26 changed files with 46 additions and 120 deletions
--- a/README.md
+++ b/README.md
@ -93,7 +93,7 @@ Use alternative file storage to the default `media_store` folder.
 | ---- | -------- | ----------- | ------------- |
 | [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) |
 | [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) |
-| [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) | x | matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification. | [Link](docs/configuring-playbook-matrix-media-repo.md) |
+| [matrix-media-repo](https://github.com/turt2live/matrix-media-repo) | x | matrix-media-repo is a highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification. | [Link](docs/configuring-playbook-media-repo.md) |
 ### Bridges
--- a/docs/configuring-playbook-bot-draupnir.md
+++ b/docs/configuring-playbook-bot-draupnir.md
@ -20,7 +20,7 @@ You can use the playbook to [register a new user](registering-users.md):
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
 ```
-If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ([see below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
+If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
 ## 2. Get an access token
@ -32,9 +32,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
 You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
-If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](/docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. 
+If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. 
-The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token.
+The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token.
@ -77,7 +77,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 ## Usage
-You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
+You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
 You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
@ -94,17 +94,3 @@ matrix_bot_draupnir_configuration_extension_yaml: |
  # completely redefining `matrix_bot_draupnir_configuration_yaml`.
  recordIgnoredInvites: true
 ```
 ## Abuse Reports
 Draupnir supports two methods to receive reports in the management room.
 The first method intercepts the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver.
 While this playbook uses reverse proxies, it does not yet implement this.
 The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user (see step 1).
 To enable it, set `pollReports: true` in Draupnir's config:
 ```yaml
 matrix_bot_draupnir_configuration_extension_yaml: |
  pollReports: true
 ```
--- a/docs/configuring-playbook-bot-mjolnir.md
+++ b/docs/configuring-playbook-bot-mjolnir.md
@ -31,9 +31,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
 You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
-If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](/docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. 
+If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. 
-The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token.
+The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token.
 ## 4. Create a management room
--- a/docs/importing-postgres.md
+++ b/docs/importing-postgres.md
@ -32,7 +32,7 @@ just run-tags import-postgres \
 - `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!)
 - `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly
- after importing a large database, it's a good idea to run [an `ANALYZE` operation](https://www.postgresql.org/docs/current/sql-analyze.html) to make Postgres rebuild its database statistics and optimize its query planner. You can easily do this via the playbook by running `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze` (see [Vacuuming PostgreSQL](maintenance-postgres.md#vacuuming-postgresql) for more details).
+
 ## Troubleshooting
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@ -34,22 +34,17 @@ When in doubt, consider [making a backup](#backing-up-postgresql).
 ## Vacuuming PostgreSQL
-Deleting lots data from Postgres does not make it release disk space, until you perform a [`VACUUM` operation](https://www.postgresql.org/docs/current/sql-vacuum.html).
+Deleting lots data from Postgres does not make it release disk space, until you perform a `VACUUM` operation.
-You can run different `VACUUM` operations via the playbook, with the default preset being `vacuum-complete`:
+To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sql-vacuum.html), run the playbook with `--tags=run-postgres-vacuum`.
- (default) `vacuum-complete`: stops all services temporarily and runs `VACUUM FULL VERBOSE ANALYZE`.
+Example:
 - `vacuum-full`: stops all services temporarily and runs `VACUUM FULL VERBOSE`
 - `vacuum`: runs `VACUUM VERBOSE` without stopping any services
 - `vacuum-analyze` runs `VACUUM VERBOSE ANALYZE` without stopping any services
 - `analyze` runs `ANALYZE VERBOSE` without stopping any services (this is just [ANALYZE](https://www.postgresql.org/docs/current/sql-analyze.html) without doing a vacuum, so it's faster)
-**Note**: for the `vacuum-complete` and `vacuum-full` presets, you'll need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`). These presets also stop all services (e.g. Synapse, etc.) while the vacuum operation is running.
+```bash
 just run-tags run-postgres-vacuum,start
 ```
-Example playbook invocations:
+**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`).
 - `just run-tags run-postgres-vacuum`: runs the default `vacuum-complete` preset and restarts all services
 - `just run-tags run-postgres-vacuum -e postgres_vacuum_preset=analyze`: runs the `analyze` preset with all services remaining operational at all times
 ## Backing up PostgreSQL
--- a/requirements.yml
+++ b/requirements.yml
@ -4,7 +4,7 @@
  version: v1.0.0-1
  name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.6-1.8.2-0
+  version: v1.2.5-1.8.2-1
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
  version: v0.1.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
@ -16,7 +16,7 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
  version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v16.0-5
+  version: v16.0-2
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
  version: a0cc7c1c696872ba8880d9c5e5a54098de825030
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
@ -30,19 +30,19 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
  version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v1.9.3-0
+  version: v1.9.2-1
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.0.1
+  version: 6.2.0
  name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.1.4-0
+  version: v10.1.2-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v8960-1
+  version: v8960-0
  name: jitsi
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
  version: v2.7.0-2
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.47.1-0
+  version: v2.47.0-0
  name: prometheus
 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
  version: v1.6.1-0
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Draupnir bot
-{% for service in matrix_bot_draupnir_systemd_wanted_services_list %}
+{% for service in matrix_bot_draupnir_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@ -5,7 +5,7 @@
 matrix_bot_matrix_registration_bot_enabled: true
 matrix_bot_matrix_registration_bot_container_image_self_build: false
 matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
-matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
+matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
 matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
 matrix_bot_matrix_registration_bot_version: 1.3.0
--- a/roles/custom/matrix-bot-maubot/defaults/main.yml
+++ b/roles/custom/matrix-bot-maubot/defaults/main.yml
@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
 matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
-matrix_bot_maubot_version: v0.4.2
+matrix_bot_maubot_version: v0.4.1
 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
 matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
+++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mjolnir bot
-{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %}
+{% for service in matrix_bot_mjolnir_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
-matrix_bot_postmoogle_version: v0.9.16
+matrix_bot_postmoogle_version: v0.9.14
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@ -65,15 +65,12 @@ matrix_bot_postmoogle_database_dialect: "{{
 # The bot's username. This user needs to be created manually beforehand.
-# Also see `matrix_bot_postmoogle_password` or `matrix_bot_postmoogle_sharedsecret`
+# Also see `matrix_bot_postmoogle_password`.
 matrix_bot_postmoogle_login: "postmoogle"
 # The password that the bot uses to authenticate.
 matrix_bot_postmoogle_password: ''
 # Alternative to password - shared secret requires matrix_bot_postmoogle_login to be MXID
 matrix_bot_postmoogle_sharedsecret: ''
 matrix_bot_postmoogle_homeserver: "{{ matrix_homeserver_container_url }}"
 # Command prefix
@ -82,12 +79,6 @@ matrix_bot_postmoogle_prefix: '!pm'
 # Max email size in megabytes, including attachments
 matrix_bot_postmoogle_maxsize: '1024'
 # Optional SMTP relay mode
 matrix_bot_postmoogle_relay_host: ''
 matrix_bot_postmoogle_relay_port: ''
 matrix_bot_postmoogle_relay_username: ''
 matrix_bot_postmoogle_relay_password: ''
 # A list of admins
 # Example set of rules:
 # matrix_bot_postmoogle_admins:
@ -111,6 +102,9 @@ matrix_bot_postmoogle_monitoring_healthchecks_duration: 60
 # Log level
 matrix_bot_postmoogle_loglevel: 'INFO'
 # Disable encryption
 matrix_bot_postmoogle_noencryption: false
 # deprecated, use matrix_bot_postmoogle_domains
 matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
@ -153,9 +147,6 @@ matrix_bot_postmoogle_tls_required: false
 # trusted proxies
 matrix_bot_postmoogle_proxies: []
 # known forwarders
 matrix_bot_postmoogle_mailboxes_forwarded: []
 # reserved mailboxes
 matrix_bot_postmoogle_mailboxes_reserved: []
--- a/roles/custom/matrix-bot-postmoogle/templates/env.j2
+++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2
@ -1,6 +1,5 @@
 POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }}
 POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }}
 POSTMOOGLE_SHAREDSECRET={{ matrix_bot_postmoogle_sharedsecret }}
 POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }}
 POSTMOOGLE_DOMAINS={{ matrix_bot_postmoogle_domains | join(' ') }}
 POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }}
@ -9,6 +8,7 @@ POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}
 POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }}
 POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
 POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
 POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
 POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
 POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }}
 POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
@ -16,15 +16,10 @@ POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
 POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
 POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }}
 POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies | join(' ') }}
 POSTMOOGLE_RELAY_HOST={{ matrix_bot_postmoogle_relay_host }}
 POSTMOOGLE_RELAY_PORT={{ matrix_bot_postmoogle_relay_port }}
 POSTMOOGLE_RELAY_USERNAME={{ matrix_bot_postmoogle_relay_username }}
 POSTMOOGLE_RELAY_PASSWORD={{ matrix_bot_postmoogle_relay_password }}
 POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }}
 POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }}
 POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }}
 POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }}
 POSTMOOGLE_MAILBOXES_FORWARDED={{ matrix_bot_postmoogle_mailboxes_forwarded | join(' ') }}
 POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved | join(' ') }}
 POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }}
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@ -30,15 +30,7 @@ matrix_heisenbridge_homeserver_url: "{{ matrix_homeserver_container_url }}"
 matrix_heisenbridge_appservice_token: ''
 matrix_heisenbridge_homeserver_token: ''
-matrix_heisenbridge_config_media_url: "{{ matrix_homeserver_url }}"
+# Default registration file
 matrix_heisenbridge_config_displayname: "Heisenbridge"
 matrix_heisenbridge_registration_yaml_heisenbridge:
  media_url: "{{ matrix_heisenbridge_config_media_url }}"
  displayname: "{{ matrix_heisenbridge_config_displayname }}"
 # Default registration file consumed by both the homeserver and Heisenbridge.
 # Besides registration information, it contains configuration (see the heisenbridge key).
 matrix_heisenbridge_registration_yaml:
  id: heisenbridge
  url: http://matrix-heisenbridge:9898
@ -52,6 +44,5 @@ matrix_heisenbridge_registration_yaml:
        exclusive: true
    aliases: []
    rooms: []
  heisenbridge: "{{ matrix_heisenbridge_registration_yaml_heisenbridge }}"
 matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
-matrix_hookshot_version: 4.5.1
+matrix_hookshot_version: 4.4.1
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
--- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
@ -8,7 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false
 matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
 matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}"
-matrix_mautrix_googlechat_version: v0.5.1
+matrix_mautrix_googlechat_version: v0.5.0
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml
@ -14,18 +14,6 @@
 - ansible.builtin.set_fact:
    matrix_mautrix_wsproxy_syncproxy_requires_restart: false
 - name: Ensure Mautrix wsproxy paths exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - path: "{{ matrix_mautrix_wsproxy_base_path }}"
      when: true
  when: item.when | bool
 - name: Ensure Mautrix wsproxy support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
-matrix_client_element_version: v1.11.45
+matrix_client_element_version: v1.11.43
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-coturn/defaults/main.yml
+++ b/roles/custom/matrix-coturn/defaults/main.yml
@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
-matrix_coturn_version: 4.6.2-r5
+matrix_coturn_version: 4.6.2-r4
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/
 matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_dendrite_docker_image_tag: "v0.13.3"
+matrix_dendrite_docker_image_tag: "v0.13.2"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
-matrix_dynamic_dns_version: v3.10.0-ls135
+matrix_dynamic_dns_version: v3.10.0-ls131
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml
@ -9,7 +9,7 @@
  block:
    - name: Ensure matrix-matrix_ldap_registration_proxy is stopped
      ansible.builtin.service:
-        name: matrix-ldap-registration-proxy
+        name: matrix-matrix_ldap_registration_proxy
        state: stopped
        enabled: false
        daemon_reload: true
--- a/roles/custom/matrix-sliding-sync/defaults/main.yml
+++ b/roles/custom/matrix-sliding-sync/defaults/main.yml
@ -77,7 +77,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"]
 matrix_sliding_sync_systemd_wanted_services_list: []
 # Controls the SYNCV3_SERVER environment variable
-matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
+matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}"
 # Controls the SYNCV3_SECRET environment variable
 matrix_sliding_sync_environment_variable_syncv3_secret: ''
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@ -4,7 +4,7 @@
 matrix_synapse_enabled: true
-matrix_synapse_version: v1.93.0
+matrix_synapse_version: v1.92.3
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@ -425,11 +425,6 @@ matrix_synapse_federation_port_openid_resource_required: false
 # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
 matrix_synapse_federation_domain_whitelist: ~
 # Enable/disable OpenID Connect
 matrix_synapse_oidc_enabled: false
 # List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs
 matrix_synapse_oidc_providers: []
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
@ -1010,11 +1005,6 @@ matrix_synapse_trusted_key_servers:
 matrix_synapse_redaction_retention_period: 7d
 # Controls how long to keep locally forgotten rooms before purging them from the DB.
 # Defaults to `null`, meaning it's disabled.
 # Example value: 28d
 matrix_synapse_forgotten_room_retention_period: ~
 matrix_synapse_user_ips_max_age: 28d
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -509,12 +509,7 @@ limit_remote_rooms:
 #
 #redaction_retention_period: 28d
-redaction_retention_period: {{ matrix_synapse_redaction_retention_period | to_json }}
+redaction_retention_period: {{ matrix_synapse_redaction_retention_period }}
 # How long to keep locally forgotten rooms before purging them from the DB.
 #
 #forgotten_room_retention_period: 28d
 forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_period | to_json }}
 # How long to track users' last seen time and IPs in the database.
 #
@ -522,7 +517,7 @@ forgotten_room_retention_period: {{ matrix_synapse_forgotten_room_retention_peri
 #
 #user_ips_max_age: 14d
-user_ips_max_age: {{ matrix_synapse_user_ips_max_age | to_json }}
+user_ips_max_age: {{ matrix_synapse_user_ips_max_age }}
 # Inhibits the /requestToken endpoints from returning an error that might leak
 # information about whether an e-mail address is in use or not on this
@ -2091,9 +2086,9 @@ saml2_config:
 # use 'oidc' for the idp_id to ensure that existing users continue to be
 # recognised.)
 #
-{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %}
+oidc_providers:
  # Generic example
-  #matrix_synapse_oidc_providers:
+  #
  #- idp_id: my_idp
  #  idp_name: "My OpenID provider"
  #  idp_icon: "mxc://example.com/mediaid"
@ -2117,9 +2112,6 @@ saml2_config:
  #  attribute_requirements:
  #    - attribute: userGroup
  #      value: "synapseUsers"
 oidc_providers:
  {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }}
 {% endif %}
 # Enable Central Authentication Service (CAS) for registration and login.
--- a/roles/custom/matrix-user-creator/tasks/main.yml
+++ b/roles/custom/matrix-user-creator/tasks/main.yml
@ -5,7 +5,6 @@
    # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data,
    # which would make importing a database dump problematic.
    - ensure-matrix-users-created
    - ensure-users-created
  block:
    - when: matrix_user_creator_users | length > 0
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
--- a/setup.yml
+++ b/setup.yml
@ -15,7 +15,6 @@
      role: galaxy/geerlingguy.docker
      vars:
        docker_install_compose: false
        docker_install_compose_plugin: false
      tags:
        - setup-docker
        - setup-all