disk space from Docker, see [docker system prune](https://docs.docker.com/engine/reference/commandline/system_prune/) for more information.
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=run-docker-prune
 ```
 

docs/maintenance-checking-services.md

@@ -4,7 +4,7 @@ This playbook can perform a check to ensure that you've configured things correc
 
 To perform the check, run:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=self-check
 ```
 

docs/maintenance-postgres.md

@@ -57,7 +57,7 @@ To automatically make Postgres database backups on a fixed schedule, see [Settin
 
 To make a one off back up of the current PostgreSQL database, make sure it's running and then execute a command like this on the server:
 
-```bash
+```sh
 /usr/bin/docker exec \
 --env-file=/matrix/postgres/env-postgres-psql \
 matrix-postgres \

docs/maintenance-synapse.md

@@ -35,7 +35,7 @@ After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintena
 
 To ask the playbook to run rust-synapse-compress-state, execute:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=rust-synapse-compress-state
 ```
 
@@ -52,14 +52,14 @@ Editing the database manually is not recommended or supported by the Synapse dev
 
 First, set up an SSH tunnel to your Matrix server (skip if it is your local machine):
 
-```
+```sh
 # you may replace 1799 with an arbitrary port unbound on both machines
 ssh -L 1799:localhost:1799 matrix.example.com
 ```
 
 Then start up an ephemeral [adminer](https://www.adminer.org/) container on the Matrix server, connecting it to the `matrix` network and linking the postgresql container:
 
-```
+```sh
 docker run --rm --publish 1799:8080 --link matrix-postgres --net matrix adminer
 ```
 
@@ -93,7 +93,7 @@ You can **learn more about cache-autotuning and the global cache factor settings
 
 To **disable cache auto-tuning**, unset all values:
 
-```yml
+```yaml
 matrix_synapse_cache_autotuning_max_cache_memory_usage: ''
 matrix_synapse_cache_autotuning_target_cache_memory_usage: ''
 matrix_synapse_cache_autotuning_min_cache_ttl: ''

docs/obtaining-access-tokens.md

@@ -25,7 +25,7 @@ Below, we describe 2 ways to generate an access token for a user - using [Elemen
 
 You can use the following command to get an access token for your user directly from the [Matrix Client-Server API](https://www.matrix.org/docs/guides/client-server-api#login):
 
-```
+```sh
 curl -XPOST -d '{
     "identifier": { "type": "m.id.user", "user": "USERNAME" },
     "password": "PASSWORD",

docs/quick-start.md

@@ -136,12 +136,12 @@ To create your user account (as an administrator of the server) via this Ansible
 
 **💡 Notes**:
 - Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
-- For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
+- For `YOUR_USERNAME_HERE`, use a plain username like `alice`, not your full identifier (`@alice:example.com`)
 
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 <!--

docs/registering-users.md

@@ -16,7 +16,7 @@ Table of contents:
 
 **Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
-- For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
+- For `USERNAME_HERE`, use a plain username like `alice`, not a full identifier (`@alice:example.com`)
 - Use `admin=yes` or `admin=no` depending on whether you wish to make the user an administrator of the Matrix server
 
 After registering a user (using one of the methods below), **you can log in with that user** via the [Element Web](configuring-playbook-client-element-web.md) service that this playbook has installed for you at a URL like this: `https://element.example.com/`.
@@ -30,7 +30,7 @@ To register a user via this Ansible playbook:
 ```sh
 just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
 
-# Example: `just register-user john secret-password yes`
+# Example: `just register-user alice secret-password yes`
 ```
 
 **or** by invoking `ansible-playbook` manually:
@@ -38,7 +38,7 @@ just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE admin=<yes|no>' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 Feel free to register as many users (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your user account only (with `admin=yes`), and others should be created with `admin=no`.
@@ -52,7 +52,7 @@ If you're using the [Synapse](configuring-playbook-synapse.md) homeserver implem
 ```sh
 /matrix/synapse/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/synapse/bin/register-user john secret-password 1`
+# Example: `/matrix/synapse/bin/register-user alice secret-password 1`
 ```
 
 ### Registering users manually for Dendrite
@@ -62,7 +62,7 @@ If you're using the [Dendrite](./configuring-playbook-dendrite.md) homeserver im
 ```sh
 /matrix/dendrite/bin/create-account USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/dendrite/bin/create-account john secret-password 1`
+# Example: `/matrix/dendrite/bin/create-account alice secret-password 1`
 ```
 
 ### Registering users manually for Matrix Authentication Service
@@ -72,7 +72,7 @@ If you're using the [Matrix Authentication Service](./configuring-playbook-matri
 ```sh
 /matrix/matrix-authentication-service/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/matrix-authentication-service/bin/register-user john secret-password 1`
+# Example: `/matrix/matrix-authentication-service/bin/register-user alice secret-password 1`
 ```
 
 This `register-user` script actually invokes the `mas-cli manage register-user` command under the hood. If you'd like more control over the registration process, consider invoking the `mas-cli` command directly:

docs/updating-users-passwords.md

@@ -4,11 +4,11 @@
 
 **Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
-- For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
+- For `USERNAME_HERE`, use a plain username like `alice`, not a full identifier (`@alice:example.com`)
 
 You can reset a user's password via the Ansible playbook:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE' --tags=update-user-password
 ```
 
@@ -19,7 +19,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HE
 
 You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#finalize-the-installation):
 
-```
+```sh
 docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
 ```
 
@@ -42,6 +42,6 @@ If you didn't make your account a server admin when you created it, you can lear
 
 ### Example:
 To set @user:example.com's password to `correct_horse_battery_staple` you could use this curl command:
-```
+```sh
 curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix.example.com/_matrix/client/r0/admin/reset_password/@user:example.com?access_token=MDA...this_is_my_access_token
 ```

group_vars/matrix_servers

@@ -5362,6 +5362,8 @@ prometheus_config_scrape_configs_auto: |
     (matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
     +
     (matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
+    +
+    (matrix_prometheus_services_connect_scraper_traefik_scrape_configs if matrix_prometheus_services_connect_scraper_traefik_enabled else [])
   }}
 
 ######################################################################
@@ -5397,6 +5399,9 @@ matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ m
 matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
 matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_identifier }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"
 
+matrix_prometheus_services_connect_scraper_traefik_enabled: "{{ matrix_prometheus_traefik_exporter_enabled }}"
+matrix_prometheus_services_connect_scraper_traefik_static_configs_target: "{{ traefik_identifier }}:{{ traefik_config_entrypoint_metrics_port | string }}"
+
 matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
 matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
 
@@ -5471,6 +5476,8 @@ grafana_dashboard_download_urls: |
     (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
     +
     (matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
+    +
+    (matrix_traefik_dashboard_download_urls if matrix_traefik_dashboard_download_enabled else [])
   }}
 
 grafana_provisioning_dashboard_template_files: |
@@ -5988,6 +5995,9 @@ devture_container_socket_proxy_api_containers_enabled: true
 
 traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
 
+# Controls whether Traefik prometheus exporter integration should be done
+matrix_prometheus_traefik_exporter_enabled: false
+
 traefik_identifier: matrix-traefik
 
 traefik_base_path: "{{ matrix_base_data_path }}/traefik"
@@ -6011,6 +6021,8 @@ traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_end
 traefik_container_additional_networks_auto: |
   {{
     ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
+    +
+    ([matrix_monitoring_container_network] if matrix_prometheus_traefik_exporter_enabled else [])
   }}
 
 traefik_systemd_required_services_list: |
@@ -6020,6 +6032,14 @@ traefik_systemd_required_services_list: |
     ([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
   }}
 
+traefik_config_metrics_prometheus_enabled: "{{ matrix_prometheus_traefik_exporter_enabled }}"
+traefik_container_metrics_host_bind_port: "{{ '' if matrix_prometheus_traefik_exporter_enabled else (traefik_config_entrypoint_metrics_port if traefik_config_entrypoint_metrics_enabled else '') }}"
+
+# Controls whether the Traefik grafana dashboard shall be downloaded
+matrix_traefik_dashboard_download_enabled: "{{ matrix_prometheus_traefik_exporter_enabled }}"
+matrix_traefik_dashboard_download_download_tag: master
+matrix_traefik_dashboard_download_urls: ["https://raw.githubusercontent.com/traefik/traefik/refs/heads/{{ matrix_traefik_dashboard_download_download_tag }}/contrib/grafana/traefik.json"]
+
 ########################################################################
 #                                                                      #
 # /traefik                                                             #

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -4,6 +4,12 @@
 matrix_client_schildichat_enabled: true
 
 matrix_client_schildichat_container_image_self_build: false
+matrix_client_schildichat_container_image_self_build_repo: "https://github.com/SchildiChat/schildichat-desktop.git"
+matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matrix_client_schildichat_version == 'latest' else ('v' + matrix_client_schildichat_version) }}"
+# Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
+# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
+# - https://github.com/element-hq/element-web/issues/19544
+matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
 matrix_client_schildichat_version: 1.11.36-sc.3
@@ -12,7 +18,7 @@ matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_c
 matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}"
 
 matrix_client_schildichat_data_path: "{{ matrix_base_data_path }}/client-schildichat"
-matrix_client_schildichat_docker_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
+matrix_client_schildichat_container_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
 
 # The base container network
 matrix_client_schildichat_container_network: ''

roles/custom/matrix-client-schildichat/tasks/setup_install.yml

@@ -9,10 +9,10 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - {path: "{{ matrix_client_schildichat_data_path }}", when: true}
-    - {path: "{{ matrix_client_schildichat_docker_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
+    - {path: "{{ matrix_client_schildichat_container_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
   when: "item.when | bool"
 
-- name: Ensure SchildiChat Web Docker image is pulled
+- name: Ensure SchildiChat Web container image is pulled
   community.docker.docker_image:
     name: "{{ matrix_client_schildichat_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
@@ -24,40 +24,40 @@
   delay: "{{ devture_playbook_help_container_retries_delay }}"
   until: result is not failed
 
-- name: Ensure SchildiChat Web repository is present on self-build
-  ansible.builtin.git:
-    repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
-    dest: "{{ matrix_client_schildichat_docker_src_files_path }}"
-    version: "{{ matrix_client_schildichat_docker_image.split(':')[1] }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_username }}"
-  register: matrix_client_schildichat_git_pull_results
-  when: "matrix_client_schildichat_container_image_self_build | bool"
+- when: "matrix_client_schildichat_container_image_self_build | bool"
+  block:
+    - name: Ensure SchildiChat Web repository is present on self-build
+      ansible.builtin.git:
+        repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
+        dest: "{{ matrix_client_schildichat_container_src_files_path }}"
+        version: "{{ matrix_client_schildichat_container_image_self_build_version }}"
+        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
+      register: matrix_client_schildichat_git_pull_results
 
-# See:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
-# - https://github.com/vector-im/schildichat-web/issues/19544 -- # Update (2023-12-15): 404
-- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
-  ansible.builtin.lineinfile:
-    path: "{{ matrix_client_schildichat_docker_src_files_path }}/webpack.config.js"
-    regexp: '(\s+)splitChunks: \{'
-    line: '\1splitChunks: { maxSize: 100000,'
-    backrefs: true
-    owner: root
-    group: root
-    mode: '0644'
-  when: "matrix_client_schildichat_container_image_self_build | bool and matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
+    # See:
+    # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
+    # - https://github.com/vector-im/schildichat-web/issues/19544 -- # Update (2023-12-15): 404
+    - name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
+      ansible.builtin.lineinfile:
+        path: "{{ matrix_client_schildichat_container_src_files_path }}/element-web/webpack.config.js"
+        regexp: '(\s+)splitChunks: \{'
+        line: '\1splitChunks: { maxSize: 100000,'
+        backrefs: true
+        owner: root
+        group: root
+        mode: '0644'
+      when: "matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
 
-- name: Ensure SchildiChat Web Docker image is built
-  ansible.builtin.command:
-    cmd: |-
-      {{ devture_systemd_docker_base_host_command_docker }} buildx build
-      --tag={{ matrix_client_schildichat_docker_image }}
-      --file={{ matrix_client_schildichat_docker_src_files_path }}/Dockerfile
-      {{ matrix_client_schildichat_docker_src_files_path }}
-  changed_when: true
-  when: matrix_client_schildichat_container_image_self_build | bool
+    - name: Ensure SchildiChat Web container image is built
+      ansible.builtin.command:
+        cmd: |-
+          {{ devture_systemd_docker_base_host_command_docker }} buildx build
+          --tag={{ matrix_client_schildichat_docker_image }}
+          --file={{ matrix_client_schildichat_container_src_files_path }}/Dockerfile
+          {{ matrix_client_schildichat_container_src_files_path }}
+      changed_when: true
 
 - name: Ensure SchildiChat Web configuration installed
   ansible.builtin.copy:

roles/custom/matrix-dimension/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_dimension_path_prefix: /
 # For information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
 matrix_dimension_access_token: ""
 
-# Users in form: ['@user1:example.com', '@user2:example.com']
+# Users in form: ['@alice:example.com', '@bob:example.com']
 matrix_dimension_admins: []
 
 # Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates

roles/custom/matrix-prometheus-services-connect/defaults/main.yml

@@ -143,6 +143,26 @@ matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs: |
     }]
   }}
 
+# Controls whether Traefik shall be scraped
+matrix_prometheus_services_connect_scraper_traefik_enabled: false
+matrix_prometheus_services_connect_scraper_traefik_job_name: traefik
+matrix_prometheus_services_connect_scraper_traefik_metrics_path: /metrics
+matrix_prometheus_services_connect_scraper_traefik_scrape_interval: 15s
+matrix_prometheus_services_connect_scraper_traefik_scrape_timeout: 10s
+matrix_prometheus_services_connect_scraper_traefik_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_traefik_static_configs_target]}] }}"
+matrix_prometheus_services_connect_scraper_traefik_static_configs_target: ''
+# The final scrape config for the Traefik scraper
+matrix_prometheus_services_connect_scraper_traefik_scrape_configs: |
+  {{
+    [{
+      'job_name': matrix_prometheus_services_connect_scraper_traefik_job_name,
+      'metrics_path': matrix_prometheus_services_connect_scraper_traefik_metrics_path,
+      'scrape_interval': matrix_prometheus_services_connect_scraper_traefik_scrape_interval,
+      'scrape_timeout': matrix_prometheus_services_connect_scraper_traefik_scrape_timeout,
+      'static_configs': matrix_prometheus_services_connect_scraper_traefik_static_configs,
+    }]
+  }}
+
 # Controls whether media-repo shall be scraped
 matrix_prometheus_services_connect_scraper_media_repo_enabled: false
 matrix_prometheus_services_connect_scraper_media_repo_job_name: media-repo

roles/custom/matrix-synapse-admin/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
-matrix_synapse_admin_version: v0.10.3-etke31
+matrix_synapse_admin_version: v0.10.3-etke32
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else 'ghcr.io/' }}"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"

roles/custom/matrix-synapse/defaults/main.yml

@@ -56,7 +56,7 @@ matrix_synapse_container_image_customizations_auto_accept_invite_installation_en
 #
 # Example usage:
 #
-# ```yml
+# ```yaml
 # matrix_synapse_container_image_customizations_templates_enabled: true
 # # The templates are expected to be in a `templates/` subdirectory in
 # matrix_synapse_container_image_customizations_templates_in_container_template_files_relative_path: templates/

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2846,8 +2846,8 @@ opentracing:
     # By default, the list is empty.
     #
     #force_tracing_for_users:
-    #  - "@user1:server_name"
-    #  - "@user2:server_name"
+    #  - "@alice:server_name"
+    #  - "@bob:server_name"
 
     # Jaeger can be configured to sample traces at different rates.
     # All configuration options provided by Jaeger can be set here.

roles/custom/matrix-user-creator/vars/main.yml

@@ -18,7 +18,7 @@
 #     initial_password: some-password
 #     initial_type: admin
 #
-#   - username: john
+#   - username: alice
 #     initial_password: some-password
 #     initial_type: user
 #