chore(deps): update dependency livekit_server to v1.9.2-0

This also moves msc4190 to the correct section for twitter

i18n/requirements.txt

@@ -1,10 +1,10 @@
 alabaster==1.0.0
 babel==2.17.0
 certifi==2025.10.5
-charset-normalizer==3.4.3
+charset-normalizer==3.4.4
 click==8.3.0
 docutils==0.22.2
-idna==3.10
+idna==3.11
 imagesize==1.4.1
 Jinja2==3.1.6
 linkify-it-py==2.0.3

requirements.yml

@@ -10,7 +10,7 @@
   version: v0.4.1-1
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.6.0
+  version: 7.7.0
   name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 129c8590e106b83e6f4c259649a613c6279e937a
@@ -28,7 +28,7 @@
   version: v10532-1-0
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.9.1-0
+  version: v1.9.2-0
   name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
   version: v2.14.0-2
@@ -49,7 +49,7 @@
   version: v18-0
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.6.0-0
+  version: v3.7.1-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
   version: v1.9.1-11

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.9.24
+matrix_alertmanager_receiver_version: 2025.10.15
 
 matrix_alertmanager_receiver_scheme: https
 

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -12,7 +12,7 @@
 matrix_appservice_draupnir_for_all_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_appservice_draupnir_for_all_version: "v2.7.0"
+matrix_appservice_draupnir_for_all_version: "v2.7.1"
 
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.3.0
+matrix_authentication_service_version: 1.4.1
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -219,6 +219,11 @@ matrix_authentication_service_config_account_displayname_change_allowed: true
 # This has no effect if password login is disabled.
 matrix_authentication_service_config_account_password_registration_enabled: false
 
+# Controls the `account.password_registration_email_required` configuration setting.
+#
+# Whether self-service password registrations require a valid email.
+matrix_authentication_service_config_account_password_registration_email_required: true
+
 # Controls the `account.password_change_allowed` configuration setting.
 #
 # Whether users are allowed to change their passwords.

roles/custom/matrix-authentication-service/templates/config.yaml.j2

@@ -65,6 +65,7 @@ account:
   email_change_allowed: {{ matrix_authentication_service_config_account_email_change_allowed | to_json }}
   displayname_change_allowed: {{ matrix_authentication_service_config_account_displayname_change_allowed | to_json }}
   password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }}
+  password_registration_email_required: {{ matrix_authentication_service_config_account_password_registration_email_required | to_json }}
   password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }}
   password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }}
   account_deactivation_allowed: {{ matrix_authentication_service_config_account_account_deactivation_allowed | to_json }}

roles/custom/matrix-base/defaults/main.yml

@@ -51,6 +51,9 @@ matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"
 # Global var for enabling msc4190 ( On supported bridges)
 matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}"
 
+# Global var for enabling bridge self-signing ( On supported bridges)
+matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 # Global var to enable/disable relay mode across all bridges with relay mode support
 matrix_bridges_relay_enabled: false
 

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -12,7 +12,7 @@
 matrix_bot_draupnir_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v2.7.0"
+matrix_bot_draupnir_version: "v2.7.1"
 
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_mautrix_bluesky_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_bluesky_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_bluesky_version == 'latest' else matrix_mautrix_bluesky_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/bluesky
-matrix_mautrix_bluesky_version: v0.1.2
+matrix_mautrix_bluesky_version: v0.2510.0
 # See: https://mau.dev/tulir/mautrix-bluesky/container_registry
 matrix_mautrix_bluesky_docker_image: "{{ matrix_mautrix_bluesky_docker_image_registry_prefix }}mautrix/bluesky:{{ matrix_mautrix_bluesky_version }}"
 matrix_mautrix_bluesky_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_bluesky_container_image_self_build else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream }}"
@@ -35,6 +35,7 @@ matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'
 
 matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_bluesky_appservice_public_address: ''

roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2

@@ -359,6 +359,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_bluesky_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_bluesky_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -59,7 +59,7 @@ matrix_mautrix_discord_bridge_avatar_proxy_key: ''
 matrix_mautrix_discord_bridge_username_template: "{% raw %}discord_{{.}}{% endraw %}"
 
 # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
-matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{% endraw %}"
+matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}} (Discord){% endraw %}"
 
 # Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
 matrix_mautrix_discord_bridge_channel_name_template: "{% raw %}{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}{% endraw %}"

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.7.0
+matrix_mautrix_gmessages_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -40,6 +40,7 @@ matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
 
 matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_gmessages_backfill_enabled: true
 matrix_mautrix_gmessages_backfill_max_initial_messages: 50
@@ -167,7 +168,7 @@ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix
 # For compatibility with the older Gmessages bridge, you may wish to set the pickle key to: "go.mau.fi/mautrix-gmessages"
 matrix_mautrix_gmessages_bridge_encryption_pickle_key: mautrix.bridge.e2ee
 
-matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}"
+matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}} (GMessages){% endraw %}"
 matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}"
 
 matrix_mautrix_gmessages_public_media_signing_key: ''

roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2

@@ -2,9 +2,6 @@
 # Network-specific config options
 network:
     # Displayname template for SMS users.
-    # {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone
-    # {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone
-    # {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone
     displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }}
     # Settings for how the bridge appears to the phone.
     device_meta:
@@ -359,6 +356,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_gmessages_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.5.3
+matrix_mautrix_meta_instagram_version: v0.2510.0
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -127,6 +127,7 @@ matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta
 matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"
 
 matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_meta_instagram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2

@@ -372,6 +372,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_meta_instagram_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.5.3
+matrix_mautrix_meta_messenger_version: v0.2510.0
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -127,6 +127,7 @@ matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta
 matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"
 
 matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_meta_messenger_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2

@@ -372,6 +372,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_meta_messenger_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.8.7
+matrix_mautrix_signal_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@@ -48,6 +48,7 @@ matrix_mautrix_signal_homeserver_async_media: false
 matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
 
 matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_signal_command_prefix: "!signal"
 
@@ -57,7 +58,7 @@ matrix_mautrix_signal_command_prefix: "!signal"
 # {{.PhoneNumber}} - The phone number of the user.
 # {{.UUID}} - The UUID of the Signal user.
 # {{.AboutEmoji}} - The emoji set by the user in their profile.
-matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}"
+matrix_mautrix_signal_network_displayname_template: '{% raw %}{{or .ProfileName .PhoneNumber "Unknown user"}} (Signal){% endraw %}'
 
 matrix_mautrix_signal_bridge_permissions: |
   {{

roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -2,13 +2,6 @@
 # Network-specific config options
 network:
     # Displayname template for Signal users.
-    # {% raw %}
-    # {{.ProfileName}} - The Signal profile name set by the user.
-    # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances.
-    # {{.PhoneNumber}} - The phone number of the user.
-    # {{.UUID}} - The UUID of the Signal user.
-    # {{.AboutEmoji}} - The emoji set by the user in their profile.
-    # {% endraw %}
     displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }}
     # Should avatars from the user's contact list be used? This is not safe on multi-user instances.
     use_contact_avatars: false
@@ -339,6 +332,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_signal_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
 matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
-matrix_mautrix_slack_version: v0.2.3
+matrix_mautrix_slack_version: v0.2510.0
 # See: https://mau.dev/mautrix/slack/container_registry
 matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
 matrix_mautrix_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_docker_image_registry_prefix_upstream }}"
@@ -38,6 +38,7 @@ matrix_mautrix_slack_homeserver_async_media: false
 matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
 
 matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_slack_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # Displayname template for Slack users. Available variables:
 #  .Name - The username of the user

roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2

@@ -376,6 +376,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_slack_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.5.0
+matrix_mautrix_twitter_version: v0.2510.0
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"
@@ -43,6 +43,7 @@ matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
 
 matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_twitter_appservice_public_address: ''
@@ -50,7 +51,7 @@ matrix_mautrix_twitter_appservice_public_address: ''
 # Displayname template for Twitter users.
 # {{ .DisplayName }} is replaced with the display name of the Twitter user.
 # {{ .Username }} is replaced with the username of the Twitter user.
-matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"
+matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }} (Twitter){% endraw %}"
 
 matrix_mautrix_twitter_bridge_command_prefix: "!tw"
 

roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -7,10 +7,6 @@ network:
     get_proxy_url: null
 
     # Displayname template for Twitter users.
-    # {% raw %}
-    # {{ .DisplayName }} is replaced with the display name of the Twitter user.
-    # {{ .Username }} is replaced with the username of the Twitter user.
-    # {% endraw %}
     displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }}
 
     # Maximum number of conversations to sync on startup
@@ -209,11 +205,6 @@ appservice:
     # However, messages will not be guaranteed to be bridged in the same order they were sent in.
     # This value doesn't affect the registration file.
     async_transactions: false
-    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
-    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
-    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
-    # Changing this option requires updating the appservice registration file.
-    msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }}
 
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }}
@@ -359,6 +350,14 @@ encryption:
     # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
     # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
     appservice: {{ matrix_mautrix_twitter_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_twitter_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.12.5
+matrix_mautrix_whatsapp_version: v0.2510.0
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -50,6 +50,7 @@ matrix_mautrix_whatsapp_homeserver_async_media: false
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
 
 matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 matrix_mautrix_whatsapp_extev_polls: false
 

roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -444,6 +444,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_mautrix_whatsapp_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }}

roles/custom/matrix-bridge-steam/defaults/main.yml

@@ -48,7 +48,7 @@ matrix_steam_bridge_public_media_hash_length: 32
 # Displayname template for Steam users
 # {{ .DisplayName }} is replaced with the display name of the Steam user
 # {{ .Username }} is replaced with the username of the Steam user
-matrix_steam_bridge_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Steam)"
+matrix_steam_bridge_network_displayname_template: "{% raw %}{{ .DisplayName }} (Steam){% endraw %}"
 
 matrix_steam_bridge_command_prefix: "!steam"
 

roles/custom/matrix-bridge-steam/templates/config.yaml.j2

@@ -7,10 +7,6 @@ network:
     get_proxy_url: null
 
     # Displayname template for Steam users.
-    # {% raw %}
-    # {{ .DisplayName }} is replaced with the display name of the Steam user.
-    # {{ .Username }} is replaced with the username of the Steam user.
-    # {% endraw %}
     displayname_template: {{ matrix_steam_bridge_network_displayname_template | to_json }}
 
     # Maximum number of conversations to sync on startup

roles/custom/matrix-element-admin/defaults/main.yml

@@ -11,7 +11,7 @@
 matrix_element_admin_enabled: true
 
 # renovate: datasource=docker depName=oci.element.io/element-admin
-matrix_element_admin_version: 0.1.4
+matrix_element_admin_version: 0.1.5
 
 matrix_element_admin_scheme: https
 

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.139.2
+matrix_synapse_version: v1.140.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -48,10 +48,6 @@ matrix_synapse_container_image_customizations_enabled: |-
 # The version that will be installed is specified in `matrix_synapse_ext_synapse_s3_storage_provider_version`.
 matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"
 
-# Controls whether to install an old version of boto3 and botocore, to work around the following issue:
-# https://github.com/aws/aws-cli/issues/9214
-matrix_synapse_container_image_customizations_s3_storage_provider_installation_old_boto_workaround_enabled: true
-
 # Controls whether custom build steps will be added to the Dockerfile for installing auto-accept-invite module.
 # The version that will be installed is specified in `matrix_synapse_ext_synapse_auto_accept_invite_version`.
 matrix_synapse_container_image_customizations_auto_accept_invite_installation_enabled: "{{ matrix_synapse_ext_synapse_auto_accept_invite_enabled }}"
@@ -823,6 +819,11 @@ matrix_synapse_url_preview_ip_range_blacklist:
 # List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in `matrix_synapse_url_preview_ip_range_blacklist`.
 matrix_synapse_url_preview_ip_range_whitelist: []
 
+# List of URL matches that the URL preview spider is denied from accessing.
+# See https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#url_preview_url_blacklist
+# for more details.
+matrix_synapse_url_preview_url_blacklist: []
+
 # A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation
 matrix_url_preview_accept_language: ['en-US', 'en']
 

roles/custom/matrix-synapse/tasks/validate_config.yml

@@ -117,6 +117,8 @@
     - {'old': 'matrix_synapse_experimental_features_msc3861_admin_token', 'new': '<removed>'}
     - {'old': 'matrix_synapse_experimental_features_msc3861_account_management_url', 'new': '<removed>'}
 
+    - {'old': 'matrix_synapse_container_image_customizations_s3_storage_provider_installation_old_boto_workaround_enabled', 'new': '<removed; see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4637>'}
+
 - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
   ansible.builtin.fail:
     msg: >-

roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2

@@ -45,12 +45,8 @@ RUN pip install synapse-auto-accept-invite=={{ matrix_synapse_ext_synapse_auto_a
 {% endif %}
 
 {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %}
-{% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_old_boto_workaround_enabled %}
-RUN pip install 'boto3<1.36.0' 'botocore<1.36.0' synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }}
-{% else %}
 RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }}
 {% endif %}
-{% endif %}
 
 {% if matrix_synapse_container_image_customizations_templates_enabled %}
 COPY --from=templates-builder {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -1178,6 +1178,9 @@ url_preview_ip_range_whitelist: {{ matrix_synapse_url_preview_ip_range_whitelist
 #
 #  # blacklist any URL with a literal IPv4 address
 #  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+{% if matrix_synapse_url_preview_url_blacklist | length > 0 %}
+url_preview_url_blacklist: {{ matrix_synapse_url_preview_url_blacklist | to_json }}
+{% endif %}
 
 # The largest allowed URL preview spidering size in bytes
 #