diff --git a/roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml b/roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml
index 48e14088f..3048fa61f 100644
--- a/roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml
+++ b/roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml
@@ -10,7 +10,7 @@
 matrix_meshtastic_relay_enabled: true
 
 # renovate: datasource=docker depName=jeremiah-k/mmrelay packageName=ghcr.io/jeremiah-k/mmrelay
-matrix_meshtastic_relay_version: 1.2.8
+matrix_meshtastic_relay_version: 1.3.5
 matrix_meshtastic_relay_container_image: "{{ matrix_meshtastic_relay_container_image_registry_prefix }}jeremiah-k/mmrelay:{{ matrix_meshtastic_relay_version }}"
 matrix_meshtastic_relay_container_image_registry_prefix: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream }}"
 matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"
@@ -18,9 +18,15 @@ matrix_meshtastic_relay_container_image_registry_prefix_upstream_default: "ghcr.
 matrix_meshtastic_relay_container_image_force_pull: "{{ matrix_meshtastic_relay_container_image.endswith(':latest') }}"
 
 matrix_meshtastic_relay_base_path: "{{ matrix_base_data_path }}/meshtastic-relay"
+
+# Holds the Ansible-managed `config.yaml`. Mounted read-only at `/config` in the
+# container; mmrelay is pointed at `/config/config.yaml` via the `--config` CLI flag.
 matrix_meshtastic_relay_config_path: "{{ matrix_meshtastic_relay_base_path }}/config"
+
+# Runtime data directory. Mounted read-write at `/data` (MMRELAY_HOME) in the container.
+# mmrelay auto-creates `database/`, `logs/`, `matrix/` (credentials + E2EE store)
+# and `plugins/` subdirectories underneath as needed.
 matrix_meshtastic_relay_data_path: "{{ matrix_meshtastic_relay_base_path }}/data"
-matrix_meshtastic_relay_logs_path: "{{ matrix_meshtastic_relay_base_path }}/logs"
 
 matrix_meshtastic_relay_container_network: ""
 
@@ -51,8 +57,8 @@ matrix_meshtastic_relay_matrix_bot_user_id: "@meshtasticbot:{{ matrix_meshtastic
 
 # Password for the bot's Matrix account.
 # On first startup, mmrelay uses this to log in and persist credentials (including E2EE
-# material) under `{{ matrix_meshtastic_relay_data_path }}`. After that, the password
-# can (and should) be cleared from configuration.
+# material) under `{{ matrix_meshtastic_relay_data_path }}/matrix/` on the host. After
+# that, the password can (and should) be cleared from configuration.
 matrix_meshtastic_relay_matrix_bot_password: ""
 
 # Controls whether End-to-End Encryption is enabled.
@@ -109,14 +115,12 @@ matrix_meshtastic_relay_configuration_default:
     bot_user_id: "{{ matrix_meshtastic_relay_matrix_bot_user_id }}"
     e2ee:
       enabled: "{{ matrix_meshtastic_relay_e2ee_enabled }}"
-      store_path: /app/data/store
   matrix_rooms: "{{ matrix_meshtastic_relay_matrix_rooms_list }}"
   meshtastic: "{{ matrix_meshtastic_relay_meshtastic_configuration }}"
   logging:
     level: info
     log_to_file: false
   database:
-    path: /app/data/meshtastic.sqlite
     enable_wal: true
     busy_timeout_ms: 5000
     pragmas:
diff --git a/roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_install.yml b/roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_install.yml
index d0555d42b..0df0ef6d8 100644
--- a/roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_install.yml
@@ -27,7 +27,6 @@
     - "{{ matrix_meshtastic_relay_base_path }}"
     - "{{ matrix_meshtastic_relay_config_path }}"
     - "{{ matrix_meshtastic_relay_data_path }}"
-    - "{{ matrix_meshtastic_relay_logs_path }}"
 
 - name: Ensure matrix-meshtastic-relay config.yaml is installed
   ansible.builtin.copy:
diff --git a/roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2 b/roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2
index 414ddfd55..83192a6df 100644
--- a/roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2
+++ b/roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2
@@ -25,9 +25,8 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size=50m \
 			--tmpfs=/.cache:rw,noexec,nosuid,size=50m \
-			--mount type=bind,src={{ matrix_meshtastic_relay_config_path }}/config.yaml,dst=/app/config.yaml,ro \
-			--mount type=bind,src={{ matrix_meshtastic_relay_data_path }},dst=/app/data \
-			--mount type=bind,src={{ matrix_meshtastic_relay_logs_path }},dst=/app/logs \
+			--mount type=bind,src={{ matrix_meshtastic_relay_config_path }},dst=/config,ro \
+			--mount type=bind,src={{ matrix_meshtastic_relay_data_path }},dst=/data \
 			{% if matrix_meshtastic_relay_connection_type == 'ble' %}
 			--network=host \
 			--security-opt apparmor=unconfined \
@@ -41,7 +40,8 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_meshtastic_relay_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_meshtastic_relay_container_image }}
+			{{ matrix_meshtastic_relay_container_image }} \
+			mmrelay --config /config/config.yaml
 
 {% for network in matrix_meshtastic_relay_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-meshtastic-relay