Update to include new vars.

Merge branch 'master' of git.awful.club:mirrors/matrix-docker-ansible-deploy into master
Upgrade services
157 changed files with 1814 additions and 1377 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+# https://liberapay.com/s.pantaleev/
+liberapay: s.pantaleev
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@
 !/inventory/scripts
 /roles/*/files/scratchpad
 .DS_Store
+.python-version
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,97 @@
+# 2020-11-27
+
+## Recent Jitsi updates may require configuration changes
+
+We've recently [updated from Jitsi build 4857 to build 5142](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719), which brings a lot of configuration changes.
+
+**If you use our default Jitsi settings, you won't have to do anything.**
+
+People who have [fine-tuned Jitsi](docs/configuring-playbook-jitsi.md#optional-fine-tune-jitsi) may find that some options got renamed now, others are gone and yet others still need to be defined in another way.
+
+The next time you run the playbook [installation](docs/installing.md) command, our validation logic will tell you if you're using some variables like that and will recommend a migration path for each one.
+
+Additionally, we've recently disabled transcriptions (`matrix_jitsi_enable_transcriptions: false`) and recording (`matrix_jitsi_enable_recording: false`) by default. These features did not work anyway, because we don't install the required dependencies for them (Jigasi and Jibri, respectively). If you've been somehow pointing your Jitsi installation to some manually installed Jigasi/Jibri service, you may need to toggle these flags back to enabled to have transcriptions and recordings working.
+
+
+# 2020-11-23
+
+## Breaking change matrix-sms-bridge
+
+Because of many problems using gammu as SMS provider, matrix-sms-bridge now uses (https://github.com/RebekkaMa/android-sms-gateway-server) by default. See (the docs)[./docs/configuring-playbook-bridge-matrix-bridge-sms.md] which new vars you need to add.
+
+If you are using this playbook to deploy matrix-sms-bridge and still really want to use gammu as SMS provider, we could possibly add support for both android-sms-gateway-server and gammu.
+
+# 2020-11-13
+
+## Breaking change matrix-sms-bridge
+
+The new version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) changed its database from neo4j to h2. You need to sync the bridge at the first start. Note that this only will sync rooms where the @smsbot:yourServer is member. For rooms without @smsbot:yourServer you need to kick and invite the telephone number **or** invite @smsbot:yourServer.
+
+1. Add the following to your `vars.yml` file: `matrix_sms_bridge_container_extra_arguments=['--env SPRING_PROFILES_ACTIVE=initialsync']`
+2. Login to your host shell and remove old systemd file from your host: `rm /etc/systemd/system/matrix-sms-bridge-database.service`
+2. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-matrix-sms-bridge,start`
+3. Login to your host shell and check the logs with `journalctl -u matrix-sms-bridge` until the sync finished.
+4. Remove the var from the first step.
+5. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`.
+
+# 2020-11-10
+
+## Dynamic DNS support
+
+Thanks to [Scott Crossen](https://github.com/scottcrossen), the playbook can now manage Dynamic DNS for you using [ddclient](https://ddclient.net/).
+
+To learn more, follow our [Dynamic DNS docs page](docs/configuring-playbook-dynamic-dns.md).
+
+
+# 2020-10-28
+
+## (Compatibility Break) https://matrix.DOMAIN/ now redirects to https://element.DOMAIN/
+
+Until now, we used to serve a static page coming from Synapse at `https://matrix.DOMAIN/`. This page was not very useful to anyone.
+
+Since `matrix.DOMAIN` may be accessed by regular users in certain conditions, it's probably better to redirect them to a better place (e.g. to the [Element](docs/configuring-playbook-client-element.md) client).
+
+If Element is installed (`matrix_client_element_enabled: true`, which it is by default), we now redirect people to it, instead of showing them a Synapse static page.
+
+If you'd like to control where the redirect goes, use the `matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain` variable.
+To restore the old behavior of not redirecting anywhere and serving the Synapse static page, set it to an empty value (`matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: ""`).
+
+
+# 2020-10-26
+
+## (Compatibility Break) /_synapse/admin is no longer publicly exposed by default
+
+We used to expose the Synapse Admin APIs publicly (at `https://matrix.DOMAIN/_synapse/admin`).
+These APIs require authentication with a valid access token, so it's not that big a deal to expose them.
+
+However, following [official Synapse's reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints), we're no longer exposing `/_synapse/admin` by default.
+
+If you'd like to restore restore the old behavior and expose `/_synapse/admin` publicly, you can use the following configuration (in your `vars.yml`):
+
+```yaml
+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true
+```
+
+
+# 2020-10-02
+
+## Minimum Ansible version raised to v2.7.0
+
+We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0.
+
+If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles).
+
+Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible.
+
+
+# 2020-10-01
+
+## Postgres 13 support
+
+The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default.
+
+If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql).
+
 # 2020-09-01

 ## matrix-registration support
--- a/README.md
+++ b/README.md
@ -1,3 +1,5 @@
+[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate)
+
 # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker

 ## Purpose
@ -128,7 +130,7 @@ This playbook sets up your server using the following Docker images:

 - [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)

- [vectorim/riot-web](https://hub.docker.com/r/vectorim/riot-web/) - the [Element](https://element.io/) web client (optional)
+- [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional)

 - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)

--- a/docs/ansible.md
+++ b/docs/ansible.md
@ -9,7 +9,9 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv

 ## Supported Ansible versions

-Ansible 2.5.2 or newer is required.
+Ansible 2.7.0 or newer is required.
+
+Ubuntu (at least 20.04) ships with a buggy version (see this [bug](https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1880359)), which can't be used in combination with a host running new systemd (more detaisl in [#517](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/517), [#669]([669](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/669))). If this problem affects you, you can: avoid running Ubuntu 20.04 on your host; run Ansible from another machine targeting your host; or try to upgrade to a newer Ansible version (see below).


 ## Checking your Ansible version
@ -49,7 +51,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
-devture/ansible:2.9.9-r0
+devture/ansible:2.9.13-r0
 ```

 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
--- a/docs/configuring-dns.md
+++ b/docs/configuring-dns.md
@ -34,7 +34,7 @@ DNS records marked with `(*)` above are optional. They refer to services that wi

 As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).

-The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/riot-web) web client for you.
+The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you.
 If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.

 The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
--- a/docs/configuring-playbook-bridge-appservice-discord.md
+++ b/docs/configuring-playbook-bridge-appservice-discord.md
@ -14,18 +14,20 @@ Instructions loosely based on [this](https://github.com/Half-Shot/matrix-appserv
 1. Create a Discord Application [here](https://discordapp.com/developers/applications).
 2. Retrieve Client ID.
 3. Create a bot from the Bot tab and retrieve the Bot token.
-4. Enable the bridge with the following configuration in your `vars.yml` file:
+4. From the Bot tab, enable all checkboxes related to Privileged Gateway Intents (you can skip this step if you're not using `matrix_appservice_discord_auth_usePrivilegedIntents: true` below)
+5. Enable the bridge with the following configuration in your `vars.yml` file:

 ```yaml
 matrix_appservice_discord_enabled: true
 matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID"
 matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
+matrix_appservice_discord_auth_usePrivilegedIntents: true
 ```

-4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
-5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S).
-6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
-7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
+6. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
+7. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S).
+8. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
+9. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.

 Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.

--- a/docs/configuring-playbook-bridge-matrix-bridge-sms.md
+++ b/docs/configuring-playbook-bridge-matrix-bridge-sms.md
@ -1,11 +1,10 @@
 # Setting up matrix-sms-bridge (optional)

-The playbook can install and configure
-[matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for you.
+The playbook can install and configure [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for you.

 See the project page to learn what it does and why it might be useful to you.

-First you need to ensure, that the bridge has unix read and write rights to your modem. On debian based distributions there is nothing to do. On others distributions you either add a group `dialout` to your host and assign it to your modem or you give the matrix user or group access to your modem.
+**The bridge uses [android-sms-gateway-server](https://github.com/RebekkaMa/android-sms-gateway-server). You need to configure it first.**

 To enable the bridge just use the following
 playbook configuration:
@ -13,16 +12,23 @@ playbook configuration:

 ```yaml
 matrix_sms_bridge_enabled: true
-matrix_sms_bridge_gammu_modem: "/dev/serial/by-id/myDeviceId"
-# generate a secret passwort e.g. with pwgen -s 64 1
-matrix_sms_bridge_database_password: ""
-# (optional) a room id to a default room
+
+# (optional but recommended) a room id to a default room
 matrix_sms_bridge_default_room: "" 
-# (optional) gammu reset frequencies (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency)
-matrix_sms_bridge_gammu_reset_frequency: 3600
-matrix_sms_bridge_gammu_hard_reset_frequency: 0
-# (optional) group with unix read and write rights to modem
-matrix_sms_bridge_modem_group: 'dialout'
+
+# (optional but recommended) configure your server location
+matrix_sms_bridge_default_region: DE
+matrix_sms_bridge_default_timezone: Europe/Berlin
+
+# Settings to connect to android-sms-gateway-server
+matrix_sms_bridge_provider_android_baseurl: https://192.168.24.24:9090
+matrix_sms_bridge_provider_android_username: admin
+matrix_sms_bridge_provider_android_password: supeSecretPassword
+
+# (optional) if your android-sms-gateway-server uses a self signed vertificate, the bridge needs a "truststore". This can be the certificate itself.
+matrix_sms_bridge_provider_android_truststore_local_path: android-sms-gateway-server.p12
+matrix_sms_bridge_provider_android_truststore_password: 123
+
 ```


--- a/docs/configuring-playbook-client-element.md
+++ b/docs/configuring-playbook-client-element.md
@ -1,6 +1,6 @@
 # Configuring Element (optional)

-By default, this playbook installs the [Element](https://github.com/vector-im/riot-web) Matrix client web application.
+By default, this playbook installs the [Element](https://github.com/vector-im/element-web) Matrix client web application.
 If that's okay, you can skip this document.


--- a/docs/configuring-playbook-dynamic-dns.md
+++ b/docs/configuring-playbook-dynamic-dns.md
@ -0,0 +1,27 @@
+# Dynamic DNS
+
+## Setup
+
+Most cloud providers / ISPs will charge you extra for a static IP address. If you're
+not hosting a highly reliable homeserver you can workaround this via dynamic DNS. To
+set this up, you'll need to get the username/password from your DNS provider. For
+google domains, this process is described [here](https://support.google.com/domains/answer/6147083).
+After you've gotten the proper credentials you can add the following config to your `inventory/host_vars/matrix.DOMAIN/vars.yml`:
+
+```yaml
+matrix_dynamic_dns_enabled: true
+
+matrix_dynamic_dns_domain_configurations:
+  - provider: domains.google.com
+    protocol: dyndn2
+    username: XXXXXXXXXXXXXXXX
+    password: XXXXXXXXXXXXXXXX
+    domain: "{{ matrix_domain }}"
+```
+
+
+## Additional Reading
+
+Additional resources:
+
+- https://matrix.org/docs/guides/free-small-matrix-server
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@ -91,44 +91,33 @@ matrix_jitsi_jvb_container_extra_arguments:

 ## (Optional) Fine tune Jitsi

-You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients.
-Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
-For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+Sample **additional** `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration to save up resources (explained below):

 ```yaml
-matrix_jitsi_web_config_enableLayerSuspension: true
-```
+matrix_jitsi_web_custom_config_extension: |
+  config.enableLayerSuspension = true;

-You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
-For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+  config.disableAudioLevels = true;

-```yaml
-matrix_jitsi_web_config_disableAudioLevels: true
+  // Limit the number of video feeds forwarded to each client
+  config.channelLastN = 4;
+
+matrix_jitsi_web_config_resolution_width_ideal_and_max: 480
+matrix_jitsi_web_config_resolution_height_ideal_and_max: 240
 ```

-You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes.
-This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4).
-Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf)
+You may want to **suspend unused video layers** until they are requested again, to save up resources on both server and clients.
+Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
 For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:

-```yaml
-matrix_jitsi_web_config_channelLastN: 4
-```
+You may wish to **disable audio levels** to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.

-To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
-
-```yaml
-matrix_jitsi_web_config_constraints_enabled: true
-```
+You may want to **limit the number of video feeds forwarded to each client**, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes.
+This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4).
+Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf).

-You may want to limit the maximum video resolution, to save up resources on both server and clients.
-For example, to set resolution to 480.
-For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+You may want to **limit the maximum video resolution**, to save up resources on both server and clients.

-```yaml
-matrix_jitsi_web_config_constraints_video_height_ideal: 480
-matrix_jitsi_web_config_constraints_video_height_max: 480
-```

 ## Apply changes

--- a/docs/configuring-playbook-nginx.md
+++ b/docs/configuring-playbook-nginx.md
@ -23,3 +23,12 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses:
 - 8.8.8.8
 - 1.1.1.1
 ```
+
+
+## Synapse + OpenID Connect for Single-Sign-On
+
+If you want to use OpenID Connect as an SSO provider (as per the [Synapse OpenID docs](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md)), you need to use the following configuration (in your `vars.yml` file) to instruct nginx to forward `/_synapse/oidc` to Synapse:
+
+```yaml
+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled: true
+```
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@ -113,7 +113,7 @@ With this, nginx would still be in use, but it would not bother with anything SS
 All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).

 You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
-The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN` and `dimension.DOMAIN` are optional).
+The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN` are optional).

 ### Sample configuration for running behind Traefik 2.0

@ -144,7 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
  - '--label "traefik.enable=true"'

  # The Nginx proxy container will receive traffic from these subdomains
-  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`)"'
+  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }},`{{ matrix_server_fqn_jitsi }}`)"'

  # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
  - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@ -172,7 +172,7 @@ matrix_synapse_container_extra_arguments:
  - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
 ```

-This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
+This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.

 Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:

@ -193,3 +193,38 @@ Note that this configuration on its own does **not** redirect traffic on port 80
      scheme = "https"
      permanent = true
 ```
+
+You can use the following `docker-compose.yml` as example to launch Traefik.
+
+```yaml
+version: "3.3"
+
+services:
+
+  traefik:
+    image: "traefik:v2.3"
+    restart: always
+    container_name: "traefik"
+    networks:
+      - traefik
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.network=traefik"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web-secure.address=:443"
+      - "--entrypoints.synapse.address=:8448"
+      - "--certificatesresolvers.default.acme.tlschallenge=true"
+      - "--certificatesresolvers.default.acme.email=YOUR EMAIL"
+      - "--certificatesresolvers.default.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+networks:
+  traefik:
+    external: true
+```
--- a/docs/configuring-playbook-synapse-admin.md
+++ b/docs/configuring-playbook-synapse-admin.md
@ -15,6 +15,8 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 matrix_synapse_admin_enabled: true
 ```

+**Note**: Synapse Admin requires Synapse's [Admin APIs](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, we **automatically** exposes them publicly for you (equivalent to `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true`).
+

 ## Installing

--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@ -21,3 +21,8 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
 ## Synapse Admin

 Certain Synapse administration tasks (managing users and rooms, etc.) can be performed via a web user-interace, if you install [Synapse Admin](configuring-playbook-synapse-admin.md).
+
+
+## Synapse + OpenID Connect for Single-Sign-On
+
+If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@ -33,6 +33,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins

 - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)

+- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)

 ### Core service adjustments

--- a/docs/howto-server-delegation.md
+++ b/docs/howto-server-delegation.md
@ -89,7 +89,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/
 If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:

 ```yaml
-matrix_synapse_container_extra_arguments:
+matrix_nginx_proxy_container_extra_arguments:
  - "--mount type=bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
 ```

--- a/docs/importing-sqlite.md
+++ b/docs/importing-sqlite.md
@ -20,4 +20,7 @@ Run this command (make sure to replace `<server-path-to-homeserver.db>` with a f

 	ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=<server-path-to-homeserver.db>' --tags=import-sqlite-db

-**Note**: `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` file on the server (not on your local machine!).
+**Notes**:
+
+- `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!).
+- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.
--- a/docs/maintenance-and-troubleshooting.md
+++ b/docs/maintenance-and-troubleshooting.md
@ -33,6 +33,12 @@ matrix_synapse_root_log_level: "INFO"

 Re-run the playbook after making these configuration changes.

+## Remove unused Docker data
+
+You can free some disk space from Docker, see [docker system prune](https://docs.docker.com/engine/reference/commandline/system_prune/) for more information.
+```bash
+ansible-playbook -i inventory/hosts setup.yml --tags=run-docker-prune
+```

 ## Postgres

--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@ -45,7 +45,7 @@ docker run \
 --log-driver=none \
 --network=matrix \
 --env-file=/matrix/postgres/env-postgres-psql \
-postgres:12.4-alpine \
+postgres:13.0-alpine \
 pg_dumpall -h matrix-postgres \
 | gzip -c \
 > /postgres.sql.gz
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@ -1,6 +1,12 @@
 # Prerequisites

- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
+- An **x86** server running one of these operating systems:
+  - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
+  - **Debian** (9/Stretch+)
+  - **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
+  - **Archlinux**
+
+This playbook doesn't support running on ARM (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.

 - `root` access to your server (or a user capable of elevating to `root` via `sudo`).

--- a/docs/self-building.md
+++ b/docs/self-building.md
@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-client-element`
 - `matrix-registration`
 - `matrix-coturn`
+- `matrix-corporal`
 - `matrix-ma1sd`
 - `matrix-mailer`
 - `matrix-bridge-mautrix-facebook`
--- a/docs/uninstalling.md
+++ b/docs/uninstalling.md
@ -1,24 +1,40 @@
 # Uninstalling

-**Note**: If you have some trouble with your installation configuration, you can just [re-run the playbook](installing.md) and it will try to set things up again. You don't need to uninstall and install fresh.
+**Warnings**:

-However, if you've installed this on some server where you have other stuff you wish to preserve, and now want get rid of Matrix, it's enough to do these:
+- If your server federates with others, make sure to **leave any federated rooms before nuking your Matrix server's data**. Otherwise, the next time you set up a Matrix server for this domain (regardless of the installation method you use), you'll encounter trouble federating.

- ensure all Matrix services are stopped (`systemctl stop 'matrix*'`)
+- If you have some trouble with your installation, you can just [re-run the playbook](installing.md) and it will try to set things up again. **Uninstalling and then installing anew rarely solves anything**.

- delete the Matrix-related systemd .service files (`rm -f /etc/systemd/system/matrix*`) and reload systemd (`systemctl daemon-reload`)
+
+-----------------
+
+
+## Uninstalling using a script
+
+Installing places a `/usr/local/bin/matrix-remove-all` script on the server.
+
+You can run it to to have it uninstall things for you automatically (see below). **Use with caution!**
+
+
+## Uninstalling manually
+
+If you prefer to uninstall manually, run these commands (most are meant to be executed on the Matrix server itself):
+
+- ensure all Matrix services are stopped: `ansible-playbook -i inventory/hosts setup.yml --tags=stop` (if you can't get Ansible working to run this command, you can run `systemctl stop 'matrix*'` manually on the server)
+
+- delete the Matrix-related systemd `.service` files (`rm -f /etc/systemd/system/matrix*.service`) and reload systemd (`systemctl daemon-reload`)

 - delete all Matrix-related cronjobs (`rm -f /etc/cron.d/matrix*`)

 - delete some helper scripts (`rm -f /usr/local/bin/matrix*`)

- delete some cached Docker images (or just delete them all: `docker rmi $(docker images -aq)`)
+- delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`)

- delete the Docker network: `docker network rm matrix`
+- delete the Docker network: `docker network rm matrix` (might have been deleted already if you ran the `docker system prune` command)

 - uninstall Docker itself, if necessary

 - delete the `/matrix` directory (`rm -rf /matrix`)

-The script `/usr/local/bin/matrix-remove-all` performs all these steps (**use with caution!**).

--- a/examples/apache/matrix-synapse.conf
+++ b/examples/apache/matrix-synapse.conf
@ -43,6 +43,8 @@
 	AllowEncodedSlashes NoDecode
 	ProxyPass /_matrix http://127.0.0.1:8008/_matrix retry=0 nocanon
 	ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
+	ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client retry=0 nocanon
+	ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client

 	# Map /.well-known/matrix/client for client discovery
 	Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
--- a/examples/caddy/matrix-synapse
+++ b/examples/caddy/matrix-synapse
@ -21,9 +21,11 @@ https://matrix.DOMAIN {
 	}

 	# Synapse Client<>Server API
-	proxy / matrix-synapse:8008 {
+	proxy /_matrix matrix-synapse:8008 {
+		transparent
+		except /_matrix/identity/ /_matrix/client/r0/user_directory/search
+	}
+	proxy /_synapse/client matrix-synapse:8008 {
 		transparent
-		except /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
 	}
-
 }
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@ -1,7 +1,4 @@
 matrix.DOMAIN.tld {
-
-  tls {$CADDY_TLS}
-
  @identity {
        path /_matrix/identity/*
  }
@ -97,10 +94,7 @@ matrix.DOMAIN.tld:8448 {
 }

 dimension.DOMAIN.tld {
-
-      tls {$CADDY_TLS}
-
-      header {
+header {
         	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
        	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        	# Enable cross-site filter (XSS) and tell browser to block detected attacks
@ -127,9 +121,6 @@ dimension.DOMAIN.tld {
 }

 element.DOMAIN.tld {
-
-    tls {$CADDY_TLS}
-
 	header {
         	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
        	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -153,4 +144,4 @@ element.DOMAIN.tld {
                     header_up X-Forwarded-TlsCipher {tls_cipher}
                     header_up X-Forwarded-HttpsProto {proto}
        }
-}
+}
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,111 +1,103 @@
 $ANSIBLE_VAULT;1.1;AES256
-66636239643662303936376365386636313861626365643933343135343931333363393132643032
-3733653633356164636234393931366639633038336334340a386466383762356165343530353533
-36643833643532356633353966633062626464323061663361386666616238663331383263333466
-3866303962366262640a343332373538646562356264623133663837663938633465323333366435
-63663564393234383235633735613563633266643338343832303039356262656130376239396131
-62653035376135363664613739613337343532353564376130336533636139623762626130323862
-38623062633735363632613062363330363632613463623062386432383033633238316236666338
-34623732373336303735323062373666666337373863336330356336653966633563656638633733
-35663663616537616161393635663935333362623432336231373065353931333265313234643263
-61303731356236383336653665316364373435343838653366393264653031643766336134636331
-61656639303265323738356265323933356537363437363836633834376263363036663164386236
-31653636363438616261306366366537353339363762323534656465346366653932336633613233
-65353537633464346430643733386132396338313266333738653036313430383936626439343933
-33383266343535633131663836336663323664393130326137656336353862303636346161613535
-39653233383432623239366437303763313162346365336234343430313933613838396462663837
-62626330333665303537326465616632343564613162626431666266383234666330303636366538
-34376266653662303362383932343564306163646638366465346336313734646261326638326136
-62343233393666326630353533646336356638393765366336303734363963373066383734376637
-66393839323863663931653138323836396563616230306133363966666230386236663162383063
-35323235646338646135623762396331353063646364653337383232343239623230346638386537
-33613963373866396634343039393034316633333431313930343835626465356331333161313835
-31306365316639383635653331666566333564383734346534663962343565353838666230383263
-62363832373631613066376566333238643065636663313133366433653461653864326363646330
-31616139623731343038306263323733636334313363643931616336333036383938373666376230
-32323436383536663465373737383736333362366132613361313264386432613937383262666634
-37653037613134633433633338646366646266366465356132666638363865333139376233383436
-64343062386362373735343135633836323266353565633863643539383461666537366439336565
-32306138313432653139323435326637373462663630346364316531663361613631356266353163
-30346662396563623136623539353263356163643237663436323736646232653639316663363136
-32316565383434333764373131656534363430393631383262643836356136316437306366633132
-31313532643334336538353563373039373261333862306336656630383435353230616566313966
-32333330623361373335336636316635636134646564353338333065333737313532653837323634
-37353130636433373263373537316662356165396331653230316562386637376533636635393137
-65626363333331366336306233656236623137623334356465613363663239633364616633383066
-39646366663532386366343433396665356631333431303131663563313735616630323137613634
-63646334636630313233663033346630666136653439633637666363656561633962363935313762
-62333435313431666666343830643833373136643039653862346561346335663765616665366562
-31393865663639663063616336333132356439326134633031646432316565316361353362653366
-65316263363462626230643836626138636662353964333565313036326130323665663865616238
-37333637323466613832386138363036306266646533323934366466316662336138316333363263
-64316130643536303432386465343839313636326139373636386137316363323465393464353463
-61633830626530366339623665343139633839383362653434373738643131636666333664656239
-64653934666635336435396164643336386536653937613263303262656332343638366265393135
-30363438373631313437313936653035346633616265323639656438343161383639643930396537
-35333532376264353037663161306633323435396362366265353666363761356664306233303064
-61393664346464363331376133383465326464356363623530386463343439393533396532366639
-39383431626339386135643866613732646661353638353132663535643163646566353937633065
-39396131333935393764323731353736353864376436633532616362313931653336333139666538
-63396636343934366161646131623462333333363038393534346364303866366138376362656539
-37333730316431636264323138346161396662333634323836343635656461386630353862653334
-33383065366331643965393339653635633464316661623662336637626133663163626238356532
-61336636343637656531303031633066666161316236373461303463353762616265383734366362
-38346131396265373939633865333234666561346135646331326666343630383736313331366437
-36626665303938393737373263613033353038323762396165373566366265616165633862316430
-30363365656665313264616134643337346466303466656663396633643261333565653262666439
-63333730333962646561333362326266393063333136663731383365393032616132653634333639
-65663132623039616537666338653964396232376438323039323764333131633038643030383437
-63383639353439356564613962386466313062646165386261313730643832323932346232666466
-36303931646134653231383164663332323761666137346539333032336363316236346430356637
-33373064653263373935383666623965373232346238306462613462323463393462663161343830
-37313937623064373065356435343038613061353063643162393637373238643464346133666436
-62663262613639326261346430323363353863376436376238313361366239663165383864313830
-61636438353335383965626239363335626634303865313431323030643166633339366332383536
-33623964306363653866333365333038636537663533633332313336366534343264653130326436
-31396638373639383336376361306635316163343238653461323436333636383662646461636564
-33616130313633336165366666376535323630366636393733303661386132386331616538623166
-32326132366334323232383330336635303132386235326162653763303965616639393265373730
-66306164383133383863353736663761383263326636643730363031626634373836366439643639
-32666533336461653263363131383739363134663134336538386435306461356163633131373763
-65323736366634653234303566376235383264653839363166613335623165633031646365313833
-65626336373861656662306432646163393639393937343832623034376638643533323334626635
-39323861666137643062633132643739383031626330623832653734386334383365666261616161
-37643962333637313538363766323237306438653937653638656230376232303538363961316138
-32663530666366363661343237306430636232643639346562626537373961646535313832623237
-65396538363235643464346463373630396162373936353264373164323439663734623461366336
-66663862656464363866643862346461623130313638663864343237666232656631653461623732
-33323030666361626164616431623635323231333062373935666566303761643537616164366338
-38323532373234326234343466333936336262626562613438646465326536643537623238333534
-37383637653439656239303363633431313138393937356136326666613963303165643762393962
-30636165613130353635393465646433633137376337333530396332376133616639313538666265
-61623562323936376335663436313930336662373330383233303662663137656634366132363338
-66386337306333323863663639643232643634393634633461383264613333343935333662323038
-37353166313539636533613963666234356630393264636137376539376237336138626564616566
-64366261316564336332353862663165616566643730643366303562363936643033646636393662
-33376563633432343334366461653333396635613866373664353337616633306338303362346565
-35643865373362333461306464316330303062616234386462323031343062393933313730656263
-62643330333235396135376436356530316333636238373237613764336531666631336662623334
-31653531616532353031356238353339666662373939306165393335313561303361616236346336
-65393930366164353136626562386165616637333036656334633937343266366264353964653031
-38353437393762316237666265633165656530343334316265356139663964326538383063323332
-30656133613764633036636265643965333931336230633031363436383536376565623466333432
-31616663376138363463333066646635613538366464323033653937373630353233313939623362
-30323062336261373930316631383163663833643162623735666136633734343131316439623561
-65653265623835333835393637336566306563633364346536366339356561646132356232333563
-35636538323930303839653664393732363561383835656335616237626264323764306131313238
-37643735613736376362353534633865656230633438616534633062313938363561626162643033
-31316231373661626161343532333033663832656337623830343362663061663534646532646562
-65646565313162366131656431666664313966383765313238353231663561353863663465336631
-65396631626130663838356163386632653466306466303866633730623062666430643630653239
-32313863653637386239306461646463653434366362613938626633316231333830396564333366
-31666566653664306330313965326437656338356233383365386163656237316663393764316164
-33323930636364346530623862316238333966666632383562336431386366353662353334646338
-31376666633164386164363062636137353939363363306664613636323531643461366636346538
-37616662613166663165366566613231643836636533386637303532636432616236336636346362
-32613630666432396230636539353931626264316639343336653339366331626632366533383637
-64663838386436646464643537613966336234316563666632396564366263353233363434623433
-38356166633935663161646430356363336332666236323734343736653032363732393735353537
-38373936616165646530636337656237326666346164323063333136336137363633613731663564
-61646338663338663862303266393463663861643262633934633439386333353336383839656436
-3362323430303033363362376438336531643266613865643063
+62656561663637313534316434323264346335326230616438616332383234386463616561313835
+3032373531333836343631326334376466623837343838340a656437363366356463633764643962
+66333233373632623364623634376532363732623664393131346464343166333539386139383061
+6162383765613931630a343661356264383031353136363539316234353738393261366331313739
+64333865333432323466363930373638386234646335316465333763626332333832643831353737
+64313061363236613734386633383661323266633338363836666236336463643630656334383839
+34663062303863376438353837396233663761626264353063666534343766303862353838653435
+33663266646433303161393337613133623233346366343462343965666539343762613035353138
+32316335646630646366616236346563623037313365663165643637623731396538303931366539
+66656365363362346533376366393861646664323137336634376534643964656330323761333438
+34393532396237356363613562653437666561373639333630613061623063643533333339383831
+35396163343039353734373566306133373264656438383235353232346636656139363761633230
+64626665373965366233363730393539633763363665373431616561383132643530623333343937
+31653535616665383335653433623939323734353038366566323162306632613166373631636433
+61373537636534336438613534313163383332366263346532626536333536316330373261656331
+35616562643738613666373534343739396335643532303531323731386166306661386366623838
+64313362656565346130626434336533313035363935386435366430666335336230316562613135
+65636132393131663032356237636463376436663937383235653030326466643236613137656563
+61346139653863633063383561656634353334343863353039393432626365353665346536616564
+32303466333136323962306238613939333734623234346635616365386465366563626535306533
+63363337383263666463353737393331353037376334306466323262333234386564633164643834
+37353837356437363161396431643339643630373465396438643734393065643633366538393435
+39313366326463373233313435323763353861636464386362316165336564303166353662643931
+64663038376633316536643062393439353637306565663734383530346366303430303838343133
+65393365383031656238326632613863373662323133366665646161666537333938386433376333
+39333762303236343037666137336361613964303135363033343662363431333332346631356233
+64333963633836663530626366373335366434613733343266646230313261623036633731383963
+64663566346230323936663731396131343239363466623261323163613334353731343730653466
+30353836343962653265656533373237316366653561346661343430666561356631306337366363
+37663064626539356439623639306632633666613561373730656238333733613832643231396133
+38343866323064646534656331303530613131343832663261393466333038623962333361326464
+36383636303763313666353931653635366265303364653931323132383036336437633263323137
+62393464663330656339663435616430326463643633373231623930623933366438613362393335
+39383963353661663964623664386437343537343034393634636335383066613763343837303063
+32363065623162643863316665333235636133376637313634313665613964373263316261373436
+34316530353631663937653339663939303431383839626363316634343336343163356164356537
+65363432313064643566386130343130633264323430323935323361383035333538626362353664
+32346565383566356234366461313265393465666131333734666664333632626539613234633039
+62346562303233633631326430343862366163363635383262663132623735666666323636666331
+62346639396539336435343033363535396435613533373030343063353762303862633832366465
+36353466323033333063663430313765666334613038626137643536623136396632626336613937
+36366634343730373433653932323462666330386135306531663566316230663936393836633965
+63646630653835316266656235646162613237376135663531323761643962613637383338663937
+63346336383733666561643134376231643930363039616432623239343632396264666365646536
+64373335613336306636326366346131663533363365623061633131333962343139303034373733
+61626665356266356333303562303534636639623061653033326166333732313062366230653035
+62326437383564396630633063343731353936633363353564626636363964353133646139353266
+38323432616136333131663166333265626533643937666136343665376263376137613564323234
+33633330373732363466653563333864306537613765303831623831633662303234643462393132
+38353464386131656638376461633066356163396365666165373335396263643564306635366630
+66666431376166393934646664643230386662363161626363376564353831373131363164633331
+38613133663139636461633230346532373063363234623637663966613339666333303139373531
+64366162336135313030653738383962613463373364326166303136316537646566303236646335
+61613761343863323662633863316161393734343836313266613666376630646461303639396434
+63333562323561643762636661326237386366383838353637626434356132333439306335363730
+64663966663834363365383731646432633638623736616463393065336331666236633162626466
+65346330393630333863396663623261363738663037353738656333393561356362633539356532
+65663266656465323862313135366666333033346463346333383036386438336630306666313834
+39393739346235636561303435373666616132633636653037373638643135356632613732343637
+37323039383464386434303634393232303738313333633365666662626337323563346432663732
+39333038323633633037353737616263643232393336623431613039303832376534333861663131
+34376564623265386132306237616235363031616637323761373138626262393539663731376232
+36353335303939323562643735356131363265633233613261386331383931646532656633633561
+33333934653366653434646135636433316364376335326239623034333036616633653830333533
+31383663306366653162663632643363313435396465343139383637333663356430353136323262
+63353666383839643333643735373535323962326365323930356637363432626666373765316236
+61623363323163356138313337643334336631336163646630643734376632663137323230346266
+62623731326362636430353838613338316261623034656134663966383961326665653633363834
+33336461636333313433376461653962613265633132353832333263303464623732626438646539
+61396636316233343730363031363330623836356336386235386363633734366262393334643864
+36613038643061613735646435363465353563306661663466356631613032303038666634343237
+65643465326364613634666138333736336437623830306464373636343831623637343235303163
+32643035333435316333656365316532313233613736653134653531313037663631386566633134
+64616536663263373139373664653364663538616566336461656362333964313765396439656238
+38353362633663336131386638643439636333643162346164646536306662336430343065306335
+35316131323034333064383934393538623837396663326639656163303666313136336233363065
+32623433393734306534646632306362393933626266353564303866323134366431333833616635
+65646133316266633439646534313234653537353536353465643338613762313130653630316563
+37376437313036376438626563356631623162363262336265653933333930336337323933336639
+30636132313563306664313163323330363564343462363662353134383965386139383331343362
+66386430363633376437666637303834353433313039613139373136393764623565386530356132
+36313833383836363363383433376133313266393431366330346331663237376366613934333239
+35316135316361373861323334333230323063396435616630613939356131633436373839346433
+37626634616438303262356539646138663866346162316164636631343138636264353139313431
+37346334623764663137343764333133316639336266396264306434303261623835323838633561
+61353062623864623932663032306132346533383535316531666336623166633665366436393837
+39626231363430616634386436393133326634343033373230303361613130363431336131313735
+34326235333430353265636264343539616662633966363261393431653365626432613365336436
+38386239353966646532326438386366383064333434313561373664333465653363646635333165
+38613337666430633337613932626466373236316632636665343738363163646639386661306263
+32643065353362643035366662306336386462303331383131653065396662393237323564643362
+37656332653633303836643233373535313332653963343132363064613430323731633865376633
+63353063613536663437333435386337353561303430396236373566616533326466376536366333
+37363531333830333332636636363230353561663563333037613761356561663834303332613833
+32363130303065336434393033613534643161363361373066383238333165633635383535663431
+32303232643161663964316365346132626634656239656365316136336265616534303936313964
+36656630376164316563306334303638616231343739623132656136343464306363373732313631
+33663666373438656430373432643436663133636337363961346134376666626638626137343339
+32343735633663306165373633373437356465343762643135326430356330313663623130633737
+61356563333630633966653831323561323264343962326466313566666666386432326362333338
+66333435623834383666326634616234623761636238346534623034366265653430303134656439
+3162666337353934633539666666336264336564623337363336
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -18,8 +18,6 @@

 matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"

-matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
-
 ######################################################################
 #
 # /matrix-base
@ -203,6 +201,8 @@ matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key

 matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"

+matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_use_presence if matrix_synapse_enabled else true }}"
+
 ######################################################################
 #
 # /matrix-bridge-mautrix-facebook
@ -541,6 +541,8 @@ matrix_bot_matrix_reminder_bot_enabled: false

 matrix_corporal_enabled: false

+matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+
 # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
 # matrix-corporal's web-server ports to the local host.
@ -580,13 +582,19 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"

 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"

-matrix_coturn_tls_enabled: true
+matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}"
 matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem"
 matrix_coturn_tls_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/privkey.pem"
-matrix_coturn_container_additional_volumes:
- - src: "{{ matrix_ssl_config_dir_path }}"
-   dst: "{{ matrix_ssl_config_dir_path }}"
-   options: ro
+matrix_coturn_container_additional_volumes: |
+  {{
+    ([] if matrix_ssl_retrieval_method == 'none' else [
+        {
+            'src': matrix_ssl_config_dir_path,
+            'dst': matrix_ssl_config_dir_path,
+            'options': 'ro',
+        }
+    ])
+  }}

 ######################################################################
 #
@ -621,6 +629,23 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if mat
 ######################################################################


+
+######################################################################
+#
+# matrix-dynamic-dns
+#
+######################################################################
+
+matrix_dynamic_dns_enabled: false
+
+######################################################################
+#
+# /matrix-dynamic-dns
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-email2matrix
@ -650,6 +675,8 @@ matrix_jitsi_enabled: false
 # the Jitsi HTTP port to the local host.
 matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}"

+matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12090' }}"
+
 matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}"
 matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}"
 matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}"
@ -771,6 +798,10 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corp
 matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:8008' }}"
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"

+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+
+matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"
+
 matrix_nginx_proxy_proxy_matrix_enabled: true
 matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
@ -835,6 +866,8 @@ matrix_ssl_architecture: "{{
 	}[matrix_architecture]
 }}"

+matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}"
+
 ######################################################################
 #
 # /matrix-nginx-proxy
@ -853,6 +886,7 @@ matrix_postgres_enabled: true

 matrix_postgres_connection_hostname: "matrix-postgres"
 matrix_postgres_connection_username: "synapse"
+# Please note that the max length of the password is 99 characters
 matrix_postgres_connection_password: "synapse-password"
 matrix_postgres_db_name: "homeserver"

@ -919,7 +953,7 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
 #
 ######################################################################

-matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm32', 'arm64', 'amd64'] }}"

 # When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
 # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
@ -1024,6 +1058,8 @@ matrix_synapse_admin_enabled: false
 # Synapse Admin's HTTP port to the local host.
 matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"

+matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}"
+
 ######################################################################
 #
 # /matrix-synapse-admin
--- a/inventory/host_vars/matrix.awful.club/vars.yml
+++ b/inventory/host_vars/matrix.awful.club/vars.yml
@ -36,10 +36,18 @@ matrix_synapse_macaroon_secret_key: "{{ MATRIX_SYNAPSE_MACAROON_SECRET_KEY }}"

 # added by jlj -- 11/25/19
 # configures the slack bridge.
-matrix_appservice_slack_enabled: true
+matrix_appservice_slack_enabled: True
 matrix_appservice_slack_control_room_id: "{{ MATRIX_APPSERVICE_SLACK_CONTROL_ROOM_ID }}"

-matrix_jitsi_enabled: true
+# disabled -- 2020/12 because we never used it
+matrix_jitsi_enabled: false
+
+# added by jlj -- 2020/12
+# discord bridging
+matrix_appservice_discord_enabled: true
+matrix_appservice_discord_auth_usePrivilegedIntents: true
+matrix_appservice_discord_client_id: "{{ vault_matrix_appservice_discord_client_id }}"
+matrix_appservice_discord_bot_token: "{{ vault_matrix_appservice_discord_bot_token }}"

 # Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords,
 # or define your own strong passwords manually.
@ -55,7 +63,7 @@ ansible_become_pass: "{{ ANSIBLE_BECOME_PASS }}"
 # added by jlj -- twitter bullshit
 # consumer key is another way of sayign 'api key', no i don't know why they did it like that.

-matrix_mx_puppet_twitter_enabled: true
+matrix_mx_puppet_twitter_enabled: false
 matrix_mx_puppet_twitter_consumer_key: "{{ MATRIX_MX_PUPPET_TWITTER_CONSUMER_KEY }}"
 matrix_mx_puppet_twitter_consumer_secret: "{{ MATRIX_MX_PUPPET_TWITTER_CONSUMER_SECRET }}"
 matrix_mx_puppet_twitter_access_token: "{{ MATRIX_MX_PUPPET_TWITTER_ACCESS_TOKEN }}"
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@ -59,13 +59,23 @@ matrix_integration_manager_ui_url: ~

 # The domain name where a Jitsi server is self-hosted.
 # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
-matrix_riot_jitsi_preferredDomain: ''
+# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
+matrix_client_element_jitsi_preferredDomain: ''

 # Controls whether Element should use End-to-End Encryption by default.
 # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
-matrix_riot_e2ee_default: true
+# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
+matrix_client_element_e2ee_default: true
+
+# Controls whether Element should require a secure backup set up before Element can be used.
+# Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup.
+# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
+matrix_client_element_e2ee_secure_backup_required: false
+
+# Controls which backup methods from ["key", "passphrase"] should be used, both is the default.
+# Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use
+# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
+matrix_client_element_e2ee_secure_backup_setup_methods: []

 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"
--- a/roles/matrix-base/files/yum.repos.d/docker-ce.repo
+++ b/roles/matrix-base/files/yum.repos.d/docker-ce.repo
@ -1,62 +1,62 @@
 [docker-ce-stable]
 name=Docker CE Stable - $basearch
-baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
+baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
 enabled=1
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

 [docker-ce-stable-debuginfo]
 name=Docker CE Stable - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/stable
+baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

 [docker-ce-stable-source]
 name=Docker CE Stable - Sources
-baseurl=https://download.docker.com/linux/centos/7/source/stable
+baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-edge]
-name=Docker CE Edge - $basearch
-baseurl=https://download.docker.com/linux/centos/7/$basearch/edge
+[docker-ce-test]
+name=Docker CE Test - $basearch
+baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-edge-debuginfo]
-name=Docker CE Edge - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/edge
+[docker-ce-test-debuginfo]
+name=Docker CE Test - Debuginfo $basearch
+baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-edge-source]
-name=Docker CE Edge - Sources
-baseurl=https://download.docker.com/linux/centos/7/source/edge
+[docker-ce-test-source]
+name=Docker CE Test - Sources
+baseurl=https://download.docker.com/linux/centos/$releasever/source/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-test]
-name=Docker CE Test - $basearch
-baseurl=https://download.docker.com/linux/centos/7/$basearch/test
+[docker-ce-nightly]
+name=Docker CE Nightly - $basearch
+baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-test-debuginfo]
-name=Docker CE Test - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/test
+[docker-ce-nightly-debuginfo]
+name=Docker CE Nightly - Debuginfo $basearch
+baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg

-[docker-ce-test-source]
-name=Docker CE Test - Sources
-baseurl=https://download.docker.com/linux/centos/7/source/test
+[docker-ce-nightly-source]
+name=Docker CE Nightly - Sources
+baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg
--- a/roles/matrix-base/tasks/sanity_check.yml
+++ b/roles/matrix-base/tasks/sanity_check.yml
@ -1,19 +1,10 @@
 ---

- set_fact:
-    matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-
- name: Fail if running on Ansible < 2.5
-  fail:
-    msg: "{{ matrix_ansible_outdated_fail_msg }}"
-  when: "ansible_version.major <= 2 and ansible_version.minor < 5"
-
-# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`.
-# The bug has been fixed in Ansible 2.5.2.
- name: Fail if running on Ansible 2.5.x (lower than 2.5.2)
+# We generally support Ansible 2.7.0 and above.
+- name: Fail if running on Ansible < 2.7
  fail:
-    msg: "{{ matrix_ansible_outdated_fail_msg }}"
-  when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)"

 - name: (Deprecation) Catch and report renamed settings
  fail:
--- a/roles/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/matrix-base/tasks/setup_matrix_user.yml
@ -17,6 +17,9 @@
    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
    state: present
    group: "{{ matrix_user_groupname }}"
+    home: "{{ matrix_base_data_path }}"
+    create_home: no
+    system: yes
  register: matrix_user

 - name: Set Matrix Group UID Variable
--- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
@ -18,14 +18,21 @@
 		]
 	}
 	{% endif %}
-	{% if matrix_riot_jitsi_preferredDomain %},
+	{% if matrix_client_element_jitsi_preferredDomain %},
+	"io.element.jitsi": {
+		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
+	},
 	"im.vector.riot.jitsi": {
-		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
+		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
-	{% if not matrix_riot_e2ee_default %},
+	,
+	"io.element.e2ee": {
+		"default": {{ matrix_client_element_e2ee_default|to_json }},
+		"secure_backup_required": {{ matrix_client_element_e2ee_secure_backup_required|to_json }},
+		"secure_backup_setup_methods": {{ matrix_client_element_e2ee_secure_backup_setup_methods|to_json }}
+	},
 	"im.vector.riot.e2ee": {
-		"default": false
+		"default": {{ matrix_client_element_e2ee_default|to_json }}
 	}
-	{% endif %}
 }
--- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
+++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
@ -24,9 +24,9 @@ else
 	find /etc/cron.d/ -name "matrix-*" -delete
 	echo "Remove matrix scripts"
 	find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
-	echo "Remove every docker images"
-	docker rmi $(docker images -aq)
-	echo "Remove docker matrix network"
+	echo "Remove unused Docker images and resources"
+	docker system prune -af
+	echo "Remove Docker matrix network (should be gone already, but ..)"
 	docker network rm {{ matrix_docker_network }}
 	echo "Remove {{ matrix_base_data_path }} directory"
 	rm -fr "{{ matrix_base_data_path }}"
--- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
+++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_bot_matrix_reminder_bot_enabled: true

-matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0"
+matrix_bot_matrix_reminder_bot_docker_image: "docker.io/anoa/matrix-reminder-bot:release-v0.2.0"
 matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"

 matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
--- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
+++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=matrix-reminder-bot
+Description=Matrix reminder bot
 {% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			-e 'TZ={{ matrix_bot_matrix_reminder_bot_reminders_timezone }}' \
-			-v {{ matrix_bot_matrix_reminder_bot_config_path }}:/config:ro \
-			-v {{ matrix_bot_matrix_reminder_bot_data_path }}:/data:rw \
+			--mount type=bind,src={{ matrix_bot_matrix_reminder_bot_config_path }},dst=/config,ro \
+			--mount type=bind,src={{ matrix_bot_matrix_reminder_bot_data_path }},dst=/data \
 			--entrypoint=/bin/sh \
 			{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
 			{{ arg }} \
--- a/roles/matrix-bridge-appservice-discord/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_appservice_discord_enabled: true

-matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
+matrix_appservice_discord_docker_image: "docker.io/halfshot/matrix-appservice-discord:v1.0.0"
 matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"

 matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
@ -17,6 +17,8 @@ matrix_appservice_discord_bot_token: ''
 matrix_appservice_discord_appservice_token: ''
 matrix_appservice_discord_homeserver_token: ''

+matrix_appservice_discord_homeserver_domain: "{{ matrix_domain }}"
+
 # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9005 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9005"), or empty string to not expose.
@ -39,6 +41,14 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
 matrix_appservice_discord_bridge_disablePresence: false
 matrix_appservice_discord_bridge_enableSelfServiceBridging: false

+# Tells whether the bot should make use of "Privileged Gateway Intents".
+#
+# Enabling this means that you need to enable it for the bot (Discord application) as well,
+# by triggering all Intent checkboxes on a page like this: `https://discord.com/developers/applications/694448564151123988/bot`
+#
+# Learn more: https://gist.github.com/advaith1/e69bcc1cdd6d0087322734451f15aa2f
+matrix_appservice_discord_auth_usePrivilegedIntents: false
+
 matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_appservice_discord_configuration_extension_yaml: |
@ -62,10 +72,10 @@ matrix_appservice_discord_registration_yaml: |
  namespaces:
    users:
    - exclusive: true
-      regex: '^@_discord_.*'
+      regex: '@_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}'
    aliases:
    - exclusive: true
-      regex: '^#_discord_.*'
+      regex: '#_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}'
  url: {{ matrix_appservice_discord_appservice_url }}
  sender_localpart: _discord_bot
  rate_limited: false
--- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
@ -63,7 +63,7 @@
    {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
    --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
    --cap-drop=ALL
-    -v {{ matrix_appservice_discord_config_path }}:/cfg
+    --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg
    -w /cfg
    {{ matrix_appservice_discord_docker_image }}
    /bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link"
--- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml
@ -10,6 +10,7 @@
    - "matrix_appservice_discord_bot_token"
    - "matrix_appservice_discord_appservice_token"
    - "matrix_appservice_discord_homeserver_token"
+    - "matrix_appservice_discord_homeserver_domain"

 - name: (Deprecation) Catch and report renamed appservice-discord variables
  fail:
--- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
+++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
@ -26,10 +26,17 @@ bridge:
  disableReadReceipts: false
  # Disable Join Leave echos from matrix
  disableJoinLeaveNotifications: false
+  # Disable Invite echos from matrix
+  disableInviteNotifications: false
+  # Auto-determine the language of code blocks (this can be CPU-intensive)
+  determineCodeLanguage: false
 # Authentication configuration for the discord bot.
 auth:
  clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
  botToken: {{ matrix_appservice_discord_bot_token }}
+  # You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot)
+  # for this to work
+  usePrivilegedIntents: {{ matrix_appservice_discord_auth_usePrivilegedIntents|to_json }}
 logging:
  # What level should the logger output to the console at.
  console: "warn" #silly, verbose, info, http, warn, error, silent
@ -45,8 +52,6 @@ logging:
  #     enable:
  #       - "DiscordBot"
 database:
-  userStorePath: "/data/user-store.db"
-  roomStorePath: "/data/room-store.db"
  # You may either use SQLite or Postgresql for the bridge database, which contains
  # important mappings for events and user puppeting configurations.
  # Use the filename option for SQLite, or connString for Postgresql.
@ -82,10 +87,12 @@ channel:
 limits:
    # Delay in milliseconds between discord users joining a room.
    roomGhostJoinDelay: 6000
-    # Delay in milliseconds before sending messages to discord to avoid echos.
-    # (Copies of a sent message may arrive from discord before we've
+    # Lock timeout in milliseconds before sending messages to discord to avoid
+    # echos. Default is rather high as the lock will most likely time out
+    # before anyways.
+    # echos = (Copies of a sent message may arrive from discord before we've
    # fininished handling it, causing us to echo it back to the room)
-    discordSendDelay: 750
+    discordSendDelay: 1500
 ghosts:
    # Pattern for the ghosts nick, available is :nick, :username, :tag and :id
    nickPattern: ":nick"
--- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
+++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Appservice Discord server
+Description=Matrix Appservice Discord bridge
 {% for service in matrix_appservice_discord_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
@ -25,8 +25,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
 			{% if matrix_appservice_discord_container_http_host_bind_port %}
 			-p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \
 			{% endif %}
-			-v {{ matrix_appservice_discord_config_path }}:/cfg \
-			-v {{ matrix_appservice_discord_data_path }}:/data \
+			--mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg \
+			--mount type=bind,src={{ matrix_appservice_discord_data_path }},dst=/data \
 			{% for arg in matrix_appservice_discord_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_appservice_irc_enabled: true

-matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.17.1"
+matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.17.1"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
--- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Appservice IRC server
+Description=Matrix Appservice IRC bridge
 {% for service in matrix_appservice_irc_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_appservice_slack_enabled: true

-matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0"
+matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:release-1.5.0"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

 matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
--- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
+++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Appservice Slack server
+Description=Matrix Appservice Slack bridge
 {% for service in matrix_appservice_slack_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_appservice_webhooks_enabled: true

-matrix_appservice_webhooks_docker_image: "turt2live/matrix-appservice-webhooks:latest"
+matrix_appservice_webhooks_docker_image: "docker.io/turt2live/matrix-appservice-webhooks:latest"
 matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"

 matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
--- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
+++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Appservice webhooks server
+Description=Matrix Appservice webhooks bridge
 {% for service in matrix_appservice_webhooks_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
@ -4,9 +4,11 @@
 matrix_mautrix_facebook_enabled: true

 matrix_mautrix_facebook_container_image_self_build: false
+matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git"

 # See: https://mau.dev/tulir/mautrix-facebook/container_registry
-matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest"
+matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:latest"
+matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"

 matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
@ -33,6 +35,10 @@ matrix_mautrix_facebook_homeserver_token: ''
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mautrix_facebook_login_shared_secret: ''

+matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}"
+
+matrix_mautrix_facebook_bridge_presence: true
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@ -32,7 +32,7 @@

 - name: Ensure Mautrix Facebook repository is present on self-build
  git:
-    repo: https://github.com/tulir/mautrix-facebook.git
+    repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}"
    dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
 #    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
    force: "yes"
@ -43,12 +43,12 @@
  docker_image:
    name: "{{ matrix_mautrix_facebook_docker_image }}"
    source: build
-    force_source: yes
+    force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
      pull: yes
-  when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_git_pull_results.changed"
+  when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build|bool"

 - name: Check if an old database file already exists
  stat:
--- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
@ -81,23 +81,32 @@ bridge:
    command_prefix: "!fb"

    # Number of chats to sync (and create portals for) on startup/login.
-    # Maximum 20, set 0 to disable automatic syncing.
+    # Set 0 to disable automatic syncing.
    initial_chat_sync: 10
    # Whether or not the Facebook users of logged in Matrix users should be
    # invited to private chats when the user sends a message from another client.
    invite_own_puppet_to_pm: false
-    # Whether or not to use /sync to get presence, read receipts and typing notifications when using
-    # your own Matrix account as the Matrix puppet for your Facebook account.
+    # Whether or not to use /sync to get presence, read receipts and typing notifications
+    # when double puppeting is enabled
    sync_with_custom_puppets: true
-    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
+    # Whether or not to update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # Servers to always allow double puppeting from
+    double_puppet_server_map: {}
+    #    example.com: https://example.com
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
-    login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
-    # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
-    # presence, but then it won't send other users' presence to the client.
-    presence: true
+    # If using this for other servers than the bridge's server,
+    # you must also set the URL in the double_puppet_server_map.
+    login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }}
+    presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
    # Whether or not to update avatars when syncing all contacts at startup.
    update_avatar_initial_sync: true
    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
--- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
+++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mautrix Facebook server
+Description=Matrix Mautrix Facebook bridge
 {% for service in matrix_mautrix_facebook_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
@ -4,9 +4,11 @@
 matrix_mautrix_hangouts_enabled: true

 matrix_mautrix_hangouts_container_image_self_build: false
+matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/tulir/mautrix-hangouts.git"

 # See: https://mau.dev/tulir/mautrix-hangouts/container_registry
-matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest"
+matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:latest"
+matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}"

 matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts"
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@ -32,22 +32,22 @@

 - name: Ensure Mautrix Hangots repository is present on self build
  git:
-    repo: https://github.com/tulir/mautrix-hangouts.git
+    repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}"
    dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
    force: "yes"
  register: matrix_mautrix_hangouts_git_pull_results
-  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build"
+  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build|bool"

 - name: Ensure Mautrix Hangouts Docker image is built
  docker_image:
    name: "{{ matrix_mautrix_hangouts_docker_image }}"
    source: build
-    force_source: yes
+    force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
      pull: yes
-  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_git_pull_results.changed"
+  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build|bool"

 - name: Check if an old database file already exists
  stat:
--- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
+++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mautrix Hangouts server
+Description=Matrix Mautrix Hangouts bridge
 {% for service in matrix_mautrix_hangouts_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@ -4,7 +4,7 @@
 matrix_mautrix_telegram_enabled: true

 # See: https://mau.dev/tulir/mautrix-telegram/container_registry
-matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.2"
+matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.9.0"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
--- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
+++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mautrix Telegram server
+Description=Matrix Mautrix Telegram bridge
 {% for service in matrix_mautrix_telegram_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mautrix Whatsapp server
+Description=Matrix Mautrix Whatsapp bridge
 {% for service in matrix_mautrix_whatsapp_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@ -4,13 +4,15 @@
 matrix_mx_puppet_discord_enabled: true

 matrix_mx_puppet_discord_container_image_self_build: false
+matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/matrix-discord/mx-puppet-discord.git"

 # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_discord_container_http_host_bind_port: ''

-matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest"
+matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:latest"
+matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord"
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@ -32,20 +32,22 @@

 - name: Ensure MX Puppet Discord repository is present on self build
  git:
-    repo: https://github.com/matrix-discord/mx-puppet-discord.git
+    repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
    force: "yes"
+  register: matrix_mx_puppet_discord_git_pull_results
  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"

 - name: Ensure MX Puppet Discord Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_discord_docker_image }}"
    source: build
+    force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
      pull: yes
-  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
+  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool"

 - name: Check if an old database file already exists
  stat:
--- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Discord server
+Description=Matrix Mx Puppet Discord bridge
 {% for service in matrix_mx_puppet_discord_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
@ -4,8 +4,10 @@
 matrix_mx_puppet_instagram_enabled: true

 matrix_mx_puppet_instagram_container_image_self_build: false
+matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git"

-matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest"
+matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:latest"
+matrix_mx_puppet_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_instagram_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram"
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@ -32,20 +32,22 @@

 - name: Ensure mx-puppet-instagram repository is present on self build
  git:
-    repo: https://github.com/Sorunome/mx-puppet-instagram.git
+    repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
    force: "yes"
-  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
+  register: matrix_mx_puppet_instagram_git_pull_results
+  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool"

 - name: Ensure mx-puppet-instagram Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_instagram_docker_image }}"
    source: build
+    force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
      pull: yes
-  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
+  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool"

 - name: Ensure mx-puppet-instagram config.yaml installed
  copy:
--- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
+++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Instagram server
+Description=Matrix Mx Puppet Instagram bridge
 {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
@ -4,8 +4,10 @@
 matrix_mx_puppet_skype_enabled: true

 matrix_mx_puppet_skype_container_image_self_build: false
+matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git"

-matrix_mx_puppet_skype_docker_image: "sorunome/mx-puppet-skype:latest"
+matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:latest"
+matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype"
--- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
@ -32,22 +32,22 @@

 - name: Ensure MX Puppet Skype repository is present on self build
  git:
-    repo: https://github.com/Sorunome/mx-puppet-skype.git
+    repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
    force: "yes"
  register: matrix_mx_puppet_skype_git_pull_results
-  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
+  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"

 - name: Ensure MX Puppet Skype Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_skype_docker_image }}"
    source: build
-    force_source: yes
+    force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
      pull: yes
-  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_git_pull_results.changed"
+  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"

 - name: Check if an old database file already exists
  stat:
--- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
+++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Skype server
+Description=Matrix Mx Puppet Skype bridge
 {% for service in matrix_mx_puppet_skype_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@ -4,13 +4,15 @@
 matrix_mx_puppet_slack_enabled: true

 matrix_mx_puppet_slack_container_image_self_build: false
+matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git"

 # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_slack_container_http_host_bind_port: ''

-matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
+matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:latest"
+matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack"
--- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@ -32,15 +32,17 @@

 - name: Ensure MX Puppet Slack repository is present on self build
  git:
-    repo: https://github.com/Sorunome/mx-puppet-slack.git
+    repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
    force: "yes"
+  register: matrix_mx_puppet_slack_git_pull_results
  when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"

 - name: Ensure MX Puppet Slack Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_slack_docker_image }}"
    source: build
+    force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
--- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
+++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Slack server
+Description=Matrix Mx Puppet Slack bridge
 {% for service in matrix_mx_puppet_slack_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
@ -4,13 +4,15 @@
 matrix_mx_puppet_steam_enabled: true

 matrix_mx_puppet_steam_container_image_self_build: false
+matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git"

 # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_steam_container_http_host_bind_port: ''

-matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest"
+matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:latest"
+matrix_mx_puppet_steam_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_steam_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam"
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@ -32,15 +32,17 @@

 - name: Ensure MX Puppet Steam repository is present on self build
  git:
-    repo: https://github.com/icewind1991/mx-puppet-steam.git
+    repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
    force: "yes"
+  register: matrix_mx_puppet_steam_git_pull_results
  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"

 - name: Ensure MX Puppet Steam Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_steam_docker_image }}"
    source: build
+    force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
--- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
+++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Steam server
+Description=Matrix Mx Puppet Steam bridge
 {% for service in matrix_mx_puppet_steam_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
@ -4,13 +4,15 @@
 matrix_mx_puppet_twitter_enabled: true

 matrix_mx_puppet_twitter_container_image_self_build: false
+matrix_mx_puppet_twitter_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-twitter.git"

 # Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_twitter_container_http_host_bind_port: ''

-matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest"
+matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:latest"
+matrix_mx_puppet_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_twitter_container_image_self_build else 'docker.io/' }}"
 matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}"

 matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter"
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@ -32,15 +32,17 @@

 - name: Ensure MX Puppet Twitter repository is present on self build
  git:
-    repo: https://github.com/Sorunome/mx-puppet-twitter.git
+    repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
    force: "yes"
+  register: matrix_mx_puppet_twitter_git_pull_results
  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"

 - name: Ensure MX Puppet Twitter Docker image is built
  docker_image:
    name: "{{ matrix_mx_puppet_twitter_docker_image }}"
    source: build
+    force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
--- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
+++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=Matrix Mx Puppet Twitter server
+Description=Matrix Mx Puppet Twitter bridge
 {% for service in matrix_mx_puppet_twitter_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
--- a/roles/matrix-bridge-sms/defaults/main.yml
+++ b/roles/matrix-bridge-sms/defaults/main.yml
@ -3,43 +3,27 @@

 matrix_sms_bridge_enabled: true

-matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.3.2.RELEASE"
-matrix_sms_bridge_database_docker_image: "neo4j:latest"
-matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}"
+matrix_sms_bridge_docker_image: "docker.io/folivonet/matrix-sms-bridge:0.5.4"

 matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"
 matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config"
 matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data"
-matrix_sms_bridge_data_log_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/log"
-matrix_sms_bridge_data_spool_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool"
-matrix_sms_bridge_data_spool_inbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox"
-matrix_sms_bridge_data_spool_inbox_processed_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox_processed"
-matrix_sms_bridge_data_spool_outbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/outbox"
-matrix_sms_bridge_data_spool_sent_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/sent"
-matrix_sms_bridge_data_spool_error_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/error"
-matrix_sms_bridge_database_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/database"

 matrix_sms_bridge_appservice_token: ''
 matrix_sms_bridge_homeserver_token: ''

-matrix_sms_bridge_database_username: 'neo4j'
-matrix_sms_bridge_database_password: ''
-
 matrix_sms_bridge_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_sms_bridge_container_extra_arguments: []

 # List of systemd services that service depends on.
-matrix_sms_bridge_systemd_required_services_list: ['docker.service','matrix-sms-bridge-database.service']
-matrix_sms_bridge_database_systemd_required_services_list: ['docker.service']
+matrix_sms_bridge_systemd_required_services_list: ['docker.service']

 # List of systemd services that service wants
 matrix_sms_bridge_systemd_wanted_services_list: []
-matrix_sms_bridge_database_systemd_wanted_services_list: []

 matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
-matrix_sms_bridge_database_url: 'bolt://matrix-sms-bridge-database:7687'
 matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
 matrix_sms_bridge_homeserver_port: '8008'

@ -47,25 +31,19 @@ matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
 matrix_sms_bridge_default_room: ''
 matrix_sms_bridge_default_region: ''
 matrix_sms_bridge_default_timezone: ''
+matrix_sms_bridge_single_mode_enabled: false

-matrix_sms_bridge_gammu_modem: ''
-matrix_sms_bridge_modem_group: 'dialout'
-matrix_sms_bridge_gammu_reset_frequency: 0
-matrix_sms_bridge_gammu_hard_reset_frequency: 0
+matrix_sms_bridge_provider_android_baseurl: ''
+matrix_sms_bridge_provider_android_username: ''
+matrix_sms_bridge_provider_android_password: ''
+matrix_sms_bridge_provider_android_truststore_local_path: ''
+matrix_sms_bridge_provider_android_truststore_password: ''


 matrix_sms_bridge_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"

  # Database connection
-  org:
-    neo4j:
-      driver:
-        uri: {{ matrix_sms_bridge_database_url }}
-        authentication:
-          username: {{ matrix_sms_bridge_database_username }}
-          password: {{ matrix_sms_bridge_database_password }}
-
  matrix:
    bridge:
      sms:
@ -74,17 +52,33 @@ matrix_sms_bridge_configuration_yaml: |
        defaultRoomId: "{{ matrix_sms_bridge_default_room }}"
        defaultRegion: "{{ matrix_sms_bridge_default_region }}"
        defaultTimeZone: "{{ matrix_sms_bridge_default_timezone }}"
+        singleModeEnabled: "{{ matrix_sms_bridge_single_mode_enabled }}"
        provider:
-          gammu:
+          android:
            # (optional) default is disabled
            enabled: true
-            # (optional) Path to the Gammu-Inbox directory.
-            inboxPath: /data/spool/inbox
-            # (optional) Path to the directory, where to put processed messages.
-            inboxProcessedPath: /data/spool/inbox_processed
+            # The url to the android-sms-gateway-server
+            baseUrl: {{ matrix_sms_bridge_provider_android_baseurl }}
+            # The username of the gateway
+            username: {{ matrix_sms_bridge_provider_android_username }}
+            # The password of the gateway
+            password: {{ matrix_sms_bridge_provider_android_password }}
+            # (optional) if you use a self signed certificate, you can add the public key here
+            {% if matrix_sms_bridge_provider_android_truststore_local_path %}
+            trustStore:
+              path: /config/matrix-sms-gateway-server.p12
+              password: {{ matrix_sms_bridge_provider_android_truststore_password }}
+              type: PKCS12
+            {% endif %}
    bot:
      # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org
      serverName: {{ matrix_sms_bridge_homserver_domain }}
+      migration:
+        url: "jdbc:h2:file:/data/database/db"
+        username: sa
+      database:
+        url: "r2dbc:h2:file:////data/database/db"
+        username: sa
    client:
      homeServer:
        # The hostname of your Homeserver.
@ -112,31 +106,6 @@ matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_e

 matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}"

-matrix_sms_bridge_gammu_configuration: |
-  [gammu]
-  Device = {{ matrix_sms_bridge_gammu_modem }}
-  LogFile = /data/log/gammu.log
-  debugLevel = 1
-
-  [smsd]
-  Service = files
-  LoopSleep = 2
-  InboxPath = /data/spool/inbox/
-  OutboxPath = /data/spool/outbox/
-  SentSMSPath = /data/spool/sent/
-  ErrorSMSPath = /data/spool/error/
-  InboxFormat = detail
-  OutboxFormat = detail
-  TransmitFormat = auto
-  ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }}
-  HardResetFrequency = {{ matrix_sms_bridge_gammu_hard_reset_frequency }}
-  debugLevel = 1
-  LogFile = /data/log/smsd.log
-  DeliveryReport = no
-  HangupCalls = 1
-  CheckBattery = 0
-
-
 matrix_sms_bridge_registration_yaml: |
  id: sms
  as_token: "{{ matrix_sms_bridge_appservice_token }}"
@ -145,6 +114,9 @@ matrix_sms_bridge_registration_yaml: |
      users:
      - exclusive: true
        regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$'
+      aliases:
+      - exclusive: true
+        regex: '^#sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$'
  url: {{ matrix_sms_bridge_appservice_url }}
  sender_localpart: smsbot
  rate_limited: false
--- a/roles/matrix-bridge-sms/tasks/init.yml
+++ b/roles/matrix-bridge-sms/tasks/init.yml
@ -7,7 +7,7 @@
  when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)"

 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}"
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}"
  when: matrix_sms_bridge_enabled|bool

 # If the matrix-synapse role is not used, these variables may not exist.
--- a/roles/matrix-bridge-sms/tasks/setup_install.yml
+++ b/roles/matrix-bridge-sms/tasks/setup_install.yml
@ -5,14 +5,6 @@
    name: "{{ matrix_sms_bridge_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"

- name: Ensure matrix-sms-bridge databse image is pulled
-  docker_image:
-    name: "{{ matrix_sms_bridge_database_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_sms_bridge_database_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_database_docker_image_force_pull }}"
-
-
 - name: Ensure matrix-sms-bridge paths exist
  file:
    path: "{{ item }}"
@ -24,14 +16,6 @@
    - "{{ matrix_sms_bridge_base_path }}"
    - "{{ matrix_sms_bridge_config_path }}"
    - "{{ matrix_sms_bridge_data_path }}"
-    - "{{ matrix_sms_bridge_data_log_path }}"
-    - "{{ matrix_sms_bridge_data_spool_path }}"
-    - "{{ matrix_sms_bridge_data_spool_inbox_path }}"
-    - "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}"
-    - "{{ matrix_sms_bridge_data_spool_outbox_path }}"
-    - "{{ matrix_sms_bridge_data_spool_sent_path }}"
-    - "{{ matrix_sms_bridge_data_spool_error_path }}"
-    - "{{ matrix_sms_bridge_database_path }}"

 - name: Ensure matrix-sms-bridge application.yml installed
  copy:
@ -49,13 +33,14 @@
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"

- name: Ensure matrix-sms-bridge gammu-smsdrc installed
+- name: Ensure android-sms-gateway-server cert installed
  copy:
-    content: "{{ matrix_sms_bridge_gammu_configuration }}"
-    dest: "{{ matrix_sms_bridge_config_path }}/gammu-smsdrc"
+    src: "{{ matrix_sms_bridge_provider_android_truststore_local_path }}"
+    dest: "{{ matrix_sms_bridge_config_path }}/matrix-sms-gateway-server.p12"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
+  when: matrix_sms_bridge_provider_android_truststore_local_path != ""

 - name: Ensure matrix-sms-bridge.service installed
  template:
@ -64,14 +49,7 @@
    mode: 0644
  register: matrix_sms_bridge_systemd_service_result

- name: Ensure matrix-sms-bridge-database.service installed
-  template:
-    src: "{{ role_path }}/templates/systemd/matrix-sms-bridge-database.service.j2"
-    dest: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
-    mode: 0644
-  register: matrix_sms_bridge_database_systemd_service_result
-
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service installation
+- name: Ensure systemd reloaded after matrix-sms-bridge.service installation
  service:
    daemon_reload: yes
-  when: matrix_sms_bridge_systemd_service_result.changed or matrix_sms_bridge_database_systemd_service_result.changed
+  when: matrix_sms_bridge_systemd_service_result.changed
--- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml
@ -5,11 +5,6 @@
    path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
  register: matrix_sms_bridge_service_stat

- name: Check existence of matrix-sms-bridge-database service
-  stat:
-    path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
-  register: matrix_sms_bridge_database_service_stat
-
 - name: Ensure matrix-sms-bridge is stopped
  service:
    name: matrix-sms-bridge
@ -17,26 +12,8 @@
    daemon_reload: yes
  when: "matrix_sms_bridge_service_stat.stat.exists"

- name: Ensure matrix-sms-bridge-database is stopped
-  service:
-    name: matrix-sms-bridge-database
-    state: stopped
-    daemon_reload: yes
-  when: "matrix_sms_bridge_database_service_stat.stat.exists"
-
 - name: Ensure matrix-sms-bridge.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
    state: absent
-  when: "matrix_sms_bridge_service_stat.stat.exists"
-
- name: Ensure matrix-sms-bridge-database.service doesn't exist
-  file:
-    path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
-    state: absent
-  when: "matrix_sms_bridge_database_service_stat.stat.exists"
-
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service removal
-  service:
-    daemon_reload: yes
-  when: matrix_sms_bridge_service_stat.stat.exists or matrix_sms_bridge_database_service_stat.stat.exists
+  when: "matrix_sms_bridge_service_stat.stat.exists"
--- a/roles/matrix-bridge-sms/tasks/validate_config.yml
+++ b/roles/matrix-bridge-sms/tasks/validate_config.yml
@ -8,7 +8,8 @@
  with_items:
    - "matrix_sms_bridge_appservice_token"
    - "matrix_sms_bridge_homeserver_token"
-    - "matrix_sms_bridge_database_password"
-    - "matrix_sms_bridge_gammu_modem"
    - "matrix_sms_bridge_default_region"
    - "matrix_sms_bridge_default_timezone"
+    - "matrix_sms_bridge_provider_android_baseurl"
+    - "matrix_sms_bridge_provider_android_username"
+    - "matrix_sms_bridge_provider_android_password"
--- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2
+++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2
@ -1,36 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=matrix-sms-bridge-database server
-{% for service in matrix_sms_bridge_database_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_sms_bridge_database_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-
-[Service]
-Type=simple
-ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database
-ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database
-
-# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre=/bin/sleep 5
-
-ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge-database \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--network={{ matrix_docker_network }} \
-			-v {{ matrix_sms_bridge_database_path }}:/data:z \
-			-e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} \
-			{{ matrix_sms_bridge_database_docker_image }}
-
-ExecStop=-/usr/bin/docker kill matrix-sms-bridge-database
-ExecStop=-/usr/bin/docker rm matrix-sms-bridge-database
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-sms-bridge
-
- [Install]
-WantedBy=multi-user.target
--- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2
+++ b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2
@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
-Description=matrix-sms-bridge server
+Description=Matrix sms bridge
 {% for service in matrix_sms_bridge_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
@ -20,7 +20,6 @@ ExecStartPre=/bin/sleep 5
 ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--group-add {{ matrix_sms_bridge_modem_group }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_sms_bridge_container_http_host_bind_port %}
@ -28,9 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \
 			{% endif %}
 			-v {{ matrix_sms_bridge_config_path }}:/config:z \
 			-v {{ matrix_sms_bridge_data_path }}:/data:z \
-			-v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \
-			--privileged \
-			-v /dev:/dev:slave \
+			--env SPRING_CONFIG_ADDITIONAL_LOCATION=/config/application.yml \
 			{% for arg in matrix_sms_bridge_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@ -1,8 +1,10 @@
 matrix_client_element_enabled: true

 matrix_client_element_container_image_self_build: false
+matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"

-matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7"
+matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.15"
+matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

 matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
@ -30,9 +32,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_permalinkPrefix: "https://matrix.to"
+matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
+matrix_client_element_showLabsSettings: true
 # Element public room directory server(s)
 matrix_client_element_roomdir_servers: ['matrix.org']
-matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
+matrix_client_element_welcome_user_id: ~
 # Branding of Element
 matrix_client_element_brand: "Element"

--- a/roles/matrix-client-element/tasks/setup.yml
+++ b/roles/matrix-client-element/tasks/setup.yml
@ -26,21 +26,23 @@

 - name: Ensure Element repository is present on self-build
  git:
-    repo: https://github.com/vector-im/riot-web.git
+    repo: "{{ matrix_client_element_container_image_self_build_repo }}"
    dest: "{{ matrix_client_element_docker_src_files_path }}"
    version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
    force: "yes"
-  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
+  register: matrix_client_element_git_pull_results
+  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool"

 - name: Ensure Element Docker image is built
  docker_image:
    name: "{{ matrix_client_element_docker_image }}"
    source: build
+    force_source: "{{ matrix_client_element_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_client_element_docker_src_files_path }}"
      pull: yes
-  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
+  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool"

 - name: Ensure Element configuration installed
  copy:
--- a/roles/matrix-client-element/templates/config.json.j2
+++ b/roles/matrix-client-element/templates/config.json.j2
@ -20,8 +20,8 @@
 	"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
 	"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
 	"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
-	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
-	"enableLabs": true,
+	"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
+	"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
 	"roomDirectory": {
 		"servers": {{ matrix_client_element_roomdir_servers|to_json }}
 	},
--- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2
+++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2
@ -21,13 +21,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element
 			-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
 			{% endif %}
 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-			-v {{ matrix_client_element_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-			-v {{ matrix_client_element_data_path }}/config.json:/app/config.json:ro \
-			-v {{ matrix_client_element_data_path }}/config.json:/app/config.{{ matrix_server_fqn_element }}.json:ro \
+			--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
+			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
+			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
 			{% if matrix_client_element_embedded_pages_home_path is not none %}
-			-v {{ matrix_client_element_data_path }}/home.html:/app/home.html:ro \
+			--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
 			{% endif %}
-			-v {{ matrix_client_element_data_path }}/welcome.html:/app/welcome.html:ro \
+			--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
 			{% for arg in matrix_client_element_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/matrix-client-element/templates/welcome.html.j2
+++ b/roles/matrix-client-element/templates/welcome.html.j2
@ -97,19 +97,10 @@ h1::after {
    color: #2e2f32 !important;
 }

-.mx_ButtonHeadline {
-    margin-bottom: 14px;
-}
-
 .mx_ButtonLabel {
    margin-left: 20px;
 }

-.mx_ButtonWrapperText {
-    font-size: 13px;
-    margin-bottom: 10px;
-}
-
 .mx_Header_title {
    font-size: 24px;
    font-weight: 600;
@ -128,7 +119,7 @@ h1::after {
 }

 .mx_ButtonCreateAccount {
-    background-color: #03B381;
+    background-color: #0DBD8B;
    color: white !important;
 }

@ -150,6 +141,32 @@ h1::after {
    background-image: url('welcome/images/icon-room-directory.svg');
 }

+/*
+.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
+If it is set on the page, we should show the buttons. Otherwise, we have to assume
+we don't have an account and should hide them. No account == no guest account either.
+ */
+.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
+    display: none;
+}
+
+.mx_ButtonRow.mx_WelcomePage_guestFunctions {
+    margin-top: 20px;
+}
+.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
+    margin: 0 auto;
+}
+
+@media only screen and (max-width: 480px) {
+    .mx_ButtonRow {
+        flex-direction: column;
+    }
+
+    .mx_ButtonRow > * {
+        margin: 0 0 10px 0;
+    }
+}
+
 </style>

 <div class="mx_Parent">
@ -175,17 +192,10 @@ h1::after {
             See https://github.com/vector-im/riot-web/issues/8622.
             TODO: Convert to config option if possible. -->
        <!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
-        <div class="mx_ButtonRow">
-            <div>
-                <div class="mx_ButtonWrapperText">_t("Need help?")</div>
-                <a href="#/user/@riot-bot:matrix.org?action=chat" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconHelp">
-                    <div class="mx_ButtonLabel">_t("Chat with Riot Bot")</div>
-                </a>
-            </div>
+        <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
            <div>
-                <div class="mx_ButtonWrapperText">_t("Explore rooms")</div>
                <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
-                    <div class="mx_ButtonLabel">_t("Room Directory")</div>
+                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
                </a>
            </div>
        </div>
--- a/roles/matrix-common-after/tasks/main.yml
+++ b/roles/matrix-common-after/tasks/main.yml
@ -11,3 +11,7 @@
 - import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml"
  tags:
    - always
+
+- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
+  tags:
+    - run-docker-prune
--- a/roles/matrix-common-after/tasks/run_docker_prune.yml
+++ b/roles/matrix-common-after/tasks/run_docker_prune.yml
@ -0,0 +1,4 @@
+---
+
+- name: Run Docker System Prune
+  command: "{{ matrix_host_command_docker }} system prune -a -f"
--- a/roles/matrix-common-after/tasks/start.yml
+++ b/roles/matrix-common-after/tasks/start.yml
@ -1,5 +1,9 @@
 ---

+- name: Deterimne whether we should make services autostart
+  set_fact:
+    matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}"
+
 - name: Ensure systemd is reloaded
  service:
    daemon_reload: yes
@ -14,7 +18,7 @@
 - name: Ensure Matrix services are started
  service:
    name: "{{ item }}"
-    enabled: yes
+    enabled: "{{ matrix_services_autostart_enabled_bool }}"
    state: started
  with_items: "{{ matrix_systemd_services_list }}"
  when: not ansible_check_mode
--- a/roles/matrix-corporal/defaults/main.yml
+++ b/roles/matrix-corporal/defaults/main.yml
@ -3,6 +3,9 @@

 matrix_corporal_enabled: true

+matrix_corporal_container_image_self_build: false
+matrix_corporal_container_image_self_build_repo: "https://github.com/devture/matrix-corporal.git"
+
 # Controls whether the matrix-corporal container exposes its gateway HTTP port (tcp/41080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:41080"), or empty string to not expose.
@ -19,10 +22,13 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']

-matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
+matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
+matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else 'docker.io/' }}"
+matrix_corporal_docker_image_tag: "1.11.0"
 matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"

 matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
+matrix_corporal_container_src_files_path: "{{ matrix_corporal_base_path }}/container-src"
 matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
 matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
 matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
--- a/roles/matrix-corporal/tasks/setup_corporal.yml
+++ b/roles/matrix-corporal/tasks/setup_corporal.yml
@ -17,13 +17,33 @@
    - "{{ matrix_corporal_var_dir_path }}"
  when: matrix_corporal_enabled|bool

+- name: Ensure Matrix Corporal repository is present on self-build
+  git:
+    repo: "{{ matrix_corporal_container_image_self_build_repo }}"
+    dest: "{{ matrix_corporal_container_src_files_path }}"
+    version: "{{ matrix_corporal_docker_image.split(':')[1] }}"
+    force: "yes"
+  register: matrix_corporal_git_pull_results
+  when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool"
+
+- name: Ensure Matrix Corporal Docker image is built
+  docker_image:
+    name: "{{ matrix_corporal_docker_image }}"
+    source: build
+    force_source: "{{ matrix_corporal_git_pull_results.changed }}"
+    build:
+      dockerfile: etc/docker/Dockerfile
+      path: "{{ matrix_corporal_container_src_files_path }}"
+      pull: yes
+  when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool"
+
 - name: Ensure Matrix Corporal Docker image is pulled
  docker_image:
    name: "{{ matrix_corporal_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}"
-  when: matrix_corporal_enabled|bool
+  when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool"

 - name: Ensure Matrix Corporal config installed
  copy:
--- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
+++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
@ -23,9 +23,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
 			{% if matrix_corporal_container_http_api_host_bind_port %}
 			-p {{ matrix_corporal_container_http_api_host_bind_port }}:41081 \
 			{% endif %}
-			-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
-			-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
-			-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
+			--mount type=bind,src={{ matrix_corporal_config_dir_path }},dst=/etc/matrix-corporal,ro \
+			--mount type=bind,src={{ matrix_corporal_cache_dir_path }},dst=/var/cache/matrix-corporal \
+			--mount type=bind,src={{ matrix_corporal_var_dir_path }},dst=/var/matrix-corporal \
 			{% for arg in matrix_corporal_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@ -1,8 +1,10 @@
 matrix_coturn_enabled: true

 matrix_coturn_container_image_self_build: false
+matrix_coturn_container_image_self_build_repo: "https://github.com/instrumentisto/coturn-docker-image.git"

-matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3"
+matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.1.3"
+matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

 # The Docker network that Coturn would be put into.
--- a/roles/matrix-coturn/tasks/setup_coturn.yml
+++ b/roles/matrix-coturn/tasks/setup_coturn.yml
@ -25,21 +25,23 @@

 - name: Ensure Coturn repository is present on self-build
  git:
-    repo: https://github.com/instrumentisto/coturn-docker-image.git
+    repo: "{{ matrix_coturn_container_image_self_build_repo }}"
    dest: "{{ matrix_coturn_docker_src_files_path }}"
    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
    force: "yes"
+  register: matrix_coturn_git_pull_results
  when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"

 - name: Ensure Coturn Docker image is built
  docker_image:
    name: "{{ matrix_coturn_docker_image }}"
    source: build
+    force_source: "{{ matrix_coturn_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_coturn_docker_src_files_path }}"
      pull: yes
-  when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
+  when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build|bool"

 - name: Ensure Coturn configuration path exists
  file:
--- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
+++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
 			{% if matrix_coturn_container_turn_range_listen_interface is not none %}
 			-p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
 			{% endif %}
-			-v {{ matrix_coturn_config_path }}:/turnserver.conf:ro \
+			--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \
 			{% for volume in matrix_coturn_container_additional_volumes %}
 			-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
 			{% endfor %}
--- a/roles/matrix-dimension/defaults/main.yml
+++ b/roles/matrix-dimension/defaults/main.yml
@ -12,7 +12,7 @@ matrix_dimension_widgets_allow_self_signed_ssl_certificates: false

 matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension"

-matrix_dimension_docker_image: "turt2live/matrix-dimension:latest"
+matrix_dimension_docker_image: "docker.io/turt2live/matrix-dimension:latest"
 matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}"

 # The user and group id correspond to the node user in the `turt2live/matrix-dimension` image.
--- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
+++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
@ -23,7 +23,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
 			{% if matrix_dimension_container_http_host_bind_port %}
 			-p {{ matrix_dimension_container_http_host_bind_port }}:8184 \
 			{% endif %}
-			-v {{ matrix_dimension_base_path }}:/data:rw \
+			--mount type=bind,src={{ matrix_dimension_base_path }},dst=/data \
 			{% for arg in matrix_dimension_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
--- a/roles/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/matrix-dynamic-dns/defaults/main.yml
@ -0,0 +1,46 @@
+# Whether dynamic dns is enabled
+matrix_dynamic_dns_enabled: true
+
+# The dynamic dns daemon interval
+matrix_dynamic_dns_daemon_interval: '300'
+
+# The docker container to use when in mode
+matrix_dynamic_dns_docker_image: '{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:v3.9.1-ls45'
+
+matrix_dynamic_dns_docker_image_name_prefix: "{{ 'localhost/' if matrix_dynamic_dns_container_image_self_build else 'docker.io/' }}"
+
+# The image to force pull
+matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}"
+
+# List of extra arguments to pass to the ontainer mode
+matrix_dynamic_dns_container_extra_arguments: []
+
+# List of wanted services when running in mode
+matrix_dynamic_dns_systemd_wanted_services_list: []
+
+# List of required services when running in mode
+matrix_dynamic_dns_systemd_required_services_list: ['docker.service']
+
+# Build the container from source when running in mode
+matrix_dynamic_dns_container_image_self_build: false
+matrix_dynamic_dns_container_image_self_build_repo: "https://github.com/linuxserver/docker-ddclient.git"
+
+# Config paths
+matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
+matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
+matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"
+
+# Holds the configurations (the domains to update DNS for, the providers they use, etc.)
+#
+# Example:
+# matrix_dynamic_dns_domain_configurations:
+#   - provider: domains.google.com
+#     protocol: dyndn2
+#     username: XXXXXXXXXXXXXXXX
+#     password: XXXXXXXXXXXXXXXX
+#     domain: "{{ matrix_domain }}"
+matrix_dynamic_dns_domain_configurations: []
+
+# Config options
+matrix_dynamic_dns_additional_configuration_blocks: []
+matrix_dynamic_dns_use: "web"
--- a/Show More
+++ b/Show More