Merge 3ca0f4221f9d0619c0ec09c861c49f9072b00d20 into da08975ca851dcf7872012e33d49c21c1f907ebb

Update docs/faq.md

CHANGELOG.md

@@ -174,7 +174,7 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
 
@@ -199,7 +199,7 @@ All non-deprecated mautrix bridges in the playbook have been reworked to support
 
 We recommend **enabling double-puppeting via the new Appservice method** by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_appservice_double_puppet_enabled: true
 ```
 
@@ -231,7 +231,7 @@ This upgrade necessitates configuration policy changes as described in [matrix-c
 
 If you'd like to remain on the old (v2) version of matrix-corporal, you can do so by adding the following configuration to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_corporal_version: 2.8.0
 ```
 
@@ -287,7 +287,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
 
 To **disable HTTP/3**, you can use the following configuration:
 
-```yml
+```yaml
 traefik_config_entrypoint_web_secure_http3_enabled: false
 
 # Disabling HTTP/3 for the web-secure entrypoint (above),
@@ -301,7 +301,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_ena
 
 If you are using [your own webserver](./docs/configuring-playbook-own-webserver.md) (in front of Traefik), port binding on UDP port `8448` by default due to HTTP/3 is either unnecessary or [may get in the way](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3402). If it does, you can disable it:
 
-```yml
+```yaml
 # Disable HTTP/3 for the federation entrypoint.
 # If you'd like HTTP/3, consider configuring it for your other reverse-proxy.
 #
@@ -322,7 +322,7 @@ The playbook has just started making use of this feature. **From now on, your sy
 
 If you'd like **to go back to the old unrestricted behavior**, use the following configuration:
 
-```yml
+```yaml
 # Use this configuration to allow synapse-admin to manage any homeserver instance.
 matrix_synapse_admin_config_restrictBaseUrl: []
 ```
@@ -387,7 +387,7 @@ Users on `arm32` should be aware that there's **neither a prebuilt `arm32` conta
 
 **The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file:
 
-```yml
+```yaml
 # Explicitly disable KeyDB, which will auto-enable Redis
 # if the playbook requires it as a dependency for its operation.
 keydb_enabled: false
@@ -1354,7 +1354,7 @@ Our [justfile](justfile) already defines some additional helpful **shortcut** co
 - `just run-tags install-mautrix-slack,start` - to run specific playbook tags
 - `just start-all` - (re-)starts all services
 - `just stop-group postgres` - to stop only the Postgres service
-- `just register-user john secret-password yes` - registers a `john` user with the `secret-password` password and admin access (admin = `yes`)
+- `just register-user alice secret-password yes` - registers an `alice` user with the `secret-password` password and admin access (admin = `yes`)
 
 Additional helpful commands and shortcuts may be defined in the future.
 
@@ -2800,7 +2800,7 @@ You can now customize the server name string that Riot-web displays in its login
 
 These playbook variables, with these default values, have been added:
 
-```
+```yaml
 matrix_riot_web_default_server_name: "{{ matrix_domain }}"
 ```
 
@@ -2828,7 +2828,7 @@ Still, we might become affected in the future. In any case, it's imminent that S
 
 To avoid future problems, we recommend that you run the following command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres --extra-vars='{"postgres_force_upgrade": true}'
 ```
 
@@ -3289,7 +3289,7 @@ The certificates from the Matrix domain will be used for the Coturn server.
 This feature is enabled by default for new installations.
 To make use of TLS support for your existing Matrix server's Coturn, make sure to rebuild both Coturn and Synapse:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-coturn,setup-synapse,start
 ```
 
@@ -3628,7 +3628,7 @@ The playbook now allows you to set the log levels used by Synapse. The default l
 
 You can now override following variables with any of the supported log levels listed here: https://docs.python.org/3/library/logging.html#logging-levels
 
-```
+```yaml
 matrix_synapse_log_level: "INFO"
 matrix_synapse_storage_sql_log_level: "INFO"
 matrix_synapse_root_log_level: "INFO"
@@ -3641,7 +3641,7 @@ matrix_synapse_root_log_level: "INFO"
 
 You can now customize some parts of Riot's `config.json`. These playbook variables, with these default values, have been added:
 
-```
+```yaml
 matrix_riot_web_disable_custom_urls: true
 matrix_riot_web_disable_guests: true
 matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
@@ -3652,7 +3652,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/wid
 
 This now allows you use a custom integration manager like [Dimension](https://dimension.t2bot.io). For example, if you wish to use the Dimension instance hosted at dimension.t2bot.io, you can set the following in your vars.yml file:
 
-```
+```yaml
 matrix_riot_web_integrations_ui_url: "https://dimension.t2bot.io/riot"
 matrix_riot_web_integrations_rest_url: "https://dimension.t2bot.io/api/v1/scalar"
 matrix_riot_web_integrations_widgets_urls: "https://dimension.t2bot.io/widgets"

docs/ansible.md

@@ -55,7 +55,7 @@ Alternatively, you can leave your `inventory/hosts` as is and specify the connec
 
 Run this from the playbook's directory:
 
-```bash
+```sh
 docker run -it --rm \
 --privileged \
 --pid=host \
@@ -76,7 +76,7 @@ Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connecti
 
 Run this from the playbook's directory:
 
-```bash
+```sh
 docker run -it --rm \
 -w /work \
 -v `pwd`:/work \
@@ -99,7 +99,7 @@ Finally, you execute `ansible-playbook ...` commands as per normal now.
 If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
 
 To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
-```bash
+```sh
 apk add sshpass
 ```
 Then, to be asked for the password whenever running an  `ansible-playbook` command add `--ask-pass` to the arguments of the command.

docs/configuring-playbook-alertmanager-receiver.md

@@ -12,7 +12,7 @@ This service is meant to be used with an external [Alertmanager](https://prometh
 
 To enable matrix-alertmanager-receiver, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 matrix_alertmanager_receiver_enabled: true
 
 # If you'd like to change the username for this bot, uncomment and adjust. Otherwise, remove.
@@ -85,7 +85,7 @@ Then, you can proceed to [Usage](#usage).
 
 Configure your Prometheus Alertmanager with configuration like this:
 
-```yml
+```yaml
 receivers:
   - name: matrix
     webhook_configs:

docs/configuring-playbook-appservice-double-puppet.md

@@ -10,7 +10,7 @@ Previously, bridges supported performing [double-puppeting](https://docs.mau.fi/
 
 To enable the Appservice Double Puppet service, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 matrix_appservice_double_puppet_enabled: true
 ```
 

docs/configuring-playbook-appservice-draupnir-for-all.md

@@ -51,7 +51,7 @@ matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-backup-borg.md

@@ -18,7 +18,7 @@ By default, if you're using the integrated Postgres database server (as opposed
 
 2. Create a new SSH key:
 
-    ```bash
+    ```sh
     ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix
     ```
 
@@ -28,7 +28,7 @@ By default, if you're using the integrated Postgres database server (as opposed
 
     If you plan to use a hosted solution, follow their instructions. If you have your own server, copy the key over:
 
-    ```bash
+    ```sh
     # example to append the new PUBKEY contents, where:
     # PUBKEY is path to the public key,
     # USER is a ssh user on a provider / server
@@ -73,7 +73,7 @@ Check the [backup_borg role](https://github.com/mother-of-all-self-hosting/ansib
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-baibot.md

@@ -84,7 +84,7 @@ If `matrix_admin` is already configured in your `vars.yml` configuration, you ca
 
 **If necessary**, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Uncomment to add one or more admins to this bridge:
 #
 # matrix_bot_baibot_config_access_admin_patterns:
@@ -113,7 +113,7 @@ Configuring `matrix_bot_baibot_config_initial_global_config_user_patterns` is op
 
 **If necessary**, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Uncomment and adjust the bot users if necessary:
 #
 # Subsequent changes to `matrix_bot_baibot_config_initial_global_config_user_patterns` do not affect the bot's behavior.
@@ -146,7 +146,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_anthropic_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: "YOUR_API_KEY_HERE"
@@ -173,7 +173,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_groq_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key: "YOUR_API_KEY_HERE"
@@ -207,7 +207,7 @@ You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE"
@@ -238,7 +238,7 @@ The OpenAI provider is **only meant to be used with OpenAI's official API** and
 
 Here's an example **addition** to your `vars.yml` file:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_openai_enabled: true
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE"
@@ -282,7 +282,7 @@ You can also define providers at runtime, by chatting with the bot, so using Ans
 
 Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:
 
-```yml
+```yaml
 matrix_bot_baibot_config_agents_static_definitions_custom:
   # This agent will use the GPT 3.5 model and will only support text-generation,
   # even though the `openai` provider could support other features (e.g. image-generation).
@@ -356,7 +356,7 @@ You can configure the **initial values** for these via Ansible, via the `matrix_
 
 Example **additional** `vars.yml` configuration:
 
-```yml
+```yaml
 # Note: these are initial defaults for the bot's global configuration.
 # As such, changing any of these values subsequently has no effect on the bot's behavior.
 # Once initially configured, the global configuration is managed via bot commands, not via Ansible.

docs/configuring-playbook-bot-chatgpt.md

@@ -16,7 +16,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 

docs/configuring-playbook-bot-draupnir.md

@@ -19,7 +19,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -117,7 +117,7 @@ That is all you need to do due to that Draupnir can complete migration on its ow
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-go-neb.md

@@ -19,7 +19,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -221,7 +221,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bot-matrix-registration-bot.md

@@ -46,6 +46,6 @@ If you have any questions, or if you need help setting it up, read the [troublsh
 
 To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc... you can use:
 
-```bash
+```sh
 just run-tags bot-matrix-registration-bot-clean-cache
 ```

docs/configuring-playbook-bot-mjolnir.md

@@ -15,7 +15,7 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 You can use the playbook to [register a new user](registering-users.md):
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
 
@@ -119,7 +119,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-appservice-kakaotalk.md

@@ -21,7 +21,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mautrix-discord.md

@@ -29,7 +29,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -97,7 +97,7 @@ The easiest way to do this may be to use [sshuttle](https://sshuttle.readthedocs
 
 Example command for proxying your traffic through the Matrix server:
 
-```
+```sh
 sshuttle -r root@matrix.example.com:22 0/0
 ```
 

docs/configuring-playbook-bridge-mautrix-slack.md

@@ -32,7 +32,7 @@ You may optionally wish to add some [Additional configuration](#additional-confi
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-bridge-mx-puppet-slack.md

@@ -25,7 +25,7 @@ matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-dimension.md

@@ -20,8 +20,8 @@ These users can modify the integrations this Dimension supports. Add this to you
 
 ```yaml
 matrix_dimension_admins:
-  - "@user1:{{ matrix_domain }}"
-  - "@user2:{{ matrix_domain }}"
+  - "@alice:{{ matrix_domain }}"
+  - "@bob:{{ matrix_domain }}"
 ```
 
 The admin interface is accessible within Element Web by accessing it in any room and clicking the cog wheel/settings icon in the top right. Currently, Dimension can be opened in Element Web by the "Add widgets, bridges, & bots" link in the room information.
@@ -71,7 +71,7 @@ By default, you will need to create a CNAME record for `dimension`. See [Configu
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-federation.md

@@ -57,7 +57,7 @@ Why? This change could be useful for people running small Synapse instances on s
 
 The following changes in the configuration file (`inventory/host_vars/matrix.example.com/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
 
-```
+```yaml
 matrix_synapse_http_listener_resource_names: ["client","federation"]
 # Any port can be used but in this case we use 443
 matrix_federation_public_port: 443

docs/configuring-playbook-fluffygate.md

@@ -0,0 +1,147 @@
+# Setting up Fluffygate (optional)
+
+The playbook can install and configure [Fluffygate](https://github.com/krille-chan/fluffygate), a simple Push Gateway for Fluffychat.
+
+See the project's documentation to learn what it does and why it might be useful to you.
+
+**Note**: most people don't need to install their own gateway. This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves, as you'll need access to your own Firebase/FCM and APNS credentials.
+
+## Adjusting the playbook configuration
+
+To enable Fluffygate, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_fluffygate_enabled: true
+
+# Basic app information
+matrix_fluffygate_app_name: "Your App Name"
+matrix_fluffygate_app_website: "https://example.com"
+
+# Firebase/FCM configuration (for Android / IOS)
+matrix_fluffygate_firebase_project: "your-firebase-project-id"
+matrix_fluffygate_firebase_key: |
+  {
+    # Your Firebase service account key JSON content
+  }
+
+# Notification settings
+matrix_fluffygate_notification_title: "{count} new messages"
+matrix_fluffygate_notification_body: "{body}"
+
+# Android specific notification options
+matrix_fluffygate_android_notification_options:
+  priority: high
+  notification:
+    sound: "default"
+    icon: "notifications_icon"
+    tag: "default_notification"
+
+# APNS specific notification options (for iOS)
+matrix_fluffygate_apns_notification_options:
+  headers:
+    apns-priority: "10"
+  payload:
+    aps:
+      sound: "default"
+      badge: "{count}"
+      mutable-content: 1
+```
+
+For a complete list of available configuration options, see the `defaults/main.yml` file in the role.
+
+### Required Configuration
+
+The following settings are required and must be defined:
+- `matrix_fluffygate_hostname`
+- `matrix_fluffygate_path_prefix`
+- `matrix_fluffygate_container_network`
+- `matrix_fluffygate_app_name`
+- `matrix_fluffygate_app_website`
+
+### Adjusting the Fluffygate URL
+
+By default, this playbook installs Fluffygate at the root path (`/`) of the configured hostname. You can customize both the hostname and path prefix using these variables:
+
+```yaml
+# Configure the hostname where Fluffygate will be served
+matrix_fluffygate_hostname: "push.example.com"
+
+# Configure a custom path prefix (must either be '/' or not end with a slash)
+matrix_fluffygate_path_prefix: /push
+```
+
+### Traefik Integration
+
+Fluffygate includes built-in support for Traefik as a reverse proxy. The following settings control this integration:
+
+```yaml
+# Enable/disable Traefik labels
+matrix_fluffygate_container_labels_traefik_enabled: true
+
+# Configure the Traefik network
+matrix_fluffygate_container_labels_traefik_docker_network: "{{ matrix_fluffygate_container_network }}"
+
+# Additional Traefik configuration
+matrix_fluffygate_container_labels_traefik_rule: "Host(`{{ matrix_fluffygate_container_labels_traefik_hostname }}`)"
+matrix_fluffygate_container_labels_traefik_priority: 0
+matrix_fluffygate_container_labels_traefik_entrypoints: web-secure
+```
+
+## Adjusting DNS records
+
+You will need to configure your DNS records to point the Fluffygate hostname to your server. This typically involves creating either:
+- an A record pointing to your server's IPv4 address
+- a CNAME record pointing to your server's hostname
+
+## Installing
+
+After configuring the playbook and adjusting your DNS records, run the installation command:
+
+```bash
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+To install only Fluffygate, you can use:
+
+```bash
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-fluffygate,start
+```
+
+## Usage
+
+To make use of your Fluffygate installation:
+
+1. Configure your Matrix client application to use your Fluffygate URL as the push gateway
+2. Ensure your app uses the same Firebase/FCM credentials for Android notifications
+3. Ensure your app uses the same APNS certificates/credentials for iOS notifications
+4. Configure the notification templates and options as needed through the playbook variables
+
+### Debugging
+
+If you need to troubleshoot issues:
+
+1. Enable debug logs by setting:
+    ```yaml
+    matrix_fluffygate_debug_logs: true
+    ```
+
+2. Check the container logs:
+    ```bash
+    docker logs matrix-fluffygate
+    ```
+
+## Uninstalling
+
+To remove Fluffygate, first disable it in your `inventory/host_vars/matrix.example.com/vars.yml`:
+
+```yaml
+matrix_fluffygate_enabled: false
+```
+
+Then run the playbook:
+
+```bash
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-fluffygate,start
+```
+
+This will stop the service and remove all associated files.

docs/configuring-playbook-jitsi.md

@@ -172,18 +172,18 @@ By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-vid
 There is an ansible playbook that can be run with the following tag: `ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start`
 
 For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example:
-```
+```INI
 [jitsi_jvb_servers]
 <your jvb hosts> ansible_host=<ip address of the jvb host>
 ```
 
 Each JVB will require a server ID to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB. The server ID is set with the variable `jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container. This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
 
-``` yaml
+```yaml
 jitsi_jvb_server_id: 'jvb-2'
 ```
 
-``` INI
+```INI
 [jitsi_jvb_servers]
 jvb-2.example.com ansible_host=192.168.0.2 jitsi_jvb_server_id=jvb-2
 jvb-3.example.com ansible_host=192.168.0.3 jitsi_jvb_server_id=jvb-2
@@ -271,7 +271,7 @@ jitsi_disable_gravatar: false
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-matrix-authentication-service.md

@@ -364,7 +364,7 @@ The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` on the M
 
 To tell `syn2mas` how the Synapse-configured OIDC provider maps to the new MAS-configured OIDC provider, add this additional configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
-```yml
+```yaml
 # Adjust the mapping below to match your provider IDs on the Synapse side and the MAS side.
 # Don't forget that Synapse automatically adds an `oidc-` prefix to provider ids defined in its configuration.
 matrix_authentication_service_syn2mas_process_extra_arguments:

docs/configuring-playbook-matrix-registration.md

@@ -54,7 +54,7 @@ If you've decided to use the default hostname, you won't need to do any extra DN
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 
@@ -72,7 +72,7 @@ We make the most common APIs easy to use via the playbook (see below).
 
 To **create a new user registration token (link)**, use this command:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=generate-matrix-registration-token \
 --extra-vars="one_time=yes ex_date=2021-12-31"
@@ -87,7 +87,7 @@ Share the unique registration link (generated by the command above) with users t
 
 To **list the existing user registration tokens**, use this command:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml \
 --tags=list-matrix-registration-tokens
 ```

docs/configuring-playbook-ntfy.md

@@ -52,7 +52,7 @@ By default, you will need to create a CNAME record for `ntfy`. See [Configuring
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-postgres-backup.md

@@ -31,6 +31,6 @@ Refer to the table below for additional configuration variables and their defaul
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```

docs/configuring-playbook-rageshake.md

@@ -53,7 +53,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-sygnal.md

@@ -79,7 +79,7 @@ If you've decided to reuse the `matrix.` domain, you won't need to do any extra
 
 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-synapse-auto-accept-invite.md

@@ -34,7 +34,7 @@ Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.1
 
 Here's example configuration for using the **native** Synapse feature:
 
-```yml
+```yaml
 matrix_synapse_auto_accept_invites_enabled: true
 
 # Default settings below. Uncomment and adjust this part if necessary.

docs/configuring-playbook-synapse-auto-compressor.md

@@ -20,7 +20,7 @@ matrix_synapse_auto_compressor_enabled: true
 
 After configuring the playbook, run the [installation](installing.md) command:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ```
 

docs/configuring-playbook-synapse.md

@@ -98,7 +98,7 @@ For more detailed documentation on available options and how to setup keycloak,
 
 In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
 
-```yml
+```yaml
 matrix_synapse_oidc_enabled: true
 
 matrix_synapse_oidc_providers:

docs/configuring-playbook-turn.md

@@ -40,7 +40,7 @@ The playbook uses the [`auth-secret` authentication method](https://github.com/c
 
 To do so, add this override to your configuration:
 
-```yml
+```yaml
 matrix_coturn_authentication_method: lt-cred-mech
 ```
 

docs/configuring-playbook-user-verification-service.md

@@ -92,7 +92,7 @@ This will instruct UVS to verify the OpenID token against any domain given in a
 
 After these variables have been set, run the [installation](installing.md) command to restart UVS:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-matrix-user-verification-service,start
 ```
 

docs/faq.md

@@ -121,6 +121,10 @@ Besides Synapse, you'd need other things - a Postgres database, likely the [Elem
 
 Using the playbook, you get all these components in a way that works well together out of the box.
 
+### Occasionally I see some people are talking about "MDAD". What is it?
+
+It is the acronym of us: **m**atrix-**d**ocker-**a**nsible-**d**eploy.
+
 ### What's different about this Ansible playbook compared to [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy)?
 
 This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
@@ -193,7 +197,7 @@ The only thing we need on the distro is systemd and Python (we install Docker ou
 
 Instead of using [docker-compose](https://docs.docker.com/compose/), we prefer installing systemd services and scheduling those independently.
 
-There are people who have worked on turning this setup into a docker-compose-based one. See these experiments [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/64#issuecomment-603164625).
+There are people who have worked on turning this setup into a docker-compose-based one. See these experiments [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/64#issuecomment-603164625). There is also a demo project ([element-docker-demo](https://github.com/element-hq/element-docker-demo)) by Element.
 
 ### Can I run this on a distro without systemd?
 
@@ -232,11 +236,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 
 It's the same with email servers. Your email address is likely `name@company.com`, not `name@mail.company.com`, even though it's `mail.company.com` that is really handling your data for `@company.com` email to work.
 
-Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc.
-
-We allow `matrix.example.com` to be the Matrix server handling Matrix stuff for `example.com` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
-
-If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.example.com without involving the base domain?](#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain)
+Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc. Therefore, this playbook sets up services on your Matrix server (`matrix.example.com`) by default.
 
 ### I don't control anything on the base domain and can't set up delegation to matrix.example.com. What do I do?
 
@@ -248,11 +248,7 @@ If you really can't obtain an HTTPS certificate for your base domain, you can ta
 
 ### How do I install on matrix.example.com without involving the base domain?
 
-This Ansible playbook guides you into installing a server for `example.com` (user identifiers are like this: `@user:example.com`), while the server is at `matrix.example.com`.
-
-We allow `matrix.example.com` to be the Matrix server handling Matrix stuff for `example.com` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
-
-If you're fine with uglier identifiers (`@user:matrix.example.com`, which is the equivalent of having an email address like `bob@mail.company.com`, instead of just `bob@company.com`), you can do that as well using the following configuration in your `vars.yml` file:
+Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
 
 ```yaml
 # This is what your identifiers are like (e.g. `@bob:matrix.example.com`).
@@ -267,17 +263,20 @@ matrix_server_fqn_matrix: "matrix.example.com"
 # Feel free to use `element.matrix.example.com`, if you'd prefer that.
 matrix_server_fqn_element: "element.example.com"
 
-# This is where you access Dimension (if enabled via `matrix_dimension_enabled: true`; NOT enabled by default).
+# This is where you access Etherpad (if enabled via `etherpad_enabled: true`; NOT enabled by default).
 #
-# Feel free to use `dimension.matrix.example.com`, if you'd prefer that.
-matrix_server_fqn_dimension: "dimension.example.com"
-
-# This is where you access Jitsi (if enabled via `jitsi_enabled: true`; NOT enabled by default).
-#
-# Feel free to use `jitsi.matrix.example.com`, if you'd prefer that.
-matrix_server_fqn_jitsi: "jitsi.example.com"
+# Feel free to use `etherpad.matrix.example.com`, if you'd prefer that.
+matrix_server_fqn_etherpad: "etherpad.example.com"
 ```
 
+After configuring the playbook, run the [installation](installing.md) command:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+**Note**: without setting up [server delegation](howto-server-delegation.md) to `matrix.example.com`, your user identifiers will be like `@user:matrix.example.com`. This is equivalent to having an email address like `bob@mail.company.com`, instead of just `bob@company.com`.
+
 ### I don't use the base domain for anything. How am I supposed to set up Server Delegation for Matrix services?
 
 If you don't use your base domain for anything, then it's hard for you to "serve files over HTTPS" on it -- something we ask you to do for the [.well-known](configuring-well-known.md) setup (needed for [Server Delegation](howto-server-delegation.md)).
@@ -462,12 +461,10 @@ We haven't documented this properly yet, but the general advice is to:
 
 - back up all `/matrix` files, except for `/matrix/postgres/data` (you already have a dump) and `/matrix/postgres/data-auto-upgrade-backup` (this directory may exist and contain your old data if you've [performed a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql)).
 
-You can later restore these roughly like this:
+You can later restore these by:
 
-- restore the `/matrix` directory and files on the new server manually
-- run the playbook again (see [Installing](installing.md)), but **don't** start services yet (**don't run** `... --tags=start`). This step will fix any file permission mismatches and will also set up additional software (Docker, etc.) and files on the server (systemd service, etc.).
-- perform a Postgres database import (see [Importing Postgres](importing-postgres.md)) to restore your database backup
-- start services (see [Finalize the installation](installing.md#finalize-the-installation))
+- Restoring the `/matrix` directory and files on the new server manually
+- Following the instruction described on [Installing a server into which you'll import old data](installing.md#installing-a-server-into-which-youll-import-old-data)
 
 If your server's IP address has changed, you may need to [set up DNS](configuring-dns.md) again.
 

docs/getting-the-playbook.md

@@ -19,7 +19,7 @@ We recommend using the [git](https://git-scm.com/) tool to get the playbook's so
 
 Once you've installed git on your computer, you can go to any directory of your choosing and run the following command to retrieve the playbook's source code:
 
-```bash
+```sh
 git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git
 ```
 

docs/importing-postgres.md

@@ -94,7 +94,7 @@ Once the database is clear and the ownership of the tables has been fixed in the
 
 Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
 
-```
+```sh
 /usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:15.0-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
 ```
 

docs/installing.md

@@ -83,13 +83,13 @@ To create your user account (as an administrator of the server) via this Ansible
 
 **Notes**:
 - Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
-- For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
+- For `YOUR_USERNAME_HERE`, use a plain username like `alice`, not your full identifier (`@alice:example.com`)
 - Use `admin=yes` to make your user account an administrator of the Matrix server
 
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 Feel free to create as many accounts (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your account only (with `admin=yes`), and others should be created with `admin=no`.

docs/just.md

@@ -10,18 +10,18 @@ For some recipes such as `just update`, our `justfile` recommends installing [`a
 
 Here are some examples of shortcuts:
 
-| Shortcut                                      | Result                                                                                                         |
-|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------|
-| `just roles`                                  | Install the necessary Ansible roles pinned in [`requirements.yml`](../requirements.yml)                        |
-| `just update`                                 | Run `git pull` (to update the playbook) and install the Ansible roles                                          |
-| `just install-all`                            | Run `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start`       |
-| `just setup-all`                              | Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`         |
-| `just install-all --ask-vault-pass`           | Run commands with additional arguments (`--ask-vault-pass` will be appended to the above installation command) |
-| `just run-tags install-mautrix-slack,start`   | Run specific playbook tags (here `install-mautrix-slack` and `start`)                                          |
-| `just install-service mautrix-slack`          | Run `just run-tags install-mautrix-slack,start` with even less typing                                          |
-| `just start-all`                              | (Re-)starts all services                                                                                       |
-| `just stop-group postgres`                    | Stop only the Postgres service                                                                                 |
-| `just register-user john secret-password yes` | Registers a `john` user with the `secret-password` password and admin access (admin = `yes`)                   |
+| Shortcut                                       | Result                                                                                                         |
+|------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
+| `just roles`                                   | Install the necessary Ansible roles pinned in [`requirements.yml`](../requirements.yml)                        |
+| `just update`                                  | Run `git pull` (to update the playbook) and install the Ansible roles                                          |
+| `just install-all`                             | Run `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start`       |
+| `just setup-all`                               | Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`         |
+| `just install-all --ask-vault-pass`            | Run commands with additional arguments (`--ask-vault-pass` will be appended to the above installation command) |
+| `just run-tags install-mautrix-slack,start`    | Run specific playbook tags (here `install-mautrix-slack` and `start`)                                          |
+| `just install-service mautrix-slack`           | Run `just run-tags install-mautrix-slack,start` with even less typing                                          |
+| `just start-all`                               | (Re-)starts all services                                                                                       |
+| `just stop-group postgres`                     | Stop only the Postgres service                                                                                 |
+| `just register-user alice secret-password yes` | Registers an `alice` user with the `secret-password` password and admin access (admin = `yes`)                 |
 
 While [our documentation on prerequisites](prerequisites.md) lists `just` as one of the requirements for installation, using `just` is optional. If you find it difficult to install it, do not find it useful, or want to prefer raw `ansible-playbook` commands for some reason, feel free to run all commands manually. For example, you can run `ansible-galaxy` directly to install the Ansible roles: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`.
 

docs/maintenance-and-troubleshooting.md

@@ -3,7 +3,7 @@
 ## How to see the current status of your services
 
 You can check the status of your services by using `systemctl status`. Example:
-```
+```sh
 sudo systemctl status matrix-synapse
 
 ● matrix-synapse.service - Synapse server
@@ -41,7 +41,7 @@ Re-run the playbook after making these configuration changes.
 ## Remove unused Docker data
 
 You can free some disk space from Docker, see [docker system prune](https://docs.docker.com/engine/reference/commandline/system_prune/) for more information.
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=run-docker-prune
 ```
 

docs/maintenance-checking-services.md

@@ -4,7 +4,7 @@ This playbook can perform a check to ensure that you've configured things correc
 
 To perform the check, run:
 
-```bash
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=self-check
 ```
 

docs/maintenance-postgres.md

@@ -57,7 +57,7 @@ To automatically make Postgres database backups on a fixed schedule, see [Settin
 
 To make a one off back up of the current PostgreSQL database, make sure it's running and then execute a command like this on the server:
 
-```bash
+```sh
 /usr/bin/docker exec \
 --env-file=/matrix/postgres/env-postgres-psql \
 matrix-postgres \

docs/maintenance-synapse.md

@@ -35,7 +35,7 @@ After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintena
 
 To ask the playbook to run rust-synapse-compress-state, execute:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=rust-synapse-compress-state
 ```
 
@@ -52,14 +52,14 @@ Editing the database manually is not recommended or supported by the Synapse dev
 
 First, set up an SSH tunnel to your Matrix server (skip if it is your local machine):
 
-```
+```sh
 # you may replace 1799 with an arbitrary port unbound on both machines
 ssh -L 1799:localhost:1799 matrix.example.com
 ```
 
 Then start up an ephemeral [adminer](https://www.adminer.org/) container on the Matrix server, connecting it to the `matrix` network and linking the postgresql container:
 
-```
+```sh
 docker run --rm --publish 1799:8080 --link matrix-postgres --net matrix adminer
 ```
 
@@ -93,7 +93,7 @@ You can **learn more about cache-autotuning and the global cache factor settings
 
 To **disable cache auto-tuning**, unset all values:
 
-```yml
+```yaml
 matrix_synapse_cache_autotuning_max_cache_memory_usage: ''
 matrix_synapse_cache_autotuning_target_cache_memory_usage: ''
 matrix_synapse_cache_autotuning_min_cache_ttl: ''

docs/obtaining-access-tokens.md

@@ -25,7 +25,7 @@ Below, we describe 2 ways to generate an access token for a user - using [Elemen
 
 You can use the following command to get an access token for your user directly from the [Matrix Client-Server API](https://www.matrix.org/docs/guides/client-server-api#login):
 
-```
+```sh
 curl -XPOST -d '{
     "identifier": { "type": "m.id.user", "user": "USERNAME" },
     "password": "PASSWORD",

docs/quick-start.md

@@ -136,12 +136,12 @@ To create your user account (as an administrator of the server) via this Ansible
 
 **💡 Notes**:
 - Make sure to adjust `YOUR_USERNAME_HERE` and `YOUR_PASSWORD_HERE`
-- For `YOUR_USERNAME_HERE`, use a plain username like `john`, not your full identifier (`@user:example.com`)
+- For `YOUR_USERNAME_HERE`, use a plain username like `alice`, not your full identifier (`@alice:example.com`)
 
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=YOUR_USERNAME_HERE password=YOUR_PASSWORD_HERE admin=yes' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 <!--

docs/registering-users.md

@@ -16,7 +16,7 @@ Table of contents:
 
 **Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
-- For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
+- For `USERNAME_HERE`, use a plain username like `alice`, not a full identifier (`@alice:example.com`)
 - Use `admin=yes` or `admin=no` depending on whether you wish to make the user an administrator of the Matrix server
 
 After registering a user (using one of the methods below), **you can log in with that user** via the [Element Web](configuring-playbook-client-element-web.md) service that this playbook has installed for you at a URL like this: `https://element.example.com/`.
@@ -30,7 +30,7 @@ To register a user via this Ansible playbook:
 ```sh
 just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
 
-# Example: `just register-user john secret-password yes`
+# Example: `just register-user alice secret-password yes`
 ```
 
 **or** by invoking `ansible-playbook` manually:
@@ -38,7 +38,7 @@ just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE admin=<yes|no>' --tags=register-user
 
-# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
+# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=alice password=secret-password admin=yes' --tags=register-user
 ```
 
 Feel free to register as many users (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your user account only (with `admin=yes`), and others should be created with `admin=no`.
@@ -52,7 +52,7 @@ If you're using the [Synapse](configuring-playbook-synapse.md) homeserver implem
 ```sh
 /matrix/synapse/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/synapse/bin/register-user john secret-password 1`
+# Example: `/matrix/synapse/bin/register-user alice secret-password 1`
 ```
 
 ### Registering users manually for Dendrite
@@ -62,7 +62,7 @@ If you're using the [Dendrite](./configuring-playbook-dendrite.md) homeserver im
 ```sh
 /matrix/dendrite/bin/create-account USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/dendrite/bin/create-account john secret-password 1`
+# Example: `/matrix/dendrite/bin/create-account alice secret-password 1`
 ```
 
 ### Registering users manually for Matrix Authentication Service
@@ -72,7 +72,7 @@ If you're using the [Matrix Authentication Service](./configuring-playbook-matri
 ```sh
 /matrix/matrix-authentication-service/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
 
-# Example: `/matrix/matrix-authentication-service/bin/register-user john secret-password 1`
+# Example: `/matrix/matrix-authentication-service/bin/register-user alice secret-password 1`
 ```
 
 This `register-user` script actually invokes the `mas-cli manage register-user` command under the hood. If you'd like more control over the registration process, consider invoking the `mas-cli` command directly:

docs/updating-users-passwords.md

@@ -4,11 +4,11 @@
 
 **Notes**:
 - Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
-- For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
+- For `USERNAME_HERE`, use a plain username like `alice`, not a full identifier (`@alice:example.com`)
 
 You can reset a user's password via the Ansible playbook:
 
-```
+```sh
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE' --tags=update-user-password
 ```
 
@@ -19,7 +19,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HE
 
 You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#finalize-the-installation):
 
-```
+```sh
 docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
 ```
 
@@ -42,6 +42,6 @@ If you didn't make your account a server admin when you created it, you can lear
 
 ### Example:
 To set @user:example.com's password to `correct_horse_battery_staple` you could use this curl command:
-```
+```sh
 curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix.example.com/_matrix/client/r0/admin/reset_password/@user:example.com?access_token=MDA...this_is_my_access_token
 ```

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -4,6 +4,12 @@
 matrix_client_schildichat_enabled: true
 
 matrix_client_schildichat_container_image_self_build: false
+matrix_client_schildichat_container_image_self_build_repo: "https://github.com/SchildiChat/schildichat-desktop.git"
+matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matrix_client_schildichat_version == 'latest' else ('v' + matrix_client_schildichat_version) }}"
+# Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
+# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
+# - https://github.com/element-hq/element-web/issues/19544
+matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
 matrix_client_schildichat_version: 1.11.36-sc.3
@@ -12,7 +18,7 @@ matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_c
 matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}"
 
 matrix_client_schildichat_data_path: "{{ matrix_base_data_path }}/client-schildichat"
-matrix_client_schildichat_docker_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
+matrix_client_schildichat_container_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
 
 # The base container network
 matrix_client_schildichat_container_network: ''

roles/custom/matrix-client-schildichat/tasks/setup_install.yml

@@ -9,10 +9,10 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - {path: "{{ matrix_client_schildichat_data_path }}", when: true}
-    - {path: "{{ matrix_client_schildichat_docker_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
+    - {path: "{{ matrix_client_schildichat_container_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
   when: "item.when | bool"
 
-- name: Ensure SchildiChat Web Docker image is pulled
+- name: Ensure SchildiChat Web container image is pulled
   community.docker.docker_image:
     name: "{{ matrix_client_schildichat_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
@@ -24,40 +24,40 @@
   delay: "{{ devture_playbook_help_container_retries_delay }}"
   until: result is not failed
 
-- name: Ensure SchildiChat Web repository is present on self-build
-  ansible.builtin.git:
-    repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
-    dest: "{{ matrix_client_schildichat_docker_src_files_path }}"
-    version: "{{ matrix_client_schildichat_docker_image.split(':')[1] }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_username }}"
-  register: matrix_client_schildichat_git_pull_results
-  when: "matrix_client_schildichat_container_image_self_build | bool"
+- when: "matrix_client_schildichat_container_image_self_build | bool"
+  block:
+    - name: Ensure SchildiChat Web repository is present on self-build
+      ansible.builtin.git:
+        repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
+        dest: "{{ matrix_client_schildichat_container_src_files_path }}"
+        version: "{{ matrix_client_schildichat_container_image_self_build_version }}"
+        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
+      register: matrix_client_schildichat_git_pull_results
 
-# See:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
-# - https://github.com/vector-im/schildichat-web/issues/19544 -- # Update (2023-12-15): 404
-- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
-  ansible.builtin.lineinfile:
-    path: "{{ matrix_client_schildichat_docker_src_files_path }}/webpack.config.js"
-    regexp: '(\s+)splitChunks: \{'
-    line: '\1splitChunks: { maxSize: 100000,'
-    backrefs: true
-    owner: root
-    group: root
-    mode: '0644'
-  when: "matrix_client_schildichat_container_image_self_build | bool and matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
+    # See:
+    # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
+    # - https://github.com/vector-im/schildichat-web/issues/19544 -- # Update (2023-12-15): 404
+    - name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
+      ansible.builtin.lineinfile:
+        path: "{{ matrix_client_schildichat_container_src_files_path }}/element-web/webpack.config.js"
+        regexp: '(\s+)splitChunks: \{'
+        line: '\1splitChunks: { maxSize: 100000,'
+        backrefs: true
+        owner: root
+        group: root
+        mode: '0644'
+      when: "matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
 
-- name: Ensure SchildiChat Web Docker image is built
-  ansible.builtin.command:
-    cmd: |-
-      {{ devture_systemd_docker_base_host_command_docker }} buildx build
-      --tag={{ matrix_client_schildichat_docker_image }}
-      --file={{ matrix_client_schildichat_docker_src_files_path }}/Dockerfile
-      {{ matrix_client_schildichat_docker_src_files_path }}
-  changed_when: true
-  when: matrix_client_schildichat_container_image_self_build | bool
+    - name: Ensure SchildiChat Web container image is built
+      ansible.builtin.command:
+        cmd: |-
+          {{ devture_systemd_docker_base_host_command_docker }} buildx build
+          --tag={{ matrix_client_schildichat_docker_image }}
+          --file={{ matrix_client_schildichat_container_src_files_path }}/Dockerfile
+          {{ matrix_client_schildichat_container_src_files_path }}
+      changed_when: true
 
 - name: Ensure SchildiChat Web configuration installed
   ansible.builtin.copy:

roles/custom/matrix-dimension/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_dimension_path_prefix: /
 # For information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
 matrix_dimension_access_token: ""
 
-# Users in form: ['@user1:example.com', '@user2:example.com']
+# Users in form: ['@alice:example.com', '@bob:example.com']
 matrix_dimension_admins: []
 
 # Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates

roles/custom/matrix-fluffygate/defaults/main.yml

@@ -0,0 +1,137 @@
+---
+
+# Fluffygate is a reference Push Gateway for Matrix.
+# To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app.
+# Project source code URL: https://github.com/matrix-org/fluffygate
+matrix_fluffygate_enabled: true
+matrix_fluffygate_identifier: 'matrix-fluffygate'
+
+# App information
+matrix_fluffygate_app_name: "Fluffygate"
+matrix_fluffygate_app_website: "https://example.com"
+matrix_fluffygate_debug_logs: false
+
+# Notification settings
+matrix_fluffygate_notification_title: "{count} new messages"
+matrix_fluffygate_notification_body: "{body}"
+
+# Android notification options
+matrix_fluffygate_android_notification_options:
+  priority: high
+  notification:
+    sound: "default"
+    icon: "notifications_icon"
+    tag: "default_notification"
+
+# APNS notification options
+matrix_fluffygate_apns_notification_options:
+  headers:
+    apns-priority: "10"
+  payload:
+    aps:
+      sound: "default"
+      badge: "{count}"
+      mutable-content: 1
+
+matrix_fluffygate_firebase_key: ''  # JSON key file contents
+matrix_fluffygate_firebase_project: ''  # Firebase project ID
+
+# The hostname at which Fluffygate is served.
+matrix_fluffygate_hostname: ''
+
+# The path at which Fluffygate is exposed.
+# This value must either be `/` or not end with a slash (e.g. `/fluffygate`).
+matrix_fluffygate_path_prefix: /
+
+# renovate: datasource=docker depName=matrixdotorg/fluffygate
+matrix_fluffygate_version: 1.0.3
+
+matrix_fluffygate_base_path: "{{ matrix_base_data_path }}/fluffygate"
+matrix_fluffygate_config_path: "{{ matrix_fluffygate_base_path }}/config"
+matrix_fluffygate_data_path: "{{ matrix_fluffygate_base_path }}/data"
+
+# List of systemd services that matrix-fluffygate.service depends on.
+matrix_fluffygate_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+
+# List of systemd services that matrix-fluffygate.service wants
+matrix_fluffygate_systemd_wanted_services_list: []
+
+matrix_fluffygate_docker_image: "{{ matrix_fluffygate_docker_image_registry_prefix }}djangoflow/fluffygate:{{ matrix_fluffygate_docker_image_tag }}"
+matrix_fluffygate_docker_image_tag: "{{ matrix_fluffygate_version }}"
+matrix_fluffygate_docker_image_registry_prefix: "{{ matrix_container_global_registry_prefix }}"
+matrix_fluffygate_docker_image_force_pull: "{{ matrix_fluffygate_docker_image.endswith(':latest') }}"
+
+# The base container network. It will be auto-created by this role if it doesn't exist already.
+matrix_fluffygate_container_network: "{{ traefik_container_network }}"
+
+# A list of additional container networks that the container would be connected to.
+# The role does not create these networks, so make sure they already exist.
+# Use this to expose this container to another reverse proxy, which runs in a different container network.
+matrix_fluffygate_container_additional_networks: []
+
+# Controls whether the matrix-fluffygate container exposes its HTTP port (tcp/6000 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6000"), or empty string to not expose.
+matrix_fluffygate_container_http_host_bind_port: ''
+
+# matrix_fluffygate_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_fluffygate_container_labels_additional_labels`.
+matrix_fluffygate_container_labels_traefik_enabled: true
+matrix_fluffygate_container_labels_traefik_docker_network: "{{ matrix_fluffygate_container_network }}"
+matrix_fluffygate_container_labels_traefik_hostname: "{{ matrix_fluffygate_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/fluffygate`).
+matrix_fluffygate_container_labels_traefik_path_prefix: "{{ matrix_fluffygate_path_prefix }}"
+matrix_fluffygate_container_labels_traefik_rule: "Host(`{{ matrix_fluffygate_container_labels_traefik_hostname }}`){% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_fluffygate_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_fluffygate_container_labels_traefik_priority: 0
+matrix_fluffygate_container_labels_traefik_entrypoints: web-secure
+matrix_fluffygate_container_labels_traefik_tls: "{{ matrix_fluffygate_container_labels_traefik_entrypoints != 'web' }}"
+matrix_fluffygate_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls which additional headers to attach to all HTTP responses.
+# To add your own headers, use `matrix_fluffygate_container_labels_traefik_additional_response_headers_custom`
+matrix_fluffygate_container_labels_traefik_additional_response_headers: "{{ matrix_fluffygate_container_labels_traefik_additional_response_headers_auto | combine(matrix_fluffygate_container_labels_traefik_additional_response_headers_custom) }}"
+matrix_fluffygate_container_labels_traefik_additional_response_headers_auto: {}
+matrix_fluffygate_container_labels_traefik_additional_response_headers_custom: {}
+
+# matrix_fluffygate_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_fluffygate_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_fluffygate_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_fluffygate_container_extra_arguments: []
+
+matrix_fluffygate_metrics_prometheus_enabled: false
+
+# Default Fluffygate configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_fluffygate_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_fluffygate_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_fluffygate_configuration_extension_yaml: |
+  # Your custom YAML configuration for Fluffygate goes here.
+  # This configuration extends the default starting configuration (`matrix_fluffygate_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_fluffygate_configuration_yaml`.
+  #
+  # Example configuration extension follows:
+  # metrics:
+  #   opentracing:
+  #     enabled: true
+
+matrix_fluffygate_configuration_extension: "{{ matrix_fluffygate_configuration_extension_yaml | from_yaml if matrix_fluffygate_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final fluffygate configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_fluffygate_configuration_yaml`.
+matrix_fluffygate_configuration: "{{ matrix_fluffygate_configuration_yaml | from_yaml | combine(matrix_fluffygate_configuration_extension, recursive=True) }}"

roles/custom/matrix-fluffygate/tasks/install.yml

@@ -0,0 +1,62 @@
+---
+
+- name: Ensure Fluffygate paths exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_fluffygate_base_path }}"
+    - "{{ matrix_fluffygate_config_path }}"
+    - "{{ matrix_fluffygate_data_path }}"
+
+- name: Ensure Fluffygate config installed
+  ansible.builtin.copy:
+    content: "{{ matrix_fluffygate_configuration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_fluffygate_config_path }}/config.yaml"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Firebase key file is created when enabled
+  ansible.builtin.copy:
+    content: "{{ matrix_fluffygate_firebase_key }}"
+    dest: "{{ matrix_fluffygate_data_path }}/firebase-key.json"
+    mode: 0600
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_fluffygate_firebase_key != ''
+
+- name: Ensure Fluffygate labels installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/labels.j2"
+    dest: "{{ matrix_fluffygate_base_path }}/labels"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Fluffygate image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_fluffygate_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_fluffygate_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_fluffygate_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Fluffygate container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_fluffygate_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure matrix-fluffygate.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-fluffygate.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
+    mode: 0644

roles/custom/matrix-fluffygate/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- tags:
+    - setup-all
+    - setup-fluffygate
+    - install-all
+    - install-fluffygate
+  block:
+    - when: matrix_fluffygate_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_fluffygate_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
+
+- tags:
+    - setup-all
+    - setup-fluffygate
+  block:
+    - when: not matrix_fluffygate_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

roles/custom/matrix-fluffygate/tasks/uninstall.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-fluffygate service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
+  register: matrix_fluffygate_service_stat
+
+- when: matrix_fluffygate_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-fluffygate is stopped
+      ansible.builtin.service:
+        name: matrix-fluffygate
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-fluffygate.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-fluffygate.service"
+        state: absent
+
+    - name: Ensure Fluffygate base directory doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_fluffygate_base_path }}"
+        state: absent

roles/custom/matrix-fluffygate/tasks/validate_config.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Fail if required Fluffygate settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - matrix_fluffygate_hostname
+    - matrix_fluffygate_path_prefix
+    - matrix_fluffygate_container_network
+
+- when: matrix_fluffygate_container_labels_traefik_enabled | bool
+  block:
+    - name: Fail if required Fluffygate Traefik settings not defined
+      ansible.builtin.fail:
+        msg: >-
+          You need to define a required configuration setting (`{{ item }}`).
+      when: "vars[item] == ''"
+      with_items:
+        - matrix_fluffygate_container_labels_traefik_hostname
+        - matrix_fluffygate_container_labels_traefik_path_prefix
+
+    # We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
+    # Knowing that `matrix_fluffygate_container_labels_traefik_path_prefix` does not end with a slash
+    # ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
+    - name: Fail if matrix_fluffygate_container_labels_traefik_path_prefix ends with a slash
+      ansible.builtin.fail:
+        msg: >-
+          matrix_fluffygate_container_labels_traefik_path_prefix (`{{ matrix_fluffygate_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/fluffygate`).
+      when: "matrix_fluffygate_container_labels_traefik_path_prefix != '/' and matrix_fluffygate_container_labels_traefik_path_prefix[-1] == '/'"
+
+- name: Fail if required Fluffygate settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - matrix_fluffygate_app_name
+    - matrix_fluffygate_app_website

roles/custom/matrix-fluffygate/templates/config.yaml.j2

@@ -0,0 +1,26 @@
+port: 8080
+bindAddress: "0.0.0.0"
+
+# Information about the corresponding app
+appName: "{{ matrix_fluffygate_app_name }}"
+appWebsite: "{{ matrix_fluffygate_app_website }}"
+
+# (Optional) Display logs for debugging
+debugLogs: {{ matrix_fluffygate_debug_logs | to_json }}
+
+# The default notification title and body. {count} will be replaced by the unread
+# count of the push notification. Won't be set by default for clearing notifications.
+notificationTitle: "{{ matrix_fluffygate_notification_title }}"
+notificationBody: "{{ matrix_fluffygate_notification_body }}"
+
+# Add json keys to send to fcm for android and apns configurations
+androidNotificationOptions: {{ matrix_fluffygate_android_notification_options | to_json }}
+apnsNotificationOptions: {{ matrix_fluffygate_apns_notification_options | to_json }}
+
+# You firebase project ID and the path to the key file for your service account.
+{% if matrix_fluffygate_firebase_project %}
+projectId: "{{ matrix_fluffygate_firebase_project }}"
+{% endif %}
+{% if matrix_fluffygate_firebase_key %}
+fcmKeyFilePath: "/data/firebase-key.json"
+{% endif %}

roles/custom/matrix-fluffygate/templates/labels.j2

@@ -0,0 +1,46 @@
+{% if matrix_fluffygate_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_fluffygate_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_fluffygate_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-fluffygate.loadbalancer.server.port=8080
+
+{% set middlewares = [] %}
+
+{% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-fluffygate-slashless-redirect.redirectregex.regex=({{ matrix_fluffygate_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-fluffygate-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-fluffygate-slashless-redirect'] %}
+{% endif %}
+
+{% if matrix_fluffygate_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-fluffygate-strip-prefix.stripprefix.prefixes={{ matrix_fluffygate_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-fluffygate-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_fluffygate_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_fluffygate_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-fluffygate-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-fluffygate-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-fluffygate.rule={{ matrix_fluffygate_container_labels_traefik_rule }}
+{% if matrix_fluffygate_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-fluffygate.priority={{ matrix_fluffygate_container_labels_traefik_priority }}
+{% endif %}
+traefik.http.routers.matrix-fluffygate.service=matrix-fluffygate
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-fluffygate.middlewares={{ middlewares | join(',') }}
+{% endif %}
+traefik.http.routers.matrix-fluffygate.entrypoints={{ matrix_fluffygate_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-fluffygate.tls={{ matrix_fluffygate_container_labels_traefik_tls | to_json }}
+{% if matrix_fluffygate_container_labels_traefik_tls %}
+traefik.http.routers.matrix-fluffygate.tls.certResolver={{ matrix_fluffygate_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+{% endif %}
+
+{{ matrix_fluffygate_container_labels_additional_labels }}

roles/custom/matrix-fluffygate/templates/systemd/matrix-fluffygate.service.j2

@@ -0,0 +1,51 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Fluffygate
+{% for service in matrix_fluffygate_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_fluffygate_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-fluffygate 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-fluffygate 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-fluffygate \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_fluffygate_container_network }} \
+			{% if matrix_fluffygate_container_http_host_bind_port %}
+			-p {{ matrix_fluffygate_container_http_host_bind_port }}:6000 \
+			{% endif %}
+			--label-file={{ matrix_fluffygate_base_path }}/labels \
+			--mount type=bind,src={{ matrix_fluffygate_config_path }},dst=/etc/fluffygate \
+			--mount type=bind,src={{ matrix_fluffygate_data_path }},dst=/data \
+			{% for arg in matrix_fluffygate_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_fluffygate_docker_image }}
+
+{% for network in matrix_fluffygate_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-fluffygate
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-fluffygate
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-fluffygate 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-fluffygate 2>/dev/null || true'
+
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-fluffygate
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-synapse-admin/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
-matrix_synapse_admin_version: v0.10.3-etke31
+matrix_synapse_admin_version: v0.10.3-etke32
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else 'ghcr.io/' }}"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"

roles/custom/matrix-synapse/defaults/main.yml

@@ -56,7 +56,7 @@ matrix_synapse_container_image_customizations_auto_accept_invite_installation_en
 #
 # Example usage:
 #
-# ```yml
+# ```yaml
 # matrix_synapse_container_image_customizations_templates_enabled: true
 # # The templates are expected to be in a `templates/` subdirectory in
 # matrix_synapse_container_image_customizations_templates_in_container_template_files_relative_path: templates/

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2846,8 +2846,8 @@ opentracing:
     # By default, the list is empty.
     #
     #force_tracing_for_users:
-    #  - "@user1:server_name"
-    #  - "@user2:server_name"
+    #  - "@alice:server_name"
+    #  - "@bob:server_name"
 
     # Jaeger can be configured to sample traces at different rates.
     # All configuration options provided by Jaeger can be set here.

roles/custom/matrix-user-creator/vars/main.yml

@@ -18,7 +18,7 @@
 #     initial_password: some-password
 #     initial_type: admin
 #
-#   - username: john
+#   - username: alice
 #     initial_password: some-password
 #     initial_type: user
 #

setup.yml

@@ -128,6 +128,7 @@
     - custom/matrix-sliding-sync
     - custom/matrix-email2matrix
     - custom/matrix-sygnal
+    - custom/matrix-fluffygate
     - galaxy/ntfy
     - custom/matrix-static-files
     - custom/matrix-coturn