From 707fb564dea11d9147250c55f59d3a5291334653 Mon Sep 17 00:00:00 2001
From: felixx9 <51174875+felixx9@users.noreply.github.com>
Date: Wed, 9 Nov 2022 12:49:20 +0100
Subject: [PATCH 001/198] add how to integrate

describe, how to integrate a pad
---
 docs/configuring-playbook-etherpad.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md
index 2ea423ef..c33beb35 100644
--- a/docs/configuring-playbook-etherpad.md
+++ b/docs/configuring-playbook-etherpad.md
@@ -59,3 +59,7 @@ If you wish to disable the Etherpad chat button, you can do it by appending `?sh
 
 If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
 `$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.
+
+## How to use etherpad
+
+This is how it works in element. It might work similar in other clients: To integrate a standalone etherpad in a room, create your pad, copy the url and send to the room `/addwidget <url>`. You will then find your integrated etherpad within the right sidebar in the `Widgets` section.

From 19b59f9ded388923d73afbd61c4849cb62666a68 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Thu, 10 Nov 2022 17:56:59 +0000
Subject: [PATCH 002/198] Update Hydrogen 0.3.3 -> 0.3.4

---
 roles/custom/matrix-client-hydrogen/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml
index d207df74..80bdb021 100644
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.3.3
+matrix_client_hydrogen_version: v0.3.4
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

From 98d2df5fcf1ddfcf6c1b33544c353d154cef8358 Mon Sep 17 00:00:00 2001
From: felixx9 <51174875+felixx9@users.noreply.github.com>
Date: Sat, 12 Nov 2022 00:31:39 +0100
Subject: [PATCH 003/198] more details,

hopefully better understandable wording. To write docs I need to learn a new language (feels like it)
---
 docs/configuring-playbook-etherpad.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md
index c33beb35..10cd58e0 100644
--- a/docs/configuring-playbook-etherpad.md
+++ b/docs/configuring-playbook-etherpad.md
@@ -60,6 +60,8 @@ If you wish to disable the Etherpad chat button, you can do it by appending `?sh
 If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
 `$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.
 
-## How to use etherpad
+## How to use Etherpad widgets without an Integration Manager (like Dimension)
 
-This is how it works in element. It might work similar in other clients: To integrate a standalone etherpad in a room, create your pad, copy the url and send to the room `/addwidget <url>`. You will then find your integrated etherpad within the right sidebar in the `Widgets` section.
+This is how it works in element, it might work quite similar with other clients:  
+To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN` with your favorite browser and let the magic do the work. When the pad opens, copy the url and send it to the room: `/addwidget <url>`.  
+You will then find your integrated etherpad within the right sidebar in the `Widgets` section.

From adbc09f152c390af8f272a0580a1810983ae592f Mon Sep 17 00:00:00 2001
From: throny <m.throne12@gmail.com>
Date: Sat, 12 Nov 2022 11:20:43 +0100
Subject: [PATCH 004/198] warn users about upgrading to pg15 when using borg

---
 docs/maintenance-postgres.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index 52d2d9ee..fce6ad4d 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -76,6 +76,8 @@ This is because newer Postgres versions cannot start with data generated by olde
 
 Upgrades must be performed manually.
 
+**Warning: If you're using Borg Backup you probably don't want to upgrade to Postgres 15 yet as there is currently no support.**
+
 This playbook can upgrade your existing Postgres setup with the following command:
 
 	ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres

From c68def0809aa68cf8a7c0c70b1e3ddad39db105a Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Sat, 12 Nov 2022 22:01:31 +0000
Subject: [PATCH 005/198] Update ntfy 1.28.0 -> 1.29.0

---
 roles/custom/matrix-ntfy/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml
index 76243980..8b8a8953 100644
--- a/roles/custom/matrix-ntfy/defaults/main.yml
+++ b/roles/custom/matrix-ntfy/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
 matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
 matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
 
-matrix_ntfy_version: v1.28.0
+matrix_ntfy_version: v1.29.0
 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
 matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
 

From b12cdbd99d381acc587cef7b895cd3ac814a230c Mon Sep 17 00:00:00 2001
From: throny <m.throne12@gmail.com>
Date: Sat, 12 Nov 2022 23:40:46 +0100
Subject: [PATCH 006/198] Update maintenance-postgres.md

---
 docs/maintenance-postgres.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index fce6ad4d..751fb798 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -76,12 +76,17 @@ This is because newer Postgres versions cannot start with data generated by olde
 
 Upgrades must be performed manually.
 
-**Warning: If you're using Borg Backup you probably don't want to upgrade to Postgres 15 yet as there is currently no support.**
-
 This playbook can upgrade your existing Postgres setup with the following command:
 
 	ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres
 
+**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.**
+However, it is possible to use the `latest` or `14` image. Edit `roles/custom/matrix-backup-borg/defaults/main.yml` and adjust the variables accordingly.
+```bash
+matrix_backup_borg_version: "latest" # or 14
+matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
+```
+
 **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
 To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`
 

From f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Mon Sep 17 00:00:00 2001
From: throny <m.throne12@gmail.com>
Date: Sat, 12 Nov 2022 23:48:57 +0100
Subject: [PATCH 007/198] Update maintenance-postgres.md

---
 docs/maintenance-postgres.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index 751fb798..d22b1648 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -81,11 +81,8 @@ This playbook can upgrade your existing Postgres setup with the following comman
 	ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres
 
 **Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.**
-However, it is possible to use the `latest` or `14` image. Edit `roles/custom/matrix-backup-borg/defaults/main.yml` and adjust the variables accordingly.
-```bash
-matrix_backup_borg_version: "latest" # or 14
-matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
-```
+As long as Alpine Linux is missing packages for postgres15, it is possible to use the `latest` or `14` image of borgmatic. Edit your `vars.yml` and add:
+`matrix_backup_borg_version: "latest"`
 
 **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
 To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`

From 1387e776ca482225cca3db955d1687f852b1e586 Mon Sep 17 00:00:00 2001
From: Llasse <git@llasse.net>
Date: Sun, 13 Nov 2022 20:40:23 +0100
Subject: [PATCH 008/198] added matrix_ma1sd_container_additional_networks
 similar to matrix_nginx_proxy_container_additional_networks

---
 roles/custom/matrix-ma1sd/defaults/main.yml                | 7 +++++++
 .../matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml
index 3755a46a..a606d0d6 100644
--- a/roles/custom/matrix-ma1sd/defaults/main.yml
+++ b/roles/custom/matrix-ma1sd/defaults/main.yml
@@ -35,6 +35,13 @@ matrix_ma1sd_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-ma1sd.service wants
 matrix_ma1sd_systemd_wanted_services_list: []
 
+# A list of additional container networks that matrix-ma1sd would be connected to.
+# The playbook does not create these networks, so make sure they already exist.
+#
+# Use this to expose matrix-ma1sd to another docker network, that matrix-ma1sd might have to reach for authentication (e.g. an ldap instance)
+#
+matrix_ma1sd_container_additional_networks: []
+
 # Your identity server is private by default.
 # To ensure maximum discovery, you can make your identity server
 # also forward lookups to the central matrix.org Identity server
diff --git a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
index 9dbddbbf..b9c0839e 100644
--- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
+++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
@@ -38,6 +38,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_ma1sd_docker_image }}
 
+{% for network in matrix_ma1sd_container_additional_networks %}
+ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-ma1sd 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd'
+{% endfor %}
+
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true'
 Restart=always

From 94f2e06e8300fa059e82508fadc48b2079b7179e Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 15 Nov 2022 15:49:32 +0000
Subject: [PATCH 009/198] Update mautrix-facebook 0.4.0 -> 0.4.1

---
 roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
index 719c86dc..e19fa9de 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true
 matrix_mautrix_facebook_container_image_self_build: false
 matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
 
-matrix_mautrix_facebook_version: v0.4.0
+matrix_mautrix_facebook_version: v0.4.1
 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
 matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"

From 25996b4fa965b695cd285259c26151a1791e0b9e Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 15 Nov 2022 15:50:46 +0000
Subject: [PATCH 010/198] Update jitsi stable-7882 -> stable-8044

---
 roles/custom/matrix-jitsi/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index e1fcc318..a80d8882 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-7882
+matrix_jitsi_version: stable-8044
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}"  # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

From 1c55827ed0a9398918d80618eb5526fb08dc1ded Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 16 Nov 2022 06:17:30 +0000
Subject: [PATCH 011/198] Update mautrix-googlechat 0.3.3 -> 0.4.0

---
 roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
index a4b1438b..9c2d97b2 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false
 matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
 matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}"
 
-matrix_mautrix_googlechat_version: v0.3.3
+matrix_mautrix_googlechat_version: v0.4.0
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"

From 40e8ef0c7082700bf787508f48b88a9114e4b3f2 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 16 Nov 2022 11:50:02 +0200
Subject: [PATCH 012/198] Do not tell people to use latest Borgmatic - it won't
 help with Postgres v15

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2259#issuecomment-1312737960
---
 docs/maintenance-postgres.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index d22b1648..1b848703 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -81,8 +81,6 @@ This playbook can upgrade your existing Postgres setup with the following comman
 	ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres
 
 **Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.**
-As long as Alpine Linux is missing packages for postgres15, it is possible to use the `latest` or `14` image of borgmatic. Edit your `vars.yml` and add:
-`matrix_backup_borg_version: "latest"`
 
 **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
 To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`

From 9c2dedfdeb40e845e42e2914f03f47ad9b4f86f8 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 16 Nov 2022 11:56:22 +0200
Subject: [PATCH 013/198] Reorganize a bit

---
 docs/configuring-playbook-etherpad.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md
index 10cd58e0..22c782f4 100644
--- a/docs/configuring-playbook-etherpad.md
+++ b/docs/configuring-playbook-etherpad.md
@@ -41,6 +41,13 @@ If you want to manage and remove old unused pads from Etherpad, you will first n
 Then from the plugin manager page (`https://etherpad.<your-domain>/admin/plugins` or `https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
 
 
+## How to use Etherpad widgets without an Integration Manager (like Dimension)
+
+This is how it works in Element, it might work quite similar with other clients:
+
+To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN`. When the pad opens, copy the URL and send a command like this to the room: `/addwidget URL`. You will then find your integrated Etherpad within the right sidebar in the `Widgets` section.
+
+
 ## Set Dimension default to the self-hosted Etherpad (optional)
 
 If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template.
@@ -59,9 +66,3 @@ If you wish to disable the Etherpad chat button, you can do it by appending `?sh
 
 If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
 `$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.
-
-## How to use Etherpad widgets without an Integration Manager (like Dimension)
-
-This is how it works in element, it might work quite similar with other clients:  
-To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN` with your favorite browser and let the magic do the work. When the pad opens, copy the url and send it to the room: `/addwidget <url>`.  
-You will then find your integrated etherpad within the right sidebar in the `Widgets` section.

From 79512d5851eb0be10cb0bc0a4d775851b0905323 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 16 Nov 2022 10:47:38 +0000
Subject: [PATCH 014/198] Update mautrix-whatsapp 0.7.1 -> 0.7.2

---
 roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index 55b7387f..7c923b06 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.7.1
+matrix_mautrix_whatsapp_version: v0.7.2
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

From 795dcb112be5fb471ae7c217190e8743b5bfb695 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 16 Nov 2022 19:14:17 +0000
Subject: [PATCH 015/198] Update grafana 9.2.4 -> 9.2.5

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index 7c5e8d99..7f60a809 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.2.4
+matrix_grafana_version: 9.2.5
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From 6a71b3fab3653e645ab5a4f4533479dc09c960c4 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Thu, 17 Nov 2022 17:22:04 +0000
Subject: [PATCH 016/198] update prometheus 2.40.1 -> 2.40.2

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index adc90387..e4c55da9 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.1
+matrix_prometheus_version: v2.40.2
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From 910603394908637c0095110885082ab60a2e67c7 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Fri, 18 Nov 2022 06:21:57 +0000
Subject: [PATCH 017/198] Update ntfy 1.29.0 -> 1.29.1

---
 roles/custom/matrix-ntfy/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml
index 8b8a8953..66d9a19c 100644
--- a/roles/custom/matrix-ntfy/defaults/main.yml
+++ b/roles/custom/matrix-ntfy/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
 matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
 matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
 
-matrix_ntfy_version: v1.29.0
+matrix_ntfy_version: v1.29.1
 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
 matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
 

From 45c04677450b4d9098ab555594757c5357c20b41 Mon Sep 17 00:00:00 2001
From: Warren Bailey <warren@warrenbailey.net>
Date: Fri, 18 Nov 2022 11:31:40 +0000
Subject: [PATCH 018/198] Sentry DNS setting in Jitsi jvb and jicofo (#2274)

* Jitsi control sentry dns using vars

* renaming variables

* Revert "renaming variables"

This reverts commit 4146c48f6a2e71d1b0d3f58c767aea1b2f4f789c.

* set to connection string or 0 to disable

* Update comments

* Use empty string for default Sentry DSN variables

Both should work identically, but an empty string seems better

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 roles/custom/matrix-jitsi/defaults/main.yml       | 6 ++++++
 roles/custom/matrix-jitsi/templates/jicofo/env.j2 | 2 +-
 roles/custom/matrix-jitsi/templates/jvb/env.j2    | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index a80d8882..22b8a718 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -205,6 +205,9 @@ matrix_jitsi_jicofo_component_secret: ''
 matrix_jitsi_jicofo_auth_user: focus
 matrix_jitsi_jicofo_auth_password: ''
 
+# To enable Sentry integration for Jicofo, specify a valid DSN connection string
+matrix_jitsi_jicofo_sentry_dsn: ''
+
 matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
 
@@ -220,6 +223,9 @@ matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jits
 matrix_jitsi_jvb_auth_user: jvb
 matrix_jitsi_jvb_auth_password: ''
 
+# To enable Sentry integration for JVB, specify a valid DSN connection string
+matrix_jitsi_jvb_sentry_dsn: ''
+
 # STUN servers used by JVB on the server-side, so it can discover its own external IP address.
 # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
 matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
diff --git a/roles/custom/matrix-jitsi/templates/jicofo/env.j2 b/roles/custom/matrix-jitsi/templates/jicofo/env.j2
index 1f2cb68c..65ae1ce1 100644
--- a/roles/custom/matrix-jitsi/templates/jicofo/env.j2
+++ b/roles/custom/matrix-jitsi/templates/jicofo/env.j2
@@ -27,7 +27,7 @@ JIGASI_SIP_URI
 JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
 MAX_BRIDGE_PARTICIPANTS
 OCTO_BRIDGE_SELECTION_STRATEGY
-SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
+SENTRY_DSN={{ matrix_jitsi_jicofo_sentry_dsn }}
 SENTRY_ENVIRONMENT
 SENTRY_RELEASE
 TZ={{ matrix_jitsi_timezone }}
diff --git a/roles/custom/matrix-jitsi/templates/jvb/env.j2 b/roles/custom/matrix-jitsi/templates/jvb/env.j2
index 41d343b3..df1a4613 100644
--- a/roles/custom/matrix-jitsi/templates/jvb/env.j2
+++ b/roles/custom/matrix-jitsi/templates/jvb/env.j2
@@ -18,7 +18,7 @@ JVB_OCTO_REGION
 JVB_WS_DOMAIN
 JVB_WS_SERVER_ID
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
-SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
+SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
 SENTRY_ENVIRONMENT
 SENTRY_RELEASE
 COLIBRI_REST_ENABLED

From 84c74136ea5cb48a488be978666a6abc97221f51 Mon Sep 17 00:00:00 2001
From: Warren Bailey <warren@warrenbailey.net>
Date: Fri, 18 Nov 2022 12:00:27 +0000
Subject: [PATCH 019/198] Provision extra Jitsi JVB services on additional
 hosts (#2166)

* Add task to configure a standalone JVB on a different server

* add missing file

* set nginx config

* update prosody file and expose port 5222

* change variable name to server id

* formatting change

* use server id of jvb-1 for the main server

* adding documentation

* adding more jvbs

* rename variable

* revert file

* fix yaml error

* minor doc fixes

* renaming tags and introducing a common tag

* remove duplicates

* add mapping for jvb to hostname/ip

* missed a jvb_server

* Update roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* PR review comments and additional documentation

* iterate on dict items

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-jitsi.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* adding documentation around the xmpp setting

* add common after

* reduce the number of services during init of the additional jvb

* remove rogue i

* revert change to jitsi init as it's needed

* only run the jvb service on the additional jvb host

* updating docs

* reset default and add documentation about the websocket port

* fix issue rather merge with master

* add missing role introduced in master

* this role is required too

* Adding new jitsi jvb playbook, moving setup.yml to matrix.yml and creating soft link

* updating documentation

* revert accidental change to file

* add symlink back to roles to aid running of the jitsi playbook

* Remove extra space

* Delete useless playbooks/roles symlink

* Remove blank lines

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 docs/configuring-playbook-jitsi.md            | 64 +++++++++++++
 playbooks/jitsi_jvb.yml                       | 12 +++
 playbooks/matrix.yml                          | 95 ++++++++++++++++++
 roles/custom/matrix-base/tasks/main.yml       | 10 +-
 .../custom/matrix-base/tasks/sanity_check.yml | 29 ------
 .../custom/matrix-base/tasks/system_check.yml | 30 ++++++
 roles/custom/matrix-jitsi/defaults/main.yml   |  6 +-
 .../tasks/init_additional_jvb.yml             |  5 +
 roles/custom/matrix-jitsi/tasks/main.yml      |  7 ++
 .../custom/matrix-jitsi/templates/jvb/env.j2  |  2 +-
 .../prosody/matrix-jitsi-prosody.service.j2   |  3 +
 .../matrix-nginx-proxy/defaults/main.yml      |  9 ++
 .../nginx/conf.d/matrix-jitsi.conf.j2         | 18 +++-
 setup.yml                                     | 96 +------------------
 14 files changed, 258 insertions(+), 128 deletions(-)
 create mode 100644 playbooks/jitsi_jvb.yml
 create mode 100755 playbooks/matrix.yml
 create mode 100644 roles/custom/matrix-base/tasks/system_check.yml
 create mode 100644 roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
 mode change 100755 => 120000 setup.yml

diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md
index f278e54e..4c29b3eb 100644
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -127,6 +127,70 @@ Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/
 
 You may want to **limit the maximum video resolution**, to save up resources on both server and clients.
 
+## (Optional) Additional JVBs
+
+By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts.
+
+There is an ansible playbook that can be run with the following tag:
+` ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start`
+
+For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example:
+```
+[jitsi_jvb_servers]
+<your jvb hosts> ansible_host=<ip address of the jvb host>
+```
+
+Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB.  
+The server id is set with the variable `matrix_jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container. 
+This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
+
+``` yaml
+matrix_jitsi_jvb_server_id: 'jvb-2'
+```
+
+``` INI
+[jitsi_jvb_servers]
+jvb-2.example.com ansible_host=192.168.0.2 matrix_jitsi_jvb_server_id=jvb-2
+jvb-3.example.com ansible_host=192.168.0.3 matrix_jitsi_jvb_server_id=jvb-2
+```
+
+Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host.
+
+The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable:
+
+```yaml
+matrix_jitsi_jvb_container_colibri_ws_host_bind_port: 9090
+```
+
+The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable 
+`matrix_jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
+
+```yaml
+matrix_jitsi_xmpp_server: "{{ matrix_domain }}"
+```
+
+However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example:
+
+```yaml
+matrix_jitsi_xmpp_server: "192.168.0.1"
+```
+
+The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable
+`matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses.
+
+For example,
+
+``` yaml
+matrix_nginx_proxy_proxy_jitsi_additional_jvbs:
+   jvb-2: 192.168.0.2
+   jvb-3: 192.168.0.3
+```
+
+
+Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo 
+to route conferences too.
+
+
 
 ## Apply changes
 
diff --git a/playbooks/jitsi_jvb.yml b/playbooks/jitsi_jvb.yml
new file mode 100644
index 00000000..f1980090
--- /dev/null
+++ b/playbooks/jitsi_jvb.yml
@@ -0,0 +1,12 @@
+---
+- name: "Set up additional Jitsi JVB servers"
+  hosts: "jitsi_jvb_servers"
+  become: true
+
+  roles:
+    - role: galaxy/com.devture.ansible.role.playbook_help
+    - role: galaxy/com.devture.ansible.role.systemd_docker_base
+
+    - custom/matrix-base
+    - custom/matrix-jitsi
+    - custom/matrix-common-after
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
new file mode 100755
index 00000000..2e648732
--- /dev/null
+++ b/playbooks/matrix.yml
@@ -0,0 +1,95 @@
+---
+- name: "Set up a Matrix server"
+  hosts: "{{ target if target is defined else 'matrix_servers' }}"
+  become: true
+
+  roles:
+    # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`).
+    - role: galaxy/com.devture.ansible.role.playbook_help
+
+    - role: galaxy/com.devture.ansible.role.systemd_docker_base
+
+    - role: custom/matrix_playbook_migration
+
+    - when: devture_timesync_installation_enabled | bool
+      role: galaxy/com.devture.ansible.role.timesync
+      tags:
+        - setup-timesync
+        - setup-all
+
+    - custom/matrix-base
+    - custom/matrix-dynamic-dns
+    - custom/matrix-mailer
+    - custom/matrix-postgres
+    - custom/matrix-redis
+    - custom/matrix-corporal
+    - custom/matrix-bridge-appservice-discord
+    - custom/matrix-bridge-appservice-slack
+    - custom/matrix-bridge-appservice-webhooks
+    - custom/matrix-bridge-appservice-irc
+    - custom/matrix-bridge-appservice-kakaotalk
+    - custom/matrix-bridge-beeper-linkedin
+    - custom/matrix-bridge-go-skype-bridge
+    - custom/matrix-bridge-mautrix-facebook
+    - custom/matrix-bridge-mautrix-twitter
+    - custom/matrix-bridge-mautrix-hangouts
+    - custom/matrix-bridge-mautrix-googlechat
+    - custom/matrix-bridge-mautrix-instagram
+    - custom/matrix-bridge-mautrix-signal
+    - custom/matrix-bridge-mautrix-telegram
+    - custom/matrix-bridge-mautrix-whatsapp
+    - custom/matrix-bridge-mautrix-discord
+    - custom/matrix-bridge-mx-puppet-discord
+    - custom/matrix-bridge-mx-puppet-groupme
+    - custom/matrix-bridge-mx-puppet-steam
+    - custom/matrix-bridge-mx-puppet-slack
+    - custom/matrix-bridge-mx-puppet-twitter
+    - custom/matrix-bridge-mx-puppet-instagram
+    - custom/matrix-bridge-sms
+    - custom/matrix-bridge-heisenbridge
+    - custom/matrix-bridge-hookshot
+    - custom/matrix-bot-matrix-reminder-bot
+    - custom/matrix-bot-matrix-registration-bot
+    - custom/matrix-bot-maubot
+    - custom/matrix-bot-buscarron
+    - custom/matrix-bot-honoroit
+    - custom/matrix-bot-postmoogle
+    - custom/matrix-bot-go-neb
+    - custom/matrix-bot-mjolnir
+    - custom/matrix-cactus-comments
+    - custom/matrix-synapse
+    - custom/matrix-dendrite
+    - custom/matrix-conduit
+    - custom/matrix-synapse-admin
+    - custom/matrix-prometheus-node-exporter
+    - custom/matrix-prometheus-postgres-exporter
+    - custom/matrix-prometheus
+    - custom/matrix-grafana
+    - custom/matrix-registration
+    - custom/matrix-client-element
+    - custom/matrix-client-hydrogen
+    - custom/matrix-client-cinny
+    - custom/matrix-jitsi
+    - custom/matrix-ldap-registration-proxy
+    - custom/matrix-ma1sd
+    - custom/matrix-dimension
+    - custom/matrix-etherpad
+    - custom/matrix-email2matrix
+    - custom/matrix-sygnal
+    - custom/matrix-ntfy
+    - custom/matrix-nginx-proxy
+    - custom/matrix-coturn
+    - custom/matrix-aux
+    - custom/matrix-postgres-backup
+    - custom/matrix-backup-borg
+    - custom/matrix-user-creator
+    - custom/matrix-common-after
+
+    # This is pretty much last, because we want it to better serve as a "last known good configuration".
+    # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
+    - when: devture_playbook_state_preserver_enabled | bool
+      role: galaxy/com.devture.ansible.role.playbook_state_preserver
+      tags:
+        - setup-all
+
+    - role: galaxy/com.devture.ansible.role.playbook_runtime_messages
diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 2205056d..164bd353 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -1,18 +1,24 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/system_check.yml"
   tags:
     - always
 
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
+  tags:
+    - setup-all
+
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
   when: run_setup | bool
   tags:
     - setup-all
+    - common
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
   when: run_setup | bool
   tags:
     - setup-all
+    - common
 
 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
@@ -21,11 +27,13 @@
   tags:
     - always
     - setup-system-user
+    - common
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
   when: run_setup | bool
   tags:
     - setup-all
+    - common
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
   when: run_setup | bool
diff --git a/roles/custom/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/sanity_check.yml
index 5104ba43..f825e19e 100644
--- a/roles/custom/matrix-base/tasks/sanity_check.yml
+++ b/roles/custom/matrix-base/tasks/sanity_check.yml
@@ -5,21 +5,6 @@
     msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
   when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
 
-# We generally support Ansible 2.7.1 and above.
-- name: Fail if running on Ansible < 2.7.1
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
-
-# Though we do not support Ansible 2.9.6 which is buggy
-- name: Fail if running on Ansible 2.9.6 on Ubuntu
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - ansible_distribution == 'Ubuntu'
-    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
-
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
     msg: >-
@@ -66,20 +51,6 @@
     - "{{ matrix_server_fqn_element }}"
   when: "item != item | lower"
 
-- name: Fail if using python2 on Archlinux
-  ansible.builtin.fail:
-    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
-  when:
-    - ansible_distribution == 'Archlinux'
-    - ansible_python.version.major != 3
-
-- name: Fail if architecture is set incorrectly
-  ansible.builtin.fail:
-    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
-  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
-        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
-        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
-
 - name: Fail if encountering usage of removed role (mx-puppet-skype)
   ansible.builtin.fail:
     msg: >-
diff --git a/roles/custom/matrix-base/tasks/system_check.yml b/roles/custom/matrix-base/tasks/system_check.yml
new file mode 100644
index 00000000..f1d2fc7b
--- /dev/null
+++ b/roles/custom/matrix-base/tasks/system_check.yml
@@ -0,0 +1,30 @@
+---
+
+# We generally support Ansible 2.7.1 and above.
+- name: Fail if running on Ansible < 2.7.1
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
+
+# Though we do not support Ansible 2.9.6 which is buggy
+- name: Fail if running on Ansible 2.9.6 on Ubuntu
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - ansible_distribution == 'Ubuntu'
+    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
+
+- name: Fail if using python2 on Archlinux
+  ansible.builtin.fail:
+    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
+  when:
+    - ansible_distribution == 'Archlinux'
+    - ansible_python.version.major != 3
+
+- name: Fail if architecture is set incorrectly
+  ansible.builtin.fail:
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
+        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
+        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index 22b8a718..c2d5948d 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -189,6 +189,8 @@ matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
 # Neccessary Port binding for those disabling the integrated nginx proxy
 matrix_jitsi_prosody_container_http_host_bind_port: ''
 
+matrix_jitsi_prosody_container_jvb_host_bind_port: 5222
+
 matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
 
@@ -218,7 +220,7 @@ matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
 matrix_jitsi_jvb_container_extra_arguments: []
 
 # List of systemd services that matrix-jitsi-jvb.service depends on
-matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+matrix_jitsi_jvb_systemd_required_services_list: ['docker.service']
 
 matrix_jitsi_jvb_auth_user: jvb
 matrix_jitsi_jvb_auth_password: ''
@@ -233,6 +235,8 @@ matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
 matrix_jitsi_jvb_brewery_muc: jvbbrewery
 matrix_jitsi_jvb_rtp_udp_port: 10000
 matrix_jitsi_jvb_rtp_tcp_port: 4443
+matrix_jitsi_jvb_server_id: 'jvb-1'
+
 
 # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
 # This configuration gets appended to the final configuration that Jitsi JVB uses.
diff --git a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
new file mode 100644
index 00000000..e781f5bc
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
@@ -0,0 +1,5 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_systemd_services_list: "{{ ['matrix-jitsi-jvb.service'] }}"
+  when: matrix_jitsi_enabled | bool
diff --git a/roles/custom/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml
index 7da6ebf9..be96d944 100644
--- a/roles/custom/matrix-jitsi/tasks/main.yml
+++ b/roles/custom/matrix-jitsi/tasks/main.yml
@@ -4,17 +4,23 @@
   tags:
     - always
 
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
+  tags:
+    - setup-additional-jitsi-jvb
+
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_jitsi_enabled | bool"
   tags:
     - setup-all
     - setup-jitsi
+    - setup-additional-jitsi-jvb
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
   when: run_setup | bool
   tags:
     - setup-all
     - setup-jitsi
+    - setup-additional-jitsi-jvb
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
   when: run_setup | bool
@@ -39,3 +45,4 @@
   tags:
     - setup-all
     - setup-jitsi
+    - setup-additional-jitsi-jvb
diff --git a/roles/custom/matrix-jitsi/templates/jvb/env.j2 b/roles/custom/matrix-jitsi/templates/jvb/env.j2
index df1a4613..4b9ce68f 100644
--- a/roles/custom/matrix-jitsi/templates/jvb/env.j2
+++ b/roles/custom/matrix-jitsi/templates/jvb/env.j2
@@ -16,7 +16,7 @@ JVB_OCTO_PUBLIC_ADDRESS
 JVB_OCTO_BIND_PORT
 JVB_OCTO_REGION
 JVB_WS_DOMAIN
-JVB_WS_SERVER_ID
+JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }}
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
 SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
 SENTRY_ENVIRONMENT
diff --git a/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
index 0b2592ae..89cec091 100644
--- a/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
+++ b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
@@ -20,6 +20,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% if matrix_jitsi_prosody_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
 			{% endif %}
+			{% if matrix_jitsi_prosody_container_jvb_host_bind_port %}
+			-p {{ matrix_jitsi_prosody_container_jvb_host_bind_port }}:5222 \
+			{% endif %}
 			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
 			--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index b7d4819d..967a7267 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -667,3 +667,12 @@ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections
 matrix_nginx_proxy_worker_processes: auto
 matrix_nginx_proxy_worker_connections: 1024
+
+# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks
+# to the Jitsi's server configuration (matrix-jitsi.conf)
+# Note: avoid using the JVB server id  "jvb-1" as this is reserved for the main host.
+# Example:
+# matrix_nginx_proxy_proxy_jitsi_additional_jvbs:
+#   jvb-2: 192.168.0.1
+#   jvb-3: 192.168.0.2
+matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {}
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
index aa4b6b44..4d5a4ce7 100644
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
@@ -34,7 +34,7 @@
 	}
 
 	# colibri (JVB) websockets
-	location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
+	location ~ ^/colibri-ws/jvb-1/(.*) {
 		{% if matrix_nginx_proxy_enabled %}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
 			set $backend "matrix-jitsi-jvb:9090";
@@ -53,6 +53,22 @@
 
 		tcp_nodelay on;
 	}
+	{% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %}
+	# colibri (JVB) websockets for additional JVBs
+	location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) {
+		proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args;
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+
+		proxy_http_version 1.1;
+
+		tcp_nodelay on;
+	}
+	{% endfor %}
+
 
 	# XMPP websocket
 	location = /xmpp-websocket {
diff --git a/setup.yml b/setup.yml
deleted file mode 100755
index 2e648732..00000000
--- a/setup.yml
+++ /dev/null
@@ -1,95 +0,0 @@
----
-- name: "Set up a Matrix server"
-  hosts: "{{ target if target is defined else 'matrix_servers' }}"
-  become: true
-
-  roles:
-    # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`).
-    - role: galaxy/com.devture.ansible.role.playbook_help
-
-    - role: galaxy/com.devture.ansible.role.systemd_docker_base
-
-    - role: custom/matrix_playbook_migration
-
-    - when: devture_timesync_installation_enabled | bool
-      role: galaxy/com.devture.ansible.role.timesync
-      tags:
-        - setup-timesync
-        - setup-all
-
-    - custom/matrix-base
-    - custom/matrix-dynamic-dns
-    - custom/matrix-mailer
-    - custom/matrix-postgres
-    - custom/matrix-redis
-    - custom/matrix-corporal
-    - custom/matrix-bridge-appservice-discord
-    - custom/matrix-bridge-appservice-slack
-    - custom/matrix-bridge-appservice-webhooks
-    - custom/matrix-bridge-appservice-irc
-    - custom/matrix-bridge-appservice-kakaotalk
-    - custom/matrix-bridge-beeper-linkedin
-    - custom/matrix-bridge-go-skype-bridge
-    - custom/matrix-bridge-mautrix-facebook
-    - custom/matrix-bridge-mautrix-twitter
-    - custom/matrix-bridge-mautrix-hangouts
-    - custom/matrix-bridge-mautrix-googlechat
-    - custom/matrix-bridge-mautrix-instagram
-    - custom/matrix-bridge-mautrix-signal
-    - custom/matrix-bridge-mautrix-telegram
-    - custom/matrix-bridge-mautrix-whatsapp
-    - custom/matrix-bridge-mautrix-discord
-    - custom/matrix-bridge-mx-puppet-discord
-    - custom/matrix-bridge-mx-puppet-groupme
-    - custom/matrix-bridge-mx-puppet-steam
-    - custom/matrix-bridge-mx-puppet-slack
-    - custom/matrix-bridge-mx-puppet-twitter
-    - custom/matrix-bridge-mx-puppet-instagram
-    - custom/matrix-bridge-sms
-    - custom/matrix-bridge-heisenbridge
-    - custom/matrix-bridge-hookshot
-    - custom/matrix-bot-matrix-reminder-bot
-    - custom/matrix-bot-matrix-registration-bot
-    - custom/matrix-bot-maubot
-    - custom/matrix-bot-buscarron
-    - custom/matrix-bot-honoroit
-    - custom/matrix-bot-postmoogle
-    - custom/matrix-bot-go-neb
-    - custom/matrix-bot-mjolnir
-    - custom/matrix-cactus-comments
-    - custom/matrix-synapse
-    - custom/matrix-dendrite
-    - custom/matrix-conduit
-    - custom/matrix-synapse-admin
-    - custom/matrix-prometheus-node-exporter
-    - custom/matrix-prometheus-postgres-exporter
-    - custom/matrix-prometheus
-    - custom/matrix-grafana
-    - custom/matrix-registration
-    - custom/matrix-client-element
-    - custom/matrix-client-hydrogen
-    - custom/matrix-client-cinny
-    - custom/matrix-jitsi
-    - custom/matrix-ldap-registration-proxy
-    - custom/matrix-ma1sd
-    - custom/matrix-dimension
-    - custom/matrix-etherpad
-    - custom/matrix-email2matrix
-    - custom/matrix-sygnal
-    - custom/matrix-ntfy
-    - custom/matrix-nginx-proxy
-    - custom/matrix-coturn
-    - custom/matrix-aux
-    - custom/matrix-postgres-backup
-    - custom/matrix-backup-borg
-    - custom/matrix-user-creator
-    - custom/matrix-common-after
-
-    # This is pretty much last, because we want it to better serve as a "last known good configuration".
-    # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
-    - when: devture_playbook_state_preserver_enabled | bool
-      role: galaxy/com.devture.ansible.role.playbook_state_preserver
-      tags:
-        - setup-all
-
-    - role: galaxy/com.devture.ansible.role.playbook_runtime_messages
diff --git a/setup.yml b/setup.yml
new file mode 120000
index 00000000..7acc4c4c
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1 @@
+playbooks/matrix.yml
\ No newline at end of file

From 77451c6a71ac20bbc1abbb62fc1fcd1890235901 Mon Sep 17 00:00:00 2001
From: NullIsNot0 <NullIsNot0@users.noreply.github.com>
Date: Fri, 18 Nov 2022 15:07:53 +0200
Subject: [PATCH 020/198] Enable location sharing in Element (#2276)

* Enable location sharing in Element

* Update roles/custom/matrix-client-element/tasks/validate_config.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update roles/custom/matrix-client-element/tasks/setup_install.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Rename location sharing vars to be consistent with other vars

* Rename style.json to map_style.json

* Add m.tile_server section to /.well-known/matrix/client

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 .../static-files/well-known/matrix-client.j2  |  5 ++
 .../matrix-client-element/defaults/main.yml   | 67 +++++++++++++++++++
 .../tasks/setup_install.yml                   |  9 +++
 .../tasks/validate_config.yml                 |  8 +++
 .../templates/config.json.j2                  |  3 +
 .../templates/map_style.json.j2               | 18 +++++
 .../systemd/matrix-client-element.service.j2  |  3 +
 7 files changed, 113 insertions(+)
 create mode 100644 roles/custom/matrix-client-element/templates/map_style.json.j2

diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
index a4356d1d..4595bed1 100644
--- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
@@ -25,6 +25,11 @@
 	"im.vector.riot.jitsi": {
 		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 	}
+	{% endif %}
+	{% if matrix_client_element_location_sharing_enabled %},
+	"m.tile_server": {
+        "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json"
+    }
 	{% endif %}
 	,
 	"io.element.e2ee": {
diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index a1543b5b..0bb65ea8 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -135,3 +135,70 @@ matrix_client_element_configuration_extension: "{{ matrix_client_element_configu
 # Holds the final Element configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
 matrix_client_element_configuration: "{{ matrix_client_element_configuration_default | combine(matrix_client_element_configuration_extension, recursive=True) }}"
+
+# Element Location sharing functionality
+# More info: https://element.io/blog/element-launches-e2ee-location-sharing/
+# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server
+matrix_client_element_location_sharing_enabled: false
+
+# Default Element location sharing map style configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_client_element_location_sharing_map_style_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_client_element_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}"
+
+# Your custom JSON configuration for Element location sharing map style should go to `matrix_client_element_location_sharing_map_style_extension_json`.
+# This configuration extends the default starting configuration (`matrix_client_element_location_sharing_map_style_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_client_element_location_sharing_map_style_default`.
+#
+# Example configuration override follows:
+#
+# matrix_client_element_location_sharing_map_style_extension_json: |
+#  {
+#    "sources": {
+#        "localsource": {
+#            "tileSize": 512
+#        }
+#    }
+#  }
+#
+# Example configuration extension follows:
+#
+# matrix_client_element_location_sharing_map_style_extension_json: |
+#  {
+#    "sources": {
+#        "anothersource": {
+#            "attribution": "",
+#            "tileSize": 256,
+#            "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"],
+#            "type": "raster"
+#        }
+#    }
+#  }
+matrix_client_element_location_sharing_map_style_extension_json: '{}'
+
+matrix_client_element_location_sharing_map_style_extension: "{{ matrix_client_element_location_sharing_map_style_extension_json | from_json if matrix_client_element_location_sharing_map_style_extension_json | from_json is mapping else {} }}"
+
+# Holds the final Element location sharing map style configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_client_element_location_sharing_map_style_default`.
+matrix_client_element_location_sharing_map_style: "{{ matrix_client_element_location_sharing_map_style_default | combine(matrix_client_element_location_sharing_map_style_extension, recursive=True) }}"
+
+# Example tile servers configuration
+# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"]
+# or
+# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"]
+matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: []
+
+# Map attribution (optional):
+# Attribution for OpenStreetMap would be like this:
+# matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: "&copy; <a href=\"https://www.openstreetmap.org/copyright\" target=\"_blank\">OpenStreetMap</a> contributors"
+# Leave blank, if map does not require attribution.
+matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: ""
diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml
index 0edb0b50..cff30f4c 100644
--- a/roles/custom/matrix-client-element/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-element/tasks/setup_install.yml
@@ -69,6 +69,15 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
 
+- name: Ensure Element location sharing map style installed
+  when: matrix_client_element_location_sharing_enabled | bool
+  ansible.builtin.copy:
+    content: "{{ matrix_client_element_location_sharing_map_style | to_nice_json }}"
+    dest: "{{ matrix_client_element_data_path }}/map_style.json"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
 - name: Ensure Element config files installed
   ansible.builtin.template:
     src: "{{ item.src }}"
diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml
index fdf74f07..0e252db8 100644
--- a/roles/custom/matrix-client-element/tasks/validate_config.yml
+++ b/roles/custom/matrix-client-element/tasks/validate_config.yml
@@ -8,6 +8,14 @@
   with_items:
     - "matrix_client_element_default_hs_url"
 
+- name: Fail if Element location sharing enabled, but no tile server defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define at least one map tile server in matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles list
+  when:
+    - matrix_client_element_location_sharing_enabled | bool
+    - matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles | length == 0
+
 - name: (Deprecation) Catch and report riot-web variables
   ansible.builtin.fail:
     msg: >-
diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2
index e3477398..1ae16f41 100644
--- a/roles/custom/matrix-client-element/templates/config.json.j2
+++ b/roles/custom/matrix-client-element/templates/config.json.j2
@@ -36,6 +36,9 @@
 	"jitsi": {
         "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
     },
+	{% endif %}
+	{% if matrix_client_element_location_sharing_enabled %}
+	"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json",
 	{% endif %}
 	"branding": {
 		"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
diff --git a/roles/custom/matrix-client-element/templates/map_style.json.j2 b/roles/custom/matrix-client-element/templates/map_style.json.j2
new file mode 100644
index 00000000..1b92df63
--- /dev/null
+++ b/roles/custom/matrix-client-element/templates/map_style.json.j2
@@ -0,0 +1,18 @@
+{
+    "layers": [
+        {
+            "id": "locallayer",
+            "source": "localsource",
+            "type": "raster"
+        }
+    ],
+    "sources": {
+        "localsource": {
+            "attribution": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution|to_json }},
+            "tileSize": 256,
+            "tiles": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles|to_json }},
+            "type": "raster"
+        }
+    },
+    "version": 8
+}
diff --git a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
index 52f3249a..be96cab7 100644
--- a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
+++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
@@ -26,6 +26,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
 			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
 			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
+			{% if matrix_client_element_location_sharing_enabled %}
+			--mount type=bind,src={{ matrix_client_element_data_path }}/map_style.json,dst=/app/map_style.json,ro \
+			{% endif %}
 			{% if matrix_client_element_embedded_pages_home_path is not none %}
 			--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
 			{% endif %}

From eec7970689181e70bfd7853182ded343bf862d67 Mon Sep 17 00:00:00 2001
From: Aine <aine@etke.cc>
Date: Sat, 19 Nov 2022 00:55:03 +0200
Subject: [PATCH 021/198] update postmoogle 0.9.8 -> 0.9.9

---
 group_vars/matrix_servers                          |  4 ++--
 .../custom/matrix-bot-postmoogle/defaults/main.yml | 14 +++++++++-----
 .../custom/matrix-bot-postmoogle/templates/env.j2  |  2 +-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 7df71247..1c6416bc 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1255,8 +1255,8 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
 # We don't enable bots by default.
 matrix_bot_postmoogle_enabled: false
 matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
-matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
-matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
+matrix_bot_postmoogle_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/fullchain.pem {% endfor %}"
+matrix_bot_postmoogle_tls_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/privkey.pem {% endfor %}"
 
 matrix_bot_postmoogle_systemd_required_services_list: |
   {{
diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
index af6c23ac..9e30d7ab 100644
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.8
+matrix_bot_postmoogle_version: v0.9.9
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@@ -108,8 +108,12 @@ matrix_bot_postmoogle_loglevel: 'INFO'
 # Disable encryption
 matrix_bot_postmoogle_noencryption: false
 
+# deprecated, use matrix_bot_postmoogle_domains
 matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
 
+matrix_bot_postmoogle_domains:
+  - "{{ matrix_bot_postmoogle_domain }}" # backward compatibility
+
 # Password (passphrase) to encrypt account data
 matrix_bot_postmoogle_data_secret: ""
 
@@ -126,15 +130,15 @@ matrix_bot_postmoogle_submission_host_bind_port: '587'
 matrix_bot_postmoogle_ssl_path: ""
 
 ## in-container SSL paths
-# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate.
-# This is likely set via group_vars/matrix_servers, so you don't need to set it.
+# matrix_bot_postmoogle_tls_cert is the SSL certificates' certificates.
+# This var is likely set via group_vars/matrix_servers, so you don't need to set certs manually.
 # If you do need to set it manually, note that this is an in-container path.
 # To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
 # Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem
 matrix_bot_postmoogle_tls_cert: ""
 
-# matrix_bot_postmoogle_tls_key is the SSL certificate's key.
-# This is likely set via group_vars/matrix_servers, so you don't need to set it.
+# matrix_bot_postmoogle_tls_key is the SSL certificates' keys.
+# This var is likely set via group_vars/matrix_servers, so you don't need to set keys manually.
 # If you do need to set it manually, note that this is an in-container path.
 # To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
 # Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem
diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2
index c8151053..855bd882 100644
--- a/roles/custom/matrix-bot-postmoogle/templates/env.j2
+++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2
@@ -1,7 +1,7 @@
 POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }}
 POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }}
 POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }}
-POSTMOOGLE_DOMAIN={{ matrix_bot_postmoogle_domain }}
+POSTMOOGLE_DOMAINS={{ matrix_bot_postmoogle_domains | join(' ') }}
 POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }}
 POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }}
 POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}

From 59a01dabfc0b09b2ac3f8b81a8aecbe47b43bbde Mon Sep 17 00:00:00 2001
From: Dennis Ciba <73284509+DennisCiba@users.noreply.github.com>
Date: Sat, 19 Nov 2022 16:18:32 +0100
Subject: [PATCH 022/198] Restructure the list of services in the README.md

- Tried to split the list of services into distinct categories
- Use tables instead of a list
- Dropped "optional" flag, as every service is now optional anyways
- Added links to the documentation where docs exist and were missing before
- Split "Amazon S3" entry into two entries (Goofys and synapse-s3-storage-provider)
- Moved note about not needing all services to the top of the section
---
 README.md | 211 ++++++++++++++++++++++++++++--------------------------
 1 file changed, 109 insertions(+), 102 deletions(-)

diff --git a/README.md b/README.md
index 569dbb3f..3160238f 100644
--- a/README.md
+++ b/README.md
@@ -15,137 +15,144 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co
 
 ## Supported services
 
-Using this playbook, you can get the following services configured on your server:
+Using this playbook, you can get the following list of services configured on your server. Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
 
-- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
-
-- (optional) a [Conduit](https://conduit.rs) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements
-
-- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
-
-- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider)
-
-- (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.
-
-- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
-
-- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
-
-- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
-
-- (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server
-
-- (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server)
-
-- (optional, default) an [nginx](http://nginx.org/) web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md)
-
-- (optional, advanced) the [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) REST authentication password provider module
-
-- (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module
-
-- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module
-
-- (optional, advanced) the [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy)  a proxy that handles Matrix registration requests and forwards them to LDAP.
-
-- (optional, advanced) the [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) spam checker module
-
-- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
-
-- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation
-
-- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
-
-- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
-
-- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
-
-- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
-
-- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
-
-- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
-
-- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
-
-- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
-
-- (optional) the [beeper-linkedin](https://github.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/)
-
-- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
-
-- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
-
-- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)
-
-- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
-
-- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular
-
-- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
-
-- (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation
-
-- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
-
-- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
+**Note**: the list below is exhaustive. It includes optional or even some advanced components that you will most likely not need.
+Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation.
+You can always re-run the playbook later to add or remove components.
 
-- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
 
-- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
+### Homeserver
 
-- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
+The homeserver is the backbone of your matrix system. Choose one from the following list.
 
-- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- | 
+| [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
+| [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
+| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | - |
 
-- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
+### Clients
 
-- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - see [docs/configuring-playbook-email2matrix.md](docs/configuring-playbook-email2matrix.md) for setup documentation
+Web clients for matrix that you can host on your own domains.
 
-- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients - see [docs/configuring-playbook-dimension.md](docs/configuring-playbook-dimension.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
+| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) |
+| [Cinny](https://github.com/ajbura/cinny) |  x | Web client | [Link](docs/configuring-playbook-client-cinny.md) |
 
-- (optional) [Etherpad](https://etherpad.org), an open source collaborative text editor - see [docs/configuring-playbook-etherpad.md](docs/configuring-playbook-etherpad.md) for setup documentation
 
-- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform - see [docs/configuring-playbook-jitsi.md](docs/configuring-playbook-jitsi.md) for setup documentation
 
-- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
+### Server Components
 
-- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens  - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation
+Services that run on the server to make the various parts of your installation work.
 
-- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+| [PostgreSQL](https://www.postgresql.org/)| ✓ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
+| [Coturn](https://github.com/coturn/coturn) | ✓ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
+| [nginx](http://nginx.org/) | ✓ | Web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) | [Link](docs/configuring-playbook-nginx.md) |
+| [Let's Encrypt](https://letsencrypt.org/) | ✓ | Free  SSL certificate, which secures the connection to the Synapse server and the Element web UI | [Link](docs/configuring-playbook-ssl-certificates.md) |
+| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](configuring-playbook-ma1sd.md)
+| [Exim](https://www.exim.org/) | ✓ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - |
+| [Dimension](https://github.com/turt2live/matrix-dimension) | x | An open source integrations manager for matrix clients | [Link](docs/configuring-playbook-dimension.md) |
+| [Sygnal](https://github.com/matrix-org/sygnal) | x | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |
+| [ntfy](https://ntfy.sh) | x | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) |
 
-- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
 
-- (optional) [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email to matrix bot - see [docs/configuring-playbook-bot-postmoogle.md](docs/configuring-playbook-bot-postmoogle.md) for setup documentation
+### Authentication
 
-- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
+Extend and modify how users are authenticated on your homeserver.
 
-- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- | 
+| [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) |
+|[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
+| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) |
+| [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | x | A proxy that handles Matrix registration requests and forwards them to LDAP. | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
+| [matrix-registration](https://github.com/ZerataX/matrix-registration) | x | A simple python application to have a token based matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) |
 
-- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation
 
-- (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation
+### File Storage
 
-- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
+Use alternative file storage to the default `media_store` folder.
 
-- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+| [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) |
+| [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) |
 
-- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation
+### Bridges
 
-- (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
+Bridges can be used to connect your matrix installation with third-party communication networks.
 
-- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+[mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
+| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
+| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
+| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
+| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
+| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) |
+| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
+| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge for bridging your Matrix server to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
+| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
+| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
+| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
+| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
+| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
+| [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) | x | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) | [Link](docs/configuring-playbook-bridge-appservice-webhooks.md) |
+| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
+| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge for bridging your Matrix server to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
+| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bridge for bridging your Matrix server to IRC bouncer-style | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
+| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge for bridging your Matrix server to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
+| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
+| [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | x | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) |
+| [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | x | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) |
+| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge for [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
+| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge for [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
+| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge for [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
+| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying email messages to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) |
 
-- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation
 
-- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation
+### Bots
 
-- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation
+Bots provide various additional functionality to your installation.
 
-Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+| [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) | x | Bot for scheduling one-off & recurring reminders and alarms | [Link](docs/configuring-playbook-bot-matrix-reminder-bot.md) |
+| [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) | x | Bot for invitations by creating and managing registration tokens | [Link](docs/configuring-playbook-bot-matrix-registration-bot.md) |
+| [maubot](https://github.com/maubot/maubot) | x | A plugin-based Matrix bot system | [Link](docs/configuring-playbook-bot-maubot.md) |
+| [honoroit](https://gitlab.com/etke.cc/honoroit) | x | A helpdesk bot | [Link](docs/configuring-playbook-bot-honoroit.md) |
+| [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) |
+| [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) |
+| [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) |
+| [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) |
 
-**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
-Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation.
-You can always re-run the playbook later to add or remove components.
+### Administration
+
+Services that help you in administrating and monitoring your matrix installation.
+
+
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+| [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) | x | A web UI tool for administrating users and rooms on your Matrix server | [Link](docs/configuring-playbook-synapse-admin.md) |
+| Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
+| [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
+
+### Misc
+
+Various services that don't fit any other category.
+
+| Name | Default? | Description | Documentation |
+| ---- | -------- | ----------- | ------------- |
+| [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | x | A spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |
+| [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | x | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
+| [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) |
+| [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) |
+| [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) |
 
 
 ## Installation

From 7cc668489b86ff48c56f5260ac882a8ec75352cc Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Sun, 20 Nov 2022 00:11:21 -0800
Subject: [PATCH 023/198] add auto join option to dendrite config (#2255)

* add auto join option to dendrite config

* added   auto_join_rooms: variable

* added "configuring dendrite" entry

* created dendite configuration documentation

* fixed config path

* Update docs/configuring-playbook-dendrite.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-dendrite.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-dendrite.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-dendrite.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/configuring-playbook-dendrite.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update roles/custom/matrix-dendrite/defaults/main.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* correction

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 docs/configuring-playbook-dendrite.md         | 32 +++++++++++++++++++
 docs/configuring-playbook.md                  |  2 ++
 .../custom/matrix-dendrite/defaults/main.yml  |  2 ++
 .../templates/dendrite/dendrite.yaml.j2       |  2 ++
 4 files changed, 38 insertions(+)
 create mode 100644 docs/configuring-playbook-dendrite.md

diff --git a/docs/configuring-playbook-dendrite.md b/docs/configuring-playbook-dendrite.md
new file mode 100644
index 00000000..fcd5693d
--- /dev/null
+++ b/docs/configuring-playbook-dendrite.md
@@ -0,0 +1,32 @@
+# Configuring Dendrite (optional)
+
+By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Dendrite](https://github.com/matrix-org/dendrite).
+
+**NOTES**:
+
+- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Dendrite). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
+
+- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
+
+The playbook provided settings for Dendrite are defined in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml) and they ultimately end up in the generated `/matrix/dendrite/config/dendrite.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2) template.
+
+**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
+
+Alternatively, **if there is no pre-defined variable** for a Dendrite setting you wish to change:
+
+- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Dendrite's various settings that rarely get used.
+
+- or, you can **extend and override the default configuration** ([`dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2)) by making use of the `matrix_dendrite_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml).
+
+- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_dendrite_configuration` (or `matrix_dendrite_configuration_yaml`). You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml).
+
+
+
+## Installation
+
+To use Dendrite, you **generally** need the following additional `vars.yml` configuration:
+
+```yaml
+matrix_homeserver_implementation: dendrite
+```
+
diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md
index 127ab47d..fa00c858 100644
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -47,6 +47,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
   - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional)
 
+  - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation (optional)
+
 - [Configuring Element](configuring-playbook-client-element.md) (optional)
 
 - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index b9dddfe9..698a1f48 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -194,3 +194,5 @@ matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_exten
 # Holds the final Dendrite configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`.
 matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}"
+
+matrix_dendrite_userapi_auto_join_rooms: []
diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
index 86a12d7c..7d99aee5 100644
--- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
@@ -382,6 +382,7 @@ user_api:
   # is considered to be valid in milliseconds.
   # The default lifetime is 3600000ms (60 minutes).
   # openid_token_lifetime_ms: 3600000
+  auto_join_rooms: {{ matrix_dendrite_userapi_auto_join_rooms | to_json }}
 
 # Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml
 # Configuration for the Push Server API.
@@ -414,3 +415,4 @@ tracing:
 # Logging configuration, in addition to the standard logging that is sent to
 # stdout by Dendrite.
 logging: []
+

From 424de93f82e16033113f6497be4a1594088234f6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 11:13:23 +0200
Subject: [PATCH 024/198] Remove useless
 matrix_nginx_proxy_synapse_presence_disabled variable definition

---
 group_vars/matrix_servers | 2 --
 1 file changed, 2 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 1c6416bc..db910f4a 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1815,8 +1815,6 @@ matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_ret
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074
 matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_ssl_retrieval_method != 'self-signed' }}"
 
-matrix_nginx_proxy_synapse_presence_disabled: "{{ not matrix_synapse_presence_enabled }}"
-
 matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
 matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
 matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"

From e9e84341a91fb0013469d74ee8c88c2edb5ad3a5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 16:43:30 +0200
Subject: [PATCH 025/198] Reverse-proxy to Synapse via
 matrix-synapse-reverse-proxy-companion

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
---
 CHANGELOG.md                                  |  48 ++++
 docs/configuring-playbook-email2matrix.md     |   2 +-
 docs/configuring-playbook-federation.md       |   3 +
 docs/configuring-playbook-own-webserver.md    |  31 +--
 examples/caddy/matrix-synapse                 |   4 +-
 group_vars/matrix_servers                     |  70 +++---
 playbooks/matrix.yml                          |   1 +
 .../custom/matrix-corporal/defaults/main.yml  |   2 +-
 .../matrix-nginx-proxy/defaults/main.yml      |  23 --
 .../tasks/setup_nginx_proxy.yml               |  10 +-
 .../nginx/conf.d/matrix-synapse.conf.j2       | 158 -------------
 .../templates/nginx/nginx.conf.j2             |   4 +-
 .../systemd/matrix-nginx-proxy.service.j2     |   3 -
 .../defaults/main.yml                         | 164 ++++++++++++++
 .../tasks/init.yml                            |   6 +
 .../tasks/main.yml                            |  19 ++
 .../tasks/setup_install.yml                   |  44 ++++
 .../tasks/setup_uninstall.yml                 |  30 +++
 ...ix-synapse-reverse-proxy-companion.conf.j2 | 208 ++++++++++++++++++
 .../templates/nginx/conf.d/nginx-http.conf.j2 |  13 ++
 .../templates/nginx/nginx.conf.j2             |  66 ++++++
 ...synapse-reverse-proxy-companion.service.j2 |  53 +++++
 .../tasks/validate_config.yml                 |   3 +
 23 files changed, 720 insertions(+), 245 deletions(-)
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2
 create mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
 create mode 100755 roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 209e9945..0e11f8ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,51 @@
+# 2022-11-20
+
+## (Backward Compatibility Break) Changing how reverse-proxying to Synapse works - now via a `matrix-synapse-reverse-proxy-companion` service
+
+**TLDR**: There's now a `matrix-synapse-reverse-proxy-companion` nginx service, which helps with reverse-proxying to Synapse and its various worker processes (if workers are enabled), so that `matrix-nginx-proxy` can be relieved of this role. `matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. `matrix-synapse-reverse-proxy-companion` is just one more reverse-proxy thrown into the mix for convenience. People with a more custom reverse-proxying configuration may be affected - see [Webserver configuration](#webserver-configuration) below.
+
+### Background
+
+Previously, `matrix-nginx-proxy` forwarded requests to Synapse directly. When Synapse is running in worker mode, the reverse-proxying configuration is more complicated (different requests need to go to different Synapse worker processes). `matrix-nginx-proxy` had configuration for sending each URL endpoint to the correct Synapse worker responsible for handling it. However, sometimes people like to disable `matrix-nginx-proxy` (for whatever reason) as detailed in [Using your own webserver, instead of this playbook's nginx proxy](docs/configuring-playbook-own-webserver.md).
+
+Because `matrix-nginx-proxy` was so central to request forwarding, when it was disabled and Synapse was running with workers enabled, there was nothing which could forward requests to the correct place anymore.. which caused [problems such as this one affecting Dimension](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090).
+
+### Solution
+
+From now on, `matrix-nginx-proxy` is relieved of its function of reverse-proxying to Synapse and its various worker processes.
+This role is now handled by the new `matrix-synapse-reverse-proxy-companion` nginx service and works even if `matrix-nginx-proxy` is disabled.
+The purpose of the new `matrix-synapse-reverse-proxy-companion` service is to:
+
+- serve as a companion to Synapse and know how to reverse-proxy to Synapse correctly (no matter if workers are enabled or not)
+
+- provide a unified container address for reaching Synapse (no matter if workers are enabled or not)
+  - `matrix-synapse-reverse-proxy-companion:8008` for Synapse Client-Server API traffic
+  - `matrix-synapse-reverse-proxy-companion:8048` for Synapse Server-Server (Federation) API traffic
+
+- simplify `matrix-nginx-proxy` configuration - it now only needs to send requests to `matrix-synapse-reverse-proxy-companion` or `matrix-dendrite`, etc., without having to worry about workers
+
+- allow reverse-proxying to Synapse, even if `matrix-nginx-proxy` is disabled
+
+`matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. All traffic goes through it before reaching any of the services.
+It's just that now the Synapse traffic is routed through `matrix-synapse-reverse-proxy-companion` like this:
+
+(`matrix-nginx-proxy` -> `matrix-synapse-reverse-proxy-companion` -> (`matrix-synapse` or some Synapse worker)).
+
+Various services (like Dimension, etc.) still talk to Synapse via `matrix-nginx-proxy` (e.g. `http://matrix-nginx-proxy:12080`) preferentially. They only talk to Synapse via the reverse-proxy companion (e.g. `http://matrix-synapse-reverse-proxy-companion:8008`) if `matrix-nginx-proxy` is disabled. Services should not be talking to Synapse (e.g. `https://matrix-synapse:8008` directly anymore), because when workers are enabled, that's the Synapse `master` process and may not be serving all URL endpoints needed by the service.
+
+### Webserver configuration
+
+- if you're using `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: true`, which is the default for the playbook), you don't need to do anything
+
+- if you're using your own `nginx` webserver running on the server, you shouldn't be affected. The `/matrix/nginx/conf.d` configuration and exposed ports that you're relying on will automatically be updated in a way that should work
+
+- if you're using another local webserver (e.g. Apache, etc.) and haven't changed any ports (`matrix_*_host_bind_port` definitions), you shouldn't be affected. You're likely sending Matrix traffic to `127.0.0.1:8008` and `127.0.0.1:8048`. These ports (`8008` and `8048`) will still be exposed on `127.0.0.1` by default - just not by the `matrix-synapse` container from now on, but by the `matrix-synapse-reverse-proxy-companion` container instead
+
+- if you've been exposing `matrix-synapse` ports (`matrix_synapse_container_client_api_host_bind_port`, etc.) manually, you should consider exposing `matrix-synapse-reverse-proxy-companion` ports instead
+
+- if you're running Traefik and reverse-proxying directly to the `matrix-synapse` container, you should start reverse-proxying to the `matrix-synapse-reverse-proxy-companion` container instead. See [our updated Traefik example configuration](docs/configuring-playbook-own-webserver.md#sample-configuration-for-running-behind-traefik-20). Note: we now recommend calling the federation entry point `federation` (instead of `synapse`) and reverse-proxying the federation traffic via `matrix-nginx-proxy`, instead of sending it directly to Synapse (or `matrix-synapse-reverse-proxy-companion`). This makes the configuration simpler.
+
+
 # 2022-11-05
 
 ## (Backward Compatibility Break) A new default standalone mode for Etherpad
diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md
index 56e181f1..d65d2ccd 100644
--- a/docs/configuring-playbook-email2matrix.md
+++ b/docs/configuring-playbook-email2matrix.md
@@ -70,7 +70,7 @@ matrix_email2matrix_matrix_mappings:
     SkipMarkdown: true
 ```
 
-You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`.
+You can also set `MatrixHomeserverUrl` to `http://matrix-synapse-reverse-proxy-companion:8008`, instead of the public `https://matrix.DOMAIN`.
 However, that's more likely to break in the future if you switch to another server implementation than Synapse.
 
 Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`.
diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md
index 4650b5e2..5a1e76e5 100644
--- a/docs/configuring-playbook-federation.md
+++ b/docs/configuring-playbook-federation.md
@@ -46,6 +46,9 @@ matrix_synapse_federation_port_enabled: false
 
 # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
 matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
+
+# This stops the federation port on the synapse-reverse-proxy-companion side (normally `matrix-synapse-reverse-proxy-companion:8048` on the container network).
+matrix_synapse_reverse_proxy_companion_federation_api_enabled: false
 ```
 
 ## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports
diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md
index 9fd51086..04e2e487 100644
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -40,8 +40,8 @@ No matter which external webserver you decide to go with, you'll need to:
 
       Here are the variables required for the default configuration (Synapse and Element)
        ```
-        matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008'
-        matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048'
+		matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: '0.0.0.0:8008'
+		matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: '0.0.0.0:8048'
         matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765"
        ```
 
@@ -172,31 +172,24 @@ matrix_nginx_proxy_container_extra_arguments:
 
   # The Nginx proxy container will receive traffic from these subdomains
   - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`,`{{ matrix_server_fqn_jitsi }}`)"'
-
   # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
-
   # (The 'default' certificate resolver must be defined in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy.tls.certResolver=default"'
-
   # The Nginx proxy container uses port 8080 internally
   - '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"'
 
-matrix_synapse_container_extra_arguments:
-  # May be unnecessary depending on Traefik config, but can't hurt
-  - '--label "traefik.enable=true"'
-
-  # The Synapse container will receive traffic from this subdomain
-  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
-
-  # (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
-  - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
-
+  # Federation
+  - '--label "traefik.http.routers.matrix-nginx-proxy-federation.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
+  # (The 'federation' entrypoint must bind to port 8448 in Traefik config)
+  - '--label "traefik.http.routers.matrix-nginx-proxy-federation.entrypoints=federation"'
   # (The 'default' certificate resolver must be defined in Traefik config)
-  - '--label "traefik.http.routers.matrix-synapse.tls.certResolver=default"'
+  - '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"'
+  # The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally
+  - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"'
+  - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }}"'
 
-  # The Synapse container uses port 8048 internally
-  - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
+matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: true
 ```
 
 This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
@@ -240,7 +233,7 @@ services:
       - "--providers.docker.network=traefik"
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web-secure.address=:443"
-      - "--entrypoints.synapse.address=:8448"
+      - "--entrypoints.federation.address=:8448"
       - "--certificatesresolvers.default.acme.tlschallenge=true"
       - "--certificatesresolvers.default.acme.email=YOUR EMAIL"
       - "--certificatesresolvers.default.acme.storage=/letsencrypt/acme.json"
diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse
index c1893ebb..46c48ab6 100644
--- a/examples/caddy/matrix-synapse
+++ b/examples/caddy/matrix-synapse
@@ -21,11 +21,11 @@ https://matrix.DOMAIN {
 	}
 
 	# Synapse Client<>Server API
-	proxy /_matrix matrix-synapse:8008 {
+	proxy /_matrix matrix-synapse-reverse-proxy-companion:8008 {
 		transparent
 		except /_matrix/identity/ /_matrix/client/r0/user_directory/search
 	}
-	proxy /_synapse/client matrix-synapse:8008 {
+	proxy /_synapse/client matrix-synapse-reverse-proxy-companion:8008 {
 		transparent
 	}
 }
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index db910f4a..23ce1d3d 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -57,12 +57,10 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d
 
 matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 
-# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'.
-# This is because we explicitly disable them for the main Synapse process.
 matrix_homeserver_container_url: |-
   {{
     'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else {
-      'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
+      'synapse': ('http://matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
       'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
       'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
     }[matrix_homeserver_implementation]
@@ -71,7 +69,7 @@ matrix_homeserver_container_url: |-
 matrix_homeserver_container_federation_url: |-
   {{
     'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else {
-      'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
+      'synapse': ('http://matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
       'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
       'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
     }[matrix_homeserver_implementation]
@@ -1720,6 +1718,7 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr
 #
 ######################################################################
 
+
 ######################################################################
 #
 # matrix-nginx-proxy
@@ -1782,10 +1781,10 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-ngin
 matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088"
 
 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
-matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
-matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
-matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port | string}}"
-matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port | string}}"
+matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8008' }}"
+matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008"
+matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8048' }}"
+matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:8048"
 
 matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
 matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
@@ -1815,24 +1814,14 @@ matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_ret
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074
 matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_ssl_retrieval_method != 'self-signed' }}"
 
-matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
-matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
-matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
-matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
-matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
-matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
-
 matrix_nginx_proxy_systemd_wanted_services_list: |
   {{
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
     (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else [])
     +
+    (['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
+    +
     (['matrix-corporal.service'] if matrix_corporal_enabled else [])
     +
     (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
@@ -2328,16 +2317,6 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6
 # When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
 matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
 
-# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
-# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
-# you can expose Synapse's ports to the host.
-#
-# For exposing the Matrix Client API's port (plain HTTP) to the local host.
-matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port | string }}"
-#
-# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
-matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port | string }}"
-#
 # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
 matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
 #
@@ -2426,6 +2405,37 @@ matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-synapse-reverse-proxy-companion
+#
+######################################################################
+
+matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled }}"
+
+matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
+
+matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
+matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
+
+matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
+matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
+matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
+matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
+matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
+
+######################################################################
+#
+# /matrix-synapse-reverse-proxy-companion
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-synapse-admin
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 2e648732..6c7dc383 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -58,6 +58,7 @@
     - custom/matrix-bot-mjolnir
     - custom/matrix-cactus-comments
     - custom/matrix-synapse
+    - custom/matrix-synapse-reverse-proxy-companion
     - custom/matrix-dendrite
     - custom/matrix-conduit
     - custom/matrix-synapse-admin
diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml
index 8c391dfb..1bed8881 100644
--- a/roles/custom/matrix-corporal/defaults/main.yml
+++ b/roles/custom/matrix-corporal/defaults/main.yml
@@ -37,7 +37,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
 
 matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
 
-# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}").
+# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse-reverse-proxy-companion:{{ matrix_synapse_container_client_api_port }}").
 # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
 matrix_corporal_matrix_homeserver_api_endpoint: ""
 
diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 967a7267..886e3513 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -639,29 +639,6 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
 matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']
 
 
-# synapse worker activation and endpoint mappings
-matrix_nginx_proxy_synapse_workers_enabled: false
-matrix_nginx_proxy_synapse_workers_list: []
-matrix_nginx_proxy_synapse_generic_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_generic_worker_federation_locations: []
-matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: []
-matrix_nginx_proxy_synapse_media_repository_locations: []
-matrix_nginx_proxy_synapse_user_dir_locations: []
-
-# synapse content caching
-matrix_nginx_proxy_synapse_cache_enabled: false
-matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}"
-matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC"
-matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m"
-matrix_nginx_proxy_synapse_cache_inactive_time: "48h"
-matrix_nginx_proxy_synapse_cache_max_size_mb: 1024
-matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"
-
-
 # The amount of worker processes and connections
 # Consider increasing these when you are expecting high amounts of traffic
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections
diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 4a74d399..50e8ab9b 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -12,17 +12,15 @@
 #
 - name: Ensure Matrix nginx-proxy paths exist
   ansible.builtin.file:
-    path: "{{ item.path }}"
+    path: "{{ item }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items:
-    - {path: "{{ matrix_nginx_proxy_base_path }}", when: true}
-    - {path: "{{ matrix_nginx_proxy_data_path }}", when: true}
-    - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true}
-    - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"}
-  when: item.when | bool
+    - "{{ matrix_nginx_proxy_base_path }}"
+    - "{{ matrix_nginx_proxy_data_path }}"
+    - "{{ matrix_nginx_proxy_confd_path }}"
 
 - name: Ensure Matrix nginx-proxy configured (main config override)
   ansible.builtin.template:
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
index da189329..4d121e7d 100644
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
@@ -1,70 +1,5 @@
 #jinja2: lstrip_blocks: "True"
 
-{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %}
-{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %}
-{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %}
-{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %}
-{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %}
-{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %}
-{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
-{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
-
-{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %}
-{% if workers | length > 0 %}
-	upstream {{ name }} {
-		{% for worker in workers %}
-			{% if matrix_nginx_proxy_enabled %}
-				server "{{ worker.name }}:{{ worker.port }}";
-			{% else %}
-				server "127.0.0.1:{{ worker.port }}";
-			{% endif %}
-		{% endfor %}
-	}
-{% endif %}
-{% endmacro %}
-
-{% macro render_locations_to_upstream(locations, upstream_name) %}
-	{% for location in locations %}
-	location ~ {{ location }} {
-		proxy_pass http://{{ upstream_name }}$request_uri;
-		proxy_set_header Host $host;
-	}
-	{% endfor %}
-{% endmacro %}
-
-{% if matrix_nginx_proxy_synapse_workers_enabled %}
-	{% if matrix_nginx_proxy_synapse_cache_enabled %}
-    	proxy_cache_path  {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m;
-	{% endif %}
-	# Round Robin "upstream" pools for workers
-
-	{% if generic_workers |length > 0 %}
-	upstream generic_workers_upstream {
-		# ensures that requests from the same client will always be passed
-		# to the same server (except when this server is unavailable)
-		hash $http_x_forwarded_for;
-
-		{% for worker in generic_workers %}
-			{% if matrix_nginx_proxy_enabled %}
-				server "{{ worker.name }}:{{ worker.port }}";
-			{% else %}
-				server "127.0.0.1:{{ worker.port }}";
-			{% endif %}
-		{% endfor %}
-	}
-	{% endif %}
-
-	{{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }}
-	{{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }}
-	{{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }}
-	{{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }}
-	{{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }}
-
-	{{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }}
-
-	{{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }}
-{% endif %}
-
 server {
 	listen 12080;
 	{% if matrix_nginx_proxy_enabled %}
@@ -77,71 +12,6 @@ server {
 	gzip on;
 	gzip_types text/plain application/json;
 
-	{% if matrix_nginx_proxy_synapse_workers_enabled %}
-		{# Workers redirects BEGIN #}
-
-		{% if generic_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }}
-		{% endif %}
-
-		{% if stream_writer_typing_stream_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }}
-		{% endif %}
-
-		{% if stream_writer_to_device_stream_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }}
-		{% endif %}
-
-		{% if stream_writer_account_data_stream_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }}
-		{% endif %}
-
-		{% if stream_writer_receipts_stream_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }}
-		{% endif %}
-
-		{% if stream_writer_presence_stream_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }}
-		{% endif %}
-
-		{% if media_repository_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
-			{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
-			location ~ {{ location }} {
-				proxy_pass http://media_repository_workers_upstream$request_uri;
-				proxy_set_header Host $host;
-
-				client_body_buffer_size 25M;
-				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
-				proxy_max_temp_file_size 0;
-
-				{% if matrix_nginx_proxy_synapse_cache_enabled %}
-					proxy_buffering        on;
-					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
-					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
-					proxy_force_ranges on;
-					add_header X-Cache-Status $upstream_cache_status;
-				{% endif %}
-			}
-			{% endfor %}
-		{% endif %}
-
-		{% if user_dir_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
-			# If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here,
-			# but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.).
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }}
-		{% endif %}
-		{# Workers redirects END #}
-	{% endif %}
-
-
 	{% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}
@@ -180,34 +50,6 @@ server {
 	gzip on;
 	gzip_types text/plain application/json;
 
-	{% if matrix_nginx_proxy_synapse_workers_enabled %}
-		{% if generic_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
-			{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }}
-		{% endif %}
-		{% if media_repository_workers | length > 0 %}
-			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
-			{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
-			location ~ {{ location }} {
-				proxy_pass http://media_repository_workers_upstream$request_uri;
-				proxy_set_header Host $host;
-
-				client_body_buffer_size 25M;
-				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
-				proxy_max_temp_file_size 0;
-
-				{% if matrix_nginx_proxy_synapse_cache_enabled %}
-					proxy_buffering        on;
-					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
-					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
-					proxy_force_ranges on;
-					add_header X-Cache-Status $upstream_cache_status;
-				{% endif %}
-			}
-			{% endfor %}
-		{% endif %}
-	{% endif %}
-
 	location / {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
index 1084d8ca..5aeeb6f4 100644
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
@@ -42,9 +42,9 @@ http {
 	{% else %}
 	access_log off;
 	{% endif %}
-	
+
 	proxy_connect_timeout       {{ matrix_nginx_proxy_connect_timeout }};
-	proxy_send_timeout          {{  matrix_nginx_proxy_send_timeout }};
+	proxy_send_timeout          {{ matrix_nginx_proxy_send_timeout }};
 	proxy_read_timeout          {{ matrix_nginx_proxy_read_timeout }};
 	send_timeout                {{ matrix_nginx_send_timeout }};
 
diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
index ee32be38..a930d3b1 100755
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -22,9 +22,6 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
-			{% if matrix_nginx_proxy_synapse_cache_enabled %}
-			--tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\
-			{% endif %}
 			--network={{ matrix_docker_network }} \
 			{% if matrix_nginx_proxy_container_http_host_bind_port %}
 			-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
new file mode 100644
index 00000000..13a9ca1e
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -0,0 +1,164 @@
+---
+
+# matrix-synapse-reverse-proxy companion is a role which brings up a containerized nginx webserver which helps with reverse-proxying to Synapse.
+#
+# When Synapse is NOT running in worker-mode, reverse-proxying is relatively simple (everything goes to `matrix-synapse:XXXX`).
+#
+# When Synapse workers are enabled, however, the reverse-proxying configuration is much more complicated.
+# Certain requests need to go to certain workers, etc.
+# In the past, the main reverse proxy (`matrix-synapse-reverse-proxy-companion`) was handling request routing to the appropriate workers,
+# but that only worked well for external requests (from outside of the Matrix server itself).
+#
+# Without the help of `matrix-synapse-reverse-proxy-companion`, internal services (like Dimension) that would like to talk to Synapse over the container network
+# did not have an endpoint for Synapse that they could be pointed to and have it just work.
+# If `matrix-synapse-reverse-proxy-companion` was enabled, Dimension could be pointed to its vhost handling Synapse and routing to the appropriate workers,
+# but when `matrix-synapse-reverse-proxy-companion` was disabled, this helpful functionality was not available and the best we could do
+# is point Dimension to the main Synapse process at `matrix-synapse:XXXX` itself.
+# Doing that breaks requests that need to go to specific workers.
+# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
+#
+# What this role does is, it extracts all the Synapse request routing out of the `matrix-synapse-reverse-proxy-companion` role here,
+# and makes the `matrix-synapse-reverse-proxy-companion` container service represent Synapse and route appropriately,
+# regardless of whether workers are enabled or disabled.
+# All other playbook services can then forget about `matrix-synapse` or `matrix-synapse-whatever-worker`, etc.,
+# and just use `matrix-synapse-reverse-proxy-companion` as their request destination.
+
+matrix_synapse_reverse_proxy_companion_enabled: true
+
+matrix_synapse_reverse_proxy_companion_version: 1.23.2-alpine
+
+matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
+matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"
+
+# List of systemd services that matrix-synapse-reverse-proxy-companion.service depends on
+matrix_synapse_reverse_proxy_companion_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-synapse-reverse-proxy-companion.service wants
+matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list: ['matrix-synapse.service']
+
+# We use an official nginx image, which we fix-up to run unprivileged.
+# An alternative would be an `nginxinc/nginx-unprivileged` image, but
+# that is frequently out of date.
+matrix_synapse_reverse_proxy_companion_container_image: "{{ matrix_container_global_registry_prefix }}nginx:{{ matrix_synapse_reverse_proxy_companion_version }}"
+matrix_synapse_reverse_proxy_companion_container_image_force_pull: "{{ matrix_synapse_reverse_proxy_companion_container_image.endswith(':latest') }}"
+
+matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_docker_network }}"
+
+# A list of additional container networks that matrix-synapse-reverse-proxy-companion would be connected to.
+# The playbook does not create these networks, so make sure they already exist.
+#
+# Use this to expose matrix-synapse-reverse-proxy-companion to another reverse proxy, which runs in a different container network,
+# without exposing all other Matrix services to that other reverse-proxy.
+#
+# For background, see: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
+matrix_synapse_reverse_proxy_companion_container_additional_networks: []
+
+# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Client-Server API port (tcp/8008 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
+matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: ''
+
+# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Federation (Server-Server) API port (tcp/8048 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
+matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: ''
+
+# The amount of worker processes and connections
+# Consider increasing these when you are expecting high amounts of traffic
+# http://nginx.org/en/docs/ngx_core_module.html#worker_connections
+matrix_synapse_reverse_proxy_companion_worker_processes: auto
+matrix_synapse_reverse_proxy_companion_worker_connections: 1024
+
+# Option to disable the access log
+matrix_synapse_reverse_proxy_companion_access_log_enabled: true
+
+# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
+matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb | int) * 50 }}"
+matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb | int) * 2 }}"
+
+# A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf).
+# for big matrixservers to enlarge the number of open files to prevent timeouts
+# matrix_synapse_reverse_proxy_companion_additional_configuration_blocks:
+#  - 'worker_rlimit_nofile 30000;'
+matrix_synapse_reverse_proxy_companion_additional_configuration_blocks: []
+
+# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf).
+matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks: []
+
+# A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf).
+matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks: []
+
+# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives
+# Nginx Default: proxy_connect_timeout 60s;   #Defines a timeout for establishing a connection with a proxied server
+# Nginx Default: proxy_send_timeout 60s;      #Sets a timeout for transmitting a request to the proxied server.
+# Nginx Default: proxy_read_timeout 60s;      #Defines a timeout for reading a response from the proxied server.
+# Nginx Default: send_timeout 60s;            #Sets a timeout for transmitting a response to the client.
+#
+# For more information visit:
+# http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout
+# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/
+#
+# Here we are sticking with nginx default values change this value carefully.
+matrix_synapse_reverse_proxy_companion_proxy_connect_timeout: 60
+matrix_synapse_reverse_proxy_companion_proxy_send_timeout: 60
+matrix_synapse_reverse_proxy_companion_proxy_read_timeout: 60
+matrix_synapse_reverse_proxy_companion_send_timeout: 60
+
+# For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter).
+#
+# Otherwise, we get warnings like this:
+# > [warn] 22#22: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/matrix/ssl/config/live/.../fullchain.pem"
+#
+# We point it to the internal Docker resolver, which likely delegates to nameservers defined in `/etc/resolv.conf`.
+matrix_synapse_reverse_proxy_companion_http_level_resolver: 127.0.0.11
+
+matrix_synapse_reverse_proxy_companion_hostname: "matrix-synapse-reverse-proxy-companion"
+
+# matrix_synapse_reverse_proxy_companion_client_api_addr specifies the address where the Client-Server API is
+matrix_synapse_reverse_proxy_companion_client_api_addr: 'matrix-synapse:{{ matrix_synapse_container_client_api_port }}'
+# This needs to be equal or higher than the maximum upload size accepted by Synapse.
+matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: 50
+
+# matrix_synapse_reverse_proxy_companion_federation_api_enabled specifies whether reverse proxying for the Federation (Server-Server) API should be done
+matrix_synapse_reverse_proxy_companion_federation_api_enabled: true
+# matrix_synapse_reverse_proxy_companion_federation_api_addr specifies the address where the Federation (Server-Server) API is
+matrix_synapse_reverse_proxy_companion_federation_api_addr: 'matrix-synapse:{{ matrix_synapse_container_federation_api_plain_port }}'
+matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb | int) * 3 }}"
+
+# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Client-Server API
+matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks: []
+
+# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Federation (Server-Server) API
+matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks: []
+
+
+# synapse worker activation and endpoint mappings
+matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: false
+matrix_synapse_reverse_proxy_companion_synapse_workers_list: []
+matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: []
+matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: []
+
+
+# synapse content caching
+matrix_synapse_reverse_proxy_companion_synapse_cache_enabled: false
+matrix_synapse_reverse_proxy_companion_synapse_cache_path: /tmp/synapse-cache
+matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name: "STATIC"
+matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size: "10m"
+matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time: "48h"
+matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb: 1024
+matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time: "24h"
+
+
+# Controls whether matrix-synapse-reverse-proxy-companion trusts an upstream server's X-Forwarded-Proto header.
+# The `matrix-synapse-reverse-proxy-companion` does not terminate SSL and always expects to be fronted by another reverse-proxy server (`matrix-nginx-proxy`, etc.).
+# As such, it trusts the protocol scheme forwarded by the upstream proxy.
+matrix_synapse_reverse_proxy_companion_trust_forwarded_proto: true
+matrix_synapse_reverse_proxy_companion_x_forwarded_proto_value: "{{ '$http_x_forwarded_proto' if matrix_synapse_reverse_proxy_companion_trust_forwarded_proto else '$scheme' }}"
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
new file mode 100644
index 00000000..879b0241
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
@@ -0,0 +1,6 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-reverse-proxy-companion.service'] }}"
+  when: matrix_synapse_reverse_proxy_companion_enabled | bool
+
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
new file mode 100644
index 00000000..f8b6660b
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: run_setup | bool and matrix_synapse_reverse_proxy_companion_enabled | bool
+  tags:
+    - setup-all
+    - setup-synapse-reverse-proxy-companion
+    - setup-synapse
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: run_setup | bool and not matrix_synapse_reverse_proxy_companion_enabled | bool
+  tags:
+    - setup-all
+    - setup-synapse-reverse-proxy-companion
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
new file mode 100644
index 00000000..ca263b6d
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Ensure mtrix-synapse-reverse-proxy-companion paths exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
+    - "{{ matrix_synapse_reverse_proxy_companion_confd_path }}"
+
+- name: Ensure matrix-synapse-reverse-proxy-companion configured
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+  with_items:
+    - src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
+      dest: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf"
+    - src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
+      dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/nginx-http.conf"
+    - src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2"
+      dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/matrix-synapse-reverse-proxy-companion.conf"
+
+- name: Ensure matrix-synapse-reverse-proxy-companion nginx container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_synapse_reverse_proxy_companion_container_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_synapse_reverse_proxy_companion_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_reverse_proxy_companion_container_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-synapse-reverse-proxy-companion.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
+    mode: 0644
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..f4531a19
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
@@ -0,0 +1,30 @@
+---
+
+- name: Check existence of matrix-synapse-reverse-proxy-companion service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
+  register: matrix_synapse_reverse_proxy_companion_service_stat
+
+- when: matrix_synapse_reverse_proxy_companion_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-synapse-reverse-proxy-companion.service is stopped
+      ansible.builtin.service:
+        name: matrix_synapse_reverse_proxy_companion_service_stat
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-synapse-reverse-proxy-companion.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
+        state: absent
+
+    - name: Ensure systemd reloaded after matrix-synapse-reverse-proxy-companion.service removal
+      ansible.builtin.service:
+        daemon_reload: true
+
+- name: Ensure matrix-synapse-reverse-proxy-companion data deleted
+  ansible.builtin.file:
+    path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
+    state: absent
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
new file mode 100644
index 00000000..77f78228
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
@@ -0,0 +1,208 @@
+#jinja2: lstrip_blocks: "True"
+
+{% set generic_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %}
+{% set stream_writer_typing_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %}
+{% set stream_writer_to_device_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %}
+{% set stream_writer_account_data_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %}
+{% set stream_writer_receipts_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %}
+{% set stream_writer_presence_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %}
+{% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
+{% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
+
+{% macro render_worker_upstream(name, workers) %}
+{% if workers | length > 0 %}
+	upstream {{ name }} {
+		{% for worker in workers %}
+			server "{{ worker.name }}:{{ worker.port }}";
+		{% endfor %}
+	}
+{% endif %}
+{% endmacro %}
+
+{% macro render_locations_to_upstream(locations, upstream_name) %}
+	{% for location in locations %}
+	location ~ {{ location }} {
+		proxy_pass http://{{ upstream_name }}$request_uri;
+		proxy_set_header Host $host;
+	}
+	{% endfor %}
+{% endmacro %}
+
+{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
+	{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
+    	proxy_cache_path  {{ matrix_synapse_reverse_proxy_companion_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}:{{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size }} inactive={{ matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time }} max_size={{ matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb }}m;
+	{% endif %}
+	# Round Robin "upstream" pools for workers
+
+	{% if generic_workers |length > 0 %}
+	upstream generic_workers_upstream {
+		# ensures that requests from the same client will always be passed
+		# to the same server (except when this server is unavailable)
+		hash $http_x_forwarded_for;
+
+		{% for worker in generic_workers %}
+			server "{{ worker.name }}:{{ worker.port }}";
+		{% endfor %}
+	}
+	{% endif %}
+
+	{{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers) }}
+	{{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers) }}
+	{{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers) }}
+	{{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers) }}
+	{{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers) }}
+
+	{{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers) }}
+
+	{{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers) }}
+{% endif %}
+
+server {
+	listen 8008;
+	server_name {{ matrix_synapse_reverse_proxy_companion_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	gzip on;
+	gzip_types text/plain application/json;
+
+	{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
+		{# Workers redirects BEGIN #}
+
+		{% if generic_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }}
+		{% endif %}
+
+		{% if stream_writer_typing_stream_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }}
+		{% endif %}
+
+		{% if stream_writer_to_device_stream_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }}
+		{% endif %}
+
+		{% if stream_writer_account_data_stream_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }}
+		{% endif %}
+
+		{% if stream_writer_receipts_stream_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }}
+		{% endif %}
+
+		{% if stream_writer_presence_stream_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }}
+		{% endif %}
+
+		{% if media_repository_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
+			{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://media_repository_workers_upstream$request_uri;
+				proxy_set_header Host $host;
+
+				client_body_buffer_size 25M;
+				client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
+				proxy_max_temp_file_size 0;
+
+				{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
+					proxy_buffering        on;
+					proxy_cache            {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
+					proxy_cache_valid      any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
+					proxy_force_ranges on;
+					add_header X-Cache-Status $upstream_cache_status;
+				{% endif %}
+			}
+			{% endfor %}
+		{% endif %}
+
+		{% if user_dir_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations, 'user_dir_workers_upstream') }}
+		{% endif %}
+		{# Workers redirects END #}
+	{% endif %}
+
+	{% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks %}
+		{{- configuration_block }}
+	{% endfor %}
+
+	{# Everything else just goes to the API server ##}
+	location / {
+		{# Use the embedded DNS resolver in Docker containers to discover the service #}
+		resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
+		set $backend "{{ matrix_synapse_reverse_proxy_companion_client_api_addr }}";
+		proxy_pass http://$backend;
+
+		proxy_set_header Host $host;
+
+		client_body_buffer_size 25M;
+		client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
+		proxy_max_temp_file_size 0;
+	}
+}
+
+{% if matrix_synapse_reverse_proxy_companion_federation_api_enabled %}
+server {
+	listen 8048;
+	server_name {{ matrix_synapse_reverse_proxy_companion_hostname }};
+
+	server_tokens off;
+
+	root /dev/null;
+
+	gzip on;
+	gzip_types text/plain application/json;
+
+	{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
+		{% if generic_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
+			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }}
+		{% endif %}
+		{% if media_repository_workers | length > 0 %}
+			# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
+			{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://media_repository_workers_upstream$request_uri;
+				proxy_set_header Host $host;
+
+				client_body_buffer_size 25M;
+				client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
+				proxy_max_temp_file_size 0;
+
+				{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
+					proxy_buffering        on;
+					proxy_cache            {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
+					proxy_cache_valid      any  {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
+					proxy_force_ranges on;
+					add_header X-Cache-Status $upstream_cache_status;
+				{% endif %}
+			}
+			{% endfor %}
+		{% endif %}
+	{% endif %}
+
+	{% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks %}
+		{{- configuration_block }}
+	{% endfor %}
+
+	location / {
+		{# Use the embedded DNS resolver in Docker containers to discover the service #}
+		resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
+		set $backend "{{ matrix_synapse_reverse_proxy_companion_federation_api_addr }}";
+		proxy_pass http://$backend;
+
+		proxy_set_header Host $host;
+
+		client_body_buffer_size 25M;
+		client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
+		proxy_max_temp_file_size 0;
+	}
+}
+{% endif %}
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2
new file mode 100644
index 00000000..d53f172d
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2
@@ -0,0 +1,13 @@
+#jinja2: lstrip_blocks: "True"
+# The default is aligned to the CPU's cache size,
+# which can sometimes be too low.
+# Thus, we ensure a larger bucket size value is used.
+server_names_hash_bucket_size 64;
+
+{% if matrix_synapse_reverse_proxy_companion_http_level_resolver %}
+resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }};
+{% endif %}
+
+{% for configuration_block in matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks %}
+	{{- configuration_block }}
+{% endfor %}
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
new file mode 100644
index 00000000..a54701b8
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
@@ -0,0 +1,66 @@
+#jinja2: lstrip_blocks: "True"
+# This is a custom nginx configuration file that we use in the container (instead of the default one),
+# because it allows us to run nginx with a non-root user.
+#
+# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed.
+#
+# The following changes have been done compared to a default nginx configuration file:
+# - various temp paths are changed to `/tmp`, so that a non-root user can write to them
+# - the `user` directive was removed, as we don't want nginx to switch users
+
+worker_processes {{ matrix_synapse_reverse_proxy_companion_worker_processes }};
+error_log /var/log/nginx/error.log warn;
+pid /tmp/nginx.pid;
+{% for configuration_block in matrix_synapse_reverse_proxy_companion_additional_configuration_blocks %}
+	{{- configuration_block }}
+{% endfor %}
+
+events {
+	worker_connections {{ matrix_synapse_reverse_proxy_companion_worker_connections }};
+{% for configuration_block in matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks %}
+	{{- configuration_block }}
+{% endfor %}
+}
+
+
+http {
+	proxy_temp_path /tmp/proxy_temp;
+	client_body_temp_path /tmp/client_temp;
+	fastcgi_temp_path /tmp/fastcgi_temp;
+	uwsgi_temp_path /tmp/uwsgi_temp;
+	scgi_temp_path /tmp/scgi_temp;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+					'$status $body_bytes_sent "$http_referer" '
+					'"$http_user_agent" "$http_x_forwarded_for"';
+
+	{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
+	access_log /var/log/nginx/access.log main;
+	{% else %}
+	access_log off;
+	{% endif %}
+
+	proxy_connect_timeout       {{ matrix_synapse_reverse_proxy_companion_proxy_connect_timeout }};
+	proxy_send_timeout          {{ matrix_synapse_reverse_proxy_companion_proxy_send_timeout }};
+	proxy_read_timeout          {{ matrix_synapse_reverse_proxy_companion_proxy_read_timeout }};
+	send_timeout                {{ matrix_synapse_reverse_proxy_companion_send_timeout }};
+
+	sendfile on;
+	#tcp_nopush on;
+
+	keepalive_timeout 65;
+
+	server_tokens off;
+
+	#gzip on;
+	{# Map directive needed for proxied WebSocket upgrades #}
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		''      close;
+	}
+
+	include /etc/nginx/conf.d/*.conf;
+}
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
new file mode 100755
index 00000000..21bebb4f
--- /dev/null
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
@@ -0,0 +1,53 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Synapse reverse-proxy companion
+{% for service in matrix_synapse_reverse_proxy_companion_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
+			--rm \
+			--name=matrix-synapse-reverse-proxy-companion \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb }}m \
+			{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
+			--tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb }}m\
+			{% endif %}
+			--network={{ matrix_synapse_reverse_proxy_companion_container_network }} \
+			{% if matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port %}
+			-p {{ matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port }}:8008 \
+			{% endif %}
+			{% if matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port %}
+			-p {{ matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port }}:8048 \
+			{% endif %}
+			--mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
+			--mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_confd_path }},dst=/etc/nginx/conf.d,ro \
+			{{ matrix_synapse_reverse_proxy_companion_container_image }}
+
+{% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %}
+ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-synapse-reverse-proxy-companion 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-reverse-proxy-companion'
+{% endfor %}
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
+ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-synapse-reverse-proxy-companion
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 0b738a57..6a837605 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -24,3 +24,6 @@
     - {'old': 'matrix_container_retries_delay', 'new': 'devture_playbook_help_container_retries_delay'}
     - {'old': 'matrix_geturl_retries_count', 'new': 'devture_playbook_help_geturl_retries_count'}
     - {'old': 'matrix_geturl_retries_delay', 'new': 'devture_playbook_help_geturl_retries_delay'}
+
+    - {'old': 'matrix_nginx_proxy_synapse_cache_path', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_path'}
+    - {'old': 'matrix_nginx_proxy_synapse_cache_enabled', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_enabled'}

From 377e703746f5273f4648ec28b09f5473fb0c242f Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 18:01:44 +0200
Subject: [PATCH 026/198] Fixup Traefik example configuration

Related to e9e84341a91fb0
---
 docs/configuring-playbook-own-webserver.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md
index 04e2e487..83fd4204 100644
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -187,9 +187,7 @@ matrix_nginx_proxy_container_extra_arguments:
   - '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"'
   # The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally
   - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"'
-  - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }}"'
-
-matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: true
+  - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ "https" if matrix_nginx_proxy_https_enabled else "http" }}"'
 ```
 
 This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.

From 6a870a07b2d5c37b1d83be3a6625101e8b4ef095 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 18:02:50 +0200
Subject: [PATCH 027/198] Fix ansible-lint-reported errors

---
 roles/custom/matrix-bot-postmoogle/defaults/main.yml            | 2 +-
 .../matrix-synapse-reverse-proxy-companion/tasks/init.yml       | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
index 9e30d7ab..88a712d5 100644
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@@ -112,7 +112,7 @@ matrix_bot_postmoogle_noencryption: false
 matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
 
 matrix_bot_postmoogle_domains:
-  - "{{ matrix_bot_postmoogle_domain }}" # backward compatibility
+  - "{{ matrix_bot_postmoogle_domain }}"  # backward compatibility
 
 # Password (passphrase) to encrypt account data
 matrix_bot_postmoogle_data_secret: ""
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
index 879b0241..b10eca53 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
@@ -3,4 +3,3 @@
 - ansible.builtin.set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-reverse-proxy-companion.service'] }}"
   when: matrix_synapse_reverse_proxy_companion_enabled | bool
-

From e360b82e9b9b33b258fac6e3b2a36700f9c647ea Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 18:04:23 +0200
Subject: [PATCH 028/198] Try to fix ansible-lint Github action

---
 .github/workflows/matrix.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
index 8da5b969..edb5fc64 100644
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -22,3 +22,5 @@ jobs:
         uses: actions/checkout@v3
       - name: Run ansible-lint
         uses: ansible-community/ansible-lint-action@main
+        with:
+          path: "playbooks/matrix.yml"

From 4ffb558b6de7786a865c104e4829e01a484b39f6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 18:04:50 +0200
Subject: [PATCH 029/198] Pin ansible-community/ansible-lint-action version

---
 .github/workflows/matrix.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
index edb5fc64..a9e8b990 100644
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -21,6 +21,6 @@ jobs:
       - name: Check out
         uses: actions/checkout@v3
       - name: Run ansible-lint
-        uses: ansible-community/ansible-lint-action@main
+        uses: ansible-community/ansible-lint-action@v6.8.2
         with:
           path: "playbooks/matrix.yml"

From 433405d9d3f257fa962e36a76411bf9d69597f4a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 20 Nov 2022 19:13:00 +0200
Subject: [PATCH 030/198] Try to fix ansible-lint Github action

---
 .config/ansible-lint.yml     | 2 +-
 .github/workflows/matrix.yml | 2 +-
 Makefile                     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml
index 22ba9253..00d62f20 100644
--- a/.config/ansible-lint.yml
+++ b/.config/ansible-lint.yml
@@ -13,4 +13,4 @@ skip_list:
   # before finally dumping it to a file.
   - template-instead-of-copy
 
-offline: false
+offline: true
diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
index a9e8b990..6c7ce3ca 100644
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -23,4 +23,4 @@ jobs:
       - name: Run ansible-lint
         uses: ansible-community/ansible-lint-action@v6.8.2
         with:
-          path: "playbooks/matrix.yml"
+          path: roles/custom
diff --git a/Makefile b/Makefile
index b7fc41bd..3379b8ff 100644
--- a/Makefile
+++ b/Makefile
@@ -8,4 +8,4 @@ roles: ## Pull roles
 	ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
 
 lint: ## Runs ansible-lint against all roles in the playbook
-	ansible-lint
+	ansible-lint roles/custom

From 8fb51b73fa255cefdc22319c7b569e10b3b43c9c Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Sun, 20 Nov 2022 19:30:21 -0500
Subject: [PATCH 031/198] added dendrite config doc link

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3160238f..7cf00607 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ The homeserver is the backbone of your matrix system. Choose one from the follow
 | ---- | -------- | ----------- | ------------- | 
 | [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
 | [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
-| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | - |
+| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
 
 ### Clients
 

From 7ac27becafd39eecb26a6d5f205724c9c6cd6787 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 08:33:54 +0200
Subject: [PATCH 032/198] Upgrade ddclient (v3.10.0-ls103 -> v3.10.0-ls105)

---
 roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml
index 77e01d0e..86129e61 100644
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.10.0-ls103
+matrix_dynamic_dns_version: v3.10.0-ls105
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

From d8f2141eb0fb1333e863a01dfc094fc3fce461eb Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 09:01:26 +0200
Subject: [PATCH 033/198] Install Docker via geerlingguy.docker Galaxy role

---
 docs/ansible.md                               |  2 +-
 docs/faq.md                                   |  2 +-
 group_vars/matrix_servers                     | 17 ++++++++
 playbooks/matrix.yml                          | 14 +++++++
 requirements.yml                              |  6 +++
 roles/custom/matrix-base/defaults/main.yml    |  8 ----
 roles/custom/matrix-base/tasks/main.yml       |  6 ---
 .../matrix-base/tasks/server_base/setup.yml   | 41 -------------------
 .../tasks/server_base/setup_archlinux.yml     | 16 --------
 .../tasks/server_base/setup_debian.yml        | 34 ---------------
 .../tasks/server_base/setup_fedora.yml        | 32 ---------------
 .../tasks/server_base/setup_raspbian.yml      | 34 ---------------
 .../tasks/server_base/setup_redhat.yml        | 24 -----------
 .../tasks/server_base/setup_redhat8.yml       | 37 -----------------
 .../tasks/validate_config.yml                 |  3 ++
 15 files changed, 42 insertions(+), 234 deletions(-)
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_debian.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_fedora.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_redhat.yml
 delete mode 100644 roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml

diff --git a/docs/ansible.md b/docs/ansible.md
index e8a0ddb2..49dbd7ea 100644
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -53,7 +53,7 @@ You can either [run Ansible in a container on the Matrix server itself](#running
 To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
 Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
 
-- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
+- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_playbook_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
 - **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
 
 Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
diff --git a/docs/faq.md b/docs/faq.md
index f2df8698..d2b88cf6 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -317,7 +317,7 @@ If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by def
 Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
 
 ```yaml
-matrix_docker_installation_enabled: true
+matrix_playbook_docker_installation_enabled: true
 ```
 
 ### I run another webserver on the same server where I wish to install Matrix. What now?
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 23ce1d3d..403188e7 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -9,6 +9,23 @@
 # You can also override ANY variable (seen here or in any given role),
 # by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
 
+########################################################################
+#                                                                      #
+# Playbook                                                             #
+#                                                                      #
+########################################################################
+
+# Controls whether to install Docker or not
+# Also see `devture_docker_sdk_for_python_installation_enabled`.
+matrix_playbook_docker_installation_enabled: true
+
+########################################################################
+#                                                                      #
+# /Playbook                                                            #
+#                                                                      #
+########################################################################
+
+
 
 ########################################################################
 #                                                                      #
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 6c7dc383..1ecfba32 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -11,6 +11,20 @@
 
     - role: custom/matrix_playbook_migration
 
+    - when: matrix_playbook_docker_installation_enabled | bool
+      role: galaxy/geerlingguy.docker
+      vars:
+        docker_install_compose: false
+      tags:
+        - setup-docker
+        - setup-all
+
+    - when: devture_docker_sdk_for_python_installation_enabled | bool
+      role: galaxy/com.devture.ansible.role.docker_sdk_for_python
+      tags:
+        - setup-docker
+        - setup-all
+
     - when: devture_timesync_installation_enabled | bool
       role: galaxy/com.devture.ansible.role.timesync
       tags:
diff --git a/requirements.yml b/requirements.yml
index a57b63a9..ed4b8fb1 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,5 +1,11 @@
 ---
 
+- src: geerlingguy.docker
+  version: 6.0.3
+
+- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
+  version: 7047b40314c1020e97ed3f15b44876fa88faf874
+
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
 
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 5c0f16dc..f0d86c70 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -253,14 +253,6 @@ matrix_well_known_matrix_server_enabled: true
 # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
 matrix_well_known_matrix_support_enabled: false
 
-# Controls whether Docker is automatically installed.
-# If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package.
-matrix_docker_installation_enabled: true
-
-# Controls the Docker package that is installed.
-# Possible values are "docker-ce" (default) and "docker.io" (Debian).
-matrix_docker_package_name: docker-ce
-
 # Variables to Control which parts of our roles run.
 run_postgres_import: true
 run_postgres_upgrade: true
diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 164bd353..29e97cd1 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -14,12 +14,6 @@
     - setup-all
     - common
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - common
-
 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
diff --git a/roles/custom/matrix-base/tasks/server_base/setup.yml b/roles/custom/matrix-base/tasks/server_base/setup.yml
deleted file mode 100644
index d0b9f0b9..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
-  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
-  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
-  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
-
-- when: ansible_os_family == 'Debian'
-  block:
-  # ansible_lsb is only available if lsb-release is installed.
-  - name: Ensure lsb-release installed
-    ansible.builtin.apt:
-      name:
-        - lsb-release
-      state: present
-      update_cache: true
-    register: lsb_release_installation_result
-
-  - name: Reread ansible_lsb facts if lsb-release got installed
-    ansible.builtin.setup:
-      filter: ansible_lsb*
-    when: lsb_release_installation_result.changed
-
-  - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
-    when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian')
-
-  - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
-    when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
-  when: ansible_distribution == 'Archlinux'
-
-- name: Ensure Docker is started and autoruns
-  ansible.builtin.service:
-    name: docker
-    state: started
-    enabled: true
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml
deleted file mode 100644
index a9313614..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: Install host dependencies
-  community.general.pacman:
-    name:
-      - python-docker
-      - python-dnspython
-    state: present
-    update_cache: true
-
-- name: Ensure Docker is installed
-  community.general.pacman:
-    name:
-      - docker
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_debian.yml b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml
deleted file mode 100644
index 412a11d0..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_debian.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-
-- name: Ensure APT usage dependencies are installed
-  ansible.builtin.apt:
-    name:
-      - apt-transport-https
-      - ca-certificates
-      - gnupg
-    state: present
-    update_cache: true
-
-- name: Ensure Docker's APT key is trusted
-  ansible.builtin.apt_key:
-    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
-    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-    state: present
-  register: add_repository_key
-  ignore_errors: true
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker repository is enabled
-  ansible.builtin.apt_repository:
-    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
-    state: present
-    update_cache: true
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker is installed
-  ansible.builtin.apt:
-    name:
-      - "{{ matrix_docker_package_name }}"
-      - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml
deleted file mode 100644
index 19d46571..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-
-- name: Ensure Docker repository is enabled
-  ansible.builtin.template:
-    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
-    dest: "/etc/yum.repos.d/docker-ce.repo"
-    owner: "root"
-    group: "root"
-    mode: 0644
-  with_items:
-    - docker-ce-fedora.repo
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker's RPM key is trusted
-  ansible.builtin.rpm_key:
-    state: present
-    key: https://download.docker.com/linux/fedora/gpg
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker is installed
-  ansible.builtin.yum:
-    name:
-      - "{{ matrix_docker_package_name }}"
-      - python3-pip
-    state: present
-  when: matrix_docker_installation_enabled | bool
-
-- name: Ensure Docker-Py is installed
-  ansible.builtin.pip:
-    name: docker-py
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml
deleted file mode 100644
index 6959b39c..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-
-- name: Ensure APT usage dependencies are installed
-  ansible.builtin.apt:
-    name:
-      - apt-transport-https
-      - ca-certificates
-      - gnupg
-    state: present
-    update_cache: true
-
-- name: Ensure Docker's APT key is trusted
-  ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/raspbian/gpg
-    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-    state: present
-  register: add_repository_key
-  ignore_errors: true
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker repository is enabled
-  ansible.builtin.apt_repository:
-    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
-    state: present
-    update_cache: true
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker is installed
-  ansible.builtin.apt:
-    name:
-      - "{{ matrix_docker_package_name }}"
-      - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml
deleted file mode 100644
index dbddd913..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-
-- name: Ensure Docker repository is enabled
-  ansible.builtin.template:
-    src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
-    dest: "/etc/yum.repos.d/docker-ce.repo"
-    owner: "root"
-    group: "root"
-    mode: 0644
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker's RPM key is trusted
-  ansible.builtin.rpm_key:
-    state: present
-    key: https://download.docker.com/linux/centos/gpg
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker is installed
-  ansible.builtin.yum:
-    name:
-      - "{{ matrix_docker_package_name }}"
-      - docker-python
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml
deleted file mode 100644
index c303abb8..00000000
--- a/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-
-- name: Ensure Docker repository is enabled
-  ansible.builtin.template:
-    src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
-    dest: "/etc/yum.repos.d/docker-ce.repo"
-    owner: "root"
-    group: "root"
-    mode: 0644
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure Docker's RPM key is trusted
-  ansible.builtin.rpm_key:
-    state: present
-    key: https://download.docker.com/linux/centos/gpg
-  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
-
-- name: Ensure EPEL is installed
-  ansible.builtin.yum:
-    name:
-      - epel-release
-    state: present
-    update_cache: true
-
-- name: Ensure Docker is installed
-  ansible.builtin.yum:
-    name:
-      - "{{ matrix_docker_package_name }}"
-      - python3-pip
-    state: present
-  when: matrix_docker_installation_enabled | bool
-
-- name: Ensure Docker-Py is installed
-  ansible.builtin.pip:
-    name: docker-py
-    state: present
-  when: matrix_docker_installation_enabled | bool
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 6a837605..93f977d1 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -27,3 +27,6 @@
 
     - {'old': 'matrix_nginx_proxy_synapse_cache_path', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_path'}
     - {'old': 'matrix_nginx_proxy_synapse_cache_enabled', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_enabled'}
+
+    - {'old': 'matrix_docker_installation_enabled', 'new': 'matrix_playbook_docker_installation_enabled'}
+    - {'old': 'matrix_docker_package_name', 'new': '<Not applicable. Docker is installed using https://github.com/geerlingguy/ansible-role-docker now>'}

From a98f249e40a4ba5cc67a66d2a3ac853e19acc120 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 09:02:37 +0200
Subject: [PATCH 034/198] Remove old cleanup tasks

---
 roles/custom/matrix-base/tasks/clean_up_old_files.yml | 9 ---------
 roles/custom/matrix-base/tasks/main.yml               | 6 ------
 2 files changed, 15 deletions(-)
 delete mode 100644 roles/custom/matrix-base/tasks/clean_up_old_files.yml

diff --git a/roles/custom/matrix-base/tasks/clean_up_old_files.yml b/roles/custom/matrix-base/tasks/clean_up_old_files.yml
deleted file mode 100644
index b79c01b3..00000000
--- a/roles/custom/matrix-base/tasks/clean_up_old_files.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-
-- name: Get rid of old files and directories
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ matrix_base_data_path }}/environment-variables"
-    - "{{ matrix_base_data_path }}/scratchpad"
diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 29e97cd1..4a8ec7fb 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -8,12 +8,6 @@
   tags:
     - setup-all
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - common
-
 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"

From 2ad6bd87c7c798d4c082e171b33bb1f046353b06 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 09:09:11 +0200
Subject: [PATCH 035/198] Determine matrix_architecture automatically

---
 docs/alternative-architectures.md             | 20 ++++++-------------
 docs/self-building.md                         |  4 ++--
 roles/custom/matrix-base/defaults/main.yml    |  2 +-
 .../custom/matrix-base/tasks/sanity_check.yml |  1 +
 4 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md
index c8097b60..0865de1f 100644
--- a/docs/alternative-architectures.md
+++ b/docs/alternative-architectures.md
@@ -1,26 +1,18 @@
 # Alternative architectures
 
-As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
+As stated in the [Prerequisites](prerequisites.md), currently only `amd64` (`x86_64`) is fully supported.
 
-To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)):
+The playbook automatically determines the target server's architecture (the `matrix_architecture` variable) to be one of the following:
 
-```yaml
-matrix_architecture: <your-matrix-server-architecture>
-```
-
-Currently supported architectures are the following:
-- `amd64` (the default)
-- `arm64`
+- `amd64` (`x86_64`)
 - `arm32`
+- `arm64`
 
-so for the Raspberry Pi, the following should be in your `vars.yml` file:
+Some tools and container images can be built on the host or other measures can be used to install on that architecture.
 
-```yaml
-matrix_architecture: "arm32"
-```
 
 ## Implementation details
 
 For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building).
 
-For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.
+For other architecture (`arm64`, `arm32`), components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.
diff --git a/docs/self-building.md b/docs/self-building.md
index 3351a1f8..ad29fc2d 100644
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -6,11 +6,11 @@ The playbook supports self-building of various components, which don't have a co
 
 For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
 
-To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
+To make use of self-building, you don't need to do anything. If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
 
 Note that **not all components support self-building yet**.
 
-List of roles where self-building the Docker image is currently possible:
+Possibly outdated list of roles where self-building the Docker image is currently possible:
 - `matrix-synapse`
 - `matrix-synapse-admin`
 - `matrix-client-element`
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index f0d86c70..534db078 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -86,7 +86,7 @@ matrix_federation_public_port: 8448
 # Recognized values by us are 'amd64', 'arm32' and 'arm64'.
 # Not all architectures support all services, so your experience (on non-amd64) may vary.
 # See docs/alternative-architectures.md
-matrix_architecture: amd64
+matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
 
 # The architecture for Debian packages.
 # See: https://wiki.debian.org/SupportedArchitectures
diff --git a/roles/custom/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/sanity_check.yml
index f825e19e..2644d4cf 100644
--- a/roles/custom/matrix-base/tasks/sanity_check.yml
+++ b/roles/custom/matrix-base/tasks/sanity_check.yml
@@ -40,6 +40,7 @@
     - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"}
     - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"}
     - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"}
+    - {'var': matrix_architecture, 'value': "{{ matrix_architecture | default('') }}"}
   when: "item.value is none or item.value == ''"
 
 - name: Fail if uppercase domain used

From 6f865a7e0b6979d370fae444f84f29cda8d31b4e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 09:23:18 +0200
Subject: [PATCH 036/198] Announce some playbook changes

---
 CHANGELOG.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e11f8ef..d32ec9e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,24 @@
+# 2022-11-22
+
+# Automatic `matrix_architecture` determination
+
+From now on, the playbook automatically determines your server's architecture and sets the `matrix_architecture` variable accordingly.
+You no longer need to set this variable manually in your `vars.yml` file.
+
+# Docker and the Docker SDK for Python are now installed via external roles
+
+We're continuing our effort to make [the playbook use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things), so as to avoid doing everything ourselves and to facilitate code re-use.
+
+Docker will now be installed on the server via the [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) Ansible role.
+If you'd like to manage the Docker installation yourself, you can disable the playbook's installation of Docker by setting `matrix_playbook_docker_installation_enabled: false`.
+
+The Docker SDK for Python (named `docker-python`, `python-docker`, etc. on the different platforms) is now also installed by another role ([com.devture.ansible.role.docker_sdk_for_python](https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python)). To disable this role and install the necessary tools yourself, use `devture_docker_sdk_for_python_installation_enabled: false`.
+
+If you're hitting issues with Docker installation or Docker SDK for Python installation, consider reporting bugs or contributing to these other projects.
+
+These additional roles are downloaded into the playbook directory (to `roles/galaxy`) via an `ansible-galaxy ..` command. `make roles` is an easy shortcut for invoking the `ansible-galaxy` command to download these roles.
+
+
 # 2022-11-20
 
 ## (Backward Compatibility Break) Changing how reverse-proxying to Synapse works - now via a `matrix-synapse-reverse-proxy-companion` service

From b90956069c80770d7822d5a0f2ebfa8289068cd4 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 09:25:29 +0200
Subject: [PATCH 037/198] Fix matrix_architecture sanity check

---
 roles/custom/matrix-base/tasks/sanity_check.yml | 5 +++++
 roles/custom/matrix-base/tasks/system_check.yml | 7 -------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/roles/custom/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/sanity_check.yml
index 2644d4cf..3a3a5639 100644
--- a/roles/custom/matrix-base/tasks/sanity_check.yml
+++ b/roles/custom/matrix-base/tasks/sanity_check.yml
@@ -43,6 +43,11 @@
     - {'var': matrix_architecture, 'value': "{{ matrix_architecture | default('') }}"}
   when: "item.value is none or item.value == ''"
 
+- name: Fail if matrix_architecture is set incorrectly
+  ansible.builtin.fail:
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+  when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
+
 - name: Fail if uppercase domain used
   ansible.builtin.fail:
     msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
diff --git a/roles/custom/matrix-base/tasks/system_check.yml b/roles/custom/matrix-base/tasks/system_check.yml
index f1d2fc7b..909bdb12 100644
--- a/roles/custom/matrix-base/tasks/system_check.yml
+++ b/roles/custom/matrix-base/tasks/system_check.yml
@@ -21,10 +21,3 @@
   when:
     - ansible_distribution == 'Archlinux'
     - ansible_python.version.major != 3
-
-- name: Fail if architecture is set incorrectly
-  ansible.builtin.fail:
-    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
-  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
-        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
-        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")

From b8b5acdb16219ebfa86ed7749c183475d41fe0a7 Mon Sep 17 00:00:00 2001
From: Aine <aine@etke.cc>
Date: Tue, 22 Nov 2022 15:46:00 +0200
Subject: [PATCH 038/198] fix user creator role

---
 group_vars/matrix_servers | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 403188e7..163eaab3 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2761,29 +2761,29 @@ matrix_conduit_systemd_required_services_list: |
 
 matrix_user_creator_users_auto: |
   {{
-    [{
+    ([{
       'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
       'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
       'initial_type': 'bot',
-    }] if matrix_bot_matrix_reminder_bot_enabled else []
+    }] if matrix_bot_matrix_reminder_bot_enabled else [])
     +
-    [{
+    ([{
       'username': matrix_bot_honoroit_login,
       'initial_password': matrix_bot_honoroit_password,
       'initial_type': 'bot',
-    }] if matrix_bot_honoroit_enabled else []
+    }] if matrix_bot_honoroit_enabled else [])
     +
-    [{
+    ([{
       'username': matrix_bot_postmoogle_login,
       'initial_password': matrix_bot_postmoogle_password,
       'initial_type': 'bot',
-    }] if matrix_bot_postmoogle_enabled else []
+    }] if matrix_bot_postmoogle_enabled else [])
     +
-    [{
+    ([{
       'username': matrix_bot_buscarron_login,
       'initial_password': matrix_bot_buscarron_password,
       'initial_type': 'bot',
-    }] if matrix_bot_buscarron_enabled else []
+    }] if matrix_bot_buscarron_enabled else [])
   }}
 
 ######################################################################

From e37db0c88865d6c26f4a5db16b477a932bc4f512 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 16:41:14 +0200
Subject: [PATCH 039/198] Upgrade Synapse (v1.71.0 -> v1.72.0)

---
 roles/custom/matrix-synapse/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 54351256..c6bf31fd 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.71.0
+matrix_synapse_version: v1.72.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

From 70be6eb323d46b2d443db1100a4f0b927ce5b232 Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 22 Nov 2022 11:13:53 -0500
Subject: [PATCH 040/198] Update dendrite.yaml.j2

---
 .../custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
index 7d99aee5..65cb4c2c 100644
--- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
@@ -416,3 +416,6 @@ tracing:
 # stdout by Dendrite.
 logging: []
 
+# statistics reporting configuration. These statistics contain the server
+# name, number of active users and some information on your deployment config.
+report_stats: {{ matrix_dendrite_report_stats|to_json }}

From 11ea49075d8eec284360d717e1416ee8735bfd9e Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 22 Nov 2022 11:16:19 -0500
Subject: [PATCH 041/198] Update main.yml

---
 roles/custom/matrix-dendrite/defaults/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index 698a1f48..f8308534 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -196,3 +196,7 @@ matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_exten
 matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}"
 
 matrix_dendrite_userapi_auto_join_rooms: []
+
+# statistics reporting configuration. These statistics contain the server
+# name, number of active users and some information on your deployment config.
+matrix_dendrite_report_stats: false

From 26c219e1cc24c18f5366ae4b10176397b5ec7bdb Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 22 Nov 2022 11:30:19 -0500
Subject: [PATCH 042/198] Update configuring-playbook-telemetry.md

---
 docs/configuring-playbook-telemetry.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md
index a97fa59c..093d2621 100644
--- a/docs/configuring-playbook-telemetry.md
+++ b/docs/configuring-playbook-telemetry.md
@@ -12,7 +12,9 @@ growth of the Matrix community, and helps to make Matrix a success.
 If you'd like to **help by enabling submission of general usage statistics** for your homeserver, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
 ```yaml
-matrix_synapse_report_stats: true
+matrix_synapse_report_stats: true # for synapse 
+
+matrix_dendrite_report_stats: true # for dendrite 
 ```
 
 

From 6c39413e79578cf08fbdf45bde80141a388de64c Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 22 Nov 2022 11:32:03 -0500
Subject: [PATCH 043/198] Update configuring-playbook-telemetry.md

---
 docs/configuring-playbook-telemetry.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md
index 093d2621..8e021ed1 100644
--- a/docs/configuring-playbook-telemetry.md
+++ b/docs/configuring-playbook-telemetry.md
@@ -20,9 +20,9 @@ matrix_dendrite_report_stats: true # for dendrite
 
 ## Usage statistics being submitted
 
-When enabled, Synapse will regularly upload a few dozen statistics about your server.
+When enabled, your homeserver e will regularly upload a few dozen statistics about your server.
 This data includes your homeserver's domain, the total number of users, the number of active
 users, the total number of rooms, and the number of messages sent per day on your homeserver.
 
-See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics)
+See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) or [Dendrite's documentation](https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#what-is-being-reported-when-enabling-phone-home-statistics)
 for the full list of statistics that are reported.

From 3505f62f026bab702dada4aed67761e78b63dcd4 Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 22 Nov 2022 11:37:46 -0500
Subject: [PATCH 044/198] Update configuring-playbook-telemetry.md

---
 docs/configuring-playbook-telemetry.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md
index 8e021ed1..74f59dfc 100644
--- a/docs/configuring-playbook-telemetry.md
+++ b/docs/configuring-playbook-telemetry.md
@@ -20,7 +20,7 @@ matrix_dendrite_report_stats: true # for dendrite
 
 ## Usage statistics being submitted
 
-When enabled, your homeserver e will regularly upload a few dozen statistics about your server.
+When enabled, your homeserver will regularly upload a few dozen statistics about your server.
 This data includes your homeserver's domain, the total number of users, the number of active
 users, the total number of rooms, and the number of messages sent per day on your homeserver.
 

From 5c4d4dc514e8fe671ab3994e436f80a4709e6391 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 22 Nov 2022 21:41:43 +0000
Subject: [PATCH 045/198] Update element 1.11.14 -> 1.11.15

---
 roles/custom/matrix-client-element/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index 0bb65ea8..eb93691f 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.11.14
+matrix_client_element_version: v1.11.15
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

From 0ea7cb5d1812a88e57c65bc6163455e698efa0d8 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 22 Nov 2022 21:36:49 +0200
Subject: [PATCH 046/198] Remove various init.yml files - initialize systemd
 services, etc., statically (not at runtime)

---
 group_vars/matrix_servers                     | 256 +++++++++++++++++-
 .../custom/matrix-backup-borg/tasks/init.yml  |   4 -
 .../custom/matrix-backup-borg/tasks/main.yml  |   4 -
 roles/custom/matrix-base/defaults/main.yml    |   7 +
 roles/custom/matrix-base/vars/main.yml        |   7 -
 .../matrix-bot-buscarron/tasks/init.yml       |   5 -
 .../matrix-bot-buscarron/tasks/main.yml       |   4 -
 roles/custom/matrix-bot-go-neb/tasks/init.yml |   5 -
 roles/custom/matrix-bot-go-neb/tasks/main.yml |   4 -
 .../custom/matrix-bot-honoroit/tasks/init.yml |   5 -
 .../custom/matrix-bot-honoroit/tasks/main.yml |   4 -
 .../tasks/init.yml                            |   5 -
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |   5 -
 .../tasks/main.yml                            |   4 -
 roles/custom/matrix-bot-maubot/tasks/init.yml |   5 -
 .../custom/matrix-bot-mjolnir/tasks/init.yml  |  11 -
 .../custom/matrix-bot-mjolnir/tasks/main.yml  |   4 -
 .../matrix-bot-postmoogle/tasks/init.yml      |   5 -
 .../matrix-bot-postmoogle/tasks/main.yml      |   4 -
 .../tasks/init.yml                            |  29 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  36 ---
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  43 ---
 .../tasks/init.yml                            |  36 ---
 .../tasks/init.yml                            |  22 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  21 --
 .../tasks/main.yml                            |   4 -
 .../matrix-bridge-heisenbridge/tasks/init.yml |  29 --
 .../matrix-bridge-heisenbridge/tasks/main.yml |   4 -
 .../matrix-bridge-hookshot/tasks/init.yml     |  28 --
 .../tasks/init.yml                            |  21 --
 .../tasks/main.yml                            |   3 -
 .../tasks/init.yml                            |  27 --
 .../tasks/init.yml                            |  27 --
 .../tasks/init.yml                            |  27 --
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  22 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  27 --
 .../tasks/init.yml                            |  29 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  21 --
 .../tasks/main.yml                            |   3 -
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  27 --
 .../tasks/init.yml                            |  28 --
 .../tasks/main.yml                            |   4 -
 .../tasks/init.yml                            |  27 --
 roles/custom/matrix-bridge-sms/tasks/init.yml |  30 --
 roles/custom/matrix-bridge-sms/tasks/main.yml |   4 -
 .../matrix-cactus-comments/tasks/init.yml     |  21 --
 .../custom/matrix-client-cinny/tasks/init.yml |  11 -
 .../custom/matrix-client-cinny/tasks/main.yml |   4 -
 .../matrix-client-element/tasks/init.yml      |  12 -
 .../matrix-client-element/tasks/main.yml      |   4 -
 .../matrix-client-hydrogen/tasks/init.yml     |  11 -
 .../matrix-client-hydrogen/tasks/main.yml     |   4 -
 roles/custom/matrix-conduit/tasks/init.yml    |   5 -
 roles/custom/matrix-conduit/tasks/main.yml    |   4 -
 roles/custom/matrix-corporal/tasks/init.yml   |  11 -
 roles/custom/matrix-corporal/tasks/main.yml   |   4 -
 roles/custom/matrix-coturn/tasks/init.yml     |  15 -
 roles/custom/matrix-coturn/tasks/main.yml     |   4 -
 .../custom/matrix-dendrite/defaults/main.yml  |  16 +-
 roles/custom/matrix-dendrite/tasks/init.yml   |   5 -
 roles/custom/matrix-dendrite/tasks/main.yml   |   4 -
 roles/custom/matrix-dimension/tasks/init.yml  |   4 -
 roles/custom/matrix-dimension/tasks/main.yml  |   4 -
 .../custom/matrix-dynamic-dns/tasks/init.yml  |  11 -
 .../custom/matrix-dynamic-dns/tasks/main.yml  |   4 -
 .../custom/matrix-email2matrix/tasks/init.yml |   5 -
 .../custom/matrix-email2matrix/tasks/main.yml |   4 -
 roles/custom/matrix-etherpad/tasks/init.yml   |   4 -
 roles/custom/matrix-grafana/tasks/init.yml    |   5 -
 roles/custom/matrix-grafana/tasks/main.yml    |   4 -
 roles/custom/matrix-jitsi/tasks/init.yml      |  10 -
 roles/custom/matrix-jitsi/tasks/main.yml      |   4 -
 .../matrix-jitsi/tasks/validate_config.yml    |   5 +
 .../tasks/init.yml                            |  10 -
 roles/custom/matrix-ma1sd/tasks/init.yml      |  11 -
 roles/custom/matrix-ma1sd/tasks/main.yml      |   4 -
 roles/custom/matrix-mailer/tasks/init.yml     |  11 -
 roles/custom/matrix-mailer/tasks/main.yml     |   4 -
 .../custom/matrix-nginx-proxy/tasks/init.yml  |   9 -
 .../custom/matrix-nginx-proxy/tasks/main.yml  |   3 -
 roles/custom/matrix-ntfy/tasks/init.yml       |   5 -
 roles/custom/matrix-ntfy/tasks/main.yml       |   4 -
 .../matrix-postgres-backup/tasks/init.yml     |   5 -
 .../matrix-postgres-backup/tasks/main.yml     |   4 -
 roles/custom/matrix-postgres/tasks/init.yml   |   5 -
 roles/custom/matrix-postgres/tasks/main.yml   |   4 -
 .../tasks/init.yml                            |   4 -
 .../tasks/init.yml                            |   4 -
 roles/custom/matrix-prometheus/tasks/init.yml |   5 -
 roles/custom/matrix-prometheus/tasks/main.yml |   4 -
 roles/custom/matrix-redis/tasks/init.yml      |   5 -
 roles/custom/matrix-redis/tasks/main.yml      |   4 -
 .../custom/matrix-registration/tasks/init.yml |  10 -
 roles/custom/matrix-sygnal/tasks/init.yml     |   5 -
 roles/custom/matrix-sygnal/tasks/main.yml     |   4 -
 .../matrix-synapse-admin/tasks/init.yml       |  10 -
 .../tasks/init.yml                            |   5 -
 .../tasks/main.yml                            |   4 -
 .../tasks/setup_install.yml                   |   2 +-
 roles/custom/matrix-synapse/defaults/main.yml |  16 +-
 .../tasks/ext/s3-storage-provider/init.yml    |   5 -
 roles/custom/matrix-synapse/tasks/init.yml    |  17 --
 118 files changed, 281 insertions(+), 1212 deletions(-)
 delete mode 100644 roles/custom/matrix-backup-borg/tasks/init.yml
 delete mode 100644 roles/custom/matrix-base/vars/main.yml
 delete mode 100644 roles/custom/matrix-bot-buscarron/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-go-neb/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-honoroit/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-mjolnir/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bot-postmoogle/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-appservice-discord/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-appservice-irc/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-heisenbridge/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml
 delete mode 100644 roles/custom/matrix-bridge-sms/tasks/init.yml
 delete mode 100644 roles/custom/matrix-client-cinny/tasks/init.yml
 delete mode 100644 roles/custom/matrix-client-element/tasks/init.yml
 delete mode 100644 roles/custom/matrix-client-hydrogen/tasks/init.yml
 delete mode 100644 roles/custom/matrix-conduit/tasks/init.yml
 delete mode 100644 roles/custom/matrix-corporal/tasks/init.yml
 delete mode 100644 roles/custom/matrix-coturn/tasks/init.yml
 delete mode 100644 roles/custom/matrix-dendrite/tasks/init.yml
 delete mode 100644 roles/custom/matrix-dimension/tasks/init.yml
 delete mode 100644 roles/custom/matrix-dynamic-dns/tasks/init.yml
 delete mode 100644 roles/custom/matrix-email2matrix/tasks/init.yml
 delete mode 100644 roles/custom/matrix-grafana/tasks/init.yml
 delete mode 100644 roles/custom/matrix-jitsi/tasks/init.yml
 delete mode 100644 roles/custom/matrix-ma1sd/tasks/init.yml
 delete mode 100644 roles/custom/matrix-mailer/tasks/init.yml
 delete mode 100644 roles/custom/matrix-nginx-proxy/tasks/init.yml
 delete mode 100644 roles/custom/matrix-ntfy/tasks/init.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/init.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/init.yml
 delete mode 100644 roles/custom/matrix-prometheus/tasks/init.yml
 delete mode 100644 roles/custom/matrix-redis/tasks/init.yml
 delete mode 100644 roles/custom/matrix-sygnal/tasks/init.yml
 delete mode 100644 roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 163eaab3..d51f20d4 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -19,6 +19,254 @@
 # Also see `devture_docker_sdk_for_python_installation_enabled`.
 matrix_playbook_docker_installation_enabled: true
 
+# This list is not exhaustive and final.
+# Synapse workers are still injected into the list at runtime.
+# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
+matrix_systemd_services_list: |
+  {{
+    (['matrix-backup-borg.timer'] if matrix_backup_borg_enabled else [])
+    +
+    (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else [])
+    +
+    (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
+    +
+    (['matrix-bot-honoroit.service'] if matrix_bot_honoroit_enabled else [])
+    +
+    (['matrix-bot-matrix-registration-bot.service'] if matrix_bot_matrix_registration_bot_enabled else [])
+    +
+    (['matrix-bot-matrix-reminder-bot.service'] if matrix_bot_matrix_reminder_bot_enabled else [])
+    +
+    (['matrix-bot-maubot.service'] if matrix_bot_maubot_enabled else [])
+    +
+    (['matrix-bot-mjolnir.service'] if matrix_bot_mjolnir_enabled else [])
+    +
+    (['matrix-bot-postmoogle.service'] if matrix_bot_postmoogle_enabled else [])
+    +
+    (['matrix-appservice-discord.service'] if matrix_appservice_discord_enabled else [])
+    +
+    (['matrix-appservice-irc.service'] if matrix_appservice_irc_enabled else [])
+    +
+    (['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] if matrix_appservice_kakaotalk_enabled else [])
+    +
+    (['matrix-appservice-slack.service'] if matrix_appservice_slack_enabled else [])
+    +
+    (['matrix-appservice-webhooks.service'] if matrix_appservice_webhooks_enabled else [])
+    +
+    (['matrix-beeper-linkedin.service'] if matrix_beeper_linkedin_enabled else [])
+    +
+    (['matrix-go-skype-bridge.service'] if matrix_go_skype_bridge_enabled else [])
+    +
+    (['matrix-heisenbridge.service'] if matrix_heisenbridge_enabled else [])
+    +
+    (['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
+    +
+    (['matrix-mautrix-discord.service'] if matrix_mautrix_discord_enabled else [])
+    +
+    (['matrix-mautrix-facebook.service'] if matrix_mautrix_facebook_enabled else [])
+    +
+    (['matrix-mautrix-googlechat.service'] if matrix_mautrix_googlechat_enabled else [])
+    +
+    (['matrix-mautrix-hangouts.service'] if matrix_mautrix_hangouts_enabled else [])
+    +
+    (['matrix-mautrix-instagram.service'] if matrix_mautrix_instagram_enabled else [])
+    +
+    (['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] if matrix_mautrix_signal_enabled else [])
+    +
+    (['matrix-mautrix-telegram.service'] if matrix_mautrix_telegram_enabled else [])
+    +
+    (['matrix-mautrix-twitter.service'] if matrix_mautrix_twitter_enabled else [])
+    +
+    (['matrix-mautrix-whatsapp.service'] if matrix_mautrix_whatsapp_enabled else [])
+    +
+    (['matrix-mx-puppet-discord.service'] if matrix_mx_puppet_discord_enabled else [])
+    +
+    (['matrix-mx-puppet-groupme.service'] if matrix_mx_puppet_groupme_enabled else [])
+    +
+    (['matrix-mx-puppet-instagram.service'] if matrix_mx_puppet_instagram_enabled else [])
+    +
+    (['matrix-mx-puppet-slack.service'] if matrix_mx_puppet_slack_enabled else [])
+    +
+    (['matrix-mx-puppet-steam.service'] if matrix_mx_puppet_steam_enabled else [])
+    +
+    (['matrix-mx-puppet-twitter.service'] if matrix_mx_puppet_twitter_enabled else [])
+    +
+    (['matrix-sms-bridge.service'] if matrix_sms_bridge_enabled else [])
+    +
+    (['matrix-cactus-comments.service'] if matrix_cactus_comments_enabled else [])
+    +
+    (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else [])
+    +
+    (['matrix-client-element.service'] if matrix_client_element_enabled else [])
+    +
+    (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else [])
+    +
+    (['matrix-' + matrix_homeserver_implementation + '.service'])
+    +
+    (['matrix-corporal.service'] if matrix_corporal_enabled else [])
+    +
+    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
+    +
+    (['matrix-coturn-reload.timer'] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+    +
+    (['matrix-dimension.service'] if matrix_dimension_enabled else [])
+    +
+    (['matrix-dynamic-dns.service'] if matrix_dynamic_dns_enabled else [])
+    +
+    (['matrix-email2matrix.service'] if matrix_email2matrix_enabled else [])
+    +
+    (['matrix-etherpad.service'] if matrix_etherpad_enabled else [])
+    +
+    (['matrix-grafana.service'] if matrix_grafana_enabled else [])
+    +
+    (['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] if matrix_jitsi_enabled else [])
+    +
+    (['matrix-ldap-registration-proxy.service'] if matrix_ldap_registration_proxy_enabled else [])
+    +
+    (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+    +
+    (['matrix-mailer.service'] if matrix_mailer_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+    +
+    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | map(attribute='name'))
+    +
+    (['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    +
+    (['matrix-postgres-backup.service'] if matrix_postgres_backup_enabled else [])
+    +
+    (['matrix-prometheus.service'] if matrix_prometheus_enabled else [])
+    +
+    (['matrix-prometheus-node-exporter.service'] if matrix_prometheus_node_exporter_enabled else [])
+    +
+    (['matrix-prometheus-postgres-exporter.service'] if matrix_prometheus_postgres_exporter_enabled else [])
+    +
+    (['matrix-redis'] if matrix_redis_enabled else [])
+    +
+    (['matrix-registration.service'] if matrix_registration_enabled else [])
+    +
+    (['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
+    +
+    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
+    +
+    (['matrix-synapse-s3-storage-provider-migrate.timer'] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+    +
+    (['matrix-synapse-admin.service'] if matrix_synapse_admin_enabled else [])
+    +
+    (['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
+  }}
+
+matrix_homeserver_app_service_config_files_auto: |
+  {{
+    (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
+  }}
+
+matrix_homeserver_additional_config_files_auto: |
+  {{
+    (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
+    +
+    (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
+    +
+    (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
+    +
+    (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
+    +
+    (['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
+    +
+    (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
+    +
+    (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
+    +
+    (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
+    +
+    (['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
+    +
+    (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+    +
+    (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+    +
+    (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
+    +
+    (['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
+    +
+    (['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
+    +
+    (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+    +
+    (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+    +
+    (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+    +
+    (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+    +
+    (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
+    +
+    (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
+    +
+    (['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
+    +
+    (['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
+    +
+    (['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
+    +
+    (['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
+    +
+    (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+    +
+    (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+  }}
+
 ########################################################################
 #                                                                      #
 # /Playbook                                                            #
@@ -2413,8 +2661,8 @@ matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}"
 matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}"
 matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}"
 
-matrix_synapse_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
-matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
+matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
+matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
 
 ######################################################################
 #
@@ -2723,8 +2971,8 @@ matrix_dendrite_systemd_wanted_services_list: |
     (['matrix-coturn.service'] if matrix_coturn_enabled else [])
   }}
 
-matrix_dendrite_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
-matrix_dendrite_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
+matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
+matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
 
 ######################################################################
 #
diff --git a/roles/custom/matrix-backup-borg/tasks/init.yml b/roles/custom/matrix-backup-borg/tasks/init.yml
deleted file mode 100644
index d57f1249..00000000
--- a/roles/custom/matrix-backup-borg/tasks/init.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}"
-  when: matrix_backup_borg_enabled | bool
diff --git a/roles/custom/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml
index 5de4559c..e8c020a4 100644
--- a/roles/custom/matrix-backup-borg/tasks/main.yml
+++ b/roles/custom/matrix-backup-borg/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_backup_borg_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 534db078..d54da23e 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -253,6 +253,13 @@ matrix_well_known_matrix_server_enabled: true
 # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
 matrix_well_known_matrix_support_enabled: false
 
+# This will contain a list of enabled services that the playbook is managing.
+# Each component is expected to append its service name to this list.
+matrix_systemd_services_list: []
+
+matrix_homeserver_container_extra_arguments_auto: []
+matrix_homeserver_app_service_config_files_auto: []
+
 # Variables to Control which parts of our roles run.
 run_postgres_import: true
 run_postgres_upgrade: true
diff --git a/roles/custom/matrix-base/vars/main.yml b/roles/custom/matrix-base/vars/main.yml
deleted file mode 100644
index 3578666f..00000000
--- a/roles/custom/matrix-base/vars/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# This will contain a list of enabled services that the playbook is managing.
-# Each component is expected to append its service name to this list.
-matrix_systemd_services_list: []
-
-matrix_homeserver_container_runtime_injected_arguments: []
-matrix_homeserver_app_service_runtime_injected_config_files: []
diff --git a/roles/custom/matrix-bot-buscarron/tasks/init.yml b/roles/custom/matrix-bot-buscarron/tasks/init.yml
deleted file mode 100644
index a1f5751d..00000000
--- a/roles/custom/matrix-bot-buscarron/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}"
-  when: matrix_bot_buscarron_enabled | bool
diff --git a/roles/custom/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml
index e6712262..0d575393 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/main.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-go-neb/tasks/init.yml b/roles/custom/matrix-bot-go-neb/tasks/init.yml
deleted file mode 100644
index 9d5b4f89..00000000
--- a/roles/custom/matrix-bot-go-neb/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
-  when: matrix_bot_go_neb_enabled | bool
diff --git a/roles/custom/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml
index 27487ac5..4fc22e59 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-honoroit/tasks/init.yml b/roles/custom/matrix-bot-honoroit/tasks/init.yml
deleted file mode 100644
index 1b03373c..00000000
--- a/roles/custom/matrix-bot-honoroit/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
-  when: matrix_bot_honoroit_enabled | bool
diff --git a/roles/custom/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml
index 5de468fe..09fab327 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/main.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml
deleted file mode 100644
index 91b1f095..00000000
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}"
-  when: matrix_bot_matrix_registration_bot_enabled | bool
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
index cc162e99..5f44faac 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml
deleted file mode 100644
index 0a5ba482..00000000
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
-  when: matrix_bot_matrix_reminder_bot_enabled | bool
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
index 19c3823f..8340ef67 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/init.yml
index ccb5956e..f7aec627 100644
--- a/roles/custom/matrix-bot-maubot/tasks/init.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/init.yml
@@ -1,10 +1,5 @@
 ---
 
-- name: Add maubot to the systemd service list
-  ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}"
-  when: matrix_bot_maubot_enabled | bool
-
 - name: Configure nginx for maubot
   block:
     - name: Generate Maubot proxying configuration for matrix-nginx-proxy
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/init.yml b/roles/custom/matrix-bot-mjolnir/tasks/init.yml
deleted file mode 100644
index 2b605342..00000000
--- a/roles/custom/matrix-bot-mjolnir/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
-  when: matrix_bot_mjolnir_enabled | bool
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
index 867201a2..02a22bb1 100644
--- a/roles/custom/matrix-bot-mjolnir/tasks/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/init.yml b/roles/custom/matrix-bot-postmoogle/tasks/init.yml
deleted file mode 100644
index 16b78171..00000000
--- a/roles/custom/matrix-bot-postmoogle/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-postmoogle.service'] }}"
-  when: matrix_bot_postmoogle_enabled | bool
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
index cbe590e1..4e2ab51b 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml
deleted file mode 100644
index 915d7302..00000000
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role.
-  when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}"
-  when: matrix_appservice_discord_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-appservice-discord-registration.yaml"]
-      }}
-  when: matrix_appservice_discord_enabled | bool
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
index 7ab8f3a6..24966858 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_appservice_discord_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml
deleted file mode 100644
index 03127127..00000000
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the matrix-appservice-irc image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled"
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
-  when: "matrix_appservice_irc_enabled | bool and matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}"
-  when: matrix_appservice_irc_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-appservice-irc-registration.yaml"]
-      }}
-  when: matrix_appservice_irc_enabled | bool
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
index 41d2017b..f66b729b 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_appservice_irc_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml
deleted file mode 100644
index 6112b5cc..00000000
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}"
-  when: matrix_appservice_kakaotalk_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-appservice-kakaotalk-registration.yaml"]
-      }}
-  when: matrix_appservice_kakaotalk_enabled | bool
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
index dfb286f2..a4dffd76 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
index 5d03b24b..e07f1afc 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
@@ -1,47 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the matrix-appservice-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled"
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}"
-  when: matrix_appservice_slack_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-appservice-slack-registration.yaml"]
-      }}
-  when: matrix_appservice_slack_enabled | bool
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
 
 - when: matrix_appservice_slack_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
index 1f8ace9e..47a29875 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -1,40 +1,4 @@
 ---
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}"
-  when: matrix_appservice_webhooks_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-appservice-webhooks-registration.yaml"]
-      }}
-  when: matrix_appservice_webhooks_enabled | bool
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
 
 - when: matrix_appservice_webhooks_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml
deleted file mode 100644
index 1208f185..00000000
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}"
-  when: matrix_beeper_linkedin_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-beeper-linkedin-registration.yaml"]
-      }}
-  when: matrix_beeper_linkedin_enabled | bool
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
index 8f295d2c..9ba728f1 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_beeper_linkedin_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml
deleted file mode 100644
index 58808454..00000000
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}"
-  when: matrix_go_skype_bridge_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-go-skype-bridge-registration.yaml"]
-      }}
-  when: matrix_go_skype_bridge_enabled | bool
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
index 39f4b2e5..3b8fdb24 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml
deleted file mode 100644
index dd3d4c7d..00000000
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role.
-  when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}"
-  when: matrix_heisenbridge_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/heisenbridge-registration.yaml"]
-      }}
-  when: matrix_heisenbridge_enabled | bool
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
index 6af9813e..70bc86c3 100644
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
   when: "run_setup | bool and matrix_heisenbridge_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml
index 63921f31..625e3023 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/init.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/init.yml
@@ -1,32 +1,4 @@
 ---
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-hookshot role needs to execute before the matrix-synapse role.
-  when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}"
-  when: matrix_hookshot_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/hookshot-registration.yml"]
-      }}
-  when: matrix_hookshot_enabled | bool
 
 - when: matrix_hookshot_enabled | bool
   block:
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml
deleted file mode 100644
index 3f94a73a..00000000
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}"
-  when: matrix_mautrix_discord_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-discord-registration.yaml"]
-      }}
-  when: matrix_mautrix_discord_enabled | bool
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
index 9eaadf68..2b68f1ed 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
@@ -1,7 +1,4 @@
 ---
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_discord_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
index 5565689f..8a4229af 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mautrix-Facebook image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}"
-  when: matrix_mautrix_facebook_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-facebook-registration.yaml"]
-      }}
-  when: matrix_mautrix_facebook_enabled | bool
 
 - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
index c4ae920c..17e6094d 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mautrix-Google Chat image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}"
-  when: matrix_mautrix_googlechat_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-googlechat-registration.yaml"]
-      }}
-  when: matrix_mautrix_googlechat_enabled | bool
 
 - when: matrix_mautrix_googlechat_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
index 380dc4b3..8850f1cf 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mautrix-Hangouts image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}"
-  when: matrix_mautrix_hangouts_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-hangouts-registration.yaml"]
-      }}
-  when: matrix_mautrix_hangouts_enabled | bool
 
 - when: matrix_mautrix_hangouts_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml
deleted file mode 100644
index 7ef037e3..00000000
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mautrix-Instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}"
-  when: matrix_mautrix_instagram_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-instagram-registration.yaml"]
-      }}
-  when: matrix_mautrix_instagram_enabled | bool
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
index d5becb6d..403546ff 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml
deleted file mode 100644
index 17ad98a4..00000000
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}"
-  when: matrix_mautrix_signal_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-signal-registration.yaml"]
-      }}
-  when: matrix_mautrix_signal_enabled | bool
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
index 54bdafcd..6b69be28 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_signal_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
index f828f793..d292edc0 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Mautrix-Telegram image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
-  when: matrix_mautrix_telegram_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-telegram-registration.yaml"]
-      }}
-  when: matrix_mautrix_telegram_enabled | bool
 
 - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml
deleted file mode 100644
index 67f0a7dc..00000000
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}"
-  when: matrix_mautrix_twitter_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-twitter-registration.yaml"]
-      }}
-  when: matrix_mautrix_twitter_enabled | bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self buildig it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  ansible.builtin.fail:
-    msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build"
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
index 2f0c39b2..08e840aa 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml
deleted file mode 100644
index 7907c73d..00000000
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}"
-  when: matrix_mautrix_whatsapp_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mautrix-whatsapp-registration.yaml"]
-      }}
-  when: matrix_mautrix_whatsapp_enabled | bool
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
index 4df6fd23..c5b3b153 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
@@ -1,7 +1,4 @@
 ---
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_whatsapp_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml
deleted file mode 100644
index 9e2a937f..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-discord image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}"
-  when: matrix_mx_puppet_discord_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-discord-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_discord_enabled | bool
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
index 281092e1..c65a04e3 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml
deleted file mode 100644
index 76d184dd..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-groupme image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}"
-  when: matrix_mx_puppet_groupme_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-groupme-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_groupme_enabled | bool
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
index 8cc55759..f6707d4e 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml
deleted file mode 100644
index 741c32c0..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}"
-  when: matrix_mx_puppet_instagram_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-instagram-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_instagram_enabled | bool
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
index 978577cc..220fb46f 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
index 9eff170a..217c733d 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}"
-  when: matrix_mx_puppet_slack_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-slack-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_slack_enabled | bool
 
 - when: matrix_mx_puppet_slack_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml
deleted file mode 100644
index 5f9a5a83..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-steam image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}"
-  when: matrix_mx_puppet_steam_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-steam-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_steam_enabled | bool
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
index 236a7009..9feb22fb 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
index a58cd9ac..4a0ea673 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -1,31 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the mx-puppet-twitter image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}"
-  when: matrix_mx_puppet_twitter_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-mx-puppet-twitter-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_twitter_enabled | bool
 
 - when: matrix_mx_puppet_twitter_enabled | bool
   tags:
diff --git a/roles/custom/matrix-bridge-sms/tasks/init.yml b/roles/custom/matrix-bridge-sms/tasks/init.yml
deleted file mode 100644
index 3c044c15..00000000
--- a/roles/custom/matrix-bridge-sms/tasks/init.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-sms-bridge role needs to execute before the matrix-synapse role.
-  when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed | default(False)"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}"
-  when: matrix_sms_bridge_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-sms-bridge-registration.yaml"]
-      }}
-  when: matrix_sms_bridge_enabled | bool
diff --git a/roles/custom/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml
index 1a6b964b..4d4895c4 100644
--- a/roles/custom/matrix-bridge-sms/tasks/main.yml
+++ b/roles/custom/matrix-bridge-sms/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_sms_bridge_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/init.yml
index 5067d025..5e094107 100644
--- a/roles/custom/matrix-cactus-comments/tasks/init.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/init.yml
@@ -1,26 +1,5 @@
 ---
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-cactus-comments.service'] }}"
-  when: matrix_cactus_comments_enabled | bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- ansible.builtin.set_fact:
-    matrix_homeserver_container_runtime_injected_arguments: >
-      {{
-        matrix_homeserver_container_runtime_injected_arguments | default([])
-        +
-        ["--mount type=bind,src={{ matrix_cactus_comments_app_service_config_file }},dst=/matrix-cactus-comments.yaml,ro"]
-      }}
-
-    matrix_homeserver_app_service_runtime_injected_config_files: >
-      {{
-        matrix_homeserver_app_service_runtime_injected_config_files | default([])
-        +
-        ["/matrix-cactus-comments.yaml"]
-      }}
-  when: matrix_cactus_comments_enabled | bool
-
 - when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
   tags:
     - always
diff --git a/roles/custom/matrix-client-cinny/tasks/init.yml b/roles/custom/matrix-client-cinny/tasks/init.yml
deleted file mode 100644
index 00e46dc8..00000000
--- a/roles/custom/matrix-client-cinny/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Cinny image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_cinny_container_image_self_build and matrix_client_cinny_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-cinny.service'] }}"
-  when: matrix_client_cinny_enabled | bool
diff --git a/roles/custom/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml
index 9eb00781..e0f1579c 100644
--- a/roles/custom/matrix-client-cinny/tasks/main.yml
+++ b/roles/custom/matrix-client-cinny/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_client_cinny_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-client-element/tasks/init.yml b/roles/custom/matrix-client-element/tasks/init.yml
deleted file mode 100644
index 7bdad9e1..00000000
--- a/roles/custom/matrix-client-element/tasks/init.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}"
-  when: matrix_client_element_enabled | bool
-
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled"
diff --git a/roles/custom/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml
index 53a25afb..7dbe9ce8 100644
--- a/roles/custom/matrix-client-element/tasks/main.yml
+++ b/roles/custom/matrix-client-element/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_client_element_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-client-hydrogen/tasks/init.yml b/roles/custom/matrix-client-hydrogen/tasks/init.yml
deleted file mode 100644
index 561018e1..00000000
--- a/roles/custom/matrix-client-hydrogen/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}"
-  when: matrix_client_hydrogen_enabled | bool
diff --git a/roles/custom/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml
index 89133364..3f502393 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/main.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_client_hydrogen_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-conduit/tasks/init.yml b/roles/custom/matrix-conduit/tasks/init.yml
deleted file mode 100644
index 5f464e40..00000000
--- a/roles/custom/matrix-conduit/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-conduit.service'] }}"
-  when: matrix_conduit_enabled | bool
diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml
index 623d0458..94e50103 100644
--- a/roles/custom/matrix-conduit/tasks/main.yml
+++ b/roles/custom/matrix-conduit/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-corporal/tasks/init.yml b/roles/custom/matrix-corporal/tasks/init.yml
deleted file mode 100644
index dffdbe90..00000000
--- a/roles/custom/matrix-corporal/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Matrix Corporal image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}"
-  when: matrix_corporal_enabled | bool
diff --git a/roles/custom/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml
index 1699262b..1021518c 100644
--- a/roles/custom/matrix-corporal/tasks/main.yml
+++ b/roles/custom/matrix-corporal/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_corporal_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-coturn/tasks/init.yml b/roles/custom/matrix-coturn/tasks/init.yml
deleted file mode 100644
index 315dfb65..00000000
--- a/roles/custom/matrix-coturn/tasks/init.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the coturn image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}"
-  when: matrix_coturn_enabled | bool
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}"
-  when: "matrix_coturn_enabled | bool and matrix_coturn_tls_enabled | bool"
diff --git a/roles/custom/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml
index 78f712f0..f2fc66d5 100644
--- a/roles/custom/matrix-coturn/tasks/main.yml
+++ b/roles/custom/matrix-coturn/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_coturn_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index f8308534..a60c33d2 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -46,15 +46,15 @@ matrix_dendrite_container_https_host_bind_address: ""
 # Also see `matrix_dendrite_container_arguments`
 matrix_dendrite_container_extra_arguments: []
 
-# matrix_dendrite_container_runtime_injected_arguments is a list of extra arguments to pass to the container.
-# This list is built during runtime. You're not meant to override this variable.
+# matrix_dendrite_container_extra_arguments_auto is a list of extra arguments to pass to the container.
+# This list is managed by the playbook. You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
-matrix_dendrite_container_runtime_injected_arguments: []
+matrix_dendrite_container_extra_arguments_auto: []
 
 # matrix_dendrite_container_arguments holds the final list of extra arguments to pass to the container.
 # You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
-matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_runtime_injected_arguments }}"
+matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_extra_arguments_auto }}"
 
 # A list of extra arguments to pass to the container process (`dendrite-monolith` command)
 # Example:
@@ -118,15 +118,15 @@ matrix_dendrite_container_additional_volumes: []
 # Also see `matrix_dendrite_app_service_config_files_final`
 matrix_dendrite_app_service_config_files: []
 
-# matrix_dendrite_app_service_runtime_injected_config_files is a list of appservice config files.
-# This list is built during runtime. You're not meant to override this variable.
+# matrix_dendrite_app_service_config_files_auto is a list of appservice config files.
+# This list is managed by the playbook. You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
-matrix_dendrite_app_service_runtime_injected_config_files: []
+matrix_dendrite_app_service_config_files_auto: []
 
 # matrix_dendrite_app_service_config_files_final holds the final list of config files to pass to the container.
 # You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
-matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_runtime_injected_config_files }}"
+matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_config_files_auto }}"
 
 # Enable exposure of metrics
 matrix_dendrite_metrics_enabled: false
diff --git a/roles/custom/matrix-dendrite/tasks/init.yml b/roles/custom/matrix-dendrite/tasks/init.yml
deleted file mode 100644
index 4ce641e9..00000000
--- a/roles/custom/matrix-dendrite/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}"
-  when: matrix_dendrite_enabled | bool
diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml
index d14beb15..639ad6e2 100644
--- a/roles/custom/matrix-dendrite/tasks/main.yml
+++ b/roles/custom/matrix-dendrite/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-dimension/tasks/init.yml b/roles/custom/matrix-dimension/tasks/init.yml
deleted file mode 100644
index c60a2fe2..00000000
--- a/roles/custom/matrix-dimension/tasks/init.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}"
-  when: matrix_dimension_enabled | bool
diff --git a/roles/custom/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml
index 6eef50d6..38f780e9 100644
--- a/roles/custom/matrix-dimension/tasks/main.yml
+++ b/roles/custom/matrix-dimension/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-dynamic-dns/tasks/init.yml b/roles/custom/matrix-dynamic-dns/tasks/init.yml
deleted file mode 100644
index 9c906441..00000000
--- a/roles/custom/matrix-dynamic-dns/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Dynamic DNS image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}"
-  when: "matrix_dynamic_dns_enabled | bool"
diff --git a/roles/custom/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml
index 2f33af86..bec7785c 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/main.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_dynamic_dns_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-email2matrix/tasks/init.yml b/roles/custom/matrix-email2matrix/tasks/init.yml
deleted file mode 100644
index 02dbc9ee..00000000
--- a/roles/custom/matrix-email2matrix/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}"
-  when: matrix_email2matrix_enabled | bool
diff --git a/roles/custom/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml
index 3adbc646..4339b4db 100644
--- a/roles/custom/matrix-email2matrix/tasks/main.yml
+++ b/roles/custom/matrix-email2matrix/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_email2matrix_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml
index d35ed375..159dbe87 100644
--- a/roles/custom/matrix-etherpad/tasks/init.yml
+++ b/roles/custom/matrix-etherpad/tasks/init.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}"
-  when: matrix_etherpad_enabled | bool
-
 - when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
   tags:
     - always
diff --git a/roles/custom/matrix-grafana/tasks/init.yml b/roles/custom/matrix-grafana/tasks/init.yml
deleted file mode 100644
index 7b363ee7..00000000
--- a/roles/custom/matrix-grafana/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}"
-  when: matrix_grafana_enabled | bool
diff --git a/roles/custom/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml
index 34a3f415..573f792f 100644
--- a/roles/custom/matrix-grafana/tasks/main.yml
+++ b/roles/custom/matrix-grafana/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_grafana_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-jitsi/tasks/init.yml b/roles/custom/matrix-jitsi/tasks/init.yml
deleted file mode 100644
index 8606c4b3..00000000
--- a/roles/custom/matrix-jitsi/tasks/init.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
-  when: matrix_jitsi_enabled | bool
-
-- name: Fail if on an unsupported architecture
-  ansible.builtin.fail:
-    msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
-  when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64']
diff --git a/roles/custom/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml
index be96d944..9aac5eae 100644
--- a/roles/custom/matrix-jitsi/tasks/main.yml
+++ b/roles/custom/matrix-jitsi/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
   tags:
     - setup-additional-jitsi-jvb
diff --git a/roles/custom/matrix-jitsi/tasks/validate_config.yml b/roles/custom/matrix-jitsi/tasks/validate_config.yml
index df87b758..258b4864 100644
--- a/roles/custom/matrix-jitsi/tasks/validate_config.yml
+++ b/roles/custom/matrix-jitsi/tasks/validate_config.yml
@@ -1,5 +1,10 @@
 ---
 
+- name: Fail if on an unsupported architecture
+  ansible.builtin.fail:
+    msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
+  when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64']
+
 - name: Fail if required Jitsi settings not defined
   ansible.builtin.fail:
     msg: >-
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
index 40623609..f035e657 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
@@ -1,14 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the matrix_ldap_registration_proxy image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ldap_registration_proxy_container_image_self_build and matrix_ldap_registration_proxy_enabled | bool"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ldap-registration-proxy.service'] }}"
-  when: matrix_ldap_registration_proxy_enabled | bool
 
 - when: matrix_ldap_registration_proxy_enabled | bool
   tags:
diff --git a/roles/custom/matrix-ma1sd/tasks/init.yml b/roles/custom/matrix-ma1sd/tasks/init.yml
deleted file mode 100644
index 48226aa0..00000000
--- a/roles/custom/matrix-ma1sd/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the ma1sd image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled | bool"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}"
-  when: matrix_ma1sd_enabled | bool
diff --git a/roles/custom/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml
index f55e7891..add76bb2 100644
--- a/roles/custom/matrix-ma1sd/tasks/main.yml
+++ b/roles/custom/matrix-ma1sd/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_ma1sd_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-mailer/tasks/init.yml b/roles/custom/matrix-mailer/tasks/init.yml
deleted file mode 100644
index 487ed0c9..00000000
--- a/roles/custom/matrix-mailer/tasks/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Matrix Mailer image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}"
-  when: matrix_mailer_enabled | bool
diff --git a/roles/custom/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml
index e49ff26d..cf9123bf 100644
--- a/roles/custom/matrix-mailer/tasks/main.yml
+++ b/roles/custom/matrix-mailer/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_mailer.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-nginx-proxy/tasks/init.yml b/roles/custom/matrix-nginx-proxy/tasks/init.yml
deleted file mode 100644
index eb4249cb..00000000
--- a/roles/custom/matrix-nginx-proxy/tasks/init.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}"
-  when: matrix_nginx_proxy_enabled | bool
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}"
-  when: "item.applicable | bool and item.enableable | bool"
-  with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
diff --git a/roles/custom/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml
index 9c34d1f5..168608da 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/main.yml
@@ -1,7 +1,4 @@
 ---
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
 
 # Always validating the configuration, even if `matrix_nginx_proxy: false`.
 # This role performs actions even if the role is disabled, so we need
diff --git a/roles/custom/matrix-ntfy/tasks/init.yml b/roles/custom/matrix-ntfy/tasks/init.yml
deleted file mode 100644
index 6222ada0..00000000
--- a/roles/custom/matrix-ntfy/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}"
-  when: matrix_ntfy_enabled | bool
diff --git a/roles/custom/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml
index 200d38c4..8a4acd7c 100644
--- a/roles/custom/matrix-ntfy/tasks/main.yml
+++ b/roles/custom/matrix-ntfy/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
   when: "run_setup | bool and matrix_ntfy_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-postgres-backup/tasks/init.yml b/roles/custom/matrix-postgres-backup/tasks/init.yml
deleted file mode 100644
index 5ece870a..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}"
-  when: matrix_postgres_backup_enabled | bool
diff --git a/roles/custom/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml
index 1403fa5b..4fef6f45 100644
--- a/roles/custom/matrix-postgres-backup/tasks/main.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_postgres_backup_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-postgres/tasks/init.yml b/roles/custom/matrix-postgres/tasks/init.yml
deleted file mode 100644
index 659380f1..00000000
--- a/roles/custom/matrix-postgres/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}"
-  when: matrix_postgres_enabled | bool
diff --git a/roles/custom/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml
index 8e21b3c6..c282b382 100644
--- a/roles/custom/matrix-postgres/tasks/main.yml
+++ b/roles/custom/matrix-postgres/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_postgres_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
index 460ab137..eda1b755 100644
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}"
-  when: matrix_prometheus_node_exporter_enabled | bool
-
 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
   block:
     - name: Fail if matrix-nginx-proxy role already executed
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
index 20333dce..d409e2dd 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}"
-  when: matrix_prometheus_postgres_exporter_enabled | bool
-
 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
   block:
     - name: Fail if matrix-nginx-proxy role already executed
diff --git a/roles/custom/matrix-prometheus/tasks/init.yml b/roles/custom/matrix-prometheus/tasks/init.yml
deleted file mode 100644
index 29853673..00000000
--- a/roles/custom/matrix-prometheus/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}"
-  when: matrix_prometheus_enabled | bool
diff --git a/roles/custom/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml
index 1a5a3708..61cd86db 100644
--- a/roles/custom/matrix-prometheus/tasks/main.yml
+++ b/roles/custom/matrix-prometheus/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_prometheus_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-redis/tasks/init.yml b/roles/custom/matrix-redis/tasks/init.yml
deleted file mode 100644
index 00154b33..00000000
--- a/roles/custom/matrix-redis/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}"
-  when: matrix_redis_enabled | bool
diff --git a/roles/custom/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml
index 1bcac7d6..51b3e12c 100644
--- a/roles/custom/matrix-redis/tasks/main.yml
+++ b/roles/custom/matrix-redis/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_redis.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml
index 2b43dffd..a295cdfb 100644
--- a/roles/custom/matrix-registration/tasks/init.yml
+++ b/roles/custom/matrix-registration/tasks/init.yml
@@ -1,14 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Matrix Registration image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}"
-  when: matrix_registration_enabled | bool
 
 - when: matrix_registration_enabled | bool
   tags:
diff --git a/roles/custom/matrix-sygnal/tasks/init.yml b/roles/custom/matrix-sygnal/tasks/init.yml
deleted file mode 100644
index dae7a299..00000000
--- a/roles/custom/matrix-sygnal/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}"
-  when: matrix_sygnal_enabled | bool
diff --git a/roles/custom/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml
index b001bb82..fb25feed 100644
--- a/roles/custom/matrix-sygnal/tasks/main.yml
+++ b/roles/custom/matrix-sygnal/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool
   tags:
diff --git a/roles/custom/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml
index c2b2d05f..78ebbdec 100644
--- a/roles/custom/matrix-synapse-admin/tasks/init.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/init.yml
@@ -1,14 +1,4 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Synapse Admin image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_image_self_build and matrix_synapse_admin_enabled"
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}"
-  when: matrix_synapse_admin_enabled | bool
 
 - when: matrix_synapse_admin_enabled | bool
   tags:
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
deleted file mode 100644
index b10eca53..00000000
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-reverse-proxy-companion.service'] }}"
-  when: matrix_synapse_reverse_proxy_companion_enabled | bool
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
index f8b6660b..65b2c019 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
   when: run_setup | bool and matrix_synapse_reverse_proxy_companion_enabled | bool
   tags:
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
index ca263b6d..83c1e5e3 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Ensure mtrix-synapse-reverse-proxy-companion paths exist
+- name: Ensure matrix-synapse-reverse-proxy-companion paths exist
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index c6bf31fd..f52f414b 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -101,15 +101,15 @@ matrix_synapse_container_manhole_api_host_bind_port: ''
 # Also see `matrix_synapse_container_arguments`
 matrix_synapse_container_extra_arguments: []
 
-# matrix_synapse_container_runtime_injected_arguments is a list of extra arguments to pass to the container.
-# This list is built during runtime. You're not meant to override this variable.
+# matrix_synapse_container_extra_arguments_auto is a list of extra arguments to pass to the container.
+# This list is managed by the playbook. You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
-matrix_synapse_container_runtime_injected_arguments: []
+matrix_synapse_container_extra_arguments_auto: []
 
 # matrix_synapse_container_arguments holds the final list of extra arguments to pass to the container.
 # You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
-matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_runtime_injected_arguments }}"
+matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_extra_arguments_auto }}"
 
 # List of systemd services that matrix-synapse.service depends on
 matrix_synapse_systemd_required_services_list: ['docker.service']
@@ -371,15 +371,15 @@ matrix_synapse_additional_loggers: []
 # Also see `matrix_synapse_app_service_config_files_final`
 matrix_synapse_app_service_config_files: []
 
-# matrix_synapse_app_service_runtime_injected_config_files is a list of appservice config files.
-# This list is built during runtime. You're not meant to override this variable.
+# matrix_synapse_app_service_config_files_auto is a list of appservice config files.
+# This list is managed by the playbook. You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
-matrix_synapse_app_service_runtime_injected_config_files: []
+matrix_synapse_app_service_config_files_auto: []
 
 # matrix_synapse_app_service_config_files_final holds the final list of config files to pass to the container.
 # You're not meant to override this variable.
 # If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
-matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_runtime_injected_config_files }}"
+matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_config_files_auto }}"
 
 # This is set dynamically during execution depending on whether
 # any password providers have been enabled or not.
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml
deleted file mode 100644
index 008161cb..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}"
-  when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
diff --git a/roles/custom/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/init.yml
index 9146936a..635ef8f2 100644
--- a/roles/custom/matrix-synapse/tasks/init.yml
+++ b/roles/custom/matrix-synapse/tasks/init.yml
@@ -1,20 +1,10 @@
 ---
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  ansible.builtin.fail:
-    msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
 
 # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
 # we'll generate it dynamically.
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
   when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0"
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}"
-  when: matrix_synapse_enabled | bool
-
 - name: Ensure workers are injected into various places
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml"
   with_items: "{{ matrix_synapse_workers_enabled_list }}"
@@ -22,13 +12,6 @@
     loop_var: matrix_synapse_worker_details
   when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool
 
-- ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}"
-  when: matrix_s3_media_store_enabled | bool
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/init.yml"
-  when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
-
 - when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
   block:
     - name: Fail if matrix-nginx-proxy role already executed

From 360e643f840108f123d0e384f16f699bc9fc33a5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 08:43:46 +0200
Subject: [PATCH 047/198] Add service priorities - try to stop/start them in an
 optimal order

---
 group_vars/matrix_servers                     | 154 ++++++++++--------
 roles/custom/matrix-base/defaults/main.yml    |  23 ++-
 .../matrix-common-after/tasks/start.yml       |  18 +-
 .../custom/matrix-common-after/tasks/stop.yml |   4 +-
 .../tasks/init_additional_jvb.yml             |   2 +-
 roles/custom/matrix-nginx-proxy/vars/main.yml |   4 +
 .../tasks/synapse/workers/setup_install.yml   |   2 +-
 .../synapse/workers/util/inject_worker.yml    |   2 +-
 8 files changed, 123 insertions(+), 86 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index d51f20d4..ccd7d5d9 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -22,139 +22,159 @@ matrix_playbook_docker_installation_enabled: true
 # This list is not exhaustive and final.
 # Synapse workers are still injected into the list at runtime.
 # Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
-matrix_systemd_services_list: |
+#
+# Priority levels are like this:
+# - core services (the homeserver) get a level of ~1000
+# - services that core services depend on (database, Redis, ntfy, etc.) get a lower level - between 500 and 1000
+# - reverse-proxying services get level 3000
+# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
+#   - they can start before the reverse-proxy
+#   - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
+# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
+# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
+matrix_systemd_services_list_auto: |
   {{
-    (['matrix-backup-borg.timer'] if matrix_backup_borg_enabled else [])
+    ([{'name': 'matrix-backup-borg.timer', 'priority': 5000}] if matrix_backup_borg_enabled else [])
     +
-    (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else [])
+    ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200}] if matrix_bot_buscarron_enabled else [])
     +
-    (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
+    ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200}] if matrix_bot_go_neb_enabled else [])
     +
-    (['matrix-bot-honoroit.service'] if matrix_bot_honoroit_enabled else [])
+    ([{'name': 'matrix-bot-honoroit.service', 'priority': 2200}] if matrix_bot_honoroit_enabled else [])
     +
-    (['matrix-bot-matrix-registration-bot.service'] if matrix_bot_matrix_registration_bot_enabled else [])
+    ([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200}] if matrix_bot_matrix_registration_bot_enabled else [])
     +
-    (['matrix-bot-matrix-reminder-bot.service'] if matrix_bot_matrix_reminder_bot_enabled else [])
+    ([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200}] if matrix_bot_matrix_reminder_bot_enabled else [])
     +
-    (['matrix-bot-maubot.service'] if matrix_bot_maubot_enabled else [])
+    ([{'name': 'matrix-bot-maubot.service', 'priority': 2200}] if matrix_bot_maubot_enabled else [])
     +
-    (['matrix-bot-mjolnir.service'] if matrix_bot_mjolnir_enabled else [])
+    ([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200}] if matrix_bot_mjolnir_enabled else [])
     +
-    (['matrix-bot-postmoogle.service'] if matrix_bot_postmoogle_enabled else [])
+    ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200}] if matrix_bot_postmoogle_enabled else [])
     +
-    (['matrix-appservice-discord.service'] if matrix_appservice_discord_enabled else [])
+    ([{'name': 'matrix-appservice-discord.service', 'priority': 2000}] if matrix_appservice_discord_enabled else [])
     +
-    (['matrix-appservice-irc.service'] if matrix_appservice_irc_enabled else [])
+    ([{'name': 'matrix-appservice-irc.service', 'priority': 2000}] if matrix_appservice_irc_enabled else [])
     +
-    (['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] if matrix_appservice_kakaotalk_enabled else [])
+    ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000}] if matrix_appservice_kakaotalk_enabled else [])
     +
-    (['matrix-appservice-slack.service'] if matrix_appservice_slack_enabled else [])
+    ([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900}] if matrix_appservice_kakaotalk_enabled else [])
     +
-    (['matrix-appservice-webhooks.service'] if matrix_appservice_webhooks_enabled else [])
+    ([{'name': 'matrix-appservice-slack.service', 'priority': 2000}] if matrix_appservice_slack_enabled else [])
     +
-    (['matrix-beeper-linkedin.service'] if matrix_beeper_linkedin_enabled else [])
+    ([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000}] if matrix_appservice_webhooks_enabled else [])
     +
-    (['matrix-go-skype-bridge.service'] if matrix_go_skype_bridge_enabled else [])
+    ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000}] if matrix_beeper_linkedin_enabled else [])
     +
-    (['matrix-heisenbridge.service'] if matrix_heisenbridge_enabled else [])
+    ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000}] if matrix_go_skype_bridge_enabled else [])
     +
-    (['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
+    ([{'name': 'matrix-heisenbridge.service', 'priority': 2000}] if matrix_heisenbridge_enabled else [])
     +
-    (['matrix-mautrix-discord.service'] if matrix_mautrix_discord_enabled else [])
+    ([{'name': 'matrix-hookshot.service', 'priority': 2000}] if matrix_hookshot_enabled else [])
     +
-    (['matrix-mautrix-facebook.service'] if matrix_mautrix_facebook_enabled else [])
+    ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000}] if matrix_mautrix_discord_enabled else [])
     +
-    (['matrix-mautrix-googlechat.service'] if matrix_mautrix_googlechat_enabled else [])
+    ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000}] if matrix_mautrix_facebook_enabled else [])
     +
-    (['matrix-mautrix-hangouts.service'] if matrix_mautrix_hangouts_enabled else [])
+    ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000}] if matrix_mautrix_googlechat_enabled else [])
     +
-    (['matrix-mautrix-instagram.service'] if matrix_mautrix_instagram_enabled else [])
+    ([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000}] if matrix_mautrix_hangouts_enabled else [])
     +
-    (['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] if matrix_mautrix_signal_enabled else [])
+    ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000}] if matrix_mautrix_instagram_enabled else [])
     +
-    (['matrix-mautrix-telegram.service'] if matrix_mautrix_telegram_enabled else [])
+    ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000}] if matrix_mautrix_signal_enabled else [])
     +
-    (['matrix-mautrix-twitter.service'] if matrix_mautrix_twitter_enabled else [])
+    ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900}] if matrix_mautrix_signal_enabled else [])
     +
-    (['matrix-mautrix-whatsapp.service'] if matrix_mautrix_whatsapp_enabled else [])
+    ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000}] if matrix_mautrix_telegram_enabled else [])
     +
-    (['matrix-mx-puppet-discord.service'] if matrix_mx_puppet_discord_enabled else [])
+    ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000}] if matrix_mautrix_twitter_enabled else [])
     +
-    (['matrix-mx-puppet-groupme.service'] if matrix_mx_puppet_groupme_enabled else [])
+    ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000}] if matrix_mautrix_whatsapp_enabled else [])
     +
-    (['matrix-mx-puppet-instagram.service'] if matrix_mx_puppet_instagram_enabled else [])
+    ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000}] if matrix_mx_puppet_discord_enabled else [])
     +
-    (['matrix-mx-puppet-slack.service'] if matrix_mx_puppet_slack_enabled else [])
+    ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000}] if matrix_mx_puppet_groupme_enabled else [])
     +
-    (['matrix-mx-puppet-steam.service'] if matrix_mx_puppet_steam_enabled else [])
+    ([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000}] if matrix_mx_puppet_instagram_enabled else [])
     +
-    (['matrix-mx-puppet-twitter.service'] if matrix_mx_puppet_twitter_enabled else [])
+    ([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000}] if matrix_mx_puppet_slack_enabled else [])
     +
-    (['matrix-sms-bridge.service'] if matrix_sms_bridge_enabled else [])
+    ([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000}] if matrix_mx_puppet_steam_enabled else [])
     +
-    (['matrix-cactus-comments.service'] if matrix_cactus_comments_enabled else [])
+    ([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000}] if matrix_mx_puppet_twitter_enabled else [])
     +
-    (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else [])
+    ([{'name': 'matrix-sms-bridge.service', 'priority': 2000}] if matrix_sms_bridge_enabled else [])
     +
-    (['matrix-client-element.service'] if matrix_client_element_enabled else [])
+    ([{'name': 'matrix-cactus-comments.service', 'priority': 2000}] if matrix_cactus_comments_enabled else [])
     +
-    (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else [])
+    ([{'name': 'matrix-client-cinny.service', 'priority': 2000}] if matrix_client_cinny_enabled else [])
     +
-    (['matrix-' + matrix_homeserver_implementation + '.service'])
+    ([{'name': 'matrix-client-element.service', 'priority': 2000}] if matrix_client_element_enabled else [])
     +
-    (['matrix-corporal.service'] if matrix_corporal_enabled else [])
+    ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000}] if matrix_client_hydrogen_enabled else [])
     +
-    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
+    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000}])
     +
-    (['matrix-coturn-reload.timer'] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+    ([{'name': 'matrix-corporal.service', 'priority': 1500}] if matrix_corporal_enabled else [])
     +
-    (['matrix-dimension.service'] if matrix_dimension_enabled else [])
+    ([{'name': 'matrix-coturn.service', 'priority': 4000}] if matrix_coturn_enabled else [])
     +
-    (['matrix-dynamic-dns.service'] if matrix_dynamic_dns_enabled else [])
+    ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
     +
-    (['matrix-email2matrix.service'] if matrix_email2matrix_enabled else [])
+    ([{'name': 'matrix-dimension.service', 'priority': 2500}] if matrix_dimension_enabled else [])
     +
-    (['matrix-etherpad.service'] if matrix_etherpad_enabled else [])
+    ([{'name': 'matrix-dynamic-dns.service', 'priority': 5000}] if matrix_dynamic_dns_enabled else [])
     +
-    (['matrix-grafana.service'] if matrix_grafana_enabled else [])
+    ([{'name': 'matrix-email2matrix.service', 'priority': 2000}] if matrix_email2matrix_enabled else [])
     +
-    (['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] if matrix_jitsi_enabled else [])
+    ([{'name': 'matrix-etherpad.service', 'priority': 4000}] if matrix_etherpad_enabled else [])
     +
-    (['matrix-ldap-registration-proxy.service'] if matrix_ldap_registration_proxy_enabled else [])
+    ([{'name': 'matrix-grafana.service', 'priority': 4000}] if matrix_grafana_enabled else [])
     +
-    (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+    ([{'name': 'matrix-jitsi-web.service', 'priority': 4200}] if matrix_jitsi_enabled else [])
     +
-    (['matrix-mailer.service'] if matrix_mailer_enabled else [])
+    ([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000}] if matrix_jitsi_enabled else [])
     +
-    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+    ([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100}] if matrix_jitsi_enabled else [])
     +
-    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | map(attribute='name'))
+    ([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100}] if matrix_jitsi_enabled else [])
     +
-    (['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
+    ([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000}] if matrix_ldap_registration_proxy_enabled else [])
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([{'name': 'matrix-ma1sd.service', 'priority': 2000}] if matrix_ma1sd_enabled else [])
     +
-    (['matrix-postgres-backup.service'] if matrix_postgres_backup_enabled else [])
+    ([{'name': 'matrix-mailer.service', 'priority': 2000}] if matrix_mailer_enabled else [])
     +
-    (['matrix-prometheus.service'] if matrix_prometheus_enabled else [])
+    ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000}] if matrix_nginx_proxy_enabled else [])
     +
-    (['matrix-prometheus-node-exporter.service'] if matrix_prometheus_node_exporter_enabled else [])
+    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable'))
     +
-    (['matrix-prometheus-postgres-exporter.service'] if matrix_prometheus_postgres_exporter_enabled else [])
+    ([{'name': 'matrix-ntfy.service', 'priority': 800}] if matrix_ntfy_enabled else [])
     +
-    (['matrix-redis'] if matrix_redis_enabled else [])
+    ([{'name': 'matrix-postgres.service', 'priority': 500}] if matrix_postgres_enabled else [])
     +
-    (['matrix-registration.service'] if matrix_registration_enabled else [])
+    ([{'name': 'matrix-postgres-backup.service', 'priority': 3000}] if matrix_postgres_backup_enabled else [])
     +
-    (['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
+    ([{'name': 'matrix-prometheus.service', 'priority': 4000}] if matrix_prometheus_enabled else [])
     +
-    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
+    ([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900}] if matrix_prometheus_node_exporter_enabled else [])
     +
-    (['matrix-synapse-s3-storage-provider-migrate.timer'] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+    ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900}] if matrix_prometheus_postgres_exporter_enabled else [])
     +
-    (['matrix-synapse-admin.service'] if matrix_synapse_admin_enabled else [])
+    ([{'name': 'matrix-redis', 'priority': 750}] if matrix_redis_enabled else [])
     +
-    (['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
+    ([{'name': 'matrix-registration.service', 'priority': 4000}] if matrix_registration_enabled else [])
+    +
+    ([{'name': 'matrix-sygnal.service', 'priority': 800}] if matrix_sygnal_enabled else [])
+    +
+    ([{'name': 'matrix-goofys.service', 'priority': 800}] if matrix_s3_media_store_enabled else [])
+    +
+    ([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+    +
+    ([{'name': 'matrix-synapse-admin.service', 'priority': 4000}] if matrix_synapse_admin_enabled else [])
+    +
+    ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500}] if matrix_synapse_reverse_proxy_companion_enabled else [])
   }}
 
 matrix_homeserver_app_service_config_files_auto: |
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index d54da23e..dfaeb69d 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -253,9 +253,26 @@ matrix_well_known_matrix_server_enabled: true
 # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
 matrix_well_known_matrix_support_enabled: false
 
-# This will contain a list of enabled services that the playbook is managing.
-# Each component is expected to append its service name to this list.
-matrix_systemd_services_list: []
+# matrix_systemd_services_list_auto contains a list of systemd services and their priorities.
+# This list is managed by the playbook. You're not meant to override this variable.
+# To add your own items to the list, use `matrix_systemd_services_list_additional`
+matrix_systemd_services_list_auto: []
+
+# matrix_systemd_services_list_additional contains your own list of systemd services and their priorities.
+#
+# Example:
+# matrix_systemd_services_list_additional:
+#   - name: some-service.service
+#     priority: 1250
+#   - name: another-service.service
+#     priority: 3500
+matrix_systemd_services_list_additional: []
+
+# matrix_systemd_services_list contains a list of systemd services and their priorities.
+matrix_systemd_services_list: "{{ matrix_systemd_services_list_auto + matrix_systemd_services_list_additional }}"
+
+# matrix_systemd_services_autostart_enabled controls whether systemd services should auto-start when the system reboots
+matrix_systemd_services_autostart_enabled: true
 
 matrix_homeserver_container_extra_arguments_auto: []
 matrix_homeserver_app_service_config_files_auto: []
diff --git a/roles/custom/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml
index a781dab7..b79d073a 100644
--- a/roles/custom/matrix-common-after/tasks/start.yml
+++ b/roles/custom/matrix-common-after/tasks/start.yml
@@ -1,26 +1,22 @@
 ---
 
-- name: Determine whether we should make services autostart
-  ansible.builtin.set_fact:
-    matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled | default('') == '' else matrix_services_autostart_enabled | bool }}"
-
 - name: Ensure systemd is reloaded
   ansible.builtin.service:
     daemon_reload: true
 
 - name: Ensure Matrix services are stopped
   ansible.builtin.service:
-    name: "{{ item }}"
+    name: "{{ item.name }}"
     state: stopped
-  with_items: "{{ matrix_systemd_services_list }}"
+  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name', reverse=true) }}"
   when: not ansible_check_mode
 
 - name: Ensure Matrix services are started
   ansible.builtin.service:
-    name: "{{ item }}"
-    enabled: "{{ matrix_services_autostart_enabled_bool }}"
+    name: "{{ item.name }}"
     state: started
-  with_items: "{{ matrix_systemd_services_list }}"
+    enabled: "{{ matrix_systemd_services_autostart_enabled }}"
+  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name') }}"
   when: not ansible_check_mode
 
 # If we check service state immediately, we may succeed,
@@ -48,7 +44,7 @@
           If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive.
           You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable.
           See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that.
-      with_items: "{{ matrix_systemd_services_list }}"
+      with_items: "{{ matrix_systemd_services_list | map(attribute='name') }}"
       when:
         - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"
 
@@ -59,7 +55,7 @@
     # Therefore iterating here manually
     - name: Fetch systemd information
       ansible.builtin.systemd:
-        name: "{{ item }}"
+        name: "{{ item.name }}"
       register: systemdstatus
       with_items: "{{ matrix_systemd_services_list }}"
 
diff --git a/roles/custom/matrix-common-after/tasks/stop.yml b/roles/custom/matrix-common-after/tasks/stop.yml
index a343999c..4fb19ebd 100644
--- a/roles/custom/matrix-common-after/tasks/stop.yml
+++ b/roles/custom/matrix-common-after/tasks/stop.yml
@@ -2,6 +2,6 @@
 
 - name: Ensure Matrix services stopped
   ansible.builtin.service:
-    name: "{{ item }}"
+    name: "{{ item.name }}"
     state: stopped
-  with_items: "{{ matrix_systemd_services_list }}"
+  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name', reverse=true) }}"
diff --git a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
index e781f5bc..b3f83d94 100644
--- a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
+++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
@@ -1,5 +1,5 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ ['matrix-jitsi-jvb.service'] }}"
+    matrix_systemd_services_list: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000}] }}"
   when: matrix_jitsi_enabled | bool
diff --git a/roles/custom/matrix-nginx-proxy/vars/main.yml b/roles/custom/matrix-nginx-proxy/vars/main.yml
index 1a9ed929..06f86649 100644
--- a/roles/custom/matrix-nginx-proxy/vars/main.yml
+++ b/roles/custom/matrix-nginx-proxy/vars/main.yml
@@ -7,12 +7,16 @@ matrix_ssl_renewal_systemd_units_list:
   - name: matrix-ssl-lets-encrypt-certificates-renew.service
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
     enableable: false
+    priority: 5000
   - name: matrix-ssl-lets-encrypt-certificates-renew.timer
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
     enableable: true
+    priority: 5000
   - name: matrix-ssl-nginx-proxy-reload.service
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
     enableable: false
+    priority: 5000
   - name: matrix-ssl-nginx-proxy-reload.timer
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
     enableable: true
+    priority: 5000
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
index 74ca6c35..ca80e454 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
@@ -27,7 +27,7 @@
     state: stopped
     enabled: false
   with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
-  when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list"
+  when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list | map(attribute='name')"
 
 - name: Ensure unnecessary worker systemd services are cleaned
   ansible.builtin.file:
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
index 4542f19c..aebcbc89 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
@@ -53,7 +53,7 @@
       when: "'replication_port' not in matrix_synapse_worker_details"
 
 - ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"
+    matrix_systemd_services_list_auto: "{{ matrix_systemd_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100}] }}"
 
 - ansible.builtin.set_fact:
     matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"

From eec5de7aba8e43c4c8b6a879abde9a96082ffa10 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 08:55:34 +0200
Subject: [PATCH 048/198] Remove old systemd service checks

These are not even caused by Archlinux, but by running buggy Ansible on old Ubuntu
while targeting modern servers (like Archlinux, but also others, ..).

We shouldn't employ ugly workarounds like this. We should tell people to
avoid running buggy Ansible or bad distros like Ubuntu, even.
---
 .../matrix-common-after/tasks/start.yml       | 53 ++++++-------------
 1 file changed, 16 insertions(+), 37 deletions(-)

diff --git a/roles/custom/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml
index b79d073a..60f571bc 100644
--- a/roles/custom/matrix-common-after/tasks/start.yml
+++ b/roles/custom/matrix-common-after/tasks/start.yml
@@ -30,40 +30,19 @@
   delegate_to: 127.0.0.1
   become: false
 
-- when: "ansible_distribution != 'Archlinux'"
-  block:
-    - name: Populate service facts
-      ansible.builtin.service_facts:
-
-    - name: Fail if service isn't detected to be running
-      ansible.builtin.fail:
-        msg: >-
-          {{ item }} was not detected to be running.
-          It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
-          Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
-          If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive.
-          You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable.
-          See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that.
-      with_items: "{{ matrix_systemd_services_list | map(attribute='name') }}"
-      when:
-        - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"
-
-- when: "ansible_distribution == 'Archlinux'"
-  block:
-    # Currently there is a bug in ansible that renders is incompatible with systemd.
-    # service_facts is not collecting the data successfully.
-    # Therefore iterating here manually
-    - name: Fetch systemd information
-      ansible.builtin.systemd:
-        name: "{{ item.name }}"
-      register: systemdstatus
-      with_items: "{{ matrix_systemd_services_list }}"
-
-    - name: Fail if service isn't detected to be running
-      ansible.builtin.fail:
-        msg: >-
-          {{ item.item }} was not detected to be running.
-          It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
-          Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate.
-      with_items: "{{ systemdstatus.results }}"
-      when: "item.status['ActiveState'] != 'active'"
+- block:
+  - name: Populate service facts
+    ansible.builtin.service_facts:
+
+  - name: Fail if service isn't detected to be running
+    ansible.builtin.fail:
+      msg: >-
+        {{ item }} was not detected to be running.
+        It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
+        Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
+        If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive.
+        You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable.
+        See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that.
+    with_items: "{{ matrix_systemd_services_list | map(attribute='name') }}"
+    when:
+      - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"

From 93d4f8d4258c886803664074eed6faafdff96a31 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 10:14:28 +0200
Subject: [PATCH 049/198] Replace matrix-common-after systemd service
 management with com.devture.ansible.role.systemd_service_manager

---
 group_vars/matrix_servers                     | 250 ++++++++++--------
 playbooks/matrix.yml                          |   3 +
 requirements.yml                              |   3 +
 roles/custom/matrix-base/defaults/main.yml    |  21 --
 .../matrix-common-after/defaults/main.yml     |  17 --
 .../custom/matrix-common-after/tasks/main.yml |  10 -
 .../matrix-common-after/tasks/start.yml       |  48 ----
 .../custom/matrix-common-after/tasks/stop.yml |   7 -
 .../tasks/init_additional_jvb.yml             |   2 +-
 .../tasks/synapse/workers/setup_install.yml   |   2 +-
 .../synapse/workers/util/inject_worker.yml    |   2 +-
 .../tasks/validate_config.yml                 |   4 +
 12 files changed, 150 insertions(+), 219 deletions(-)
 delete mode 100644 roles/custom/matrix-common-after/defaults/main.yml
 delete mode 100644 roles/custom/matrix-common-after/tasks/start.yml
 delete mode 100644 roles/custom/matrix-common-after/tasks/stop.yml

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index ccd7d5d9..74515ab2 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -19,6 +19,141 @@
 # Also see `devture_docker_sdk_for_python_installation_enabled`.
 matrix_playbook_docker_installation_enabled: true
 
+########################################################################
+#                                                                      #
+# /Playbook                                                            #
+#                                                                      #
+########################################################################
+
+########################################################################
+#                                                                      #
+# base                                                                 #
+#                                                                      #
+########################################################################
+
+matrix_homeserver_app_service_config_files_auto: |
+  {{
+    (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+    +
+    (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
+  }}
+
+matrix_homeserver_additional_config_files_auto: |
+  {{
+    (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
+    +
+    (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
+    +
+    (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
+    +
+    (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
+    +
+    (['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
+    +
+    (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
+    +
+    (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
+    +
+    (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
+    +
+    (['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
+    +
+    (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+    +
+    (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+    +
+    (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
+    +
+    (['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
+    +
+    (['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
+    +
+    (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+    +
+    (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+    +
+    (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+    +
+    (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+    +
+    (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
+    +
+    (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
+    +
+    (['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
+    +
+    (['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
+    +
+    (['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
+    +
+    (['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
+    +
+    (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+    +
+    (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+  }}
+
+########################################################################
+#                                                                      #
+# /base                                                                #
+#                                                                      #
+########################################################################
+
+
+########################################################################
+#                                                                      #
+# com.devture.ansible.role.systemd_service_manager                     #
+#                                                                      #
+########################################################################
+
 # This list is not exhaustive and final.
 # Synapse workers are still injected into the list at runtime.
 # Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
@@ -32,7 +167,7 @@ matrix_playbook_docker_installation_enabled: true
 #   - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
 # - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
 # - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
-matrix_systemd_services_list_auto: |
+devture_systemd_service_manager_services_list_auto: |
   {{
     ([{'name': 'matrix-backup-borg.timer', 'priority': 5000}] if matrix_backup_borg_enabled else [])
     +
@@ -177,124 +312,13 @@ matrix_systemd_services_list_auto: |
     ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500}] if matrix_synapse_reverse_proxy_companion_enabled else [])
   }}
 
-matrix_homeserver_app_service_config_files_auto: |
-  {{
-    (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
-    +
-    (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
-  }}
-
-matrix_homeserver_additional_config_files_auto: |
-  {{
-    (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
-    +
-    (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
-    +
-    (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
-    +
-    (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
-    +
-    (['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
-    +
-    (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
-    +
-    (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
-    +
-    (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
-    +
-    (['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
-    +
-    (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
-    +
-    (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
-    +
-    (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
-    +
-    (['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
-    +
-    (['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
-    +
-    (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
-    +
-    (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
-    +
-    (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
-    +
-    (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
-    +
-    (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
-    +
-    (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
-    +
-    (['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
-    +
-    (['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
-    +
-    (['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
-    +
-    (['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
-    +
-    (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
-    +
-    (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
-  }}
-
 ########################################################################
 #                                                                      #
-# /Playbook                                                            #
+# /com.devture.ansible.role.systemd_service_manager                    #
 #                                                                      #
 ########################################################################
 
 
-
 ########################################################################
 #                                                                      #
 # com.devture.ansible.role.timesync                                    #
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 1ecfba32..8d2be5cb 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -100,6 +100,9 @@
     - custom/matrix-user-creator
     - custom/matrix-common-after
 
+    - when: devture_systemd_service_manager_enabled | bool
+      role: galaxy/com.devture.ansible.role.systemd_service_manager
+
     # This is pretty much last, because we want it to better serve as a "last known good configuration".
     # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
     - when: devture_playbook_state_preserver_enabled | bool
diff --git a/requirements.yml b/requirements.yml
index ed4b8fb1..e8b411a8 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -18,5 +18,8 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
+- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
+  version: 8b6a14d649f8b0e868c7073b34f5d2fda6bde9e0
+
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
   version: f1c78d4e85e875129790c58335d0e44385683f6b
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index dfaeb69d..768bc6ec 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -253,27 +253,6 @@ matrix_well_known_matrix_server_enabled: true
 # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
 matrix_well_known_matrix_support_enabled: false
 
-# matrix_systemd_services_list_auto contains a list of systemd services and their priorities.
-# This list is managed by the playbook. You're not meant to override this variable.
-# To add your own items to the list, use `matrix_systemd_services_list_additional`
-matrix_systemd_services_list_auto: []
-
-# matrix_systemd_services_list_additional contains your own list of systemd services and their priorities.
-#
-# Example:
-# matrix_systemd_services_list_additional:
-#   - name: some-service.service
-#     priority: 1250
-#   - name: another-service.service
-#     priority: 3500
-matrix_systemd_services_list_additional: []
-
-# matrix_systemd_services_list contains a list of systemd services and their priorities.
-matrix_systemd_services_list: "{{ matrix_systemd_services_list_auto + matrix_systemd_services_list_additional }}"
-
-# matrix_systemd_services_autostart_enabled controls whether systemd services should auto-start when the system reboots
-matrix_systemd_services_autostart_enabled: true
-
 matrix_homeserver_container_extra_arguments_auto: []
 matrix_homeserver_app_service_config_files_auto: []
 
diff --git a/roles/custom/matrix-common-after/defaults/main.yml b/roles/custom/matrix-common-after/defaults/main.yml
deleted file mode 100644
index 51c48c7d..00000000
--- a/roles/custom/matrix-common-after/defaults/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-# Specifies how long to wait between starting systemd services and checking if they're started.
-#
-# A too low value may lead to a failure, as services may not have enough time to start and potentially fail.
-#
-# A value higher than 30 seconds (or any multiple of that) may also not work well, because a failing systemd service
-# auto-restarts after 30 seconds (`RestartSec=30` in systemd service files).
-# Checking if a service is running right after it had potentially restarted in such a way will lead us to
-# thinking it's running, while it's merely starting again (and likely to fail again, given that it already did once).
-#
-# All of the services we manage are also started sequentially, which in itself can take a long time.
-# There may be a ~10 second (or even larger) interval between starting the first service and starting the last one.
-# This makes it even harder to pick a correct value. Such a 10 second gap and a waiting time of 20 seconds will
-# put us right at the "dangerous" 30-second mark.
-#
-# We can try to measure this gap and adjust our waiting time accordingly, but we currently don't.
-matrix_common_after_systemd_service_start_wait_for_timeout_seconds: 15
diff --git a/roles/custom/matrix-common-after/tasks/main.yml b/roles/custom/matrix-common-after/tasks/main.yml
index 2cffecb1..498c8390 100644
--- a/roles/custom/matrix-common-after/tasks/main.yml
+++ b/roles/custom/matrix-common-after/tasks/main.yml
@@ -1,15 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/start.yml"
-  when: run_start | bool
-  tags:
-    - start
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/stop.yml"
-  when: run_stop | bool
-  tags:
-    - stop
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
   tags:
     - run-docker-prune
diff --git a/roles/custom/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml
deleted file mode 100644
index 60f571bc..00000000
--- a/roles/custom/matrix-common-after/tasks/start.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-
-- name: Ensure systemd is reloaded
-  ansible.builtin.service:
-    daemon_reload: true
-
-- name: Ensure Matrix services are stopped
-  ansible.builtin.service:
-    name: "{{ item.name }}"
-    state: stopped
-  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name', reverse=true) }}"
-  when: not ansible_check_mode
-
-- name: Ensure Matrix services are started
-  ansible.builtin.service:
-    name: "{{ item.name }}"
-    state: started
-    enabled: "{{ matrix_systemd_services_autostart_enabled }}"
-  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name') }}"
-  when: not ansible_check_mode
-
-# If we check service state immediately, we may succeed,
-# because it takes some time for the service to attempt to start and actually fail.
-#
-# Waiting too long (30s) may not work for a similar reason,
-# as we may run into systemd's automatic restart logic retrying the service.
-- name: Wait a bit, so that services can start (or fail)
-  ansible.builtin.wait_for:
-    timeout: "{{ matrix_common_after_systemd_service_start_wait_for_timeout_seconds }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-- block:
-  - name: Populate service facts
-    ansible.builtin.service_facts:
-
-  - name: Fail if service isn't detected to be running
-    ansible.builtin.fail:
-      msg: >-
-        {{ item }} was not detected to be running.
-        It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.).
-        Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
-        If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive.
-        You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable.
-        See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that.
-    with_items: "{{ matrix_systemd_services_list | map(attribute='name') }}"
-    when:
-      - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"
diff --git a/roles/custom/matrix-common-after/tasks/stop.yml b/roles/custom/matrix-common-after/tasks/stop.yml
deleted file mode 100644
index 4fb19ebd..00000000
--- a/roles/custom/matrix-common-after/tasks/stop.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Ensure Matrix services stopped
-  ansible.builtin.service:
-    name: "{{ item.name }}"
-    state: stopped
-  with_items: "{{ matrix_systemd_services_list | sort (attribute='priority,name', reverse=true) }}"
diff --git a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
index b3f83d94..f5a6e185 100644
--- a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
+++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
@@ -1,5 +1,5 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_systemd_services_list: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000}] }}"
+    devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000}] }}"
   when: matrix_jitsi_enabled | bool
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
index ca80e454..0f2105ed 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
@@ -27,7 +27,7 @@
     state: stopped
     enabled: false
   with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
-  when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list | map(attribute='name')"
+  when: "not ansible_check_mode and item.path | basename not in devture_systemd_service_manager_services_list | map(attribute='name')"
 
 - name: Ensure unnecessary worker systemd services are cleaned
   ansible.builtin.file:
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
index aebcbc89..27f499d6 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
@@ -53,7 +53,7 @@
       when: "'replication_port' not in matrix_synapse_worker_details"
 
 - ansible.builtin.set_fact:
-    matrix_systemd_services_list_auto: "{{ matrix_systemd_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100}] }}"
+    devture_systemd_service_manager_services_list_auto: "{{ devture_systemd_service_manager_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100}] }}"
 
 - ansible.builtin.set_fact:
     matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 93f977d1..49e31ebb 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -30,3 +30,7 @@
 
     - {'old': 'matrix_docker_installation_enabled', 'new': 'matrix_playbook_docker_installation_enabled'}
     - {'old': 'matrix_docker_package_name', 'new': '<Not applicable. Docker is installed using https://github.com/geerlingguy/ansible-role-docker now>'}
+
+    - {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'}
+    - {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'}
+    - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'}

From ccfaefa4d2f4266f4f0d70b97a6ba81147d8fc43 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 11:45:25 +0200
Subject: [PATCH 050/198] Add service groups

---
 group_vars/matrix_servers                     | 140 +++++++++---------
 requirements.yml                              |   2 +-
 .../tasks/init_additional_jvb.yml             |   2 +-
 roles/custom/matrix-nginx-proxy/vars/main.yml |   4 +
 .../synapse/workers/util/inject_worker.yml    |   2 +-
 5 files changed, 77 insertions(+), 73 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 74515ab2..f15096cf 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -169,147 +169,147 @@ matrix_homeserver_additional_config_files_auto: |
 # - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
 devture_systemd_service_manager_services_list_auto: |
   {{
-    ([{'name': 'matrix-backup-borg.timer', 'priority': 5000}] if matrix_backup_borg_enabled else [])
+    ([{'name': 'matrix-backup-borg.timer', 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if matrix_backup_borg_enabled else [])
     +
-    ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200}] if matrix_bot_buscarron_enabled else [])
+    ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron']}] if matrix_bot_buscarron_enabled else [])
     +
-    ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200}] if matrix_bot_go_neb_enabled else [])
+    ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb']}] if matrix_bot_go_neb_enabled else [])
     +
-    ([{'name': 'matrix-bot-honoroit.service', 'priority': 2200}] if matrix_bot_honoroit_enabled else [])
+    ([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit']}] if matrix_bot_honoroit_enabled else [])
     +
-    ([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200}] if matrix_bot_matrix_registration_bot_enabled else [])
+    ([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
     +
-    ([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200}] if matrix_bot_matrix_reminder_bot_enabled else [])
+    ([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
     +
-    ([{'name': 'matrix-bot-maubot.service', 'priority': 2200}] if matrix_bot_maubot_enabled else [])
+    ([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot']}] if matrix_bot_maubot_enabled else [])
     +
-    ([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200}] if matrix_bot_mjolnir_enabled else [])
+    ([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else [])
     +
-    ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200}] if matrix_bot_postmoogle_enabled else [])
+    ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else [])
     +
-    ([{'name': 'matrix-appservice-discord.service', 'priority': 2000}] if matrix_appservice_discord_enabled else [])
+    ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
     +
-    ([{'name': 'matrix-appservice-irc.service', 'priority': 2000}] if matrix_appservice_irc_enabled else [])
+    ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
     +
-    ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000}] if matrix_appservice_kakaotalk_enabled else [])
+    ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
     +
-    ([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900}] if matrix_appservice_kakaotalk_enabled else [])
+    ([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else [])
     +
-    ([{'name': 'matrix-appservice-slack.service', 'priority': 2000}] if matrix_appservice_slack_enabled else [])
+    ([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else [])
     +
-    ([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000}] if matrix_appservice_webhooks_enabled else [])
+    ([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else [])
     +
-    ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000}] if matrix_beeper_linkedin_enabled else [])
+    ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
     +
-    ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000}] if matrix_go_skype_bridge_enabled else [])
+    ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
     +
-    ([{'name': 'matrix-heisenbridge.service', 'priority': 2000}] if matrix_heisenbridge_enabled else [])
+    ([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
     +
-    ([{'name': 'matrix-hookshot.service', 'priority': 2000}] if matrix_hookshot_enabled else [])
+    ([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot']}] if matrix_hookshot_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000}] if matrix_mautrix_discord_enabled else [])
+    ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000}] if matrix_mautrix_facebook_enabled else [])
+    ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000}] if matrix_mautrix_googlechat_enabled else [])
+    ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000}] if matrix_mautrix_hangouts_enabled else [])
+    ([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-hangouts']}] if matrix_mautrix_hangouts_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000}] if matrix_mautrix_instagram_enabled else [])
+    ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000}] if matrix_mautrix_signal_enabled else [])
+    ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900}] if matrix_mautrix_signal_enabled else [])
+    ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000}] if matrix_mautrix_telegram_enabled else [])
+    ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000}] if matrix_mautrix_twitter_enabled else [])
+    ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
     +
-    ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000}] if matrix_mautrix_whatsapp_enabled else [])
+    ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000}] if matrix_mx_puppet_discord_enabled else [])
+    ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000}] if matrix_mx_puppet_groupme_enabled else [])
+    ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000}] if matrix_mx_puppet_instagram_enabled else [])
+    ([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000}] if matrix_mx_puppet_slack_enabled else [])
+    ([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000}] if matrix_mx_puppet_steam_enabled else [])
+    ([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else [])
     +
-    ([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000}] if matrix_mx_puppet_twitter_enabled else [])
+    ([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else [])
     +
-    ([{'name': 'matrix-sms-bridge.service', 'priority': 2000}] if matrix_sms_bridge_enabled else [])
+    ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
     +
-    ([{'name': 'matrix-cactus-comments.service', 'priority': 2000}] if matrix_cactus_comments_enabled else [])
+    ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
     +
-    ([{'name': 'matrix-client-cinny.service', 'priority': 2000}] if matrix_client_cinny_enabled else [])
+    ([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny']}] if matrix_client_cinny_enabled else [])
     +
-    ([{'name': 'matrix-client-element.service', 'priority': 2000}] if matrix_client_element_enabled else [])
+    ([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element']}] if matrix_client_element_enabled else [])
     +
-    ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000}] if matrix_client_hydrogen_enabled else [])
+    ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen']}] if matrix_client_hydrogen_enabled else [])
     +
-    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000}])
+    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}])
     +
-    ([{'name': 'matrix-corporal.service', 'priority': 1500}] if matrix_corporal_enabled else [])
+    ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
     +
-    ([{'name': 'matrix-coturn.service', 'priority': 4000}] if matrix_coturn_enabled else [])
+    ([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
     +
-    ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+    ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
     +
-    ([{'name': 'matrix-dimension.service', 'priority': 2500}] if matrix_dimension_enabled else [])
+    ([{'name': 'matrix-dimension.service', 'priority': 2500, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
     +
-    ([{'name': 'matrix-dynamic-dns.service', 'priority': 5000}] if matrix_dynamic_dns_enabled else [])
+    ([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else [])
     +
-    ([{'name': 'matrix-email2matrix.service', 'priority': 2000}] if matrix_email2matrix_enabled else [])
+    ([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else [])
     +
-    ([{'name': 'matrix-etherpad.service', 'priority': 4000}] if matrix_etherpad_enabled else [])
+    ([{'name': 'matrix-etherpad.service', 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if matrix_etherpad_enabled else [])
     +
-    ([{'name': 'matrix-grafana.service', 'priority': 4000}] if matrix_grafana_enabled else [])
+    ([{'name': 'matrix-grafana.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if matrix_grafana_enabled else [])
     +
-    ([{'name': 'matrix-jitsi-web.service', 'priority': 4200}] if matrix_jitsi_enabled else [])
+    ([{'name': 'matrix-jitsi-web.service', 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if matrix_jitsi_enabled else [])
     +
-    ([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000}] if matrix_jitsi_enabled else [])
+    ([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if matrix_jitsi_enabled else [])
     +
-    ([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100}] if matrix_jitsi_enabled else [])
+    ([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if matrix_jitsi_enabled else [])
     +
-    ([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100}] if matrix_jitsi_enabled else [])
+    ([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if matrix_jitsi_enabled else [])
     +
-    ([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000}] if matrix_ldap_registration_proxy_enabled else [])
+    ([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
     +
-    ([{'name': 'matrix-ma1sd.service', 'priority': 2000}] if matrix_ma1sd_enabled else [])
+    ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
     +
-    ([{'name': 'matrix-mailer.service', 'priority': 2000}] if matrix_mailer_enabled else [])
+    ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else [])
     +
-    ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000}] if matrix_nginx_proxy_enabled else [])
+    ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
     +
     (matrix_ssl_renewal_systemd_units_list | selectattr('applicable'))
     +
-    ([{'name': 'matrix-ntfy.service', 'priority': 800}] if matrix_ntfy_enabled else [])
+    ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
     +
-    ([{'name': 'matrix-postgres.service', 'priority': 500}] if matrix_postgres_enabled else [])
+    ([{'name': 'matrix-postgres.service', 'priority': 500, 'groups': ['matrix', 'postgres']}] if matrix_postgres_enabled else [])
     +
-    ([{'name': 'matrix-postgres-backup.service', 'priority': 3000}] if matrix_postgres_backup_enabled else [])
+    ([{'name': 'matrix-postgres-backup.service', 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if matrix_postgres_backup_enabled else [])
     +
-    ([{'name': 'matrix-prometheus.service', 'priority': 4000}] if matrix_prometheus_enabled else [])
+    ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else [])
     +
-    ([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900}] if matrix_prometheus_node_exporter_enabled else [])
+    ([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_node_exporter_enabled else [])
     +
-    ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900}] if matrix_prometheus_postgres_exporter_enabled else [])
+    ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
     +
-    ([{'name': 'matrix-redis', 'priority': 750}] if matrix_redis_enabled else [])
+    ([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else [])
     +
-    ([{'name': 'matrix-registration.service', 'priority': 4000}] if matrix_registration_enabled else [])
+    ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else [])
     +
-    ([{'name': 'matrix-sygnal.service', 'priority': 800}] if matrix_sygnal_enabled else [])
+    ([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
     +
-    ([{'name': 'matrix-goofys.service', 'priority': 800}] if matrix_s3_media_store_enabled else [])
+    ([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
     +
-    ([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+    ([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
     +
-    ([{'name': 'matrix-synapse-admin.service', 'priority': 4000}] if matrix_synapse_admin_enabled else [])
+    ([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
     +
-    ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500}] if matrix_synapse_reverse_proxy_companion_enabled else [])
+    ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
   }}
 
 ########################################################################
diff --git a/requirements.yml b/requirements.yml
index e8b411a8..6c4415f2 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
-  version: 8b6a14d649f8b0e868c7073b34f5d2fda6bde9e0
+  version: 96c31c43b6937428e3f5d12520f8a41a1b5465d7
 
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
   version: f1c78d4e85e875129790c58335d0e44385683f6b
diff --git a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
index f5a6e185..87420bc4 100644
--- a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
+++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
@@ -1,5 +1,5 @@
 ---
 
 - ansible.builtin.set_fact:
-    devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000}] }}"
+    devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] }}"
   when: matrix_jitsi_enabled | bool
diff --git a/roles/custom/matrix-nginx-proxy/vars/main.yml b/roles/custom/matrix-nginx-proxy/vars/main.yml
index 06f86649..34abf190 100644
--- a/roles/custom/matrix-nginx-proxy/vars/main.yml
+++ b/roles/custom/matrix-nginx-proxy/vars/main.yml
@@ -8,15 +8,19 @@ matrix_ssl_renewal_systemd_units_list:
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
     enableable: false
     priority: 5000
+    groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies']
   - name: matrix-ssl-lets-encrypt-certificates-renew.timer
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
     enableable: true
     priority: 5000
+    groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies']
   - name: matrix-ssl-nginx-proxy-reload.service
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
     enableable: false
     priority: 5000
+    groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies']
   - name: matrix-ssl-nginx-proxy-reload.timer
     applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
     enableable: true
     priority: 5000
+    groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies']
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
index 27f499d6..9765be6f 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml
@@ -53,7 +53,7 @@
       when: "'replication_port' not in matrix_synapse_worker_details"
 
 - ansible.builtin.set_fact:
-    devture_systemd_service_manager_services_list_auto: "{{ devture_systemd_service_manager_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100}] }}"
+    devture_systemd_service_manager_services_list_auto: "{{ devture_systemd_service_manager_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100, 'groups': ['matrix', 'homeservers', 'synapse']}] }}"
 
 - ansible.builtin.set_fact:
     matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"

From f696928b7d0d2f514bbbf5230120f959ac25e4f8 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 12:18:35 +0200
Subject: [PATCH 051/198] Fix variable typos

---
 group_vars/matrix_servers | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index f15096cf..6849680a 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -31,7 +31,7 @@ matrix_playbook_docker_installation_enabled: true
 #                                                                      #
 ########################################################################
 
-matrix_homeserver_app_service_config_files_auto: |
+matrix_homeserver_container_extra_arguments_auto: |
   {{
     (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
     +
@@ -86,7 +86,7 @@ matrix_homeserver_app_service_config_files_auto: |
     (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
   }}
 
-matrix_homeserver_additional_config_files_auto: |
+matrix_homeserver_app_service_config_files_auto: |
   {{
     (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
     +

From 1bd3a27acd73b13298fc90a3a424e3ff96c5e94b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 13:00:15 +0200
Subject: [PATCH 052/198] Do not try to enable non-enableable
 matrix_ssl_renewal_systemd_units_list

---
 group_vars/matrix_servers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 6849680a..c2ed002c 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -283,7 +283,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
     +
-    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable'))
+    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable'))
     +
     ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
     +

From 54cacc927e0cb1205d00bfe0bc9b6d69ceb865bc Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 14:33:07 +0200
Subject: [PATCH 053/198] Upgrade
 com.devture.ansible.role.docker_sdk_for_python

---
 requirements.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.yml b/requirements.yml
index 6c4415f2..71b596cb 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,7 +4,7 @@
   version: 6.0.3
 
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
-  version: 7047b40314c1020e97ed3f15b44876fa88faf874
+  version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5
 
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f

From d82988464299ab6afd9ffb96e89c3ea10585e4d7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 14:59:05 +0200
Subject: [PATCH 054/198] Remove some old checks

---
 roles/custom/matrix-base/tasks/main.yml       |  4 ----
 .../custom/matrix-base/tasks/system_check.yml | 23 -------------------
 2 files changed, 27 deletions(-)
 delete mode 100644 roles/custom/matrix-base/tasks/system_check.yml

diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 4a8ec7fb..67a3208e 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/system_check.yml"
-  tags:
-    - always
-
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
   tags:
     - setup-all
diff --git a/roles/custom/matrix-base/tasks/system_check.yml b/roles/custom/matrix-base/tasks/system_check.yml
deleted file mode 100644
index 909bdb12..00000000
--- a/roles/custom/matrix-base/tasks/system_check.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-# We generally support Ansible 2.7.1 and above.
-- name: Fail if running on Ansible < 2.7.1
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
-
-# Though we do not support Ansible 2.9.6 which is buggy
-- name: Fail if running on Ansible 2.9.6 on Ubuntu
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - ansible_distribution == 'Ubuntu'
-    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
-
-- name: Fail if using python2 on Archlinux
-  ansible.builtin.fail:
-    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
-  when:
-    - ansible_distribution == 'Archlinux'
-    - ansible_python.version.major != 3

From 735bacca89e6525e4218bb7e1a6ad93dd4f899f7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 15:52:58 +0200
Subject: [PATCH 055/198] Do not run matrix-nginx-proxy config injection tasks
 unless necessary

These `init.yml` (now `inject_into_nginx_proxy.yml`) tasks do not need
to `always` run. They only need to run for `setup-all` and
`setup-nginx-proxy`. Unless we're dealing with these 2 tags, we can
spare ourselves a lot of work.

This patch also moves the `when` statement from `init.yml` into
`main.yml` in an effort to further optimize things by potentially
avoiding the extra file include.
---
 docs/configuring-playbook-bridge-hookshot.md  |   2 +-
 .../{init.yml => inject_into_nginx_proxy.yml} |   0
 roles/custom/matrix-bot-maubot/tasks/main.yml |   6 +-
 .../tasks/init.yml                            |  48 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  50 --------
 .../tasks/inject_into_nginx_proxy.yml         |  46 +++++++
 .../tasks/main.yml                            |   6 +-
 .../matrix-bridge-hookshot/tasks/init.yml     | 113 ------------------
 .../tasks/inject_into_nginx_proxy.yml         | 111 +++++++++++++++++
 .../matrix-bridge-hookshot/tasks/main.yml     |   6 +-
 .../tasks/init.yml                            |  48 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  47 --------
 .../tasks/inject_into_nginx_proxy.yml         |  43 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  47 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  47 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   7 +-
 .../tasks/init.yml                            |  48 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  48 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../{init.yml => inject_into_nginx_proxy.yml} |   5 +-
 .../matrix-cactus-comments/tasks/main.yml     |   6 +-
 roles/custom/matrix-etherpad/tasks/init.yml   |  50 --------
 .../tasks/inject_into_nginx_proxy.yml         |  46 +++++++
 roles/custom/matrix-etherpad/tasks/main.yml   |   6 +-
 .../tasks/init.yml                            |  47 --------
 .../tasks/inject_into_nginx_proxy.yml         |  44 +++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  37 ------
 .../tasks/inject_into_nginx_proxy.yml         |  35 ++++++
 .../tasks/main.yml                            |   6 +-
 .../tasks/init.yml                            |  37 ------
 .../tasks/inject_into_nginx_proxy.yml         |  35 ++++++
 .../tasks/main.yml                            |   6 +-
 .../custom/matrix-registration/tasks/init.yml |  59 ---------
 .../tasks/inject_into_nginx_proxy.yml         |  55 +++++++++
 .../custom/matrix-registration/tasks/main.yml |   6 +-
 .../matrix-synapse-admin/tasks/init.yml       |  50 --------
 .../tasks/inject_into_nginx_proxy.yml         |  46 +++++++
 .../matrix-synapse-admin/tasks/main.yml       |   6 +-
 .../{init.yml => inject_into_nginx_proxy.yml} |   8 +-
 roles/custom/matrix-synapse/tasks/main.yml    |  15 ++-
 .../{init.yml => inject_into_nginx_proxy.yml} |   0
 53 files changed, 813 insertions(+), 821 deletions(-)
 rename roles/custom/matrix-bot-maubot/tasks/{init.yml => inject_into_nginx_proxy.yml} (100%)
 delete mode 100644 roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-hookshot/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
 create mode 100644 roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml
 rename roles/custom/matrix-cactus-comments/tasks/{init.yml => inject_into_nginx_proxy.yml} (93%)
 delete mode 100644 roles/custom/matrix-etherpad/tasks/init.yml
 create mode 100644 roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
 create mode 100644 roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
 create mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
 create mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-registration/tasks/init.yml
 create mode 100644 roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml
 delete mode 100644 roles/custom/matrix-synapse-admin/tasks/init.yml
 create mode 100644 roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
 rename roles/custom/matrix-synapse/tasks/{init.yml => inject_into_nginx_proxy.yml} (92%)
 rename roles/custom/matrix-synapse/tasks/synapse/workers/{init.yml => inject_into_nginx_proxy.yml} (100%)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 5cd4dd4c..89ab0768 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
 | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
 
-See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).
+See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml).
 
 The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
 
diff --git a/roles/custom/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
similarity index 100%
rename from roles/custom/matrix-bot-maubot/tasks/init.yml
rename to roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml
index 773f4b9f..5e48eed9 100644
--- a/roles/custom/matrix-bot-maubot/tasks/main.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_bot_maubot_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
deleted file mode 100644
index e07f1afc..00000000
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-
-- when: matrix_appservice_slack_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_appservice_slack_matrix_nginx_proxy_configuration: |
-          location {{ matrix_appservice_slack_public_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
-              proxy_pass $backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
-          {% endif %}
-          }
-
-    - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_appservice_slack_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
-      URL endpoint to the matrix-appservice-slack container.
-      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
-  when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..4ddcb954
--- /dev/null
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_appservice_slack_matrix_nginx_proxy_configuration: |
+      location {{ matrix_appservice_slack_public_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
+          proxy_pass $backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
+      {% endif %}
+      }
+
+- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_appservice_slack_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
+      URL endpoint to the matrix-appservice-slack container.
+      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
+  when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
index cd83f61f..608b0219 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_appservice_slack_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
deleted file mode 100644
index 47a29875..00000000
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-
-- when: matrix_appservice_webhooks_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
-            resolver 127.0.0.11 valid=5s;
-            set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
-            proxy_pass http://$backend/$1;
-          }
-          {% else %}
-          {# Generic configuration for use outside of our container setup #}
-          location {{ matrix_appservice_webhooks_public_endpoint }}/ {
-            proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
-          }
-          {% endif %}
-
-    - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
-      URL endpoint to the matrix-appservice-webhooks container.
-      You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
-  when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..2e4ad18e
--- /dev/null
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+      {# Use the embedded DNS resolver in Docker containers to discover the service #}
+      location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
+        resolver 127.0.0.11 valid=5s;
+        set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
+        proxy_pass http://$backend/$1;
+      }
+      {% else %}
+      {# Generic configuration for use outside of our container setup #}
+      location {{ matrix_appservice_webhooks_public_endpoint }}/ {
+        proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
+      }
+      {% endif %}
+
+- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
+      URL endpoint to the matrix-appservice-webhooks container.
+      You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
+  when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
index 30f05469..24908e83 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_appservice_webhooks_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml
deleted file mode 100644
index 625e3023..00000000
--- a/roles/custom/matrix-bridge-hookshot/tasks/init.yml
+++ /dev/null
@@ -1,113 +0,0 @@
----
-
-- when: matrix_hookshot_enabled | bool
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_hookshot_matrix_nginx_proxy_configuration: |
-          location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
-              proxy_pass http://$backend/$1;
-            {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
-            {% endif %}
-            proxy_set_header Host $host;
-          }
-          {% if matrix_hookshot_provisioning_enabled %}
-          location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
-              proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
-            {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
-            {% endif %}
-            proxy_set_header Host $host;
-          }
-          {% endif %}
-          {% if matrix_hookshot_widgets_enabled %}
-          location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
-              proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
-            {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
-            {% endif %}
-            proxy_set_header Host $host;
-          }
-          {% endif %}
-          location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
-              proxy_pass http://$backend/$1$is_args$args;
-            {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
-            {% endif %}
-            proxy_set_header Host $host;
-          }
-
-    - name: Register hookshot proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_hookshot_matrix_nginx_proxy_configuration]
-          }}
-
-    - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
-      ansible.builtin.set_fact:
-        matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
-          location /metrics/hookshot {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
-              proxy_pass http://$backend/metrics;
-            {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
-            {% endif %}
-          }
-      when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
-
-    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-            +
-            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
-          }}
-      when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
-      URL endpoint to the matrix-hookshot container.
-      You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
-  when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..5712489c
--- /dev/null
+++ b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,111 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_hookshot_matrix_nginx_proxy_configuration: |
+      location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
+          proxy_pass http://$backend/$1;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
+        {% endif %}
+        proxy_set_header Host $host;
+      }
+      {% if matrix_hookshot_provisioning_enabled %}
+      location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
+          proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
+        {% endif %}
+        proxy_set_header Host $host;
+      }
+      {% endif %}
+      {% if matrix_hookshot_widgets_enabled %}
+      location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
+          proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
+        {% endif %}
+        proxy_set_header Host $host;
+      }
+      {% endif %}
+      location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
+          proxy_pass http://$backend/$1$is_args$args;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
+        {% endif %}
+        proxy_set_header Host $host;
+      }
+
+- name: Register hookshot proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_hookshot_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
+  ansible.builtin.set_fact:
+    matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
+      location /metrics/hookshot {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
+          proxy_pass http://$backend/metrics;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
+        {% endif %}
+      }
+  when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
+
+- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+        +
+        [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
+      }}
+  when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
+      URL endpoint to the matrix-hookshot container.
+      You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
index 99febe11..5d93af3a 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_hookshot_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_hookshot_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
deleted file mode 100644
index 8a4229af..00000000
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-
-- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mautrix_facebook_public_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-mautrix-facebook:29319";
-              proxy_pass http://$backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:9008;
-          {% endif %}
-          }
-
-    - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
-          }}
-
-    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
-      ansible.builtin.debug:
-        msg: >-
-          NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
-          reverse proxy.
-          Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
-          URL endpoint to the matrix-mautrix-facebook container.
-          You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
-      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..b9f95cb7
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mautrix_facebook_public_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-mautrix-facebook:29319";
+          proxy_pass http://$backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:9008;
+      {% endif %}
+      }
+
+- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
+      URL endpoint to the matrix-mautrix-facebook container.
+      You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
index 3ef2cb23..f166cc5e 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
deleted file mode 100644
index 17e6094d..00000000
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-- when: matrix_mautrix_googlechat_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mautrix_googlechat_public_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-mautrix-googlechat:8080";
-              proxy_pass http://$backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:9007;
-          {% endif %}
-          }
-    - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
-      URL endpoint to the matrix-mautrix-googlechat container.
-      You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
-  when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..6a417b61
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,43 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mautrix_googlechat_public_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-mautrix-googlechat:8080";
+          proxy_pass http://$backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:9007;
+      {% endif %}
+      }
+- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
+      URL endpoint to the matrix-mautrix-googlechat container.
+      You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
+  when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
index 070abfcd..e20422a7 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_mautrix_googlechat_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
deleted file mode 100644
index 8850f1cf..00000000
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-- when: matrix_mautrix_hangouts_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mautrix_hangouts_public_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-mautrix-hangouts:8080";
-              proxy_pass http://$backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:9007;
-          {% endif %}
-          }
-    - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
-      URL endpoint to the matrix-mautrix-hangouts container.
-      You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
-  when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..b5696c84
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mautrix_hangouts_public_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-mautrix-hangouts:8080";
+          proxy_pass http://$backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:9007;
+      {% endif %}
+      }
+
+- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
+      URL endpoint to the matrix-mautrix-hangouts container.
+      You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
+  when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
index d6913689..a1b7115b 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_mautrix_hangouts_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
deleted file mode 100644
index d292edc0..00000000
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mautrix_telegram_public_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-mautrix-telegram:8080";
-              proxy_pass http://$backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:9006;
-          {% endif %}
-          }
-
-    - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
-          }}
-    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
-      ansible.builtin.debug:
-        msg: >-
-          NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
-          reverse proxy.
-          Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
-          URL endpoint to the matrix-mautrix-telegram container.
-          You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
-      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..7bbd1551
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mautrix_telegram_public_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-mautrix-telegram:8080";
+          proxy_pass http://$backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:9006;
+      {% endif %}
+      }
+
+- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
+      URL endpoint to the matrix-mautrix-telegram container.
+      You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
index 471f0cf1..d4a5f805 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
@@ -1,7 +1,10 @@
 ---
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+
+- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
deleted file mode 100644
index 217c733d..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-
-- when: matrix_mx_puppet_slack_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mx_puppet_slack_redirect_path }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
-              proxy_pass $backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
-          {% endif %}
-          }
-
-    - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
-      URL endpoint to the matrix-mx-puppet-slack container.
-      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
-  when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..c4e82a5b
--- /dev/null
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mx_puppet_slack_redirect_path }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
+          proxy_pass $backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
+      {% endif %}
+      }
+
+- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
+      URL endpoint to the matrix-mx-puppet-slack container.
+      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
index 869afc49..8850e6bc 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_mx_puppet_slack_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
deleted file mode 100644
index 4a0ea673..00000000
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-
-- when: matrix_mx_puppet_twitter_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
-          location {{ matrix_mx_puppet_twitter_webhook_path }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
-              proxy_pass $backend;
-          {% else %}
-              {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
-          {% endif %}
-          }
-
-    - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
-      URL endpoint to the matrix-mx-puppet-twitter container.
-      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
-  when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..df2b76fe
--- /dev/null
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
+      location {{ matrix_mx_puppet_twitter_webhook_path }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
+          proxy_pass $backend;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
+      {% endif %}
+      }
+
+- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
+      URL endpoint to the matrix-mx-puppet-twitter container.
+      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
index 20e4f686..87f94709 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_mx_puppet_twitter_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool"
diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
similarity index 93%
rename from roles/custom/matrix-cactus-comments/tasks/init.yml
rename to roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
index 5e094107..a1da604c 100644
--- a/roles/custom/matrix-cactus-comments/tasks/init.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
@@ -1,9 +1,6 @@
 ---
 
-- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
-  tags:
-    - always
-  block:
+- block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml
index 857e2db1..4bef5153 100644
--- a/roles/custom/matrix-cactus-comments/tasks/main.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_cactus_comments_enabled | bool"
diff --git a/roles/custom/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml
deleted file mode 100644
index 159dbe87..00000000
--- a/roles/custom/matrix-etherpad/tasks/init.yml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-
-- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Etherpad proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_etherpad_matrix_nginx_proxy_configuration: |
-          rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
-
-          location {{ matrix_etherpad_public_endpoint }}/ {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-            {# Use the embedded DNS resolver in Docker containers to discover the service #}
-            resolver 127.0.0.11 valid=5s;
-            proxy_pass http://matrix-etherpad:9001/;
-            {# These are proxy directives needed specifically by Etherpad #}
-            proxy_buffering off;
-            proxy_http_version 1.1;  # recommended with keepalive connections
-            proxy_pass_header Server;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
-            # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-          {% else %}
-            {# Generic configuration for use outside of our container setup #}
-            # A good guide for setting up your Etherpad behind nginx:
-            # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
-            proxy_pass http://127.0.0.1:9001/;
-          {% endif %}
-          }
-
-    - name: Register Etherpad proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
-            +
-            [matrix_etherpad_matrix_nginx_proxy_configuration]
-          }}
diff --git a/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..e32cdf96
--- /dev/null
+++ b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_etherpad_matrix_nginx_proxy_configuration: |
+      rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
+
+      location {{ matrix_etherpad_public_endpoint }}/ {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+        {# Use the embedded DNS resolver in Docker containers to discover the service #}
+        resolver 127.0.0.11 valid=5s;
+        proxy_pass http://matrix-etherpad:9001/;
+        {# These are proxy directives needed specifically by Etherpad #}
+        proxy_buffering off;
+        proxy_http_version 1.1;  # recommended with keepalive connections
+        proxy_pass_header Server;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
+        # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+      {% else %}
+        {# Generic configuration for use outside of our container setup #}
+        # A good guide for setting up your Etherpad behind nginx:
+        # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
+        proxy_pass http://127.0.0.1:9001/;
+      {% endif %}
+      }
+
+- name: Register Etherpad proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
+        +
+        [matrix_etherpad_matrix_nginx_proxy_configuration]
+      }}
diff --git a/roles/custom/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml
index caf0dda5..a2c9e077 100644
--- a/roles/custom/matrix-etherpad/tasks/main.yml
+++ b/roles/custom/matrix-etherpad/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool and matrix_etherpad_enabled | bool
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
deleted file mode 100644
index f035e657..00000000
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-- when: matrix_ldap_registration_proxy_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
-          location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-             {# Use the embedded DNS resolver in Docker containers to discover the service #}
-             resolver 127.0.0.11 valid=5s;
-             set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
-             proxy_pass http://$backend/register;
-          {% else %}
-             {# Generic configuration for use outside of our container setup #}
-             proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
-          {% endif %}
-          }
-
-    - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
-          }}
-    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
-      ansible.builtin.debug:
-        msg: >-
-          NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
-          reverse proxy.
-          Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
-          URL endpoint to the matrix-ldap-proxy container.
-          You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
-      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..472503c9
--- /dev/null
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
+      location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
+          proxy_pass http://$backend/register;
+      {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
+      {% endif %}
+      }
+
+- name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
+      URL endpoint to the matrix-ldap-proxy container.
+      You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
index 5815774e..1bba9ad1 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_ldap_registration_proxy_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool"
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
deleted file mode 100644
index eda1b755..00000000
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-
-- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
-      ansible.builtin.set_fact:
-        matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
-          location /metrics/node-exporter {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-prometheus-node-exporter:9100";
-              proxy_pass http://$backend/metrics;
-            {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
-              proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
-            {% else %}
-              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-            {% endif %}
-          }
-
-    - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-            +
-            [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
-          }}
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..24e05ed8
--- /dev/null
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,35 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
+  ansible.builtin.set_fact:
+    matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
+      location /metrics/node-exporter {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-prometheus-node-exporter:9100";
+          proxy_pass http://$backend/metrics;
+        {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
+          proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
+        {% else %}
+          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+        {% endif %}
+      }
+
+- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+        +
+        [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
+      }}
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
index 81b0c702..145adfdd 100644
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
   tags:
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
deleted file mode 100644
index d409e2dd..00000000
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-
-- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
-      ansible.builtin.set_fact:
-        matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
-          location /metrics/postgres-exporter {
-            {% if matrix_nginx_proxy_enabled | default(False) %}
-              {# Use the embedded DNS resolver in Docker containers to discover the service #}
-              resolver 127.0.0.11 valid=5s;
-              set $backend "matrix-prometheus-postgres-exporter:9187";
-              proxy_pass http://$backend/metrics;
-            {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
-              proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
-            {% else %}
-              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-            {% endif %}
-          }
-
-    - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-            +
-            [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
-          }}
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..121efc17
--- /dev/null
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,35 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
+  ansible.builtin.set_fact:
+    matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
+      location /metrics/postgres-exporter {
+        {% if matrix_nginx_proxy_enabled | default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-prometheus-postgres-exporter:9187";
+          proxy_pass http://$backend/metrics;
+        {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
+          proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
+        {% else %}
+          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+        {% endif %}
+      }
+
+- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+        +
+        [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
+      }}
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
index 43473587..59911efb 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
   tags:
diff --git a/roles/custom/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml
deleted file mode 100644
index a295cdfb..00000000
--- a/roles/custom/matrix-registration/tasks/init.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-
-- when: matrix_registration_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-registration role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_registration_matrix_nginx_proxy_configuration: |
-          rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
-          rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
-
-          location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-            {# Use the embedded DNS resolver in Docker containers to discover the service #}
-            resolver 127.0.0.11 valid=5s;
-            set $backend "matrix-registration:5000";
-            proxy_pass http://$backend/$1;
-          {% else %}
-            {# Generic configuration for use outside of our container setup #}
-            proxy_pass http://127.0.0.1:8767/$1;
-          {% endif %}
-
-            {#
-              Workaround matrix-registration serving the background image at /static
-              (see https://github.com/ZerataX/matrix-registration/issues/47)
-            #}
-            sub_filter_once off;
-            sub_filter_types text/css;
-            sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
-          }
-
-    - name: Register matrix-registration proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_registration_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
-      URL endpoint to the matrix-registration container.
-      You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
-  when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..ac8f4c96
--- /dev/null
+++ b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,55 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-registration role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_registration_matrix_nginx_proxy_configuration: |
+      rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
+      rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
+
+      location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+        {# Use the embedded DNS resolver in Docker containers to discover the service #}
+        resolver 127.0.0.11 valid=5s;
+        set $backend "matrix-registration:5000";
+        proxy_pass http://$backend/$1;
+      {% else %}
+        {# Generic configuration for use outside of our container setup #}
+        proxy_pass http://127.0.0.1:8767/$1;
+      {% endif %}
+
+        {#
+          Workaround matrix-registration serving the background image at /static
+          (see https://github.com/ZerataX/matrix-registration/issues/47)
+        #}
+        sub_filter_once off;
+        sub_filter_types text/css;
+        sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
+      }
+
+- name: Register matrix-registration proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_registration_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
+      URL endpoint to the matrix-registration container.
+      You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml
index 99b89e3d..1b129b2c 100644
--- a/roles/custom/matrix-registration/tasks/main.yml
+++ b/roles/custom/matrix-registration/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_registration_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: "run_setup | bool and matrix_registration_enabled | bool"
diff --git a/roles/custom/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml
deleted file mode 100644
index 78ebbdec..00000000
--- a/roles/custom/matrix-synapse-admin/tasks/init.yml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-
-- when: matrix_synapse_admin_enabled | bool
-  tags:
-    - always
-  block:
-    - name: Fail if matrix-nginx-proxy role already executed
-      ansible.builtin.fail:
-        msg: >-
-          Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
-          but it's pointless since the matrix-nginx-proxy role had already executed.
-          To fix this, please change the order of roles in your playbook,
-          so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
-      when: matrix_nginx_proxy_role_executed | default(False) | bool
-
-    - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_synapse_admin_matrix_nginx_proxy_configuration: |
-          rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
-
-          location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
-          {% if matrix_nginx_proxy_enabled | default(False) %}
-            {# Use the embedded DNS resolver in Docker containers to discover the service #}
-            resolver 127.0.0.11 valid=5s;
-            set $backend "matrix-synapse-admin:80";
-            proxy_pass http://$backend/$1;
-          {% else %}
-            {# Generic configuration for use outside of our container setup #}
-            proxy_pass http://127.0.0.1:8766/$1;
-          {% endif %}
-          }
-
-    - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
-      ansible.builtin.set_fact:
-        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
-          {{
-            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
-            +
-            [matrix_synapse_admin_matrix_nginx_proxy_configuration]
-          }}
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  ansible.builtin.debug:
-    msg: >-
-      NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
-      URL endpoint to the matrix-synapse-admin container.
-      You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
-  when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..6a4af859
--- /dev/null
+++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_synapse_admin_matrix_nginx_proxy_configuration: |
+      rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
+
+      location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
+      {% if matrix_nginx_proxy_enabled | default(False) %}
+        {# Use the embedded DNS resolver in Docker containers to discover the service #}
+        resolver 127.0.0.11 valid=5s;
+        set $backend "matrix-synapse-admin:80";
+        proxy_pass http://$backend/$1;
+      {% else %}
+        {# Generic configuration for use outside of our container setup #}
+        proxy_pass http://127.0.0.1:8766/$1;
+      {% endif %}
+      }
+
+- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+        +
+        [matrix_synapse_admin_matrix_nginx_proxy_configuration]
+      }}
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  ansible.builtin.debug:
+    msg: >-
+      NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
+      URL endpoint to the matrix-synapse-admin container.
+      You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
+  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
diff --git a/roles/custom/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml
index 0c6bd942..fed3dec6 100644
--- a/roles/custom/matrix-synapse-admin/tasks/main.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_synapse_admin_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool
diff --git a/roles/custom/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
similarity index 92%
rename from roles/custom/matrix-synapse/tasks/init.yml
rename to roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
index 635ef8f2..f3ce0bf8 100644
--- a/roles/custom/matrix-synapse/tasks/init.yml
+++ b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
@@ -2,17 +2,17 @@
 
 # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
 # we'll generate it dynamically.
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
-  when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0"
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/inject_into_nginx_proxy.yml"
+  when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0"
 
 - name: Ensure workers are injected into various places
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml"
   with_items: "{{ matrix_synapse_workers_enabled_list }}"
   loop_control:
     loop_var: matrix_synapse_worker_details
-  when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool
+  when: matrix_synapse_workers_enabled | bool
 
-- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
+- when: matrix_synapse_metrics_proxying_enabled | bool
   block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 7068dcef..0cd35eb6 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -1,8 +1,19 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+- when: matrix_synapse_enabled | bool
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
-    - always
+    - setup-all
+    - setup-synapse
+    - start
+    - start-all
+    - start-group
+    - restart
+    - restart-all
+    - restart-group
+    - stop
+    - stop-all
+    - stop-group
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   when: run_setup | bool and matrix_synapse_enabled | bool
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml
similarity index 100%
rename from roles/custom/matrix-synapse/tasks/synapse/workers/init.yml
rename to roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml

From 07c23b7cb0512951a9a5a553a177443819a25109 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 16:13:07 +0200
Subject: [PATCH 056/198] Remove matrix_synapse_role_executed and various tasks
 that check it

This was useful when the order of these roles in relation to Synapse
mattered (when we were injecting stuff into Synapse variables during
runtime). This is no longer the case since 0ea7cb5d1812a88, so all of
this can be removed.
---
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 7 -------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 7 -------
 .../matrix-bridge-mautrix-signal/tasks/setup_install.yml | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 9 ---------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 .../tasks/setup_install.yml                              | 8 --------
 roles/custom/matrix-synapse/tasks/main.yml               | 6 ------
 roles/custom/matrix-synapse/vars/main.yml                | 3 ---
 20 files changed, 152 deletions(-)

diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
index 2f5b6be1..89a0de0b 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure matrix-appservice-kakaotalk image is pulled
   community.docker.docker_image:
     name: "{{ matrix_appservice_kakaotalk_docker_image }}"
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
index 8784b631..1dff0912 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
@@ -1,12 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
 - name: Ensure Beeper LinkedIn paths exists
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
index 68718ccf..de1d0cb5 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_go_skype_bridge_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
index 06bae8dd..3864c3b5 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_discord_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
index 50a02427..4e3f16e6 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_facebook_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
index daadcba2..095d6ccc 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_googlechat_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
index a846a7b0..e4a43c0b 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_hangouts_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
index 19a2ff9a..878bdceb 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
@@ -1,11 +1,4 @@
 ---
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
 
 - name: Ensure Mautrix instagram image is pulled
   community.docker.docker_image:
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
index f5a162a3..c2f518f3 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure Mautrix Signal image is pulled
   community.docker.docker_image:
     name: "{{ matrix_mautrix_signal_docker_image }}"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
index ba9c450f..c4c48581 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_telegram_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
index c3ab2d4e..f68360be 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_twitter_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
index 6b376946..4338a691 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - ansible.builtin.set_fact:
     matrix_mautrix_whatsapp_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
index 3b119745..097e0b69 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure MX Puppet Discord paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
index 400de9c5..9022492f 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure MX Puppet Groupme paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
index c98535e3..640fd6e3 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -1,14 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
-
 - ansible.builtin.set_fact:
     matrix_mx_puppet_instagram_requires_restart: false
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
index e5d83763..4f8da659 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure MX Puppet Slack paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
index 98854469..14258f2e 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure MX Puppet Steam paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
index d5ebec74..2ae45d26 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  ansible.builtin.fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed | default(False)"
-
 - name: Ensure MX Puppet Twitter paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 0cd35eb6..87c76ab7 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -60,9 +60,3 @@
   when: run_synapse_rust_synapse_compress_state | bool
   tags:
     - rust-synapse-compress-state
-
-- name: Mark matrix-synapse role as executed
-  ansible.builtin.set_fact:
-    matrix_synapse_role_executed: true
-  tags:
-    - always
diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml
index 4da28410..18bb5e18 100644
--- a/roles/custom/matrix-synapse/vars/main.yml
+++ b/roles/custom/matrix-synapse/vars/main.yml
@@ -3,9 +3,6 @@
 matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
 matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
 
-# Tells whether this role had executed or not. Toggled to `true` during runtime.
-matrix_synapse_role_executed: false
-
 matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}"
 
 # A Synapse generic worker can handle both federation and client-server API endpoints.

From 8c180306ab8b7c813db8d307f1640444ed1b28f3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 16:14:59 +0200
Subject: [PATCH 057/198] Remove unnecessary matrix_conduit_role_executed

---
 roles/custom/matrix-conduit/tasks/main.yml | 6 ------
 roles/custom/matrix-conduit/vars/main.yml  | 3 ---
 2 files changed, 9 deletions(-)

diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml
index 94e50103..85ad539b 100644
--- a/roles/custom/matrix-conduit/tasks/main.yml
+++ b/roles/custom/matrix-conduit/tasks/main.yml
@@ -5,9 +5,3 @@
   tags:
     - setup-all
     - setup-conduit
-
-- name: Mark matrix-conduit role as executed
-  ansible.builtin.set_fact:
-    matrix_conduit_role_executed: true
-  tags:
-    - always
diff --git a/roles/custom/matrix-conduit/vars/main.yml b/roles/custom/matrix-conduit/vars/main.yml
index f6cc471b..ad60e1c3 100644
--- a/roles/custom/matrix-conduit/vars/main.yml
+++ b/roles/custom/matrix-conduit/vars/main.yml
@@ -1,6 +1,3 @@
 ---
 matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
 matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
-
-# Tells whether this role had executed or not. Toggled to `true` during runtime.
-matrix_conduit_role_executed: false

From dd4f8df9056bcb7a5b23f8ef68f8ee50f956bc67 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 16:15:33 +0200
Subject: [PATCH 058/198] Remove unnecessary matrix_dendrite_role_executed

---
 roles/custom/matrix-dendrite/tasks/main.yml | 6 ------
 roles/custom/matrix-dendrite/vars/main.yml  | 3 ---
 2 files changed, 9 deletions(-)

diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml
index 639ad6e2..5a5b04de 100644
--- a/roles/custom/matrix-dendrite/tasks/main.yml
+++ b/roles/custom/matrix-dendrite/tasks/main.yml
@@ -30,9 +30,3 @@
   when: run_self_check | bool and matrix_dendrite_enabled | bool
   tags:
     - self-check
-
-- name: Mark matrix-dendrite role as executed
-  ansible.builtin.set_fact:
-    matrix_dendrite_role_executed: true
-  tags:
-    - always
diff --git a/roles/custom/matrix-dendrite/vars/main.yml b/roles/custom/matrix-dendrite/vars/main.yml
index fcf020c2..1e7aa378 100644
--- a/roles/custom/matrix-dendrite/vars/main.yml
+++ b/roles/custom/matrix-dendrite/vars/main.yml
@@ -2,9 +2,6 @@
 matrix_dendrite_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
 matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
 
-# Tells whether this role had executed or not. Toggled to `true` during runtime.
-matrix_dendrite_role_executed: false
-
 matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path | dirname }}"
 matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}"
 

From 4d881477a34a144a8d31d6c47825a752376019d1 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 16:56:39 +0200
Subject: [PATCH 059/198] Add matrix_homeserver_enabled variable

We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
---
 group_vars/matrix_servers                              |  2 +-
 roles/custom/matrix-base/defaults/main.yml             | 10 ++++++++++
 roles/custom/matrix-base/tasks/main.yml                |  2 +-
 .../tasks/{sanity_check.yml => validate_config.yml}    |  0
 4 files changed, 12 insertions(+), 2 deletions(-)
 rename roles/custom/matrix-base/tasks/{sanity_check.yml => validate_config.yml} (100%)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index c2ed002c..b53ad0e8 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -249,7 +249,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen']}] if matrix_client_hydrogen_enabled else [])
     +
-    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}])
+    ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
     +
     ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
     +
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 768bc6ec..34d8c65b 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+
 # The bare domain name which represents your Matrix identity.
 # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
 #
@@ -12,6 +13,15 @@ matrix_domain: ~
 # Example value: "@someone:{{ matrix_domain }}"
 matrix_admin: ''
 
+# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
+#
+# Unless you're wrapping this playbook in another one
+# where you optionally wish to disable homeserver integration, you don't need to use this.
+#
+# Note: disabling this does not mean that a homeserver won't get installed.
+# Whether homeserver software is installed depends on other (`matrix_HOMESERVER_enabled`) variables - see `group_vars/matrix_servers`.
+matrix_homeserver_enabled: true
+
 # Homeserver admin contacts and support page as per MSC 1929
 # See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
 # Users in form:
diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 67a3208e..97f0381d 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
   tags:
     - setup-all
 
diff --git a/roles/custom/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/validate_config.yml
similarity index 100%
rename from roles/custom/matrix-base/tasks/sanity_check.yml
rename to roles/custom/matrix-base/tasks/validate_config.yml

From 787a82d6e81693ad649399c0e44b92fc66adf172 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 23 Nov 2022 17:07:52 +0200
Subject: [PATCH 060/198] Combine matrix user/group set_fact calls into one

---
 roles/custom/matrix-base/tasks/setup_matrix_user.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/roles/custom/matrix-base/tasks/setup_matrix_user.yml b/roles/custom/matrix-base/tasks/setup_matrix_user.yml
index 0435b7a3..0c9086e5 100644
--- a/roles/custom/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_user.yml
@@ -7,10 +7,6 @@
     state: present
   register: matrix_group
 
-- name: Set Matrix Group GID Variable
-  ansible.builtin.set_fact:
-    matrix_user_gid: "{{ matrix_group.gid }}"
-
 - name: Ensure Matrix user is created
   ansible.builtin.user:
     name: "{{ matrix_user_username }}"
@@ -22,6 +18,7 @@
     system: true
   register: matrix_user
 
-- name: Set Matrix Group UID Variable
+- name: Initialize matrix_user_uid and matrix_user_gid
   ansible.builtin.set_fact:
     matrix_user_uid: "{{ matrix_user.uid }}"
+    matrix_user_gid: "{{ matrix_group.gid }}"

From e05b4c78c72eaf46bef1a703995f6aa08ff89bc5 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 23 Nov 2022 16:02:28 +0000
Subject: [PATCH 061/198] Update grafana 9.2.5 -> 9.2.6

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index 7f60a809..fa55c9c2 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.2.5
+matrix_grafana_version: 9.2.6
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From 86f495f461a15cdff3193c71f8a3ce345e5a63cd Mon Sep 17 00:00:00 2001
From: Jaden Down <24631328+jpdown@users.noreply.github.com>
Date: Wed, 23 Nov 2022 19:08:52 -0600
Subject: [PATCH 062/198] Add service declaration to sample traefik config

---
 docs/configuring-playbook-own-webserver.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md
index 83fd4204..76d48587 100644
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -176,6 +176,8 @@ matrix_nginx_proxy_container_extra_arguments:
   - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
   # (The 'default' certificate resolver must be defined in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy.tls.certResolver=default"'
+  # Traefik requires that we declare which service this router is using
+  - '--label "traefik.http.routers.matrix-nginx-proxy.service=matrix-nginx-proxy"'
   # The Nginx proxy container uses port 8080 internally
   - '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"'
 
@@ -185,6 +187,8 @@ matrix_nginx_proxy_container_extra_arguments:
   - '--label "traefik.http.routers.matrix-nginx-proxy-federation.entrypoints=federation"'
   # (The 'default' certificate resolver must be defined in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"'
+  # Traefik requires that we declare which service this router is using
+  - '--label "traefik.http.routers.matrix-nginx-proxy-federation.service=matrix-nginx-proxy-federation"'
   # The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally
   - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"'
   - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ "https" if matrix_nginx_proxy_https_enabled else "http" }}"'

From 7c2a7a8eb621ef24af21d36109bc66a24932ac0d Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 11:33:30 +0200
Subject: [PATCH 063/198] Replace most import_tasks calls with include_tasks
 for improved performance

---
 requirements.yml                              |   6 +-
 roles/custom/matrix-aux/tasks/main.yml        |   4 +-
 .../custom/matrix-backup-borg/tasks/main.yml  |  19 ++-
 .../matrix-bot-buscarron/tasks/main.yml       |  19 ++-
 roles/custom/matrix-bot-go-neb/tasks/main.yml |  22 ++--
 .../custom/matrix-bot-honoroit/tasks/main.yml |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 roles/custom/matrix-bot-maubot/tasks/main.yml |  25 ++--
 .../custom/matrix-bot-mjolnir/tasks/main.yml  |  19 ++-
 .../matrix-bot-postmoogle/tasks/main.yml      |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../matrix-bridge-heisenbridge/tasks/main.yml |  12 +-
 .../matrix-bridge-hookshot/tasks/main.yml     |  24 ++--
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  24 ++--
 .../tasks/main.yml                            |  19 ++-
 .../tasks/main.yml                            |  24 ++--
 roles/custom/matrix-bridge-sms/tasks/main.yml |  19 ++-
 .../matrix-cactus-comments/tasks/main.yml     |  24 ++--
 .../custom/matrix-client-cinny/tasks/main.yml |  28 ++---
 .../matrix-client-cinny/tasks/self_check.yml  |   2 +
 .../matrix-client-element/tasks/main.yml      |  39 ++----
 .../tasks/migrate_riot_web.yml                |  37 ------
 .../tasks/self_check.yml                      |   2 +
 .../matrix-client-hydrogen/tasks/main.yml     |  26 ++--
 .../tasks/self_check.yml                      |   2 +
 .../custom/matrix-common-after/tasks/main.yml |   3 +-
 .../matrix-conduit/tasks/conduit/setup.yml    |   7 --
 roles/custom/matrix-conduit/tasks/main.yml    |   8 +-
 .../tasks/{conduit => }/setup_install.yml     |   0
 .../tasks/{conduit => }/setup_uninstall.yml   |   0
 roles/custom/matrix-corporal/tasks/main.yml   |  22 ++--
 ...self_check_corporal.yml => self_check.yml} |   2 +
 .../{setup_corporal.yml => setup_install.yml} |  64 +---------
 .../matrix-corporal/tasks/setup_uninstall.yml |  38 ++++++
 roles/custom/matrix-coturn/tasks/main.yml     |  19 ++-
 roles/custom/matrix-dendrite/tasks/main.yml   |  34 +++---
 .../matrix-dendrite/tasks/register_user.yml   |   1 +
 .../tasks/self_check_client_api.yml           |   2 +
 .../tasks/self_check_federation_api.yml       |   2 +
 roles/custom/matrix-dimension/tasks/main.yml  |  19 ++-
 .../custom/matrix-dynamic-dns/tasks/main.yml  |  22 ++--
 .../tasks/{install.yml => setup_install.yml}  |   0
 .../{uninstall.yml => setup_uninstall.yml}    |   0
 .../custom/matrix-email2matrix/tasks/main.yml |  19 ++-
 roles/custom/matrix-etherpad/tasks/main.yml   |  24 ++--
 roles/custom/matrix-grafana/tasks/main.yml    |  14 ++-
 .../tasks/{setup.yml => setup_install.yml}    |  45 -------
 .../matrix-grafana/tasks/setup_uninstall.yml  |  21 ++++
 roles/custom/matrix-jitsi/tasks/main.yml      |  53 +++++----
 .../matrix-jitsi/tasks/setup_jitsi_base.yml   |  10 +-
 ...ofo.yml => setup_jitsi_jicofo_install.yml} |  53 +--------
 .../tasks/setup_jitsi_jicofo_uninstall.yml    |  26 ++++
 ...si_jvb.yml => setup_jitsi_jvb_install.yml} |  55 +--------
 .../tasks/setup_jitsi_jvb_uninstall.yml       |  26 ++++
 .../tasks/setup_jitsi_prosody.yml             |  99 ----------------
 .../tasks/setup_jitsi_prosody_install.yml     |  45 +++++++
 .../tasks/setup_jitsi_prosody_uninstall.yml   |  26 ++++
 ...si_web.yml => setup_jitsi_web_install.yml} |  54 +--------
 .../tasks/setup_jitsi_web_uninstall.yml       |  26 ++++
 .../tasks/main.yml                            |  24 ++--
 roles/custom/matrix-ma1sd/tasks/main.yml      |  27 ++---
 .../{self_check_ma1sd.yml => self_check.yml}  |   2 +
 roles/custom/matrix-mailer/tasks/main.yml     |   8 +-
 .../{setup_mailer.yml => setup_install.yml}   |  58 +--------
 .../matrix-mailer/tasks/setup_uninstall.yml   |  35 ++++++
 .../custom/matrix-nginx-proxy/tasks/main.yml  |   6 +-
 roles/custom/matrix-ntfy/tasks/main.yml       |  19 ++-
 roles/custom/matrix-ntfy/tasks/self_check.yml |   2 +
 .../matrix-postgres-backup/tasks/main.yml     |  15 +--
 .../tasks/setup_install.yml                   |  57 +++++++++
 .../tasks/setup_postgres_backup.yml           | 112 ------------------
 .../tasks/setup_uninstall.yml                 |  43 +++++++
 .../tasks/main.yml                            |  12 +-
 .../tasks/setup.yml                           |  59 ---------
 .../tasks/setup_install.yml                   |  19 +++
 .../tasks/setup_uninstall.yml                 |  25 ++++
 .../tasks/main.yml                            |  12 +-
 .../tasks/setup.yml                           |  59 ---------
 .../tasks/setup_install.yml                   |  19 +++
 .../tasks/setup_uninstall.yml                 |  21 ++++
 roles/custom/matrix-prometheus/tasks/main.yml |  19 ++-
 roles/custom/matrix-redis/tasks/main.yml      |   8 +-
 .../matrix-redis/tasks/setup_install.yml      |  49 ++++++++
 .../custom/matrix-redis/tasks/setup_redis.yml | 104 ----------------
 .../matrix-redis/tasks/setup_uninstall.yml    |  31 +++++
 .../custom/matrix-registration/tasks/main.yml |  34 +++---
 roles/custom/matrix-sygnal/tasks/main.yml     |  19 ++-
 .../matrix-synapse-admin/tasks/main.yml       |  19 +--
 .../tasks/{setup.yml => setup_install.yml}    |  51 +-------
 .../tasks/setup_uninstall.yml                 |  27 +++++
 .../tasks/main.yml                            |  13 +-
 roles/custom/matrix-synapse/tasks/main.yml    |  61 +++++-----
 .../tasks/self_check_client_api.yml           |   2 +
 .../tasks/self_check_federation_api.yml       |   2 +
 .../custom/matrix-user-creator/tasks/main.yml |   5 +-
 .../matrix_playbook_migration/tasks/main.yml  |   3 +-
 115 files changed, 1152 insertions(+), 1631 deletions(-)
 delete mode 100644 roles/custom/matrix-client-element/tasks/migrate_riot_web.yml
 delete mode 100644 roles/custom/matrix-conduit/tasks/conduit/setup.yml
 rename roles/custom/matrix-conduit/tasks/{conduit => }/setup_install.yml (100%)
 rename roles/custom/matrix-conduit/tasks/{conduit => }/setup_uninstall.yml (100%)
 rename roles/custom/matrix-corporal/tasks/{self_check_corporal.yml => self_check.yml} (96%)
 rename roles/custom/matrix-corporal/tasks/{setup_corporal.yml => setup_install.yml} (53%)
 create mode 100644 roles/custom/matrix-corporal/tasks/setup_uninstall.yml
 rename roles/custom/matrix-dynamic-dns/tasks/{install.yml => setup_install.yml} (100%)
 rename roles/custom/matrix-dynamic-dns/tasks/{uninstall.yml => setup_uninstall.yml} (100%)
 rename roles/custom/matrix-grafana/tasks/{setup.yml => setup_install.yml} (65%)
 create mode 100644 roles/custom/matrix-grafana/tasks/setup_uninstall.yml
 rename roles/custom/matrix-jitsi/tasks/{setup_jitsi_jicofo.yml => setup_jitsi_jicofo_install.yml} (52%)
 create mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
 rename roles/custom/matrix-jitsi/tasks/{setup_jitsi_jvb.yml => setup_jitsi_jvb_install.yml} (50%)
 create mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
 delete mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml
 create mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml
 create mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
 rename roles/custom/matrix-jitsi/tasks/{setup_jitsi_web.yml => setup_jitsi_web_install.yml} (53%)
 create mode 100644 roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
 rename roles/custom/matrix-ma1sd/tasks/{self_check_ma1sd.yml => self_check.yml} (95%)
 rename roles/custom/matrix-mailer/tasks/{setup_mailer.yml => setup_install.yml} (57%)
 create mode 100644 roles/custom/matrix-mailer/tasks/setup_uninstall.yml
 create mode 100644 roles/custom/matrix-postgres-backup/tasks/setup_install.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml
 create mode 100644 roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml
 create mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml
 create mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml
 create mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml
 create mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
 create mode 100644 roles/custom/matrix-redis/tasks/setup_install.yml
 delete mode 100644 roles/custom/matrix-redis/tasks/setup_redis.yml
 create mode 100644 roles/custom/matrix-redis/tasks/setup_uninstall.yml
 rename roles/custom/matrix-synapse-admin/tasks/{setup.yml => setup_install.yml} (50%)
 create mode 100644 roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml

diff --git a/requirements.yml b/requirements.yml
index 71b596cb..0d77588a 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -13,13 +13,13 @@
   version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
 
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
-  version: 461ace97fcf0e36c76747b36fcad8587d9b072f5
+  version: 660f384f176a9ea3b5cc702bde39e7dc10bf6186
 
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
-  version: 96c31c43b6937428e3f5d12520f8a41a1b5465d7
+  version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
 
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
-  version: f1c78d4e85e875129790c58335d0e44385683f6b
+  version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
diff --git a/roles/custom/matrix-aux/tasks/main.yml b/roles/custom/matrix-aux/tasks/main.yml
index df7c77d0..63ef998a 100644
--- a/roles/custom/matrix-aux/tasks/main.yml
+++ b/roles/custom/matrix-aux/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
-  when: run_stop | bool
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
   tags:
     - setup-all
     - setup-aux-files
diff --git a/roles/custom/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml
index e8c020a4..0c8a9b7e 100644
--- a/roles/custom/matrix-backup-borg/tasks/main.yml
+++ b/roles/custom/matrix-backup-borg/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_backup_borg_enabled | bool"
-  tags:
-    - setup-all
-    - setup-backup-borg
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+      when: "run_setup | bool and matrix_backup_borg_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_backup_borg_enabled | bool"
-  tags:
-    - setup-all
-    - setup-backup-borg
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+      when: "run_setup | bool and matrix_backup_borg_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+      when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
   tags:
     - setup-all
     - setup-backup-borg
diff --git a/roles/custom/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml
index 0d575393..b1257954 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/main.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-buscarron
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+      when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-buscarron
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+      when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+      when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
   tags:
     - setup-all
     - setup-bot-buscarron
diff --git a/roles/custom/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml
index 4fc22e59..1955eee8 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml
@@ -1,19 +1,17 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-go-neb
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+      when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-go-neb
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+      when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+      when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
   tags:
     - setup-all
     - setup-bot-go-neb
+
+
+
diff --git a/roles/custom/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml
index 09fab327..fde2b6e3 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/main.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-honoroit
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+      when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-honoroit
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+      when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+      when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
   tags:
     - setup-all
     - setup-bot-honoroit
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
index 5f44faac..d0c7a157 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-matrix-registration-bot
+- block:
+    - when: matrix_bot_matrix_registration_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-matrix-registration-bot
+    - when: matrix_bot_matrix_registration_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_matrix_registration_bot_enabled | bool"
+    - when: not matrix_bot_matrix_registration_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-bot-matrix-registration-bot
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
index 8340ef67..091b0cc1 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-matrix-reminder-bot
+- block:
+    - when: matrix_bot_matrix_reminder_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-matrix-reminder-bot
+    - when: matrix_bot_matrix_reminder_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_matrix_reminder_bot_enabled | bool"
+    - when: not matrix_bot_matrix_reminder_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-bot-matrix-reminder-bot
diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml
index 5e48eed9..917fea77 100644
--- a/roles/custom/matrix-bot-maubot/tasks/main.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/main.yml
@@ -1,25 +1,22 @@
 ---
 
-- when: matrix_bot_maubot_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_bot_maubot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
-  tags:
-    - setup-all
-    - setup-bot-maubot
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
-  tags:
-    - setup-all
-    - setup-bot-maubot
+- block:
+    - when: matrix_bot_maubot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_bot_maubot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup|bool and not matrix_bot_maubot_enabled|bool"
+    - when: not matrix_bot_maubot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-bot-maubot
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
index 02a22bb1..25e9d74d 100644
--- a/roles/custom/matrix-bot-mjolnir/tasks/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-mjolnir
+- block:
+    - when: matrix_bot_mjolnir_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-mjolnir
+    - when: matrix_bot_mjolnir_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_mjolnir_enabled | bool"
+    - when: not matrix_bot_mjolnir_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-bot-mjolnir
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
index 4e2ab51b..62623c4d 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-postmoogle
+- block:
+    - when: matrix_bot_postmoogle_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
-  tags:
-    - setup-all
-    - setup-bot-postmoogle
+    - when: matrix_bot_postmoogle_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_bot_postmoogle_enabled | bool"
+    - when: not matrix_bot_postmoogle_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-bot-postmoogle
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
index 24966858..6627d610 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_appservice_discord_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-discord
+- block:
+    - when: matrix_appservice_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_appservice_discord_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-discord
+    - when: matrix_appservice_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_appservice_discord_enabled | bool"
+    - when: not matrix_appservice_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-discord
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
index f66b729b..b994ddb0 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_appservice_irc_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-irc
+- block:
+    - when: matrix_appservice_irc_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_appservice_irc_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-irc
+    - when: matrix_appservice_irc_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_appservice_irc_enabled | bool"
+    - when: not matrix_appservice_irc_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-irc
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
index a4dffd76..be24d778 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-kakaotalk
+- block:
+    - when: matrix_appservice_kakaotalk_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-kakaotalk
+    - when: matrix_appservice_kakaotalk_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool"
+    - when: not matrix_appservice_kakaotalk_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-kakaotalk
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
index 608b0219..277e4177 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_appservice_slack_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_appservice_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-slack
+- block:
+    - when: matrix_appservice_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-slack
+    - when: matrix_appservice_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_appservice_slack_enabled | bool"
+    - when: not matrix_appservice_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-slack
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
index 24908e83..97793d88 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_appservice_webhooks_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_appservice_webhooks_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-webhooks
+- block:
+    - when: matrix_appservice_webhooks_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
-  tags:
-    - setup-all
-    - setup-appservice-webhooks
+    - when: matrix_appservice_webhooks_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_appservice_webhooks_enabled | bool"
+    - when: not matrix_appservice_webhooks_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-webhooks
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
index 9ba728f1..57dcc2a3 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_beeper_linkedin_enabled | bool"
-  tags:
-    - setup-all
-    - setup-beeper-linkedin
+- block:
+    - when: matrix_beeper_linkedin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup and matrix_beeper_linkedin_enabled"
-  tags:
-    - setup-all
-    - setup-beeper-linkedin
+    - when: matrix_beeper_linkedin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup and not matrix_beeper_linkedin_enabled"
+    - when: not matrix_beeper_linkedin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-beeper-linkedin
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
index 3b8fdb24..cc41f4bd 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool"
-  tags:
-    - setup-all
-    - setup-go-skype-bridge
+- block:
+    - when: matrix_go_skype_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool"
-  tags:
-    - setup-all
-    - setup-go-skype-bridge
+    - when: matrix_go_skype_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_go_skype_bridge_enabled | bool"
+    - when: not matrix_go_skype_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-go-skype-bridge
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
index 70bc86c3..38b891cf 100644
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
@@ -1,13 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_heisenbridge_enabled | bool"
-  tags:
-    - setup-all
-    - setup-heisenbridge
+- block:
+    - when: matrix_heisenbridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_heisenbridge_enabled | bool"
+    - when: not matrix_heisenbridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-heisenbridge
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
index 5d93af3a..505b86ed 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_hookshot_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_hookshot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_hookshot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-hookshot
+- block:
+    - when: matrix_hookshot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_hookshot_enabled | bool"
-  tags:
-    - setup-all
-    - setup-hookshot
+    - when: matrix_hookshot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_hookshot_enabled | bool"
+    - when: not matrix_hookshot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-hookshot
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
index 2b68f1ed..5c38db0a 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_discord_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-discord
+- block:
+    - when: matrix_mautrix_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup and matrix_mautrix_discord_enabled"
-  tags:
-    - setup-all
-    - setup-mautrix-discord
+    - when: matrix_mautrix_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup and not matrix_mautrix_discord_enabled"
+    - when: not matrix_mautrix_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-discord
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
index f166cc5e..9e17b87b 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-facebook
+- block:
+    - when: matrix_mautrix_facebook_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-facebook
+    - when: matrix_mautrix_facebook_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_facebook_enabled | bool"
+    - when: not matrix_mautrix_facebook_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-facebook
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
index e20422a7..9bdc3061 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mautrix_googlechat_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mautrix_googlechat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-googlechat
+- block:
+    - when: matrix_mautrix_googlechat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-googlechat
+    - when: matrix_mautrix_googlechat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_googlechat_enabled | bool"
+    - when: not matrix_mautrix_googlechat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-googlechat
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
index a1b7115b..cce77221 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mautrix_hangouts_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mautrix_hangouts_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-hangouts
+- block:
+    - when: matrix_mautrix_hangouts_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-hangouts
+    - when: matrix_mautrix_hangouts_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_hangouts_enabled | bool"
+    - when: not matrix_mautrix_hangouts_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-hangouts
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
index 403546ff..f559c69d 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-instagram
+- block:
+    - when: matrix_mautrix_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-instagram
+    - when: matrix_mautrix_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_instagram_enabled | bool"
+    - when: not matrix_mautrix_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-instagram
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
index 6b69be28..a4cd677b 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_signal_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-signal
+- block:
+    - when: matrix_mautrix_signal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_signal_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-signal
+    - when: matrix_mautrix_signal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_signal_enabled | bool"
+    - when: not matrix_mautrix_signal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-signal
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
index d4a5f805..a62efb7a 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-telegram
+- block:
+    - when: matrix_mautrix_telegram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-telegram
+    - when: matrix_mautrix_telegram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_telegram_enabled | bool"
+    - when: not matrix_mautrix_telegram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-telegram
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
index 08e840aa..aee0daf7 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-twitter
+- block:
+    - when: matrix_mautrix_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-twitter
+    - when: matrix_mautrix_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mautrix_twitter_enabled | bool"
+    - when: not matrix_mautrix_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-twitter
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
index c5b3b153..4d234250 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mautrix_whatsapp_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mautrix-whatsapp
+- block:
+    - when: matrix_mautrix_whatsapp_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup and matrix_mautrix_whatsapp_enabled"
-  tags:
-    - setup-all
-    - setup-mautrix-whatsapp
+    - when: matrix_mautrix_whatsapp_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup and not matrix_mautrix_whatsapp_enabled"
+    - when: not matrix_mautrix_whatsapp_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mautrix-whatsapp
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
index c65a04e3..a77f2265 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-discord
+- block:
+    - when: matrix_mx_puppet_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-discord
+    - when: matrix_mx_puppet_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_discord_enabled | bool"
+    - when: not matrix_mx_puppet_discord_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-discord
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
index f6707d4e..6f2a0387 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-groupme
+- block:
+    - when: matrix_mx_puppet_groupme_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-groupme
+    - when: matrix_mx_puppet_groupme_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_groupme_enabled | bool"
+    - when: not matrix_mx_puppet_groupme_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-groupme
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
index 220fb46f..620b0da5 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-instagram
+- block:
+    - when: matrix_mx_puppet_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-instagram
+    - when: matrix_mx_puppet_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_instagram_enabled | bool"
+    - when: not matrix_mx_puppet_instagram_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-instagram
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
index 8850e6bc..2fe8ea42 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mx_puppet_slack_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mx_puppet_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-slack
+- block:
+    - when: matrix_mx_puppet_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-slack
+    - when: matrix_mx_puppet_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_slack_enabled | bool"
+    - when: not matrix_mx_puppet_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-slack
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
index 9feb22fb..a6cab2b0 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-steam
+- block:
+    - when: matrix_mx_puppet_steam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-steam
+    - when: matrix_mx_puppet_steam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_steam_enabled | bool"
+    - when: not matrix_mx_puppet_steam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-steam
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
index 87f94709..3e1fe73c 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_mx_puppet_twitter_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_mx_puppet_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-twitter
+- block:
+    - when: matrix_mx_puppet_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-twitter
+    - when: matrix_mx_puppet_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_mx_puppet_twitter_enabled | bool"
+    - when: not matrix_mx_puppet_twitter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mx-puppet-twitter
diff --git a/roles/custom/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml
index 4d4895c4..a802054c 100644
--- a/roles/custom/matrix-bridge-sms/tasks/main.yml
+++ b/roles/custom/matrix-bridge-sms/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_sms_bridge_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-sms-bridge
+- block:
+    - when: matrix_sms_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_sms_bridge_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-sms-bridge
+    - when: matrix_sms_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_sms_bridge_enabled | bool"
+    - when: not matrix_sms_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-matrix-sms-bridge
diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml
index 4bef5153..dab5a120 100644
--- a/roles/custom/matrix-cactus-comments/tasks/main.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_cactus_comments_enabled | bool"
-  tags:
-    - setup-all
-    - setup-cactus-comments
+- block:
+    - when: matrix_cactus_comments_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_cactus_comments_enabled | bool"
-  tags:
-    - setup-all
-    - setup-cactus-comments
+    - when: matrix_cactus_comments_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_cactus_comments_enabled | bool"
+    - when: not matrix_cactus_comments_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-cactus-comments
diff --git a/roles/custom/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml
index e0f1579c..c67116e6 100644
--- a/roles/custom/matrix-client-cinny/tasks/main.yml
+++ b/roles/custom/matrix-client-cinny/tasks/main.yml
@@ -1,26 +1,20 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_client_cinny_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-cinny
+- block:
+    - when: matrix_client_cinny_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_client_cinny_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_client_cinny_enabled | bool"
+    - when: not matrix_client_cinny_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-client-cinny
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_client_cinny_enabled | bool"
+- block:
+    - when: matrix_client_cinny_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_client_cinny_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-cinny
diff --git a/roles/custom/matrix-client-cinny/tasks/self_check.yml b/roles/custom/matrix-client-cinny/tasks/self_check.yml
index e0f9bfc1..c1c6195e 100644
--- a/roles/custom/matrix-client-cinny/tasks/self_check.yml
+++ b/roles/custom/matrix-client-cinny/tasks/self_check.yml
@@ -11,6 +11,8 @@
   register: matrix_client_cinny_self_check_result
   check_mode: false
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Cinny not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml
index 7dbe9ce8..b75a3d5d 100644
--- a/roles/custom/matrix-client-element/tasks/main.yml
+++ b/roles/custom/matrix-client-element/tasks/main.yml
@@ -1,38 +1,23 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_client_element_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-element
+- block:
+    - when: matrix_client_element_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-client-element
+    - when: matrix_client_element_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-client-element
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_client_element_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-element
+    - when: matrix_client_element_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_client_element_enabled | bool"
+    - when: not matrix_client_element_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-client-element
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_client_element_enabled | bool"
+- block:
+    - when: matrix_client_element_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
diff --git a/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml
deleted file mode 100644
index bb62b7ce..00000000
--- a/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-
-- name: Check existence of matrix-riot-web.service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service"
-  register: matrix_client_riot_web_service_stat
-  when: "matrix_client_element_enabled | bool"
-
-- name: Ensure matrix-riot-web is stopped
-  ansible.builtin.service:
-    name: matrix-riot-web
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
-
-- name: Ensure matrix-riot-web.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service"
-    state: absent
-  when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-riot-web.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
-
-- name: Check existence of /matrix/riot-web
-  ansible.builtin.stat:
-    path: "/matrix/riot-web"
-  register: matrix_client_riot_web_dir_stat
-  when: "matrix_client_element_enabled | bool"
-
-- name: Relocate /matrix/riot-web to /matrix/client-element
-  ansible.builtin.command: "mv /matrix/riot-web /matrix/client-element"
-  when: "matrix_client_element_enabled | bool and matrix_client_riot_web_dir_stat.stat.exists"
diff --git a/roles/custom/matrix-client-element/tasks/self_check.yml b/roles/custom/matrix-client-element/tasks/self_check.yml
index 031bb5f9..c336e4b6 100644
--- a/roles/custom/matrix-client-element/tasks/self_check.yml
+++ b/roles/custom/matrix-client-element/tasks/self_check.yml
@@ -11,6 +11,8 @@
   register: matrix_client_element_self_check_result
   check_mode: false
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Element not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml
index 3f502393..220a4d13 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/main.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/main.yml
@@ -1,26 +1,20 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_client_hydrogen_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-hydrogen
+- block:
+    - when: matrix_client_hydrogen_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_client_hydrogen_enabled | bool"
-  tags:
-    - setup-all
-    - setup-client-hydrogen
+    - when: matrix_client_hydrogen_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_client_hydrogen_enabled | bool"
+    - when: not matrix_client_hydrogen_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-client-hydrogen
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_client_hydrogen_enabled | bool"
+- block:
+    - when: matrix_client_hydrogen_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
diff --git a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml
index 978e531f..478f0dc8 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml
@@ -11,6 +11,8 @@
   register: matrix_client_hydrogen_self_check_result
   check_mode: false
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Hydrogen not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-common-after/tasks/main.yml b/roles/custom/matrix-common-after/tasks/main.yml
index 498c8390..fe23e467 100644
--- a/roles/custom/matrix-common-after/tasks/main.yml
+++ b/roles/custom/matrix-common-after/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
   tags:
     - run-docker-prune
diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup.yml b/roles/custom/matrix-conduit/tasks/conduit/setup.yml
deleted file mode 100644
index 425d0f7e..00000000
--- a/roles/custom/matrix-conduit/tasks/conduit/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml"
-  when: "matrix_conduit_enabled | bool"
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml"
-  when: "not matrix_conduit_enabled | bool"
diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml
index 85ad539b..e731f21a 100644
--- a/roles/custom/matrix-conduit/tasks/main.yml
+++ b/roles/custom/matrix-conduit/tasks/main.yml
@@ -1,7 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup.yml"
-  when: run_setup | bool
+- block:
+    - when: matrix_conduit_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_conduit_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-conduit
diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml b/roles/custom/matrix-conduit/tasks/setup_install.yml
similarity index 100%
rename from roles/custom/matrix-conduit/tasks/conduit/setup_install.yml
rename to roles/custom/matrix-conduit/tasks/setup_install.yml
diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/setup_uninstall.yml
similarity index 100%
rename from roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml
rename to roles/custom/matrix-conduit/tasks/setup_uninstall.yml
diff --git a/roles/custom/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml
index 1021518c..3f18ed0c 100644
--- a/roles/custom/matrix-corporal/tasks/main.yml
+++ b/roles/custom/matrix-corporal/tasks/main.yml
@@ -1,20 +1,20 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_corporal_enabled | bool"
-  tags:
-    - setup-all
-    - setup-corporal
+- block:
+    - when: matrix_corporal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_corporal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_corporal.yml"
-  when: run_setup | bool
+    - when: not matrix_corporal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-corporal
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_corporal_enabled | bool"
+- block:
+    - when: matrix_corporal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
diff --git a/roles/custom/matrix-corporal/tasks/self_check_corporal.yml b/roles/custom/matrix-corporal/tasks/self_check.yml
similarity index 96%
rename from roles/custom/matrix-corporal/tasks/self_check_corporal.yml
rename to roles/custom/matrix-corporal/tasks/self_check.yml
index 3ddda8e0..bf0e768b 100644
--- a/roles/custom/matrix-corporal/tasks/self_check_corporal.yml
+++ b/roles/custom/matrix-corporal/tasks/self_check.yml
@@ -11,6 +11,8 @@
   check_mode: false
   register: result_corporal_client_api
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Matrix Corporal HTTP gateway not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-corporal/tasks/setup_corporal.yml b/roles/custom/matrix-corporal/tasks/setup_install.yml
similarity index 53%
rename from roles/custom/matrix-corporal/tasks/setup_corporal.yml
rename to roles/custom/matrix-corporal/tasks/setup_install.yml
index 3f6ac86c..e257d011 100644
--- a/roles/custom/matrix-corporal/tasks/setup_corporal.yml
+++ b/roles/custom/matrix-corporal/tasks/setup_install.yml
@@ -1,9 +1,5 @@
 ---
 
-#
-# Tasks related to setting up matrix-corporal
-#
-
 - name: Ensure Matrix Corporal paths exist
   ansible.builtin.file:
     path: "{{ item }}"
@@ -15,7 +11,6 @@
     - "{{ matrix_corporal_config_dir_path }}"
     - "{{ matrix_corporal_cache_dir_path }}"
     - "{{ matrix_corporal_var_dir_path }}"
-  when: matrix_corporal_enabled | bool
 
 - name: Ensure Matrix Corporal repository is present on self-build
   ansible.builtin.git:
@@ -26,7 +21,7 @@
   become: true
   become_user: "{{ matrix_user_username }}"
   register: matrix_corporal_git_pull_results
-  when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool"
+  when: matrix_corporal_container_image_self_build | bool
 
 - name: Ensure Matrix Corporal Docker image is built
   community.docker.docker_image:
@@ -38,7 +33,7 @@
       dockerfile: etc/docker/Dockerfile
       path: "{{ matrix_corporal_container_src_files_path }}"
       pull: true
-  when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool"
+  when: matrix_corporal_container_image_self_build | bool
 
 - name: Ensure Matrix Corporal Docker image is pulled
   community.docker.docker_image:
@@ -46,7 +41,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}"
-  when: "matrix_corporal_enabled | bool and not matrix_corporal_container_image_self_build | bool"
+  when: not matrix_corporal_container_image_self_build | bool
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -59,7 +54,6 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_corporal_enabled | bool
 
 - name: Ensure matrix-corporal.service installed
   ansible.builtin.template:
@@ -67,55 +61,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
     mode: 0644
   register: matrix_corporal_systemd_service_result
-  when: matrix_corporal_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-corporal.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_corporal_enabled | bool and matrix_corporal_systemd_service_result.changed"
-
-
-#
-# Tasks related to getting rid of matrix-corporal (if it was previously enabled)
-#
-
-- name: Check existence of matrix-corporal service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
-  register: matrix_corporal_service_stat
-  when: "not matrix_corporal_enabled | bool"
-
-- name: Ensure matrix-corporal is stopped
-  ansible.builtin.service:
-    name: matrix-corporal
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists"
-
-- name: Ensure matrix-corporal.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
-    state: absent
-  when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-corporal.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists"
-
-- name: Ensure matrix-corporal files don't exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
-    - "{{ matrix_corporal_config_dir_path }}/config.json"
-  when: "not matrix_corporal_enabled | bool"
-
-- name: Ensure Matrix Corporal Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_corporal_docker_image }}"
-    state: absent
-  when: "not matrix_corporal_enabled | bool"
diff --git a/roles/custom/matrix-corporal/tasks/setup_uninstall.yml b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..81e1b751
--- /dev/null
+++ b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml
@@ -0,0 +1,38 @@
+---
+
+- name: Check existence of matrix-corporal service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
+  register: matrix_corporal_service_stat
+
+- when: matrix_corporal_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-corporal is stopped
+      ansible.builtin.service:
+        name: matrix-corporal
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-corporal.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
+        state: absent
+
+    - name: Ensure systemd reloaded after matrix-corporal.service removal
+      ansible.builtin.service:
+        daemon_reload: true
+
+- name: Ensure matrix-corporal files don't exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
+    - "{{ matrix_corporal_config_dir_path }}/config.json"
+
+- name: Ensure Matrix Corporal Docker image doesn't exist
+  community.docker.docker_image:
+    name: "{{ matrix_corporal_docker_image }}"
+    state: absent
diff --git a/roles/custom/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml
index f2fc66d5..393ed691 100644
--- a/roles/custom/matrix-coturn/tasks/main.yml
+++ b/roles/custom/matrix-coturn/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_coturn_enabled | bool"
-  tags:
-    - setup-all
-    - setup-coturn
+- block:
+    - when: matrix_coturn_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_coturn_enabled | bool"
-  tags:
-    - setup-all
-    - setup-coturn
+    - when: matrix_coturn_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_coturn_enabled | bool"
+    - when: not matrix_coturn_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-coturn
diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml
index 5a5b04de..62057ded 100644
--- a/roles/custom/matrix-dendrite/tasks/main.yml
+++ b/roles/custom/matrix-dendrite/tasks/main.yml
@@ -1,32 +1,26 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-dendrite
+- block:
+    - when: matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_dendrite.yml"
-  when: run_setup | bool
+    - when: matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_dendrite.yml"
   tags:
     - setup-all
     - setup-dendrite
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml"
-  when: run_dendrite_register_user | bool and matrix_dendrite_enabled | bool
-  tags:
-    - register-user
+- block:
+    - when: matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check | bool and matrix_dendrite_enabled | bool
+    - when: matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
   tags:
     - self-check
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check | bool and matrix_dendrite_enabled | bool
+- block:
+    - when: matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/register_user.yml"
   tags:
-    - self-check
+    - register-user
diff --git a/roles/custom/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml
index d37e633b..6b4de7e9 100644
--- a/roles/custom/matrix-dendrite/tasks/register_user.yml
+++ b/roles/custom/matrix-dendrite/tasks/register_user.yml
@@ -1,4 +1,5 @@
 ---
+
 - name: Fail if playbook called incorrectly
   ansible.builtin.fail:
     msg: "The `username` variable needs to be provided to this playbook, via --extra-vars"
diff --git a/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml
index 99b6cb40..f6eb602c 100644
--- a/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml
+++ b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml
@@ -7,6 +7,8 @@
   register: result_matrix_dendrite_client_api
   ignore_errors: true
   check_mode: false
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Matrix Client API not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml
index 25b2871c..bba20ff1 100644
--- a/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml
+++ b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml
@@ -7,6 +7,8 @@
   register: result_matrix_dendrite_federation_api
   ignore_errors: true
   check_mode: false
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Matrix Federation API not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml
index 38f780e9..5d6f5443 100644
--- a/roles/custom/matrix-dimension/tasks/main.yml
+++ b/roles/custom/matrix-dimension/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-dimension
+- block:
+    - when: matrix_dimension_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: run_setup | bool and matrix_dimension_enabled | bool
-  tags:
-    - setup-all
-    - setup-dimension
+    - when: matrix_dimension_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: run_setup | bool and not matrix_dimension_enabled | bool
+    - when: not matrix_dimension_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-dimension
diff --git a/roles/custom/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml
index bec7785c..6f5a35a5 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/main.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/main.yml
@@ -1,19 +1,21 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_dynamic_dns_enabled | bool"
+- block:
+    - when: matrix_appservice_slack_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
-    - setup-dynamic-dns
+    - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/install.yml"
-  when: "run_setup | bool and matrix_dynamic_dns_enabled | bool"
-  tags:
-    - setup-all
-    - setup-dynamic-dns
+- block:
+    - when: matrix_dynamic_dns_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_dynamic_dns_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/uninstall.yml"
-  when: "run_setup | bool and not matrix_dynamic_dns_enabled | bool"
+    - when: not matrix_dynamic_dns_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-dynamic-dns
diff --git a/roles/custom/matrix-dynamic-dns/tasks/install.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
similarity index 100%
rename from roles/custom/matrix-dynamic-dns/tasks/install.yml
rename to roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
diff --git a/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml
similarity index 100%
rename from roles/custom/matrix-dynamic-dns/tasks/uninstall.yml
rename to roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml
diff --git a/roles/custom/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml
index 4339b4db..c3e21d94 100644
--- a/roles/custom/matrix-email2matrix/tasks/main.yml
+++ b/roles/custom/matrix-email2matrix/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_email2matrix_enabled | bool"
-  tags:
-    - setup-all
-    - setup-email2matrix
+- block:
+    - when: matrix_email2matrix_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_email2matrix_enabled | bool"
-  tags:
-    - setup-all
-    - setup-email2matrix
+    - when: matrix_email2matrix_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_email2matrix_enabled | bool"
+    - when: not matrix_email2matrix_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-email2matrix
diff --git a/roles/custom/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml
index a2c9e077..46a04a48 100644
--- a/roles/custom/matrix-etherpad/tasks/main.yml
+++ b/roles/custom/matrix-etherpad/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool and matrix_etherpad_enabled | bool
-  tags:
-    - setup-all
-    - setup-etherpad
+- block:
+    - when: matrix_etherpad_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: run_setup | bool and matrix_etherpad_enabled | bool
-  tags:
-    - setup-all
-    - setup-etherpad
+    - when: matrix_etherpad_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: run_setup | bool and not matrix_etherpad_enabled | bool
+    - when: not matrix_etherpad_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-etherpad
diff --git a/roles/custom/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml
index 573f792f..fc1f3dc6 100644
--- a/roles/custom/matrix-grafana/tasks/main.yml
+++ b/roles/custom/matrix-grafana/tasks/main.yml
@@ -1,12 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_grafana_enabled | bool"
-  tags:
-    - setup-all
-    - setup-grafana
+- block:
+    - when: matrix_grafana_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_grafana_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+    - when: not matrix_grafana_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-grafana
diff --git a/roles/custom/matrix-grafana/tasks/setup.yml b/roles/custom/matrix-grafana/tasks/setup_install.yml
similarity index 65%
rename from roles/custom/matrix-grafana/tasks/setup.yml
rename to roles/custom/matrix-grafana/tasks/setup_install.yml
index eabd25e5..86a6b04b 100644
--- a/roles/custom/matrix-grafana/tasks/setup.yml
+++ b/roles/custom/matrix-grafana/tasks/setup_install.yml
@@ -1,16 +1,11 @@
 ---
 
-#
-# Tasks related to setting up matrix-grafana
-#
-
 - name: Ensure matrix-grafana image is pulled
   community.docker.docker_image:
     name: "{{ matrix_grafana_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}"
-  when: "matrix_grafana_enabled | bool"
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -31,7 +26,6 @@
     - "{{ matrix_grafana_config_path }}/provisioning/dashboards"
     - "{{ matrix_grafana_config_path }}/dashboards"
     - "{{ matrix_grafana_data_path }}"
-  when: matrix_grafana_enabled | bool
 
 - name: Ensure grafana.ini present
   ansible.builtin.template:
@@ -40,7 +34,6 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_grafana_enabled | bool
 
 - name: Ensure provisioning/datasources/default.yaml present
   ansible.builtin.template:
@@ -49,7 +42,6 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_grafana_enabled | bool
 
 - name: Ensure provisioning/dashboards/default.yaml present
   ansible.builtin.template:
@@ -58,7 +50,6 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_grafana_enabled | bool
 
 - name: Ensure dashboard(s) downloaded
   ansible.builtin.get_url:
@@ -69,7 +60,6 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items: "{{ matrix_grafana_dashboard_download_urls }}"
-  when: matrix_grafana_enabled | bool
   register: result
   retries: "{{ devture_playbook_help_geturl_retries_count }}"
   delay: "{{ devture_playbook_help_geturl_retries_delay }}"
@@ -81,38 +71,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service"
     mode: 0644
   register: matrix_grafana_systemd_service_result
-  when: matrix_grafana_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-grafana.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_grafana_enabled | bool and matrix_grafana_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of matrix-grafana (if it was previously enabled)
-#
-
-- name: Check existence of matrix-grafana service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service"
-  register: matrix_grafana_service_stat
-
-- name: Ensure matrix-grafana is stopped
-  ansible.builtin.service:
-    name: matrix-grafana
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists"
-
-- name: Ensure matrix-grafana.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service"
-    state: absent
-  when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-grafana.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists"
diff --git a/roles/custom/matrix-grafana/tasks/setup_uninstall.yml b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..6c054ff0
--- /dev/null
+++ b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Check existence of matrix-grafana service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service"
+  register: matrix_grafana_service_stat
+
+- when: matrix_grafana_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-grafana is stopped
+      ansible.builtin.service:
+        name: matrix-grafana
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-grafana.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service"
+        state: absent
diff --git a/roles/custom/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml
index 9aac5eae..8a2b9e43 100644
--- a/roles/custom/matrix-jitsi/tasks/main.yml
+++ b/roles/custom/matrix-jitsi/tasks/main.yml
@@ -1,43 +1,50 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
+- block:
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
   tags:
     - setup-additional-jitsi-jvb
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_jitsi_enabled | bool"
-  tags:
-    - setup-all
-    - setup-jitsi
-    - setup-additional-jitsi-jvb
+- block:
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
-  when: run_setup | bool
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
   tags:
     - setup-all
     - setup-jitsi
     - setup-additional-jitsi-jvb
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-jitsi
+- block:
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-jitsi
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml"
+
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
-  when: run_setup | bool
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml"
+
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_install.yml"
+
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_uninstall.yml"
   tags:
     - setup-all
     - setup-jitsi
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
-  when: run_setup | bool
+- block:
+    - when: matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_install.yml"
+
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_uninstall.yml"
   tags:
     - setup-all
     - setup-jitsi
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
index c52c1902..d273b425 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
@@ -4,10 +4,6 @@
     name: custom/matrix-base
     tasks_from: ensure_openssl_installed
 
-#
-# Tasks related to setting up jitsi
-#
-
 - name: Ensure Matrix jitsi base path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -17,8 +13,4 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - {path: "{{ matrix_jitsi_base_path }}", when: true}
-  when: matrix_jitsi_enabled | bool and item.when
-
-#
-# Tasks related to getting rid of jitsi (if it was previously enabled)
-#
+  when: item.when | bool
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml
similarity index 52%
rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml
index d9395308..6782ecd5 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml
@@ -1,9 +1,5 @@
 ---
 
-#
-# Tasks related to setting up jitsi-jicofo
-#
-
 - name: Ensure Matrix jitsi-jicofo path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -14,7 +10,7 @@
   with_items:
     - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true}
     - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true}
-  when: matrix_jitsi_enabled | bool and item.when
+  when: item.when | bool
 
 - name: Ensure jitsi-jicofo Docker image is pulled
   community.docker.docker_image:
@@ -22,7 +18,6 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
-  when: matrix_jitsi_enabled | bool
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -47,7 +42,6 @@
   with_items:
     - sip-communicator.properties
     - logging.properties
-  when: matrix_jitsi_enabled | bool
 
 - name: Ensure matrix-jitsi-jicofo.service installed
   ansible.builtin.template:
@@ -55,48 +49,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
     mode: 0644
   register: matrix_jitsi_jicofo_systemd_service_result
-  when: matrix_jitsi_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
-#
-
-- name: Check existence of matrix-jitsi-jicofo service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
-  register: matrix_jitsi_jicofo_service_stat
-  when: "not matrix_jitsi_enabled | bool"
-
-- name: Ensure matrix-jitsi-jicofo is stopped
-  ansible.builtin.service:
-    name: matrix-jitsi-jicofo
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
-
-- name: Ensure matrix-jitsi-jicofo.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
-
-- name: Ensure Matrix jitsi-jicofo paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_jitsi_jicofo_base_path }}"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool"
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
new file mode 100644
index 00000000..8e76ddea
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Check existence of matrix-jitsi-jicofo service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
+  register: matrix_jitsi_jicofo_service_stat
+
+- when: matrix_jitsi_jicofo_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-jitsi-jicofo is stopped
+      ansible.builtin.service:
+        name: matrix-jitsi-jicofo
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-jitsi-jicofo.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
+        state: absent
+
+    - name: Ensure Matrix jitsi-jicofo paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_jitsi_jicofo_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml
similarity index 50%
rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml
rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml
index 966572af..356b4068 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml
@@ -1,9 +1,5 @@
 ---
 
-#
-# Tasks related to setting up jitsi-jvb
-#
-
 - name: Ensure Matrix jitsi-jvb path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -14,7 +10,7 @@
   with_items:
     - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true}
     - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true}
-  when: matrix_jitsi_enabled | bool and item.when
+  when: item.when | bool
 
 - name: Ensure jitsi-jvb Docker image is pulled
   community.docker.docker_image:
@@ -22,7 +18,6 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
-  when: matrix_jitsi_enabled | bool
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -38,7 +33,6 @@
   with_items:
     - custom-sip-communicator.properties
     - logging.properties
-  when: matrix_jitsi_enabled | bool
 
 - name: Ensure jitsi-jvb environment variables file created
   ansible.builtin.template:
@@ -47,56 +41,9 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
     mode: 0640
-  when: matrix_jitsi_enabled | bool
 
 - name: Ensure matrix-jitsi-jvb.service installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
     mode: 0644
-  register: matrix_jitsi_jvb_systemd_service_result
-  when: matrix_jitsi_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
-#
-
-- name: Check existence of matrix-jitsi-jvb service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
-  register: matrix_jitsi_jvb_service_stat
-  when: "not matrix_jitsi_enabled | bool"
-
-- name: Ensure matrix-jitsi-jvb is stopped
-  ansible.builtin.service:
-    name: matrix-jitsi-jvb
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
-
-- name: Ensure matrix-jitsi-jvb.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
-
-- name: Ensure Matrix jitsi-jvb paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_jitsi_jvb_base_path }}"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool"
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
new file mode 100644
index 00000000..f883a3a2
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Check existence of matrix-jitsi-jvb service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
+  register: matrix_jitsi_jvb_service_stat
+
+- when: matrix_jitsi_jvb_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-jitsi-jvb is stopped
+      ansible.builtin.service:
+        name: matrix-jitsi-jvb
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-jitsi-jvb.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
+        state: absent
+
+    - name: Ensure Matrix jitsi-jvb paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_jitsi_jvb_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml
deleted file mode 100644
index 1a1656b2..00000000
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml
+++ /dev/null
@@ -1,99 +0,0 @@
----
-
-#
-# Tasks related to setting up jitsi-prosody
-#
-
-- name: Ensure Matrix jitsi-prosody environment exists
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0777
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true}
-    - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true}
-    - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true}
-  when: matrix_jitsi_enabled | bool and item.when
-
-- name: Ensure jitsi-prosody Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_jitsi_prosody_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
-  when: matrix_jitsi_enabled | bool
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure jitsi-prosody environment variables file is created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/prosody/env.j2"
-    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    mode: 0640
-  when: matrix_jitsi_enabled | bool
-
-- name: Ensure matrix-jitsi-prosody.service file is installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
-    mode: 0644
-  register: matrix_jitsi_prosody_systemd_service_result
-  when: matrix_jitsi_enabled | bool
-
-- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
-
-- name: Ensure authentication is properly configured
-  ansible.builtin.include_tasks:
-    file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
-  when:
-    - matrix_jitsi_enabled | bool
-    - matrix_jitsi_enable_auth | bool
-
-
-#
-# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
-#
-
-- name: Ensure matrix-jitsi-prosody.service file exists
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
-  register: matrix_jitsi_prosody_service_stat
-  when: "not matrix_jitsi_enabled | bool"
-
-- name: Ensure matrix-jitsi-prosody is stopped
-  ansible.builtin.service:
-    name: matrix-jitsi-prosody
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
-
-- name: Ensure matrix-jitsi-prosody.service file doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
-
-- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
-
-- name: Ensure Matrix jitsi-prosody paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_jitsi_prosody_base_path }}"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool"
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml
new file mode 100644
index 00000000..78581166
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml
@@ -0,0 +1,45 @@
+---
+
+- name: Ensure Matrix jitsi-prosody environment exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true}
+    - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true}
+    - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true}
+  when: item.when | bool
+
+- name: Ensure jitsi-prosody Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure jitsi-prosody environment variables file is created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prosody/env.j2"
+    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+
+- name: Ensure matrix-jitsi-prosody.service file is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
+    mode: 0644
+  register: matrix_jitsi_prosody_systemd_service_result
+
+- name: Ensure authentication is properly configured
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
+  when: matrix_jitsi_enable_auth | bool
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
new file mode 100644
index 00000000..3fd44f72
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Check if matrix-jitsi-prosody.service file exists
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
+  register: matrix_jitsi_prosody_service_stat
+
+- when: matrix_jitsi_prosody_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-jitsi-prosody is stopped
+      ansible.builtin.service:
+        name: matrix-jitsi-prosody
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-jitsi-prosody.service file doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
+        state: absent
+
+    - name: Ensure Matrix jitsi-prosody paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_jitsi_prosody_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml
similarity index 53%
rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml
rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml
index b6d3241b..710b2b0c 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml
@@ -1,9 +1,5 @@
 ---
 
-#
-# Tasks related to setting up jitsi-web
-#
-
 - name: Ensure Matrix jitsi-web path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -16,7 +12,7 @@
     - {path: "{{ matrix_jitsi_web_config_path }}", when: true}
     - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true}
     - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true}
-  when: matrix_jitsi_enabled | bool and item.when
+  when: item.when | bool
 
 - name: Ensure jitsi-web Docker image is pulled
   community.docker.docker_image:
@@ -24,7 +20,6 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
-  when: matrix_jitsi_enabled | bool
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -37,7 +32,6 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
     mode: 0640
-  when: matrix_jitsi_enabled | bool
 
 - name: Ensure jitsi-web configuration files created
   ansible.builtin.template:
@@ -49,7 +43,6 @@
   with_items:
     - custom-config.js
     - custom-interface_config.js
-  when: matrix_jitsi_enabled | bool
 
 - name: Ensure matrix-jitsi-web.service installed
   ansible.builtin.template:
@@ -57,48 +50,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
     mode: 0644
   register: matrix_jitsi_web_systemd_service_result
-  when: matrix_jitsi_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-jitsi-web.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of jitsi-web (if it was previously enabled)
-#
-
-- name: Check existence of matrix-jitsi-web service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
-  register: matrix_jitsi_web_service_stat
-  when: "not matrix_jitsi_enabled | bool"
-
-- name: Ensure matrix-jitsi-web is stopped
-  ansible.builtin.service:
-    name: matrix-jitsi-web
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
-
-- name: Ensure matrix-jitsi-web.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-jitsi-web.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
-
-- name: Ensure Matrix jitsi-web paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_jitsi_web_base_path }}"
-    state: absent
-  when: "not matrix_jitsi_enabled | bool"
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
new file mode 100644
index 00000000..7c99c280
--- /dev/null
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Check existence of matrix-jitsi-web service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
+  register: matrix_jitsi_web_service_stat
+
+- when: matrix_jitsi_web_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-jitsi-web is stopped
+      ansible.builtin.service:
+        name: matrix-jitsi-web
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-jitsi-web.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
+        state: absent
+
+    - name: Ensure Matrix jitsi-web paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_jitsi_web_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
index 1bba9ad1..758bea97 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
@@ -1,25 +1,21 @@
 ---
 
-- when: matrix_ldap_registration_proxy_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_ldap_registration_proxy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-ldap-registration-proxy
+- block:
+    - when: matrix_ldap_registration_proxy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-ldap-registration-proxy
+    - when: matrix_ldap_registration_proxy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_ldap_registration_proxy_enabled | bool"
+    - when: not matrix_ldap_registration_proxy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-matrix-ldap-registration-proxy
diff --git a/roles/custom/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml
index add76bb2..c1208f74 100644
--- a/roles/custom/matrix-ma1sd/tasks/main.yml
+++ b/roles/custom/matrix-ma1sd/tasks/main.yml
@@ -1,26 +1,19 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_ma1sd_enabled | bool"
-  tags:
-    - setup-all
-    - setup-ma1sd
+- block:
+    - when: matrix_ma1sd_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_ma1sd_enabled | bool"
-  tags:
-    - setup-all
-    - setup-ma1sd
+    - when: matrix_ma1sd_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_ma1sd_enabled | bool"
+    - when: not matrix_ma1sd_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
-    - setup-all
     - setup-ma1sd
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_ma1sd_enabled | bool"
+- block:
+    - when: matrix_ma1sd_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
diff --git a/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/custom/matrix-ma1sd/tasks/self_check.yml
similarity index 95%
rename from roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml
rename to roles/custom/matrix-ma1sd/tasks/self_check.yml
index 6fde9dd2..66765727 100644
--- a/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml
+++ b/roles/custom/matrix-ma1sd/tasks/self_check.yml
@@ -11,6 +11,8 @@
   check_mode: false
   register: result_ma1sd
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if ma1sd Identity Service not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml
index cf9123bf..2c2a0367 100644
--- a/roles/custom/matrix-mailer/tasks/main.yml
+++ b/roles/custom/matrix-mailer/tasks/main.yml
@@ -1,7 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_mailer.yml"
-  when: run_setup | bool
+- block:
+    - when: matrix_mailer_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_mailer_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-mailer
diff --git a/roles/custom/matrix-mailer/tasks/setup_mailer.yml b/roles/custom/matrix-mailer/tasks/setup_install.yml
similarity index 57%
rename from roles/custom/matrix-mailer/tasks/setup_mailer.yml
rename to roles/custom/matrix-mailer/tasks/setup_install.yml
index 5d81565a..11355165 100644
--- a/roles/custom/matrix-mailer/tasks/setup_mailer.yml
+++ b/roles/custom/matrix-mailer/tasks/setup_install.yml
@@ -1,9 +1,5 @@
 ---
 
-#
-# Tasks related to setting up the mailer
-#
-
 - name: Ensure mailer base path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -14,14 +10,13 @@
   with_items:
     - {path: "{{ matrix_mailer_base_path }}", when: true}
     - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"}
-  when: "matrix_mailer_enabled | bool and item.when"
+  when: item.when | bool
 
 - name: Ensure mailer environment variables file created
   ansible.builtin.template:
     src: "{{ role_path }}/templates/env-mailer.j2"
     dest: "{{ matrix_mailer_base_path }}/env-mailer"
     mode: 0640
-  when: matrix_mailer_enabled | bool
 
 - name: Ensure exim-relay repository is present on self-build
   ansible.builtin.git:
@@ -32,7 +27,7 @@
   become: true
   become_user: "{{ matrix_user_username }}"
   register: matrix_mailer_git_pull_results
-  when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool"
+  when: matrix_mailer_container_image_self_build | bool
 
 - name: Ensure exim-relay Docker image is built
   community.docker.docker_image:
@@ -44,7 +39,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
       pull: true
-  when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool"
+  when: matrix_mailer_container_image_self_build | bool
 
 - name: Ensure exim-relay image is pulled
   community.docker.docker_image:
@@ -52,7 +47,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
-  when: "matrix_mailer_enabled | bool and not matrix_mailer_container_image_self_build | bool"
+  when: "not matrix_mailer_container_image_self_build | bool"
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -64,51 +59,8 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
     mode: 0644
   register: matrix_mailer_systemd_service_result
-  when: matrix_mailer_enabled | bool
 
 - name: Ensure systemd reloaded after matrix-mailer.service installation
   ansible.builtin.service:
     daemon_reload: true
-  when: "matrix_mailer_enabled | bool and matrix_mailer_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of the mailer (if it was previously enabled)
-#
-
-- name: Check existence of matrix-mailer service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
-  register: matrix_mailer_service_stat
-  when: "not matrix_mailer_enabled | bool"
-
-- name: Ensure matrix-mailer is stopped
-  ansible.builtin.service:
-    name: matrix-mailer
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists"
-
-- name: Ensure matrix-mailer.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
-    state: absent
-  when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mailer.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists"
-
-- name: Ensure Matrix mailer environment variables path doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_mailer_base_path }}"
-    state: absent
-  when: "not matrix_mailer_enabled | bool"
-
-- name: Ensure mailer Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_mailer_docker_image }}"
-    state: absent
-  when: "not matrix_mailer_enabled | bool"
+  when: matrix_mailer_systemd_service_result.changed | bool
diff --git a/roles/custom/matrix-mailer/tasks/setup_uninstall.yml b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..d8fb65c3
--- /dev/null
+++ b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
@@ -0,0 +1,35 @@
+---
+
+- name: Check existence of matrix-mailer service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
+  register: matrix_mailer_service_stat
+
+- when: matrix_mailer_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mailer is stopped
+      ansible.builtin.service:
+        name: matrix-mailer
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-mailer.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
+        state: absent
+
+    - name: Ensure systemd reloaded after matrix-mailer.service removal
+      ansible.builtin.service:
+        daemon_reload: true
+
+- name: Ensure Matrix mailer path doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_mailer_base_path }}"
+    state: absent
+
+- name: Ensure mailer Docker image doesn't exist
+  community.docker.docker_image:
+    name: "{{ matrix_mailer_docker_image }}"
+    state: absent
diff --git a/roles/custom/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml
index 168608da..7ead4970 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/main.yml
@@ -22,10 +22,8 @@
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check | bool
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
   tags:
     - self-check
 
diff --git a/roles/custom/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml
index 8a4acd7c..1c2c266e 100644
--- a/roles/custom/matrix-ntfy/tasks/main.yml
+++ b/roles/custom/matrix-ntfy/tasks/main.yml
@@ -1,20 +1,17 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_ntfy_enabled | bool"
-  tags:
-    - setup-all
-    - setup-ntfy
+- block:
+    - when: matrix_ntfy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_ntfy_enabled | bool"
+    - when: not matrix_ntfy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-ntfy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check | bool and matrix_ntfy_enabled | bool"
+- block:
+    - when: matrix_ntfy_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
   tags:
     - self-check
diff --git a/roles/custom/matrix-ntfy/tasks/self_check.yml b/roles/custom/matrix-ntfy/tasks/self_check.yml
index 02529f35..bdbd666a 100644
--- a/roles/custom/matrix-ntfy/tasks/self_check.yml
+++ b/roles/custom/matrix-ntfy/tasks/self_check.yml
@@ -14,6 +14,8 @@
   register: matrix_ntfy_self_check_result
   check_mode: false
   ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if ntfy not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml
index 4fef6f45..1408f695 100644
--- a/roles/custom/matrix-postgres-backup/tasks/main.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/main.yml
@@ -1,13 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_postgres_backup_enabled | bool"
-  tags:
-    - setup-all
-    - setup-postgres-backup
+- block:
+    - when: matrix_postgres_backup_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_postgres_backup_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml"
-  when: run_setup | bool
+    - when: not matrix_postgres_backup_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-postgres-backup
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
new file mode 100644
index 00000000..d26fff6e
--- /dev/null
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
@@ -0,0 +1,57 @@
+---
+
+
+- ansible.builtin.import_role:
+    name: custom/matrix-postgres
+    tasks_from: detect_existing_postgres_version
+  when: 'matrix_postgres_backup_postgres_data_path != ""'
+
+# If we have found an existing version (installed from before), we use its corresponding Docker image.
+# If not, we install using the latest Postgres.
+#
+# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`).
+- ansible.builtin.set_fact:
+    matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image | default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}"
+
+- name: Ensure postgres backup Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_postgres_backup_docker_image_to_use }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Postgres backup paths exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0700
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_postgres_backup_path }}"
+
+- name: Ensure Postgres environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+  with_items:
+    - "env-postgres-backup"
+
+- name: Ensure matrix-postgres-backup.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
+    mode: 0644
+  register: matrix_postgres_backup_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-postgres-backup.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: matrix_postgres_backup_systemd_service_result.changed | bool
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml
deleted file mode 100644
index 6066ee49..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml
+++ /dev/null
@@ -1,112 +0,0 @@
----
-
-#
-# Tasks related to setting up postgres backup
-#
-- ansible.builtin.import_role:
-    name: custom/matrix-postgres
-    tasks_from: detect_existing_postgres_version
-  when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""'
-
-# If we have found an existing version (installed from before), we use its corresponding Docker image.
-# If not, we install using the latest Postgres.
-#
-# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`).
-- ansible.builtin.set_fact:
-    matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image | default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}"
-  when: matrix_postgres_backup_enabled | bool
-
-- name: Ensure postgres backup Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_postgres_backup_docker_image_to_use }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}"
-  when: matrix_postgres_backup_enabled | bool
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure Postgres backup paths exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - "{{ matrix_postgres_backup_path }}"
-  when: matrix_postgres_backup_enabled | bool
-
-- name: Ensure Postgres environment variables file created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    mode: 0640
-  with_items:
-    - "env-postgres-backup"
-  when: matrix_postgres_backup_enabled | bool
-
-- name: Ensure matrix-postgres-backup.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-    mode: 0644
-  register: matrix_postgres_backup_systemd_service_result
-  when: matrix_postgres_backup_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-postgres-backup.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_postgres_backup_enabled | bool and matrix_postgres_backup_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of postgres backup (if it was previously enabled)
-#
-
-- name: Check existence of matrix-postgres-backup service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-  register: matrix_postgres_backup_service_stat
-  when: "not matrix_postgres_backup_enabled | bool"
-
-- name: Ensure matrix-postgres-backup is stopped
-  ansible.builtin.service:
-    name: matrix-postgres-backup
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists"
-
-- name: Ensure matrix-postgres-backup.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-    state: absent
-  when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-postgres-backup.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists"
-
-- name: Check existence of matrix-postgres-backup backup path
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_backup_path }}"
-  register: matrix_postgres_backup_path_stat
-  when: "not matrix_postgres_backup_enabled | bool"
-
-# We just want to notify the user. Deleting data is too destructive.
-- name: Inject warning if matrix-postgres backup data remains
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it."
-        ]
-      }}
-  when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_path_stat.stat.exists"
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml b/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..0b3709eb
--- /dev/null
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
@@ -0,0 +1,43 @@
+---
+
+- name: Check existence of matrix-postgres-backup service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
+  register: matrix_postgres_backup_service_stat
+
+
+- when: matrix_postgres_backup_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-postgres-backup is stopped
+      ansible.builtin.service:
+        name: matrix-postgres-backup
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-postgres-backup.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
+        state: absent
+
+    - name: Ensure systemd reloaded after matrix-postgres-backup.service removal
+      ansible.builtin.service:
+        daemon_reload: true
+
+- name: Check existence of matrix-postgres-backup backup path
+  ansible.builtin.stat:
+    path: "{{ matrix_postgres_backup_path }}"
+  register: matrix_postgres_backup_path_stat
+
+# We just want to notify the user. Deleting data is too destructive.
+- name: Inject warning if matrix-postgres backup data remains
+  ansible.builtin.set_fact:
+    devture_playbook_runtime_messages_list: |
+      {{
+        devture_playbook_runtime_messages_list | default([])
+        +
+        [
+          "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it."
+        ]
+      }}
+  when: matrix_postgres_backup_path_stat.stat.exists | bool
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
index 145adfdd..c86cdad7 100644
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
@@ -1,12 +1,18 @@
 ---
 
-- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+- block:
+    - when: matrix_prometheus_node_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_prometheus_node_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-prometheus-node-exporter
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml
deleted file mode 100644
index 0b0c5704..00000000
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-
-#
-# Tasks related to setting up matrix-prometheus-node-exporter
-#
-
-- name: Ensure matrix-prometheus-node-exporter image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_prometheus_node_exporter_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}"
-  when: "matrix_prometheus_node_exporter_enabled | bool"
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure matrix-prometheus-node-exporter.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
-    mode: 0644
-  register: matrix_prometheus_node_exporter_systemd_service_result
-  when: matrix_prometheus_node_exporter_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-prometheus.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of matrix-prometheus-node-exporter (if it was previously enabled)
-#
-
-- name: Check existence of matrix-prometheus-node-exporter service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
-  register: matrix_prometheus_node_exporter_service_stat
-
-- name: Ensure matrix-prometheus-node-exporter is stopped
-  ansible.builtin.service:
-    name: matrix-prometheus-node-exporter
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists"
-
-- name: Ensure matrix-prometheus-node-exporter.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
-    state: absent
-  when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists"
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml
new file mode 100644
index 00000000..3c0af96b
--- /dev/null
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Ensure matrix-prometheus-node-exporter image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_prometheus_node_exporter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-prometheus-node-exporter.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
+    mode: 0644
+  register: matrix_prometheus_node_exporter_systemd_service_result
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..7239c0ac
--- /dev/null
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-prometheus-node-exporter service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
+  register: matrix_prometheus_node_exporter_service_stat
+
+- when: matrix_prometheus_node_exporter_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-prometheus-node-exporter is stopped
+      ansible.builtin.service:
+        name: matrix-prometheus-node-exporter
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-prometheus-node-exporter.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
+        state: absent
+
+    - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal
+      ansible.builtin.service:
+        daemon_reload: true
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
index 59911efb..2e06fdd5 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
@@ -1,12 +1,18 @@
 ---
 
-- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_metrics_proxying_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+- block:
+    - when: matrix_prometheus_postgres_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_prometheus_postgres_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-prometheus-postgres-exporter
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml
deleted file mode 100644
index 1ab15799..00000000
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-
-#
-# Tasks related to setting up matrix-prometheus-postgres-exporter
-#
-
-- name: Ensure matrix-prometheus-postgres-exporter image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_prometheus_postgres_exporter_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}"
-  when: "matrix_prometheus_postgres_exporter_enabled | bool"
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure matrix-prometheus-postgres-exporter.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
-    mode: 0644
-  register: matrix_prometheus_postgres_exporter_systemd_service_result
-  when: matrix_prometheus_postgres_exporter_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-prometheus.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of matrix-prometheus-postgres-exporter (if it was previously enabled)
-#
-
-- name: Check existence of matrix-prometheus-postgres-exporter service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
-  register: matrix_prometheus_postgres_exporter_service_stat
-
-- name: Ensure matrix-prometheus-postgres-exporter is stopped
-  ansible.builtin.service:
-    name: matrix-prometheus-postgres-exporter
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists"
-
-- name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
-    state: absent
-  when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists"
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml
new file mode 100644
index 00000000..ee0f9bef
--- /dev/null
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Ensure matrix-prometheus-postgres-exporter image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_prometheus_postgres_exporter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-prometheus-postgres-exporter.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
+    mode: 0644
+  register: matrix_prometheus_postgres_exporter_systemd_service_result
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..b3fdfd59
--- /dev/null
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Check existence of matrix-prometheus-postgres-exporter service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
+  register: matrix_prometheus_postgres_exporter_service_stat
+
+- when: matrix_prometheus_postgres_exporter_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-prometheus-postgres-exporter is stopped
+      ansible.builtin.service:
+        name: matrix-prometheus-postgres-exporter
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
+        state: absent
diff --git a/roles/custom/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml
index 61cd86db..737f656b 100644
--- a/roles/custom/matrix-prometheus/tasks/main.yml
+++ b/roles/custom/matrix-prometheus/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_prometheus_enabled | bool"
-  tags:
-    - setup-all
-    - setup-prometheus
+- block:
+    - when: matrix_prometheus_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_prometheus_enabled | bool"
-  tags:
-    - setup-all
-    - setup-prometheus
+    - when: matrix_prometheus_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_prometheus_enabled | bool"
+    - when: not matrix_prometheus_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-prometheus
diff --git a/roles/custom/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml
index 51b3e12c..da2f1dcb 100644
--- a/roles/custom/matrix-redis/tasks/main.yml
+++ b/roles/custom/matrix-redis/tasks/main.yml
@@ -1,7 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_redis.yml"
-  when: run_setup | bool
+- block:
+    - when: matrix_redis_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_redis_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-redis
diff --git a/roles/custom/matrix-redis/tasks/setup_install.yml b/roles/custom/matrix-redis/tasks/setup_install.yml
new file mode 100644
index 00000000..1384c042
--- /dev/null
+++ b/roles/custom/matrix-redis/tasks/setup_install.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Ensure redis Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_redis_docker_image_to_use }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure redis paths exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0700
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - "{{ matrix_redis_base_path }}"
+    - "{{ matrix_redis_data_path }}"
+
+# We do this as a separate task, because:
+# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is)
+# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true
+- name: Ensure redis data path ownership is correct
+  ansible.builtin.file:
+    path: "{{ matrix_redis_data_path }}"
+    state: directory
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+    recurse: true
+
+- name: Ensure redis environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_redis_base_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - "redis.conf"
+
+- name: Ensure matrix-redis.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
+    mode: 0644
+  register: matrix_redis_systemd_service_result
diff --git a/roles/custom/matrix-redis/tasks/setup_redis.yml b/roles/custom/matrix-redis/tasks/setup_redis.yml
deleted file mode 100644
index b1b4c0b5..00000000
--- a/roles/custom/matrix-redis/tasks/setup_redis.yml
+++ /dev/null
@@ -1,104 +0,0 @@
----
-
-#
-# Tasks related to setting up an internal redis server
-#
-
-- name: Ensure redis Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_redis_docker_image_to_use }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}"
-  when: matrix_redis_enabled | bool
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure redis paths exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_username }}"
-  with_items:
-    - "{{ matrix_redis_base_path }}"
-    - "{{ matrix_redis_data_path }}"
-  when: matrix_redis_enabled | bool
-
-# We do this as a separate task, because:
-# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is)
-# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true
-- name: Ensure redis data path ownership is correct
-  ansible.builtin.file:
-    path: "{{ matrix_redis_data_path }}"
-    state: directory
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_username }}"
-    recurse: true
-  when: matrix_redis_enabled | bool
-
-- name: Ensure redis environment variables file created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_redis_base_path }}/{{ item }}"
-    mode: 0644
-  with_items:
-    - "redis.conf"
-  when: matrix_redis_enabled | bool
-
-- name: Ensure matrix-redis.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
-    mode: 0644
-  register: matrix_redis_systemd_service_result
-  when: matrix_redis_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-redis.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_redis_enabled | bool and matrix_redis_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of the internal redis server (if it was previously enabled)
-#
-
-- name: Check existence of matrix-redis service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
-  register: matrix_redis_service_stat
-  when: "not matrix_redis_enabled | bool"
-
-- name: Ensure matrix-redis is stopped
-  ansible.builtin.service:
-    name: matrix-redis
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists"
-
-- name: Ensure matrix-redis.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
-    state: absent
-  when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-redis.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists"
-
-- name: Check existence of matrix-redis local data path
-  ansible.builtin.stat:
-    path: "{{ matrix_redis_data_path }}"
-  register: matrix_redis_data_path_stat
-  when: "not matrix_redis_enabled | bool"
-
-# We just want to notify the user. Deleting data is too destructive.
-- name: Notify if matrix-redis local data remains
-  ansible.builtin.debug:
-    msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it."
-  when: "not matrix_redis_enabled | bool and matrix_redis_data_path_stat.stat.exists"
diff --git a/roles/custom/matrix-redis/tasks/setup_uninstall.yml b/roles/custom/matrix-redis/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..e2bbc9e4
--- /dev/null
+++ b/roles/custom/matrix-redis/tasks/setup_uninstall.yml
@@ -0,0 +1,31 @@
+---
+
+- name: Check existence of matrix-redis service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
+  register: matrix_redis_service_stat
+
+- when: matrix_redis_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-redis is stopped
+      ansible.builtin.service:
+        name: matrix-redis
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-redis.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service"
+        state: absent
+
+- name: Check existence of matrix-redis local data path
+  ansible.builtin.stat:
+    path: "{{ matrix_redis_data_path }}"
+  register: matrix_redis_data_path_stat
+
+# We just want to notify the user. Deleting data is too destructive.
+- name: Notify if matrix-redis local data remains
+  ansible.builtin.debug:
+    msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it."
+  when: matrix_redis_data_path_stat.stat.exists | bool
diff --git a/roles/custom/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml
index 1b129b2c..ee110182 100644
--- a/roles/custom/matrix-registration/tasks/main.yml
+++ b/roles/custom/matrix-registration/tasks/main.yml
@@ -1,35 +1,33 @@
 ---
 
-- when: matrix_registration_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_registration_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-registration
+- block:
+    - when: matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup | bool and matrix_registration_enabled | bool"
-  tags:
-    - setup-all
-    - setup-matrix-registration
+    - when: matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup | bool and not matrix_registration_enabled | bool"
+    - when: not matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-matrix-registration
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/generate_token.yml"
-  when: "run_setup | bool and matrix_registration_enabled | bool"
+- block:
+    - when: matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/generate_token.yml"
   tags:
     - generate-matrix-registration-token
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/list_tokens.yml"
-  when: "run_setup | bool and matrix_registration_enabled | bool"
+- block:
+    - when: matrix_registration_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/list_tokens.yml"
   tags:
     - list-matrix-registration-tokens
diff --git a/roles/custom/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml
index fb25feed..14677488 100644
--- a/roles/custom/matrix-sygnal/tasks/main.yml
+++ b/roles/custom/matrix-sygnal/tasks/main.yml
@@ -1,19 +1,14 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-sygnal
+- block:
+    - when: matrix_sygnal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: run_setup | bool and matrix_sygnal_enabled | bool
-  tags:
-    - setup-all
-    - setup-sygnal
+    - when: matrix_sygnal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: run_setup | bool and not matrix_sygnal_enabled | bool
+    - when: not matrix_sygnal_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-sygnal
diff --git a/roles/custom/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml
index fed3dec6..632ec783 100644
--- a/roles/custom/matrix-synapse-admin/tasks/main.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/main.yml
@@ -1,18 +1,21 @@
 ---
 
-- when: matrix_synapse_admin_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_synapse_admin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-nginx-proxy
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-synapse-admin
+- block:
+    - when: matrix_synapse_admin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_synapse_admin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+    - when: not matrix_synapse_admin_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse-admin
diff --git a/roles/custom/matrix-synapse-admin/tasks/setup.yml b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml
similarity index 50%
rename from roles/custom/matrix-synapse-admin/tasks/setup.yml
rename to roles/custom/matrix-synapse-admin/tasks/setup_install.yml
index 56cee498..57e59148 100644
--- a/roles/custom/matrix-synapse-admin/tasks/setup.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml
@@ -1,16 +1,12 @@
 ---
 
-#
-# Tasks related to setting up matrix-synapse-admin
-#
-
 - name: Ensure matrix-synapse-admin image is pulled
   community.docker.docker_image:
     name: "{{ matrix_synapse_admin_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}"
-  when: "matrix_synapse_admin_enabled | bool and not matrix_synapse_admin_container_image_self_build | bool"
+  when: not matrix_synapse_admin_container_image_self_build | bool
   register: result
   retries: "{{ devture_playbook_help_container_retries_count }}"
   delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -25,7 +21,7 @@
   become: true
   become_user: "{{ matrix_user_username }}"
   register: matrix_synapse_admin_git_pull_results
-  when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool"
+  when: matrix_synapse_admin_container_image_self_build | bool
 
 - name: Ensure matrix-synapse-admin Docker image is built
   community.docker.docker_image:
@@ -37,7 +33,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_synapse_admin_docker_src_files_path }}"
       pull: true
-  when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool"
+  when: matrix_synapse_admin_container_image_self_build | bool
 
 - name: Ensure matrix-synapse-admin.service installed
   ansible.builtin.template:
@@ -45,44 +41,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
     mode: 0644
   register: matrix_synapse_admin_systemd_service_result
-  when: matrix_synapse_admin_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-synapse-admin.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of matrix-synapse-admin (if it was previously enabled)
-#
-
-- name: Check existence of matrix-synapse-admin service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
-  register: matrix_synapse_admin_service_stat
-
-- name: Ensure matrix-synapse-admin is stopped
-  ansible.builtin.service:
-    name: matrix-synapse-admin
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists"
-
-- name: Ensure matrix-synapse-admin.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
-    state: absent
-  when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-synapse-admin.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists"
-
-- name: Ensure matrix-synapse-admin Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_synapse_admin_docker_image }}"
-    state: absent
-  when: "not matrix_synapse_admin_enabled | bool"
diff --git a/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..96509874
--- /dev/null
+++ b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml
@@ -0,0 +1,27 @@
+---
+
+- name: Check existence of matrix-synapse-admin service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
+  register: matrix_synapse_admin_service_stat
+
+- when: matrix_synapse_admin_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-synapse-admin is stopped
+      ansible.builtin.service:
+        name: matrix-synapse-admin
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-synapse-admin.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
+        state: absent
+
+    - name: Ensure matrix-synapse-admin Docker image doesn't exist
+      community.docker.docker_image:
+        name: "{{ matrix_synapse_admin_docker_image }}"
+        state: absent
+      when: "not matrix_synapse_admin_enabled | bool"
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
index 65b2c019..e07869d2 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
@@ -1,14 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: run_setup | bool and matrix_synapse_reverse_proxy_companion_enabled | bool
-  tags:
-    - setup-all
-    - setup-synapse-reverse-proxy-companion
-    - setup-synapse
+- block:
+    - when: matrix_synapse_reverse_proxy_companion_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: run_setup | bool and not matrix_synapse_reverse_proxy_companion_enabled | bool
+    - when: not matrix_synapse_reverse_proxy_companion_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse-reverse-proxy-companion
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 87c76ab7..1e912216 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -1,7 +1,8 @@
 ---
 
-- when: matrix_synapse_enabled | bool
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -15,48 +16,48 @@
     - stop-all
     - stop-group
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup | bool and matrix_synapse_enabled | bool
-  tags:
-    - setup-all
-    - setup-synapse
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
-  when: run_setup | bool
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
+
+    - when: not matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_media_store.yml"
-  when: run_synapse_import_media_store | bool
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/import_media_store.yml"
   tags:
     - import-synapse-media-store
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml"
-  when: run_synapse_register_user | bool and matrix_synapse_enabled | bool
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/register_user.yml"
   tags:
     - register-user
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check | bool
-  tags:
-    - self-check
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check | bool
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/update_user_password.yml"
   tags:
-    - self-check
+    - rust-synapse-compress-state
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/update_user_password.yml"
-  when: run_synapse_update_user_password | bool and matrix_synapse_enabled | bool
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml"
   tags:
     - update-user-password
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml"
-  when: run_synapse_rust_synapse_compress_state | bool
+- block:
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
+
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
   tags:
-    - rust-synapse-compress-state
+    - self-check
diff --git a/roles/custom/matrix-synapse/tasks/self_check_client_api.yml b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml
index 1c03ba5b..7ec3fb09 100644
--- a/roles/custom/matrix-synapse/tasks/self_check_client_api.yml
+++ b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml
@@ -9,6 +9,8 @@
   ignore_errors: true
   check_mode: false
   when: matrix_synapse_enabled | bool
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Matrix Client API not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml
index 80ec4fc2..fde73dae 100644
--- a/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml
+++ b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml
@@ -9,6 +9,8 @@
   ignore_errors: true
   check_mode: false
   when: matrix_synapse_enabled | bool
+  delegate_to: 127.0.0.1
+  become: false
 
 - name: Fail if Matrix Federation API not working
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml
index ba20504f..2198b3eb 100644
--- a/roles/custom/matrix-user-creator/tasks/main.yml
+++ b/roles/custom/matrix-user-creator/tasks/main.yml
@@ -1,7 +1,8 @@
 ---
 
-- when: matrix_user_creator_users | length > 0
-  ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+- block:
+    - when: matrix_user_creator_users | length > 0
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
   tags:
     # This role intentionally doesn't do work on a `setup-all` tag.
     # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data,
diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml
index c346a759..caa42bfd 100644
--- a/roles/custom/matrix_playbook_migration/tasks/main.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
   tags:
     - setup-all

From d29b0aeddb0b5fdc0f2ed5927bd12411b33df262 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 15:19:42 +0200
Subject: [PATCH 064/198] Replace even more import_tasks calls with
 include_tasks

---
 roles/custom/matrix-base/tasks/main.yml       | 15 ++--
 .../tasks/setup_install.yml                   |  2 +-
 .../tasks/setup_install.yml                   |  2 +-
 .../matrix-dendrite/tasks/dendrite/setup.yml  |  7 --
 .../tasks/dendrite/setup_uninstall.yml        | 30 -------
 roles/custom/matrix-dendrite/tasks/main.yml   |  5 +-
 .../matrix-dendrite/tasks/setup_dendrite.yml  | 15 ----
 .../tasks/{dendrite => }/setup_install.yml    | 19 +++--
 .../matrix-dendrite/tasks/setup_uninstall.yml | 25 ++++++
 .../matrix-ma1sd/tasks/migrate_mxisd.yml      | 80 -------------------
 .../matrix-ma1sd/tasks/setup_install.yml      |  3 -
 .../tasks/ext/encryption-disabler/setup.yml   |  7 --
 .../{setup.yml => setup_install.yml}          |  1 -
 .../tasks/ext/mjolnir-antispam/setup.yml      |  7 --
 .../tasks/ext/rest-auth/setup.yml             |  7 --
 .../tasks/ext/s3-storage-provider/setup.yml   | 10 ---
 .../custom/matrix-synapse/tasks/ext/setup.yml | 77 ++++++++++++++++--
 .../tasks/ext/shared-secret-auth/setup.yml    |  7 --
 .../ext/synapse-simple-antispam/setup.yml     |  7 --
 .../matrix-synapse/tasks/goofys/setup.yml     | 12 ++-
 roles/custom/matrix-synapse/tasks/main.yml    |  7 +-
 21 files changed, 132 insertions(+), 213 deletions(-)
 delete mode 100644 roles/custom/matrix-dendrite/tasks/dendrite/setup.yml
 delete mode 100644 roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-dendrite/tasks/setup_dendrite.yml
 rename roles/custom/matrix-dendrite/tasks/{dendrite => }/setup_install.yml (90%)
 create mode 100644 roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml
 rename roles/custom/matrix-synapse/tasks/ext/ldap-auth/{setup.yml => setup_install.yml} (79%)
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml

diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 97f0381d..7eeb2cdc 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -1,26 +1,27 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
   tags:
     - setup-all
 
 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
-  when: run_setup | bool
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
   tags:
     - always
     - setup-system-user
     - common
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
-  when: run_setup | bool
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
   tags:
     - setup-all
     - common
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
-  when: run_setup | bool
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
   tags:
     - setup-all
     - setup-ma1sd
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
index 32d87408..7b58f81e 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -60,7 +60,7 @@
 
     - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
+        - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
 
         - ansible.builtin.set_fact:
             matrix_appservice_irc_requires_restart: true
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
index 2c714085..f1751012 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
@@ -26,7 +26,7 @@
 
     - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
+        - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
 
         - ansible.builtin.set_fact:
             matrix_appservice_slack_requires_restart: true
diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml
deleted file mode 100644
index 1a849729..00000000
--- a/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml"
-  when: matrix_dendrite_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_uninstall.yml"
-  when: "not matrix_dendrite_enabled | bool"
diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml
deleted file mode 100644
index ce3e3476..00000000
--- a/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-
-- name: Check existence of matrix-dendrite service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
-  register: matrix_dendrite_service_stat
-
-- name: Ensure matrix-dendrite is stopped
-  ansible.builtin.service:
-    name: matrix-dendrite
-    state: stopped
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_dendrite_service_stat.stat.exists"
-
-- name: Ensure matrix-dendrite.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
-    state: absent
-  when: "matrix_dendrite_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-dendrite.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dendrite_service_stat.stat.exists"
-
-- name: Ensure Dendrite Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_dendrite_docker_image }}"
-    state: absent
diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml
index 62057ded..b59d3cad 100644
--- a/roles/custom/matrix-dendrite/tasks/main.yml
+++ b/roles/custom/matrix-dendrite/tasks/main.yml
@@ -5,7 +5,10 @@
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
     - when: matrix_dendrite_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_dendrite.yml"
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_dendrite_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-dendrite
diff --git a/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml b/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml
deleted file mode 100644
index f74f08c2..00000000
--- a/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Ensure Dendrite paths exist
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - {path: "{{ matrix_dendrite_config_dir_path }}", when: true}
-    - {path: "{{ matrix_dendrite_ext_path }}", when: true}
-    - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true}
-  when: "matrix_dendrite_enabled | bool and item.when"
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml"
diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml
similarity index 90%
rename from roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml
rename to roles/custom/matrix-dendrite/tasks/setup_install.yml
index aec7f77b..1c557e7f 100644
--- a/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml
+++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml
@@ -1,4 +1,17 @@
 ---
+
+- name: Ensure Dendrite paths exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_dendrite_config_dir_path }}"
+    - "{{ matrix_dendrite_ext_path }}"
+    - "{{ matrix_dendrite_nats_storage_path }}"
+
 # This will throw a Permission Denied error if already mounted using fuse
 - name: Check Dendrite media store path
   ansible.builtin.stat:
@@ -67,12 +80,6 @@
     src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
     mode: 0644
-  register: matrix_dendrite_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-dendrite.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dendrite_systemd_service_result.changed | bool"
 
 - name: Ensure matrix-dendrite-create-account script created
   ansible.builtin.template:
diff --git a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..e37b219c
--- /dev/null
+++ b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-dendrite service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
+  register: matrix_dendrite_service_stat
+
+- when: matrix_dendrite_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-dendrite is stopped
+      ansible.builtin.service:
+        name: matrix-dendrite
+        state: stopped
+        daemon_reload: true
+      register: stopping_result
+
+    - name: Ensure matrix-dendrite.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
+        state: absent
+
+    - name: Ensure Dendrite Docker image doesn't exist
+      community.docker.docker_image:
+        name: "{{ matrix_dendrite_docker_image }}"
+        state: absent
diff --git a/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml
deleted file mode 100644
index ee722895..00000000
--- a/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml
+++ /dev/null
@@ -1,80 +0,0 @@
----
-
-# This task is for migrating existing mxisd data when transitioning to the ma1sd fork.
-
-- name: Check for existent mxisd data
-  ansible.builtin.stat:
-    path: "{{ matrix_base_data_path }}/mxisd/data"
-  register: ma1sd_migrate_mxisd_data_dir_stat
-
-- name: Warn if mxisd data detected
-  ansible.builtin.debug:
-    msg: >
-      You seem to have an existing mxisd folder in `{{ matrix_base_data_path }}/mxisd`.
-      We are going to migrate it to ma1sd and rename the folder to mxisd.migrated.
-  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
-
-- name: Check existence of old matrix-mxisd service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service"
-  register: matrix_mxisd_service_stat
-
-- name: Ensure matrix-mxisd is stopped
-  ansible.builtin.service:
-    name: matrix-mxisd
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mxisd_service_stat.stat.exists"
-
-- name: Check existence of matrix-ma1sd service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service"
-  register: matrix_ma1sd_service_stat
-  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
-
-- name: Ensure matrix-ma1sd is stopped
-  ansible.builtin.service:
-    name: matrix-ma1sd
-    state: stopped
-    daemon_reload: true
-  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists"
-
-# We use shell commands for the migration, because the Ansible copy module cannot
-# recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible.
-- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
-  block:
-    - name: Copy mxisd data files to ma1sd folder
-      ansible.builtin.command:
-        cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}"
-      register: matrix_ma1sd_migrate_mxisd_data_files_copying_result
-      changed_when: matrix_ma1sd_migrate_mxisd_data_files_copying_result.rc == 0
-
-    - name: Check existence of mxisd.db file
-      ansible.builtin.stat:
-        path: "{{ matrix_ma1sd_data_path }}/mxisd.db"
-      register: matrix_ma1sd_mxisd_db_stat
-
-    - name: Rename database (mxisd.db -> ma1sd.db)
-      ansible.builtin.command:
-        cmd: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db"
-      register: matrix_ma1sd_migrate_mxisd_move_db_result
-      changed_when: matrix_ma1sd_migrate_mxisd_move_db_result.rc == 0
-      when: "matrix_ma1sd_mxisd_db_stat.stat.exists"
-
-    - name: Rename mxisd folder
-      ansible.builtin.command:
-        cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated"
-      register: matrix_ma1sd_migrate_mxisd_move_directory_result
-      changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0
-
-- name: Ensure outdated matrix-mxisd.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service"
-    state: absent
-  when: "matrix_mxisd_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after removing outdated matrix-mxisd.service
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mxisd_service_stat.stat.exists"
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
index b9668a05..9b86008a 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
@@ -13,9 +13,6 @@
     - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"}
   when: "item.when | bool"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml"
-
-
 # These (SQLite -> Postgres) migration tasks are usually at the top,
 # but we'd like to run them after `migrate_mxisd.yml`, which requires the ma1sd paths to exist.
 - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml
deleted file mode 100644
index e0e61df8..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
-  when: matrix_synapse_ext_encryption_disabler_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
-  when: "not matrix_synapse_ext_encryption_disabler_enabled | bool"
diff --git a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml
similarity index 79%
rename from roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml
rename to roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml
index 5d648c84..c13a0404 100644
--- a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml
@@ -9,4 +9,3 @@
        +
         [{'name': 'ldap_auth_provider', 'level': 'INFO'}]
       }}
-  when: matrix_synapse_ext_password_provider_ldap_enabled | bool
diff --git a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml
deleted file mode 100644
index 1a3e097d..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
-  when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
-  when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool"
diff --git a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml
deleted file mode 100644
index 6df360ce..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
-  when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
-  when: "not matrix_synapse_ext_password_provider_rest_auth_enabled | bool"
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml
deleted file mode 100644
index aefa49fe..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
-  when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
-  when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
-  when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
diff --git a/roles/custom/matrix-synapse/tasks/ext/setup.yml b/roles/custom/matrix-synapse/tasks/ext/setup.yml
index 6cf1afaa..eea2da37 100644
--- a/roles/custom/matrix-synapse/tasks/ext/setup.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/setup.yml
@@ -1,15 +1,78 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml"
+# encryption-disabler
+- block:
+    - when: matrix_synapse_ext_encryption_disabler_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
+    - when: not matrix_synapse_ext_encryption_disabler_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
+# rest-auth
+- block:
+    - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
+    - when: not matrix_synapse_ext_password_provider_rest_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml"
+# shared-secret-auth
+- block:
+    - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml"
+    - when: not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml"
+# ldap-auth
+- block:
+    - when: matrix_synapse_ext_password_provider_ldap_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# synapse-simple-antispam
+- block:
+    - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
+
+    - when: not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# mjolnir-antispam
+- block:
+    - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
+
+    - when: not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# s3-storage-provider
+- block:
+    - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
+
+    - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
+
+    - when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml
deleted file mode 100644
index 6dc385d3..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
-  when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
-  when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool"
diff --git a/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml
deleted file mode 100644
index 038eea74..00000000
--- a/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
-  when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
-  when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool"
diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup.yml b/roles/custom/matrix-synapse/tasks/goofys/setup.yml
index 2f9eaa87..d8768d89 100644
--- a/roles/custom/matrix-synapse/tasks/goofys/setup.yml
+++ b/roles/custom/matrix-synapse/tasks/goofys/setup.yml
@@ -1,7 +1,11 @@
 ---
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
-  when: matrix_s3_media_store_enabled | bool
+- block:
+    - when: matrix_s3_media_store_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
-  when: "not matrix_s3_media_store_enabled | bool"
+    - when: not matrix_s3_media_store_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 1e912216..208be500 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -20,11 +20,8 @@
     - when: matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-    - when: matrix_synapse_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
-
-    - when: not matrix_synapse_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+    # This handles both install and uninstal. It's quite messy and should be reworked.
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
   tags:
     - setup-all
     - setup-synapse

From 2e7b5c7b02bc1561fb613f04f0b0a086e1a851f6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 16:27:11 +0200
Subject: [PATCH 065/198] Untangle the setup import/include mess in
 matrix-synapse

---
 .../ext/{setup.yml => setup_install.yml}      | 18 -------
 .../tasks/ext/setup_uninstall.yml             | 52 +++++++++++++++++++
 .../matrix-synapse/tasks/goofys/setup.yml     | 11 ----
 .../tasks/inject_into_nginx_proxy.yml         |  2 +-
 roles/custom/matrix-synapse/tasks/main.yml    |  7 ++-
 .../{setup_synapse.yml => setup_install.yml}  | 33 ++++++++++--
 .../matrix-synapse/tasks/setup_uninstall.yml  | 27 ++++++++++
 .../{inject_into_nginx_proxy.yml => init.yml} |  0
 .../tasks/synapse/workers/setup.yml           | 21 --------
 9 files changed, 113 insertions(+), 58 deletions(-)
 rename roles/custom/matrix-synapse/tasks/ext/{setup.yml => setup_install.yml} (63%)
 create mode 100644 roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-synapse/tasks/goofys/setup.yml
 rename roles/custom/matrix-synapse/tasks/{setup_synapse.yml => setup_install.yml} (51%)
 create mode 100644 roles/custom/matrix-synapse/tasks/setup_uninstall.yml
 rename roles/custom/matrix-synapse/tasks/synapse/workers/{inject_into_nginx_proxy.yml => init.yml} (100%)
 delete mode 100644 roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml

diff --git a/roles/custom/matrix-synapse/tasks/ext/setup.yml b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
similarity index 63%
rename from roles/custom/matrix-synapse/tasks/ext/setup.yml
rename to roles/custom/matrix-synapse/tasks/ext/setup_install.yml
index eea2da37..a2413803 100644
--- a/roles/custom/matrix-synapse/tasks/ext/setup.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
@@ -4,9 +4,6 @@
 - block:
     - when: matrix_synapse_ext_encryption_disabler_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
-
-    - when: not matrix_synapse_ext_encryption_disabler_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -15,9 +12,6 @@
 - block:
     - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
-
-    - when: not matrix_synapse_ext_password_provider_rest_auth_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -26,9 +20,6 @@
 - block:
     - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
-
-    - when: not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -45,9 +36,6 @@
 - block:
     - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
-
-    - when: not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -56,9 +44,6 @@
 - block:
     - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
-
-    - when: not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
@@ -70,9 +55,6 @@
 
     - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
-
-    - when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml
new file mode 100644
index 00000000..cca6c1b8
--- /dev/null
+++ b/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml
@@ -0,0 +1,52 @@
+---
+
+# encryption-disabler
+- block:
+    - when: not matrix_synapse_ext_encryption_disabler_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# rest-auth
+- block:
+    - when: not matrix_synapse_ext_password_provider_rest_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# shared-secret-auth
+- block:
+    - when: not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# ldap-auth has no uninstall tasks
+
+
+# synapse-simple-antispam
+- block:
+    - when: not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# mjolnir-antispam
+- block:
+    - when: not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+# s3-storage-provider
+- block:
+    - when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup.yml b/roles/custom/matrix-synapse/tasks/goofys/setup.yml
deleted file mode 100644
index d8768d89..00000000
--- a/roles/custom/matrix-synapse/tasks/goofys/setup.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- block:
-    - when: matrix_s3_media_store_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
-
-    - when: not matrix_s3_media_store_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
-  tags:
-    - setup-all
-    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
index f3ce0bf8..0b1273c1 100644
--- a/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
@@ -2,7 +2,7 @@
 
 # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
 # we'll generate it dynamically.
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/inject_into_nginx_proxy.yml"
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
   when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0"
 
 - name: Ensure workers are injected into various places
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 208be500..a133f650 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -20,8 +20,11 @@
     - when: matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
-    # This handles both install and uninstal. It's quite messy and should be reworked.
-    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
+    - when: matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+    - when: not matrix_synapse_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/setup_synapse.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml
similarity index 51%
rename from roles/custom/matrix-synapse/tasks/setup_synapse.yml
rename to roles/custom/matrix-synapse/tasks/setup_install.yml
index 13a5819e..3d56177c 100644
--- a/roles/custom/matrix-synapse/tasks/setup_synapse.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -16,12 +16,35 @@
     # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
     # because if it's using Goofys and it's already mounted (from before),
     # trying to chown/chmod it here will cause trouble.
-  when: "(matrix_synapse_enabled | bool or matrix_s3_media_store_enabled | bool) and item.when"
+  when: item.when | bool
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/setup.yml"
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml"
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/setup.yml"
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup.yml"
+- block:
+    - when: matrix_synapse_workers_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse
 
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup.yml"
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+- block:
+    - when: matrix_s3_media_store_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
+
+    - when: not matrix_s3_media_store_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..72b64c87
--- /dev/null
+++ b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml
@@ -0,0 +1,27 @@
+---
+
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+- block:
+    - when: not matrix_synapse_workers_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+
+- block:
+    - when: not matrix_s3_media_store_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-synapse
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml
similarity index 100%
rename from roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml
rename to roles/custom/matrix-synapse/tasks/synapse/workers/init.yml
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml
deleted file mode 100644
index 1458cc0a..00000000
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-
-# A previous version of the worker setup used this.
-# This is a temporary cleanup for people who ran that version.
-- name: Ensure old matrix-synapse.service.wants directory is gone
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service.wants"
-    state: absent
-
-# Same. This was part of a previous version of the worker setup.
-# No longer necessary.
-- name: Ensure matrix-synapse-worker-write-pid script is removed
-  ansible.builtin.file:
-    path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid"
-    state: absent
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
-  when: "matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool"
-
-- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml"
-  when: "not matrix_synapse_workers_enabled | bool"

From c37cf424277f31dba3e01907f9f3fb68f8ee0fe1 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 17:06:31 +0200
Subject: [PATCH 066/198] Do not delete and re-create Synapse worker configs
 needlessly

We had checks to avoid stopping/deleting systemd services for workers
that used to exist and will continue to exist, but we were deleting
config files for workers each time.. Only to recreate them again later.

This lead to:

- too many misleading "changed" tasks
- too much unnecessary work
- potential failures during playbook execution possibly leaving the
  system in a bad state (no worker config files)
---
 .../tasks/synapse/workers/setup_install.yml              | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
index 0f2105ed..d6c50397 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
@@ -7,12 +7,16 @@
     use_regex: true
   register: matrix_synapse_workers_current_config_files
 
+- set_fact:
+    matrix_synapse_enabled_worker_names: "{{ matrix_synapse_workers_enabled_list | map(attribute='name') }}"
+
 # This also deletes some things which we need. They will be recreated below.
-- name: Ensure previous worker configs are cleaned
+- name: Ensure unnecessary worker configs are cleaned
   ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
   with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
+  when: "not ansible_check_mode and (item.path | basename | replace ('worker.', '') | replace('.yaml', '')) not in matrix_synapse_enabled_worker_names"
 
 - name: Determine current worker systemd services
   ansible.builtin.find:
@@ -27,13 +31,14 @@
     state: stopped
     enabled: false
   with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
-  when: "not ansible_check_mode and item.path | basename not in devture_systemd_service_manager_services_list | map(attribute='name')"
+  when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names"
 
 - name: Ensure unnecessary worker systemd services are cleaned
   ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
   with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
+  when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names"
 
 - name: Ensure creation of worker systemd service files and configuration files
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml"

From 663a17ea10ad6b8a7e7c91131b5a8f1376a50653 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 17:39:34 +0200
Subject: [PATCH 067/198] Fix ansible-lint-reported errors

---
 roles/custom/matrix-bot-go-neb/tasks/main.yml                  | 3 ---
 .../matrix-synapse/tasks/synapse/workers/setup_install.yml     | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/roles/custom/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml
index 1955eee8..7c8f2455 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml
@@ -12,6 +12,3 @@
   tags:
     - setup-all
     - setup-bot-go-neb
-
-
-
diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
index d6c50397..85ddf3b9 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml
@@ -7,7 +7,7 @@
     use_regex: true
   register: matrix_synapse_workers_current_config_files
 
-- set_fact:
+- ansible.builtin.set_fact:
     matrix_synapse_enabled_worker_names: "{{ matrix_synapse_workers_enabled_list | map(attribute='name') }}"
 
 # This also deletes some things which we need. They will be recreated below.

From 9c0cf5481ab6961ef9c2377fee374188bb5528a3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 24 Nov 2022 18:42:01 +0200
Subject: [PATCH 068/198] Try to be more helpful when
 matrix_homeserver_generic_secret_key appears to be undefined

---
 roles/custom/matrix-base/tasks/validate_config.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml
index 3a3a5639..b3c7fb18 100644
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -25,6 +25,8 @@
       The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
 
       If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
+      If you think you've defined it, but are still getting this error, then it's likely that you have a typo
+      in your domain name in `inventory/hosts` or in one of the directories leading up to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
 
       If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
       `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`

From 140acfcc5f368d0e4341961076955592e0aafec0 Mon Sep 17 00:00:00 2001
From: Karmanyaah Malhotra <karmanyaah.gh@malhotra.cc>
Date: Thu, 24 Nov 2022 14:12:43 -0500
Subject: [PATCH 069/198] Exempt Matrix server from ntfy rate limit (#2135)

* Exempt Matrix server from ntfy rate limit

Add the matrix fqdn and localhost to ntfy's exemption list.
Also allow all ntfy rate limits to be configured through Ansible
variables.

* Fix names and formatting

* fixes

* tabs not spaces

* Lint

* Use raw tags instead of bracket soup
---
 roles/custom/matrix-ntfy/defaults/main.yml                | 8 ++++++++
 roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2     | 7 +++++++
 .../matrix-ntfy/templates/systemd/matrix-ntfy.service.j2  | 5 +++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml
index 66d9a19c..981eba36 100644
--- a/roles/custom/matrix-ntfy/defaults/main.yml
+++ b/roles/custom/matrix-ntfy/defaults/main.yml
@@ -14,6 +14,14 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat
 # Public facing base URL of the ntfy service
 matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}"
 
+# Rate limits
+
+matrix_ntfy_global_topic_limit: 15000  # default
+matrix_ntfy_visitor_subscription_limit: 30  # default
+matrix_ntfy_visitor_request_limit_burst: 60  # default
+matrix_ntfy_visitor_request_limit_replenish: "5s"  # default
+
+
 # Controls whether the container exposes its HTTP port (tcp/80 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2586"), or empty string to not expose.
diff --git a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2
index 096991a7..9815fd6b 100644
--- a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2
+++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2
@@ -2,3 +2,10 @@ base_url: {{ matrix_ntfy_base_url }}
 behind_proxy: true
 cache_file: /data/cache.db
 listen-http: :8080
+
+# Rate Limits
+global-topic-limit: {{ matrix_ntfy_global_topic_limit | to_json }}
+visitor-subscription-limit: {{ matrix_ntfy_visitor_subscription_limit | to_json }}
+
+visitor-request-limit-burst: {{ matrix_ntfy_visitor_request_limit_burst | to_json }}
+visitor-request-limit-replenish: "{{ matrix_ntfy_visitor_request_limit_replenish }}"
diff --git a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
index a10cb584..5c2feac0 100644
--- a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
+++ b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
@@ -11,11 +11,12 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
 
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \
+ExecStart={{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
+			--env NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS={{matrix_server_fqn_matrix}},localhost,$(docker network inspect {{matrix_docker_network}} -f "{% raw %}{{ (index .IPAM.Config 0).Subnet }}{% endraw %}") \
 			{% for arg in matrix_ntfy_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
@@ -26,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \
 			--mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \
 			{{ matrix_ntfy_docker_image }} \
-			serve
+			serve'
 
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'

From b59981f03cb397489507723aeca14855c6bb505a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 06:17:02 +0200
Subject: [PATCH 070/198] Remove incorrectly places task

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2297
---
 roles/custom/matrix-dynamic-dns/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/custom/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml
index 6f5a35a5..8f795650 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/main.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/main.yml
@@ -1,12 +1,5 @@
 ---
 
-- block:
-    - when: matrix_appservice_slack_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
-  tags:
-    - setup-all
-    - setup-nginx-proxy
-
 - block:
     - when: matrix_dynamic_dns_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

From 42f3c3cbf635672c812bbd01a2c7279ac3aef745 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 10:22:25 +0200
Subject: [PATCH 071/198] Improve command for connecting to additional
 container networks

---
 .../matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2      | 2 +-
 .../templates/systemd/matrix-nginx-proxy.service.j2             | 2 +-
 .../systemd/matrix-synapse-reverse-proxy-companion.service.j2   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
index b9c0839e..19bd5720 100644
--- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
+++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
@@ -39,7 +39,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_ma1sd_docker_image }}
 
 {% for network in matrix_ma1sd_container_additional_networks %}
-ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-ma1sd 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd'
+ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-ma1sd; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
 {% endfor %}
 
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
index a930d3b1..0a7e9052 100755
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -48,7 +48,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{{ matrix_nginx_proxy_docker_image }}
 
 {% for network in matrix_nginx_proxy_container_additional_networks %}
-ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy'
+ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-nginx-proxy; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
 {% endfor %}
 
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true'
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
index 21bebb4f..2b548ef8 100755
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
@@ -39,7 +39,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
 			{{ matrix_synapse_reverse_proxy_companion_container_image }}
 
 {% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %}
-ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-synapse-reverse-proxy-companion 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-reverse-proxy-companion'
+ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-synapse-reverse-proxy-companion; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
 {% endfor %}
 
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'

From 34c01da9d2c7ac2d057506f68b221aab72dec746 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 11:41:16 +0200
Subject: [PATCH 072/198] Ensure consistent password_hash results regardless of
 whether crypt or passlib is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
---
 group_vars/matrix_servers | 190 +++++++++++++++++++-------------------
 1 file changed, 95 insertions(+), 95 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index b53ad0e8..dd0c730c 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -422,14 +422,14 @@ matrix_appservice_discord_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}"
+matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"
 
-matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}"
+matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"
 
 # We only make this use Postgres if our own Postgres server is enabled.
 # It's only then (for now) that we can automatically create the necessary database and user for this service.
 matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}"
+matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -454,12 +454,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture !
 # matrix-appservice-webhooks' client-server port to the local host.
 matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}"
 
-matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
+matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
-matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
+matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
+matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_webhooks_systemd_required_services_list: |
   {{
@@ -493,12 +493,12 @@ matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not
 # matrix-appservice-slack's client-server port to the local host.
 matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}"
 
-matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
+matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
-matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
+matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
+matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_slack_systemd_required_services_list: |
   {{
@@ -511,7 +511,7 @@ matrix_appservice_slack_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
-matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}"
+matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -548,12 +548,12 @@ matrix_appservice_irc_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}"
+matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"
 
-matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
+matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
-matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}"
+matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
 
 
 ######################################################################
@@ -584,14 +584,14 @@ matrix_appservice_kakaotalk_systemd_required_services_list: |
     (['matrix-postgres.service'] if matrix_postgres_enabled else [])
   }}
 
-matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
+matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
 
-matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
+matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
 
 matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
+matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -622,15 +622,15 @@ matrix_beeper_linkedin_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}"
+matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"
 
-matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}"
+matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
 
-matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}"
+matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -660,15 +660,15 @@ matrix_go_skype_bridge_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
+matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
 
-matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
+matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
+matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -698,11 +698,11 @@ matrix_mautrix_facebook_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}"
+matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
+matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}"
+matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}"
 
@@ -713,7 +713,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}"
+matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -744,9 +744,9 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}"
+matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
+matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
 
@@ -754,7 +754,7 @@ matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_pro
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}"
+matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -785,9 +785,9 @@ matrix_mautrix_googlechat_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}"
+matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}"
+matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
 
@@ -795,7 +795,7 @@ matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_p
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}"
+matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -826,9 +826,9 @@ matrix_mautrix_instagram_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}"
+matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}"
+matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
@@ -837,7 +837,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}"
+matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -872,14 +872,14 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
 
 matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
 
-matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}"
+matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}"
+matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_mautrix_signal_database_engine: 'postgres'
-matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
+matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -915,11 +915,11 @@ matrix_mautrix_telegram_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
+matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
+matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}"
+matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}"
 
@@ -927,7 +927,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}"
+matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -957,14 +957,14 @@ matrix_mautrix_twitter_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}"
+matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
+matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
-matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
+matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if matrix_postgres_enabled else '' }}"
 
 ######################################################################
 #
@@ -994,15 +994,15 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}"
+matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
+matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}"
+matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1032,15 +1032,15 @@ matrix_mautrix_discord_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}"
+matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}"
+matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
+matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
 
 # Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
 # This will be fixed in the upcoming `0.5.0` release of conduit.
@@ -1070,10 +1070,10 @@ matrix_sms_bridge_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}"
+matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"
 
 matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
-matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
+matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1090,9 +1090,9 @@ matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_
 # We don't enable bridges by default.
 matrix_heisenbridge_enabled: false
 
-matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}"
+matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}"
+matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_heisenbridge_systemd_wanted_services_list: |
   {{
@@ -1118,9 +1118,9 @@ matrix_hookshot_enabled: false
 
 matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
-matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
+matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
+matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_hookshot_systemd_wanted_services_list: |
   {{
@@ -1180,15 +1180,15 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
+matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
+matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}"
+matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1218,9 +1218,9 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
+matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
+matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
@@ -1228,7 +1228,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}"
+matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1259,15 +1259,15 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
+matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
+matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}"
+matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1297,15 +1297,15 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
+matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
+matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
+matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1335,15 +1335,15 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
+matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
+matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}"
+matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1373,15 +1373,15 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
+matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"
 
-matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}"
+matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"
 
 matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}"
+matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1411,7 +1411,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}"
+matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
 ######################################################################
@@ -1482,7 +1482,7 @@ matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_pr
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
+matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1513,7 +1513,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}"
+matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
 ######################################################################
@@ -1544,7 +1544,7 @@ matrix_bot_buscarron_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}"
+matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
 ######################################################################
@@ -1576,7 +1576,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}"
+matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
 
 matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
@@ -1692,8 +1692,8 @@ matrix_backup_borg_systemd_required_services_list: |
 matrix_cactus_comments_enabled: false
 
 # Derive secret values from homeserver secret
-matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}"
-matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}"
+matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
+matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
 matrix_cactus_comments_systemd_required_services_list: |
@@ -1763,7 +1763,7 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64
 
 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
 
-matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}"
+matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}"
 
 matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}"
 matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem"
@@ -1815,7 +1815,7 @@ matrix_dimension_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}"
+matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1842,7 +1842,7 @@ matrix_etherpad_systemd_required_services_list: |
     (['matrix-postgres.service'] if matrix_postgres_enabled else [])
   }}
 
-matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}"
+matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -1897,9 +1897,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro
 
 matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}"
 
-matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}"
-matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}"
-matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}"
+matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
+matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
+matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
 
 matrix_jitsi_web_stun_servers: |
   {{
@@ -2019,7 +2019,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}"
+matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -2638,9 +2638,9 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat
 # For exposing the Synapse worker (and metrics) ports to the local host.
 matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
 
-matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}"
+matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
 
-matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac') | to_uuid }}"
+matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
 
 # We do not enable TLS in Synapse by default.
 # TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.
@@ -2820,7 +2820,7 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url |
 ######################################################################
 
 matrix_prometheus_postgres_exporter_enabled: false
-matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}"
+matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
 
 matrix_prometheus_postgres_exporter_systemd_required_services_list: |
   {{
@@ -2918,7 +2918,7 @@ matrix_registration_systemd_required_services_list: |
 
 # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
 matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}"
+matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
@@ -2975,9 +2975,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_
 
 matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
 
-matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
+matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
 
-matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}"
+matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
 
 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.

From 61f67d8f0a8117b8dc0071b643876702443d4173 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 16:02:51 +0200
Subject: [PATCH 073/198] Add install-* tags for quicker runs

---
 roles/custom/matrix-aux/tasks/main.yml        |  2 ++
 .../custom/matrix-backup-borg/tasks/main.yml  |  6 ++++
 roles/custom/matrix-base/tasks/main.yml       |  9 ++++++
 .../matrix-bot-buscarron/tasks/main.yml       |  6 ++++
 roles/custom/matrix-bot-go-neb/tasks/main.yml |  6 ++++
 .../custom/matrix-bot-honoroit/tasks/main.yml |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 roles/custom/matrix-bot-maubot/tasks/main.yml |  9 +++++-
 .../custom/matrix-bot-mjolnir/tasks/main.yml  |  6 ++++
 .../matrix-bot-postmoogle/tasks/main.yml      |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  7 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  7 +++++
 .../matrix-bridge-heisenbridge/tasks/main.yml |  6 ++++
 .../matrix-bridge-hookshot/tasks/main.yml     |  8 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  6 ++++
 .../tasks/main.yml                            |  8 +++++
 roles/custom/matrix-bridge-sms/tasks/main.yml |  6 ++++
 .../matrix-cactus-comments/tasks/main.yml     |  8 +++++
 .../custom/matrix-client-cinny/tasks/main.yml |  6 ++++
 .../matrix-client-element/tasks/main.yml      |  6 ++++
 .../matrix-client-hydrogen/tasks/main.yml     |  6 ++++
 roles/custom/matrix-conduit/tasks/main.yml    |  6 ++++
 roles/custom/matrix-corporal/tasks/main.yml   |  6 ++++
 roles/custom/matrix-coturn/tasks/main.yml     |  6 ++++
 roles/custom/matrix-dendrite/tasks/main.yml   |  6 ++++
 roles/custom/matrix-dimension/tasks/main.yml  |  6 ++++
 .../custom/matrix-dynamic-dns/tasks/main.yml  |  6 ++++
 .../custom/matrix-email2matrix/tasks/main.yml |  6 ++++
 roles/custom/matrix-etherpad/tasks/main.yml   |  8 +++++
 roles/custom/matrix-grafana/tasks/main.yml    |  6 ++++
 roles/custom/matrix-jitsi/tasks/main.yml      | 30 +++++++++++++++----
 .../tasks/main.yml                            |  8 +++++
 roles/custom/matrix-ma1sd/tasks/main.yml      |  6 ++++
 roles/custom/matrix-mailer/tasks/main.yml     |  6 ++++
 .../custom/matrix-nginx-proxy/tasks/main.yml  |  7 +++++
 roles/custom/matrix-ntfy/tasks/main.yml       |  6 ++++
 .../matrix-postgres-backup/tasks/main.yml     |  6 ++++
 roles/custom/matrix-postgres/tasks/main.yml   |  2 ++
 .../tasks/main.yml                            |  8 +++++
 .../tasks/main.yml                            |  8 +++++
 roles/custom/matrix-prometheus/tasks/main.yml |  6 ++++
 roles/custom/matrix-redis/tasks/main.yml      |  6 ++++
 .../custom/matrix-registration/tasks/main.yml |  8 +++++
 roles/custom/matrix-sygnal/tasks/main.yml     |  6 ++++
 .../matrix-synapse-admin/tasks/main.yml       |  8 +++++
 .../tasks/main.yml                            |  8 +++++
 roles/custom/matrix-synapse/tasks/main.yml    |  6 ++++
 .../matrix_playbook_migration/tasks/main.yml  |  1 +
 67 files changed, 449 insertions(+), 7 deletions(-)

diff --git a/roles/custom/matrix-aux/tasks/main.yml b/roles/custom/matrix-aux/tasks/main.yml
index 63ef998a..57db0965 100644
--- a/roles/custom/matrix-aux/tasks/main.yml
+++ b/roles/custom/matrix-aux/tasks/main.yml
@@ -5,3 +5,5 @@
   tags:
     - setup-all
     - setup-aux-files
+    - install-all
+    - install-aux-files
diff --git a/roles/custom/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml
index 0c8a9b7e..88d120c0 100644
--- a/roles/custom/matrix-backup-borg/tasks/main.yml
+++ b/roles/custom/matrix-backup-borg/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
       when: "run_setup | bool and matrix_backup_borg_enabled | bool"
+  tags:
+    - setup-all
+    - setup-backup-borg
+    - install-all
+    - install-backup-borg
 
+- block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
       when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml
index 7eeb2cdc..c67e2090 100644
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@@ -4,6 +4,7 @@
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
   tags:
     - setup-all
+    - install-all
 
 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
@@ -18,6 +19,7 @@
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
   tags:
     - setup-all
+    - install-all
     - common
 
 - block:
@@ -27,4 +29,11 @@
     - setup-ma1sd
     - setup-synapse
     - setup-dendrite
+    - setup-conduit
     - setup-nginx-proxy
+    - install-all
+    - install-ma1sd
+    - install-synapse
+    - install-dendrite
+    - install-conduit
+    - install-nginx-proxy
diff --git a/roles/custom/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml
index b1257954..b4a58e91 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/main.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
       when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
+  tags:
+    - setup-all
+    - setup-bot-buscarron
+    - install-all
+    - install-bot-buscarron
 
+- block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
       when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml
index 7c8f2455..126f6ae0 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
       when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
+  tags:
+    - setup-all
+    - setup-bot-go-neb
+    - install-all
+    - install-bot-go-neb
 
+- block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
       when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml
index fde2b6e3..d4dcbce4 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/main.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
       when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit
+    - install-all
+    - install-bot-honoroit
 
+- block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
       when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
   tags:
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
index d0c7a157..90ee56cc 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_bot_matrix_registration_bot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-bot-matrix-registration-bot
+    - install-all
+    - install-bot-matrix-registration-bot
 
+- block:
     - when: not matrix_bot_matrix_registration_bot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
index 091b0cc1..22c014de 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_bot_matrix_reminder_bot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-bot-matrix-reminder-bot
+    - install-all
+    - install-bot-matrix-reminder-bot
 
+- block:
     - when: not matrix_bot_matrix_reminder_bot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml
index 917fea77..95fad19e 100644
--- a/roles/custom/matrix-bot-maubot/tasks/main.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/main.yml
@@ -6,7 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
-
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_bot_maubot_enabled | bool
@@ -14,7 +15,13 @@
 
     - when: matrix_bot_maubot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-bot-maubot
+    - install-all
+    - install-bot-maubot
 
+- block:
     - when: not matrix_bot_maubot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
index 25e9d74d..def5c9f0 100644
--- a/roles/custom/matrix-bot-mjolnir/tasks/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_bot_mjolnir_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-bot-mjolnir
+    - install-all
+    - install-bot-mjolnir
 
+- block:
     - when: not matrix_bot_mjolnir_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
index 62623c4d..a6bc76a3 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_bot_postmoogle_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-bot-postmoogle
+    - install-all
+    - install-bot-postmoogle
 
+- block:
     - when: not matrix_bot_postmoogle_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
index 6627d610..926fe367 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_appservice_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-appservice-discord
+    - install-all
+    - install-appservice-discord
 
+- block:
     - when: not matrix_appservice_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
index b994ddb0..3f84171e 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
@@ -6,9 +6,16 @@
 
     - when: matrix_appservice_irc_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-appservice-irc
+    - install-all
+    - install-appservice-irc
 
+- block:
     - when: not matrix_appservice_irc_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-appservice-irc
+
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
index be24d778..14a30e65 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_appservice_kakaotalk_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-appservice-kakaotalk
+    - install-all
+    - install-appservice-kakaotalk
 
+- block:
     - when: not matrix_appservice_kakaotalk_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
index 277e4177..41e2679e 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_appservice_slack_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_appservice_slack_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-appservice-slack
+    - install-all
+    - install-appservice-slack
 
+- block:
     - when: not matrix_appservice_slack_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
index 97793d88..ae36cf70 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_appservice_webhooks_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_appservice_webhooks_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-appservice-webhooks
+    - install-all
+    - install-appservice-webhooks
 
+- block:
     - when: not matrix_appservice_webhooks_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
index 57dcc2a3..50228042 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_beeper_linkedin_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin
+    - install-all
+    - install-beeper-linkedin
 
+- block:
     - when: not matrix_beeper_linkedin_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
index cc41f4bd..fa9fd87e 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
@@ -6,9 +6,16 @@
 
     - when: matrix_go_skype_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-go-skype-bridge
+    - install-all
+    - install-go-skype-bridge
 
+- block:
     - when: not matrix_go_skype_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
     - setup-all
     - setup-go-skype-bridge
+
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
index 38b891cf..0d8354cf 100644
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
@@ -3,7 +3,13 @@
 - block:
     - when: matrix_heisenbridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-heisenbridge
+    - install-all
+    - install-heisenbridge
 
+- block:
     - when: not matrix_heisenbridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
index 505b86ed..c7ffc304 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_hookshot_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_hookshot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-hookshot
+    - install-all
+    - install-hookshot
 
+- block:
     - when: not matrix_hookshot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
index 5c38db0a..cc90f2fa 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mautrix_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-discord
+    - install-all
+    - install-mautrix-discord
 
+- block:
     - when: not matrix_mautrix_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
index 9e17b87b..fa7cec7d 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mautrix_facebook_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mautrix_facebook_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook
+    - install-all
+    - install-mautrix-facebook
 
+- block:
     - when: not matrix_mautrix_facebook_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
index 9bdc3061..917ba7a9 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mautrix_googlechat_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mautrix_googlechat_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-googlechat
+    - install-all
+    - install-mautrix-googlechat
 
+- block:
     - when: not matrix_mautrix_googlechat_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
index cce77221..e9d8048c 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mautrix_hangouts_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mautrix_hangouts_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-hangouts
+    - install-all
+    - install-mautrix-hangouts
 
+- block:
     - when: not matrix_mautrix_hangouts_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
index f559c69d..2bd0417e 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mautrix_instagram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-instagram
+    - install-all
+    - install-mautrix-instagram
 
+- block:
     - when: not matrix_mautrix_instagram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
index a4cd677b..0c0a1239 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mautrix_signal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-signal
+    - install-all
+    - install-mautrix-signal
 
+- block:
     - when: not matrix_mautrix_signal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
index a62efb7a..3c8e6d04 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mautrix_telegram_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mautrix_telegram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram
+    - install-all
+    - install-mautrix-telegram
 
+- block:
     - when: not matrix_mautrix_telegram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
index aee0daf7..f8dbc28b 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mautrix_twitter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-twitter
+    - install-all
+    - install-mautrix-twitter
 
+- block:
     - when: not matrix_mautrix_twitter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
index 4d234250..fdb65431 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mautrix_whatsapp_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mautrix-whatsapp
+    - install-all
+    - install-mautrix-whatsapp
 
+- block:
     - when: not matrix_mautrix_whatsapp_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
index a77f2265..c1403dfa 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mx_puppet_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-discord
+    - install-all
+    - install-mx-puppet-discord
 
+- block:
     - when: not matrix_mx_puppet_discord_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
index 6f2a0387..ab5b0d44 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mx_puppet_groupme_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-groupme
+    - install-all
+    - install-mx-puppet-groupme
 
+- block:
     - when: not matrix_mx_puppet_groupme_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
index 620b0da5..3cf02773 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mx_puppet_instagram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-instagram
+    - install-all
+    - install-mx-puppet-instagram
 
+- block:
     - when: not matrix_mx_puppet_instagram_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
index 2fe8ea42..3d6e722b 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mx_puppet_slack_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mx_puppet_slack_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-slack
+    - install-all
+    - install-mx-puppet-slack
 
+- block:
     - when: not matrix_mx_puppet_slack_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
index a6cab2b0..6eacc6fc 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_mx_puppet_steam_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-steam
+    - install-all
+    - install-mx-puppet-steam
 
+- block:
     - when: not matrix_mx_puppet_steam_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
index 3e1fe73c..85c06f04 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_mx_puppet_twitter_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_mx_puppet_twitter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mx-puppet-twitter
+    - install-all
+    - install-mx-puppet-twitter
 
+- block:
     - when: not matrix_mx_puppet_twitter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml
index a802054c..f9bd502c 100644
--- a/roles/custom/matrix-bridge-sms/tasks/main.yml
+++ b/roles/custom/matrix-bridge-sms/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_sms_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-matrix-sms-bridge
+    - install-all
+    - install-matrix-sms-bridge
 
+- block:
     - when: not matrix_sms_bridge_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml
index dab5a120..c6108e91 100644
--- a/roles/custom/matrix-cactus-comments/tasks/main.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_cactus_comments_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_cactus_comments_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-cactus-comments
+    - install-all
+    - install-cactus-comments
 
+- block:
     - when: not matrix_cactus_comments_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml
index c67116e6..1e6d4759 100644
--- a/roles/custom/matrix-client-cinny/tasks/main.yml
+++ b/roles/custom/matrix-client-cinny/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_client_cinny_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-client-cinny
+    - install-all
+    - install-client-cinny
 
+- block:
     - when: not matrix_client_cinny_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml
index b75a3d5d..89e50ba7 100644
--- a/roles/custom/matrix-client-element/tasks/main.yml
+++ b/roles/custom/matrix-client-element/tasks/main.yml
@@ -9,7 +9,13 @@
 
     - when: matrix_client_element_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-client-element
+    - install-all
+    - install-client-element
 
+- block:
     - when: not matrix_client_element_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml
index 220a4d13..9bb8bc08 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/main.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_client_hydrogen_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-client-hydrogen
+    - install-all
+    - install-client-hydrogen
 
+- block:
     - when: not matrix_client_hydrogen_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml
index e731f21a..d733ac08 100644
--- a/roles/custom/matrix-conduit/tasks/main.yml
+++ b/roles/custom/matrix-conduit/tasks/main.yml
@@ -3,7 +3,13 @@
 - block:
     - when: matrix_conduit_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-conduit
+    - install-all
+    - install-conduit
 
+- block:
     - when: not matrix_conduit_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml
index 3f18ed0c..c4c7b7fc 100644
--- a/roles/custom/matrix-corporal/tasks/main.yml
+++ b/roles/custom/matrix-corporal/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_corporal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-corporal
+    - install-all
+    - install-corporal
 
+- block:
     - when: not matrix_corporal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml
index 393ed691..45ce9fd9 100644
--- a/roles/custom/matrix-coturn/tasks/main.yml
+++ b/roles/custom/matrix-coturn/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_coturn_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-coturn
+    - install-all
+    - install-coturn
 
+- block:
     - when: not matrix_coturn_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml
index b59d3cad..0e88ec51 100644
--- a/roles/custom/matrix-dendrite/tasks/main.yml
+++ b/roles/custom/matrix-dendrite/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_dendrite_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-dendrite
+    - install-all
+    - install-dendrite
 
+- block:
     - when: not matrix_dendrite_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml
index 5d6f5443..efd0f8d4 100644
--- a/roles/custom/matrix-dimension/tasks/main.yml
+++ b/roles/custom/matrix-dimension/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_dimension_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-dimension
+    - install-all
+    - install-dimension
 
+- block:
     - when: not matrix_dimension_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml
index 8f795650..ae7503b7 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/main.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_dynamic_dns_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-dynamic-dns
+    - install-all
+    - install-dynamic-dns
 
+- block:
     - when: not matrix_dynamic_dns_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml
index c3e21d94..8fac77ce 100644
--- a/roles/custom/matrix-email2matrix/tasks/main.yml
+++ b/roles/custom/matrix-email2matrix/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_email2matrix_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-email2matrix
+    - install-all
+    - install-email2matrix
 
+- block:
     - when: not matrix_email2matrix_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml
index 46a04a48..eaafd98a 100644
--- a/roles/custom/matrix-etherpad/tasks/main.yml
+++ b/roles/custom/matrix-etherpad/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_etherpad_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_etherpad_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-etherpad
+    - install-all
+    - install-etherpad
 
+- block:
     - when: not matrix_etherpad_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml
index fc1f3dc6..263d894f 100644
--- a/roles/custom/matrix-grafana/tasks/main.yml
+++ b/roles/custom/matrix-grafana/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_grafana_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-grafana
+    - install-all
+    - install-grafana
 
+- block:
     - when: not matrix_grafana_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml
index 8a2b9e43..d7dc6623 100644
--- a/roles/custom/matrix-jitsi/tasks/main.yml
+++ b/roles/custom/matrix-jitsi/tasks/main.yml
@@ -5,6 +5,7 @@
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
   tags:
     - setup-additional-jitsi-jvb
+    - install-additional-jitsi-jvb
 
 - block:
     - when: matrix_jitsi_enabled | bool
@@ -16,22 +17,31 @@
     - setup-all
     - setup-jitsi
     - setup-additional-jitsi-jvb
+    - install-all
+    - install-jitsi
+    - install-additional-jitsi-jvb
 
 - block:
     - when: matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_install.yml"
 
-    - when: not matrix_jitsi_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml"
-
     - when: matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_install.yml"
 
-    - when: not matrix_jitsi_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml"
-
     - when: matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_install.yml"
+  tags:
+    - setup-all
+    - setup-jitsi
+    - install-all
+    - install-jitsi
+
+- block:
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml"
+
+    - when: not matrix_jitsi_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml"
 
     - when: not matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_uninstall.yml"
@@ -42,7 +52,15 @@
 - block:
     - when: matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_install.yml"
+  tags:
+    - setup-all
+    - setup-jitsi
+    - setup-additional-jitsi-jvb
+    - install-all
+    - install-jitsi
+    - install-additional-jitsi-jvb
 
+- block:
     - when: not matrix_jitsi_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
index 758bea97..9309113f 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_ldap_registration_proxy_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_ldap_registration_proxy_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-matrix-ldap-registration-proxy
+    - install-all
+    - install-matrix-ldap-registration-proxy
 
+- block:
     - when: not matrix_ldap_registration_proxy_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml
index c1208f74..a65cf371 100644
--- a/roles/custom/matrix-ma1sd/tasks/main.yml
+++ b/roles/custom/matrix-ma1sd/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_ma1sd_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-ma1sd
+    - install-all
+    - install-ma1sd
 
+- block:
     - when: not matrix_ma1sd_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml
index 2c2a0367..b269f63e 100644
--- a/roles/custom/matrix-mailer/tasks/main.yml
+++ b/roles/custom/matrix-mailer/tasks/main.yml
@@ -3,7 +3,13 @@
 - block:
     - when: matrix_mailer_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-mailer
+    - install-all
+    - install-mailer
 
+- block:
     - when: not matrix_mailer_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml
index 7ead4970..39cec7e5 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/main.yml
@@ -8,6 +8,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/main.yml"
   when: run_setup | bool
@@ -15,12 +17,17 @@
     - setup-all
     - setup-nginx-proxy
     - setup-ssl
+    - install-all
+    - install-nginx-proxy
+    - install-ssl
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml"
   when: run_setup | bool
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
diff --git a/roles/custom/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml
index 1c2c266e..85d80841 100644
--- a/roles/custom/matrix-ntfy/tasks/main.yml
+++ b/roles/custom/matrix-ntfy/tasks/main.yml
@@ -3,7 +3,13 @@
 - block:
     - when: matrix_ntfy_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-ntfy
+    - install-all
+    - install-ntfy
 
+- block:
     - when: not matrix_ntfy_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml
index 1408f695..4db5c82e 100644
--- a/roles/custom/matrix-postgres-backup/tasks/main.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_postgres_backup_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-postgres-backup
+    - install-all
+    - install-postgres-backup
 
+- block:
     - when: not matrix_postgres_backup_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml
index c282b382..02f53b73 100644
--- a/roles/custom/matrix-postgres/tasks/main.yml
+++ b/roles/custom/matrix-postgres/tasks/main.yml
@@ -5,12 +5,14 @@
   tags:
     - setup-all
     - setup-postgres
+    - install-postgres
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres.yml"
   when: run_setup | bool
   tags:
     - setup-all
     - setup-postgres
+    - install-postgres
 
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_postgres.yml"
   when: run_postgres_import | bool
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
index c86cdad7..6a0cd830 100644
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
@@ -6,11 +6,19 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_prometheus_node_exporter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-node-exporter
+    - install-all
+    - install-prometheus-node-exporter
 
+- block:
     - when: not matrix_prometheus_node_exporter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
index 2e06fdd5..2cea0604 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
@@ -6,11 +6,19 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_prometheus_postgres_exporter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-postgres-exporter
+    - install-all
+    - install-prometheus-postgres-exporter
 
+- block:
     - when: not matrix_prometheus_postgres_exporter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml
index 737f656b..59371d4d 100644
--- a/roles/custom/matrix-prometheus/tasks/main.yml
+++ b/roles/custom/matrix-prometheus/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_prometheus_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-prometheus
+    - install-all
+    - install-prometheus
 
+- block:
     - when: not matrix_prometheus_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml
index da2f1dcb..29640005 100644
--- a/roles/custom/matrix-redis/tasks/main.yml
+++ b/roles/custom/matrix-redis/tasks/main.yml
@@ -3,7 +3,13 @@
 - block:
     - when: matrix_redis_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-redis
+    - install-all
+    - install-redis
 
+- block:
     - when: not matrix_redis_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml
index ee110182..bebcebc0 100644
--- a/roles/custom/matrix-registration/tasks/main.yml
+++ b/roles/custom/matrix-registration/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_registration_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_registration_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-matrix-registration
+    - install-all
+    - install-matrix-registration
 
+- block:
     - when: not matrix_registration_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml
index 14677488..ed801526 100644
--- a/roles/custom/matrix-sygnal/tasks/main.yml
+++ b/roles/custom/matrix-sygnal/tasks/main.yml
@@ -6,7 +6,13 @@
 
     - when: matrix_sygnal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-sygnal
+    - install-all
+    - install-sygnal
 
+- block:
     - when: not matrix_sygnal_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml
index 632ec783..0b1664cf 100644
--- a/roles/custom/matrix-synapse-admin/tasks/main.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/main.yml
@@ -6,6 +6,8 @@
   tags:
     - setup-all
     - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
 
 - block:
     - when: matrix_synapse_admin_enabled | bool
@@ -13,7 +15,13 @@
 
     - when: matrix_synapse_admin_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse-admin
+    - install-all
+    - install-synapse-admin
 
+- block:
     - when: not matrix_synapse_admin_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
index e07869d2..0dba0b9c 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml
@@ -3,7 +3,15 @@
 - block:
     - when: matrix_synapse_reverse_proxy_companion_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse-reverse-proxy-companion
+    - setup-synapse
+    - install-all
+    - install-synapse-reverse-proxy-companion
+    - install-synapse
 
+- block:
     - when: not matrix_synapse_reverse_proxy_companion_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index a133f650..bd048d73 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -22,7 +22,13 @@
 
     - when: matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-synapse
+    - install-all
+    - install-synapse
 
+- block:
     - when: not matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
   tags:
diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml
index caa42bfd..491fabcd 100644
--- a/roles/custom/matrix_playbook_migration/tasks/main.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -4,3 +4,4 @@
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
   tags:
     - setup-all
+    - install-all

From 8456657f212a75494949a95cf0f6ad9385c66312 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 16:15:19 +0200
Subject: [PATCH 074/198] Announce install-* tags

---
 CHANGELOG.md       | 23 +++++++++++++++++++++++
 docs/installing.md | 14 ++++++++++----
 2 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d32ec9e0..fb347c42 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,26 @@
+# 2022-11-25
+
+## 2x-5x performance improvements in playbook runtime
+
+**TLDR**: the playbook is 2x faster for running `--tags=setup-all` (and various other tags). It also has new `--tags=install-*` tags (like `--tags=install-all`), which skip uninstallation tasks and bring an additional 2.5x speedup. In total, the playbook can maintain your server 5 times faster.
+
+Our [etke.cc managed Matrix hosting service](https://etke.cc) runs maintenance against hundreds of servers, so the playbook being fast means a lot.
+The [etke.cc Ansible playbook](https://gitlab.com/etke.cc/ansible) (which is an extension of this one) is growing to support more and more services (besides just Matrix), so the Matrix playbook being leaner prevents runtimes from becoming too slow and improves the customer experience.
+
+Even when running `ansible-playbook` manually (as most of us here do), it's beneficial not to waste time and CPU resources.
+
+Recently, a few large optimizations have been done to this playbook and its external roles (see [The playbook now uses external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) and don't forget to run `make roles`):
+
+1. Replacing Ansible `import_tasks` calls with `include_tasks`, which decreased runtime in half. Using `import_tasks` is slower and causes Ansible to go through and skip way too many tasks (tasks which could have been skipped altogether by not having Ansible include them in the first place). On an experimental VM, **deployment time was decreased from ~530 seconds to ~250 seconds**.
+
+2. Introducing new `install-*` tags (`install-all` and `install-COMPONENT`, e.g. `install-synapse`, `install-bot-postmoogle`), which only run Ansible tasks pertaining to installation, while skipping uninstallation tasks. In most cases, people are maintaining the same setup or they're *adding* new components. Removing components is rare. Running thousands of uninstallation tasks each time is wasteful. On an experimental VM, **deployment time was decreased from ~250 seconds (`--tags=setup-all`) to ~100 seconds (`--tags=install-all`)**.
+
+You can still use `--tags=setup-all`. In fact, that's the best way to ensure your server is reconciled with the `vars.yml` configuration.
+
+If you know you haven't uninstalled any services since the last time you ran the playbook, you could run `--tags=install-all` instead and benefit from quicker runtimes.
+It should be noted that a service may become "eligible for uninstallation" even if your `vars.yml` file remains the same. In rare cases, we toggle services from being auto-installed to being optional, like we did on the 17th of March 2022 when we made [ma1sd not get installed by default](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#compatibility-break-ma1sd-identity-server-no-longer-installed-by-default). In such rare cases, you'd also need to run `--tags=setup-all`.
+
+
 # 2022-11-22
 
 # Automatic `matrix_architecture` determination
diff --git a/docs/installing.md b/docs/installing.md
index 53a86585..3bbc9a44 100644
--- a/docs/installing.md
+++ b/docs/installing.md
@@ -13,17 +13,21 @@ The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --
 
 Here are some playbook tags that you should be familiar with:
 
-- `setup-all` - runs all setup tasks for all components, but does not start/restart services
+- `setup-all` - runs all setup tasks (installation and uninstallation) for all components, but does not start/restart services
+
+- `install-all` - like `setup-all`, but skips uninstallation tasks. Useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove components, you'd need to run `setup-all` though, or these components will still remain installed
 
 - `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
 
+- `install-SERVICE` (e.g. `install-bot-postmoogle`) - like `setup-SERVICE`, but skips uninstallation tasks. See `install-all` above for additional information.
+
 - `start` - starts all systemd services and makes them start automatically in the future
 
 - `stop` - stops all systemd services
 
 - `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
 
-`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
+`setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
 
 
 ## 1. Installing Matrix
@@ -40,7 +44,7 @@ There 2 ways to start the installation process - depending on whether you're [In
 If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags:
 
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
+ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start
 ```
 
 This will do a full installation and start all Matrix services.
@@ -56,7 +60,7 @@ Starting its services or messing with its database now will affect your data imp
 To do the installation **without** starting services, run only the `setup-all` tag:
 
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
+ansible-playbook -i inventory/hosts setup.yml --tags=install-all
 ```
 
 When this command completes, services won't be running yet.
@@ -82,6 +86,8 @@ Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-t
 
 Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.
 
+Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction)
+
 
 ## 3. Finalize the installation
 

From a04f6f4e3d641f62bf63aa5b4915cdc21637e70c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 17:17:54 +0200
Subject: [PATCH 075/198] Optimize uninstall tasks a bit

- forego removing Docker images - it's not effective anyway, because it
  only removes the last version.. which is a drop in the bucket, usually

- do not reload systemd - it's none of our business. `--tags=start`,
  etc., handle this

- combine all uninstall tasks under a single block, which only runs if
  we detect traces (a leftover systemd .service file) of the component.
  If no such .service is detected, we skip them all. This may lead to
  incorect cleanup in rare cases, but is good enough for the most part.
---
 .../tasks/setup_uninstall.yml                 | 50 +++++----------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 11 +---
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 54 +++++++---------
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 27 ++++----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 29 ++++-----
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../matrix-conduit/tasks/setup_uninstall.yml  | 33 ++++------
 .../matrix-corporal/tasks/setup_uninstall.yml | 24 +++----
 .../matrix-coturn/tasks/setup_uninstall.yml   | 63 ++++++++-----------
 .../matrix-dendrite/tasks/setup_uninstall.yml |  6 --
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../tasks/setup_uninstall.yml                 | 32 ++++------
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../matrix-etherpad/tasks/setup_uninstall.yml | 43 +++++--------
 .../matrix-grafana/tasks/setup_uninstall.yml  |  1 -
 .../tasks/setup_jitsi_jicofo_uninstall.yml    |  1 -
 .../tasks/setup_jitsi_jvb_uninstall.yml       |  1 -
 .../tasks/setup_jitsi_prosody_uninstall.yml   |  1 -
 .../tasks/setup_jitsi_web_uninstall.yml       |  1 -
 .../tasks/setup_uninstall.yml                 | 43 +++++--------
 .../matrix-ma1sd/tasks/setup_uninstall.yml    | 43 +++++--------
 .../matrix-mailer/tasks/setup_uninstall.yml   | 18 ++----
 .../tasks/setup_nginx_proxy.yml               |  1 -
 .../matrix-ntfy/tasks/setup_uninstall.yml     | 43 +++++--------
 .../tasks/setup_uninstall.yml                 |  4 --
 .../tasks/setup_uninstall.yml                 |  5 --
 .../tasks/setup_uninstall.yml                 |  1 -
 .../tasks/setup_uninstall.yml                 | 30 ++++-----
 .../tasks/setup_uninstall.yml                 | 35 ++++-------
 .../matrix-sygnal/tasks/setup_uninstall.yml   | 43 +++++--------
 .../tasks/setup_uninstall.yml                 |  7 ---
 .../tasks/setup_uninstall.yml                 | 13 ++--
 .../s3-storage-provider/setup_uninstall.yml   |  5 --
 .../tasks/goofys/setup_uninstall.yml          | 43 +++++--------
 .../tasks/synapse/setup_uninstall.yml         | 48 +++++---------
 66 files changed, 733 insertions(+), 1208 deletions(-)

diff --git a/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
index c4c1028d..3d8b08ef 100644
--- a/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
@@ -1,41 +1,25 @@
 ---
+
 - name: Check existence of matrix-backup-borg service
   ansible.builtin.stat:
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
   register: matrix_backup_borg_service_stat
 
-- name: Ensure matrix-backup-borg is stopped
-  ansible.builtin.service:
-    name: matrix-backup-borg
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_backup_borg_service_stat.stat.exists | bool"
-
-- name: Ensure matrix-backup-borg.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
-    state: absent
-  when: "matrix_backup_borg_service_stat.stat.exists | bool"
-
-- name: Ensure matrix-backup-borg.timer doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
-    state: absent
-  when: "matrix_backup_borg_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-backup-borg.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_backup_borg_service_stat.stat.exists | bool"
+- when: matrix_backup_borg_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-backup-borg is stopped
+      ansible.builtin.service:
+        name: matrix-backup-borg
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure Matrix borg paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_backup_borg_base_path }}"
-    state: absent
+    - name: Ensure matrix-backup-borg.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
+        state: absent
 
-- name: Ensure borg Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_backup_borg_docker_image }}"
-    state: absent
+    - name: Ensure matrix-backup-borg.timer doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
+        state: absent
diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
index cb3333bf..26d920f4 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
   register: matrix_bot_buscarron_service_stat
 
-- name: Ensure matrix-buscarron is stopped
-  ansible.builtin.service:
-    name: matrix-bot-buscarron
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
+- when: matrix_bot_buscarron_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-buscarron is stopped
+      ansible.builtin.service:
+        name: matrix-bot-buscarron
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-buscarron.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
-    state: absent
-  when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix buscarron paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_buscarron_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-buscarron.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
+        state: absent
 
-- name: Ensure buscarron Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_buscarron_docker_image }}"
-    state: absent
+    - name: Ensure Matrix buscarron paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_buscarron_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
index d5caa86b..cc5f9fa5 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
   register: matrix_bot_go_neb_service_stat
 
-- name: Ensure matrix-go-neb is stopped
-  ansible.builtin.service:
-    name: matrix-bot-go-neb
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
+- when: matrix_bot_go_neb_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-go-neb is stopped
+      ansible.builtin.service:
+        name: matrix-bot-go-neb
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-go-neb.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
-    state: absent
-  when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix go-neb paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_go_neb_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-go-neb.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
+        state: absent
 
-- name: Ensure go-neb Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_go_neb_docker_image }}"
-    state: absent
+    - name: Ensure Matrix go-neb paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_go_neb_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
index 0fa83a02..75734586 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
   register: matrix_bot_honoroit_service_stat
 
-- name: Ensure matrix-honoroit is stopped
-  ansible.builtin.service:
-    name: matrix-bot-honoroit
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
+- when: matrix_bot_honoroit_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-honoroit is stopped
+      ansible.builtin.service:
+        name: matrix-bot-honoroit
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-honoroit.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
-    state: absent
-  when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix honoroit paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_honoroit_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-honoroit.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
+        state: absent
 
-- name: Ensure honoroit Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_honoroit_docker_image }}"
-    state: absent
+    - name: Ensure Matrix honoroit paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_honoroit_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml
index c7ee1365..b83ea783 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
   register: matrix_bot_matrix_registration_bot_service_stat
 
-- name: Ensure matrix-matrix-registration-bot is stopped
-  ansible.builtin.service:
-    name: matrix-bot-matrix-registration-bot
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
+- when: matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-matrix-registration-bot is stopped
+      ansible.builtin.service:
+        name: matrix-bot-matrix-registration-bot
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
-    state: absent
-  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix matrix-registration-bot paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
+        state: absent
 
-- name: Ensure matrix-registration-bot Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
-    state: absent
+    - name: Ensure Matrix matrix-registration-bot paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml
index 1b940f32..512c0f2d 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
   register: matrix_bot_matrix_reminder_bot_service_stat
 
-- name: Ensure matrix-matrix-reminder-bot is stopped
-  ansible.builtin.service:
-    name: matrix-bot-matrix-reminder-bot
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
+- when: matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-matrix-reminder-bot is stopped
+      ansible.builtin.service:
+        name: matrix-bot-matrix-reminder-bot
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
-    state: absent
-  when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix matrix-reminder-bot paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
+        state: absent
 
-- name: Ensure matrix-reminder-bot Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
-    state: absent
+    - name: Ensure Matrix matrix-reminder-bot paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml
index 33b8fc14..9d769576 100644
--- a/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
   register: matrix_bot_maubot_service_stat
 
-- name: Ensure matrix-bot-maubot is stopped
-  ansible.builtin.service:
-    name: matrix-bot-maubot
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_maubot_service_stat.stat.exists | bool"
+- when: matrix_bot_maubot_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-bot-maubot is stopped
+      ansible.builtin.service:
+        name: matrix-bot-maubot
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-maubot.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
-    state: absent
-  when: "matrix_bot_maubot_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-maubot.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_maubot_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix maubot paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_maubot_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-maubot.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
+        state: absent
 
-- name: Ensure maubot Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_maubot_docker_image }}"
-    state: absent
+    - name: Ensure Matrix maubot paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_maubot_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml
index 708a7bb0..06be71e1 100644
--- a/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
   register: matrix_bot_mjolnir_service_stat
 
-- name: Ensure matrix-bot-mjolnir is stopped
-  ansible.builtin.service:
-    name: matrix-bot-mjolnir
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
+- when: matrix_bot_mjolnir_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-bot-mjolnir is stopped
+      ansible.builtin.service:
+        name: matrix-bot-mjolnir
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-mjolnir.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
-    state: absent
-  when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
-
-- name: Ensure matrix-bot-mjolnir paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_mjolnir_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-mjolnir.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
+        state: absent
 
-- name: Ensure mjolnir Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_mjolnir_docker_image }}"
-    state: absent
+    - name: Ensure matrix-bot-mjolnir paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_mjolnir_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml
index 198df7d7..93e00dda 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
   register: matrix_bot_postmoogle_service_stat
 
-- name: Ensure matrix-postmoogle is stopped
-  ansible.builtin.service:
-    name: matrix-bot-postmoogle
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
+- when: matrix_bot_postmoogle_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-postmoogle is stopped
+      ansible.builtin.service:
+        name: matrix-bot-postmoogle
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-bot-postmoogle.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
-    state: absent
-  when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-bot-postmoogle.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix postmoogle paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_bot_postmoogle_base_path }}"
-    state: absent
+    - name: Ensure matrix-bot-postmoogle.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
+        state: absent
 
-- name: Ensure postmoogle Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_bot_postmoogle_docker_image }}"
-    state: absent
+    - name: Ensure Matrix postmoogle paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_postmoogle_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml
index 50d108fa..ca2354c6 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
   register: matrix_appservice_discord_service_stat
 
-- name: Ensure matrix-appservice-discord is stopped
-  ansible.builtin.service:
-    name: matrix-appservice-discord
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_appservice_discord_service_stat.stat.exists"
+- when: matrix_appservice_discord_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-appservice-discord is stopped
+      ansible.builtin.service:
+        name: matrix-appservice-discord
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-appservice-discord.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
-    state: absent
-  when: "matrix_appservice_discord_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-appservice-discord.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_discord_service_stat.stat.exists"
+    - name: Ensure matrix-appservice-discord.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml
index 8921d48e..f16d3763 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
   register: matrix_appservice_irc_service_stat
 
-- name: Ensure matrix-appservice-irc is stopped
-  ansible.builtin.service:
-    name: matrix-appservice-irc
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_appservice_irc_service_stat.stat.exists"
+- when: matrix_appservice_irc_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-appservice-irc is stopped
+      ansible.builtin.service:
+        name: matrix-appservice-irc
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-appservice-irc.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
-    state: absent
-  when: "matrix_appservice_irc_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-appservice-irc.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_irc_service_stat.stat.exists"
+    - name: Ensure matrix-appservice-irc.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
index 8e46d80f..e258b9ab 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
@@ -11,7 +11,7 @@
     state: stopped
     enabled: false
     daemon_reload: true
-  when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
+  when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool
 
 - name: Check existence of matrix-appservice-kakaotalk-node service
   ansible.builtin.stat:
@@ -24,7 +24,7 @@
     state: stopped
     enabled: false
     daemon_reload: true
-  when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists"
+  when: matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool
 
 - name: Ensure matrix-appservice-kakaotalk.service files don't exist
   ansible.builtin.file:
@@ -33,9 +33,4 @@
   with_items:
     - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service"
     - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
-  when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists"
+  when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool or matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
index 434f9067..51c77fef 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
   register: matrix_appservice_slack_service_stat
 
-- name: Ensure matrix-appservice-slack is stopped
-  ansible.builtin.service:
-    name: matrix-appservice-slack
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_appservice_slack_service_stat.stat.exists"
+- when: matrix_appservice_slack_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-appservice-slack is stopped
+      ansible.builtin.service:
+        name: matrix-appservice-slack
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-appservice-slack.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
-    state: absent
-  when: "matrix_appservice_slack_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-appservice-slack.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_slack_service_stat.stat.exists"
+    - name: Ensure matrix-appservice-slack.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
index 960fe58b..c47b724c 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
   register: matrix_appservice_webhooks_service_stat
 
-- name: Ensure matrix-appservice-webhooks is stopped
-  ansible.builtin.service:
-    name: matrix-appservice-webhooks
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_appservice_webhooks_service_stat.stat.exists"
+- when: matrix_appservice_webhooks_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-appservice-webhooks is stopped
+      ansible.builtin.service:
+        name: matrix-appservice-webhooks
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-appservice-webhooks.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
-    state: absent
-  when: "matrix_appservice_webhooks_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_webhooks_service_stat.stat.exists"
+    - name: Ensure matrix-appservice-webhooks.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml
index 4a75a4c7..4d333469 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
   register: matrix_beeper_linkedin_service_stat
 
-- name: Ensure matrix-beeper-linkedin is stopped
-  ansible.builtin.service:
-    name: matrix-beeper-linkedin
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+- when: matrix_beeper_linkedin_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-beeper-linkedin is stopped
+      ansible.builtin.service:
+        name: matrix-beeper-linkedin
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-beeper-linkedin.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
-    state: absent
-  when: "matrix_beeper_linkedin_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+    - name: Ensure matrix-beeper-linkedin.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
index 975b25ab..d7b5999a 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-go-skype-bridge.service"
   register: matrix_go_skype_bridge_service_stat
 
-- name: Ensure matrix-go-skype-bridge is stopped
-  ansible.builtin.service:
-    name: matrix-go-skype-bridge
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_go_skype_bridge_service_stat.stat.exists"
+- when: matrix_go_skype_bridge_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-go-skype-bridge is stopped
+      ansible.builtin.service:
+        name: matrix-go-skype-bridge
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-go-skype-bridge.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-go-skype-bridge.service"
-    state: absent
-  when: "matrix_go_skype_bridge_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_go_skype_bridge_service_stat.stat.exists"
+    - name: Ensure matrix-go-skype-bridge.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-go-skype-bridge.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
index 688ff9d4..090427ca 100644
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
   register: matrix_heisenbridge_service_stat
 
-- name: Ensure matrix-heisenbridge is stopped
-  ansible.builtin.service:
-    name: matrix-heisenbridge
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_heisenbridge_service_stat.stat.exists"
+- when: matrix_heisenbridge_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-heisenbridge is stopped
+      ansible.builtin.service:
+        name: matrix-heisenbridge
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-heisenbridge.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
-    state: absent
-  when: "matrix_heisenbridge_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-heisenbridge.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_heisenbridge_service_stat.stat.exists"
+    - name: Ensure matrix-heisenbridge.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml
index 2028a34e..b4c72d38 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
   register: matrix_hookshot_service_stat
 
-- name: Ensure matrix-hookshot is stopped
-  ansible.builtin.service:
-    name: matrix-hookshot
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_hookshot_service_stat.stat.exists"
+- when: matrix_hookshot_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-hookshot is stopped
+      ansible.builtin.service:
+        name: matrix-hookshot
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-hookshot.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
-    state: absent
-  when: "matrix_hookshot_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-hookshot.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_hookshot_service_stat.stat.exists"
+    - name: Ensure matrix-hookshot.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml
index d75f5164..ade37c2f 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
   register: matrix_mautrix_discord_service_stat
 
-- name: Ensure matrix-mautrix-discord is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-discord
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_discord_service_stat.stat.exists"
+- when: matrix_mautrix_discord_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-discord is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-discord
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-discord.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
-    state: absent
-  when: "matrix_mautrix_discord_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_discord_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-discord.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml
index fb235b54..566da5b7 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
   register: matrix_mautrix_facebook_service_stat
 
-- name: Ensure matrix-mautrix-facebook is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-facebook
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_facebook_service_stat.stat.exists"
+- when: matrix_mautrix_facebook_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-facebook is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-facebook
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-facebook.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
-    state: absent
-  when: "matrix_mautrix_facebook_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_facebook_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-facebook.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml
index 37a4e675..12b48630 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
   register: matrix_mautrix_googlechat_service_stat
 
-- name: Ensure matrix-mautrix-googlechat is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-googlechat
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_googlechat_service_stat.stat.exists"
+- when: matrix_mautrix_googlechat_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-googlechat is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-googlechat
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-googlechat.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
-    state: absent
-  when: "matrix_mautrix_googlechat_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_googlechat_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-googlechat.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml
index b7ff7239..02d7183f 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
   register: matrix_mautrix_hangouts_service_stat
 
-- name: Ensure matrix-mautrix-hangouts is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-hangouts
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_hangouts_service_stat.stat.exists"
+- when: matrix_mautrix_hangouts_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-hangouts is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-hangouts
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-hangouts.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
-    state: absent
-  when: "matrix_mautrix_hangouts_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_hangouts_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-hangouts.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml
index a029a90a..6ac0f6d5 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml
@@ -4,21 +4,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
   register: matrix_mautrix_instagram_service_stat
 
-- name: Ensure matrix-mautrix-instagram is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-instagram
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_instagram_service_stat.stat.exists"
+- when: matrix_mautrix_instagram_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-instagram is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-instagram
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-instagram.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
-    state: absent
-  when: "matrix_mautrix_instagram_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_instagram_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-instagram.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml
index d98d28ba..8cc0b419 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml
@@ -6,19 +6,19 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
   register: matrix_mautrix_signal_daemon_service_stat
 
-- name: Ensure matrix-mautrix-signal-daemon is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-signal-daemon
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_signal_daemon_service_stat.stat.exists"
+- when: matrix_mautrix_signal_daemon_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-signal-daemon is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-signal-daemon
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
-    state: absent
-  when: "matrix_mautrix_signal_daemon_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
+        state: absent
 
 # Bridge service
 - name: Check existence of matrix-mautrix-signal service
@@ -26,22 +26,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
   register: matrix_mautrix_signal_service_stat
 
-- name: Ensure matrix-mautrix-signal is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-signal
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_signal_service_stat.stat.exists"
-
-- name: Ensure matrix-mautrix-signal.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
-    state: absent
-  when: "matrix_mautrix_signal_service_stat.stat.exists"
+- when: matrix_mautrix_signal_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-signal is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-signal
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-# All services
-- name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-signal.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml
index 90ca0195..ebb7e5db 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service"
   register: matrix_mautrix_telegram_service_stat
 
-- name: Ensure matrix-mautrix-telegram is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-telegram
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_telegram_service_stat.stat.exists"
+- when: matrix_mautrix_telegram_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-telegram is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-telegram
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-telegram.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service"
-    state: absent
-  when: "matrix_mautrix_telegram_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_telegram_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-telegram.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml
index 5f6b1491..2a73e481 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml
@@ -5,20 +5,15 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service"
   register: matrix_mautrix_twitter_service_stat
 
-- name: Ensure matrix-mautrix-twitter is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-twitter
-    state: stopped
-    daemon_reload: true
-  when: "matrix_mautrix_twitter_service_stat.stat.exists"
+- when: matrix_mautrix_twitter_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-twitter is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-twitter
+        state: stopped
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-twitter.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service"
-    state: absent
-  when: "matrix_mautrix_twitter_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_twitter_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-twitter.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml
index ff215001..98607b94 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
   register: matrix_mautrix_whatsapp_service_stat
 
-- name: Ensure matrix-mautrix-whatsapp is stopped
-  ansible.builtin.service:
-    name: matrix-mautrix-whatsapp
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
+- when: matrix_mautrix_whatsapp_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-whatsapp is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-whatsapp
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
-    state: absent
-  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
+    - name: Ensure matrix-mautrix-whatsapp.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml
index 585c6c85..c1ed9ec3 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
   register: matrix_mx_puppet_discord_service_stat
 
-- name: Ensure matrix-mx-puppet-discord is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-discord
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
+- when: matrix_mx_puppet_discord_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-discord is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-discord
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-discord.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
-    state: absent
-  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-discord.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml
index 5ded6107..ce0823e6 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
   register: matrix_mx_puppet_groupme_service_stat
 
-- name: Ensure matrix-mx-puppet-groupme is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-groupme
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
+- when: matrix_mx_puppet_groupme_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-groupme is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-groupme
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-groupme.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
-    state: absent
-  when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-groupme.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml
index 2d5a98aa..943c0556 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
   register: matrix_mx_puppet_instagram_service_stat
 
-- name: Ensure matrix-mx-puppet-instagram is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-instagram
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
+- when: matrix_mx_puppet_instagram_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-instagram is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-instagram
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-instagram.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
-    state: absent
-  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-instagram.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml
index 3f91b467..44493919 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
   register: matrix_mx_puppet_slack_service_stat
 
-- name: Ensure matrix-mx-puppet-slack is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-slack
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_slack_service_stat.stat.exists"
+- when: matrix_mx_puppet_slack_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-slack is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-slack
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-slack.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
-    state: absent
-  when: "matrix_mx_puppet_slack_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_slack_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-slack.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml
index d88e5472..75d0ebc0 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
   register: matrix_mx_puppet_steam_service_stat
 
-- name: Ensure matrix-mx-puppet-steam is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-steam
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
+- when: matrix_mx_puppet_steam_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-steam is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-steam
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-steam.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
-    state: absent
-  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-steam.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
+        state: absent
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml
index 6db13de0..c529f0b3 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml
@@ -5,21 +5,16 @@
     path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
   register: matrix_mx_puppet_twitter_service_stat
 
-- name: Ensure matrix-mx-puppet-twitter is stopped
-  ansible.builtin.service:
-    name: matrix-mx-puppet-twitter
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
+- when: matrix_mx_puppet_twitter_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mx-puppet-twitter is stopped
+      ansible.builtin.service:
+        name: matrix-mx-puppet-twitter
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-mx-puppet-twitter.service doesn't exist
-  ansible.builtin.file:
-    path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
-    state: absent
-  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
+    - name: Ensure matrix-mx-puppet-twitter.service doesn't exist
+      ansible.builtin.file:
+        path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
+        state: absent
diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml
index bd46f252..e3a5f390 100644
--- a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service"
   register: matrix_cactus_comments_service_stat
 
-- name: Ensure cactus comments is stopped
-  ansible.builtin.service:
-    name: matrix-cactus-comments
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_cactus_comments_service_stat.stat.exists | bool"
+- when: matrix_cactus_comments_service_stat.stat.exists | bool
+  block:
+    - name: Ensure cactus comments is stopped
+      ansible.builtin.service:
+        name: matrix-cactus-comments
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-cactus-comments.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service"
-    state: absent
-  when: "matrix_cactus_comments_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-cactus-comments.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_cactus_comments_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix cactus comments paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_cactus_comments_base_path }}"
-    state: absent
+    - name: Ensure matrix-cactus-comments.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service"
+        state: absent
 
-- name: Ensure cactus comments Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_cactus_comments_docker_image }}"
-    state: absent
+    - name: Ensure Matrix cactus comments paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_cactus_comments_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml
index 5b67e819..a7382562 100644
--- a/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml
@@ -4,32 +4,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service"
   register: matrix_client_cinny_service_stat
 
-- name: Ensure matrix-client-cinny is stopped
-  ansible.builtin.service:
-    name: matrix-client-cinny
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_client_cinny_service_stat.stat.exists | bool"
+- when: matrix_client_cinny_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-client-cinny is stopped
+      ansible.builtin.service:
+        name: matrix-client-cinny
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-client-cinny.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service"
-    state: absent
-  when: "matrix_client_cinny_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-client-cinny.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_cinny_service_stat.stat.exists | bool"
-
-- name: Ensure Cinny paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_client_cinny_data_path }}"
-    state: absent
+    - name: Ensure matrix-client-cinny.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service"
+        state: absent
 
-- name: Ensure Cinny Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_client_cinny_docker_image }}"
-    state: absent
+    - name: Ensure Cinny paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_client_cinny_data_path }}"
+        state: absent
diff --git a/roles/custom/matrix-client-element/tasks/setup_uninstall.yml b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml
index 3a1de409..e1b25caa 100644
--- a/roles/custom/matrix-client-element/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service"
   register: matrix_client_element_service_stat
 
-- name: Ensure matrix-client-element is stopped
-  ansible.builtin.service:
-    name: matrix-client-element
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_client_element_service_stat.stat.exists | bool"
+- when: matrix_client_element_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-client-element is stopped
+      ansible.builtin.service:
+        name: matrix-client-element
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-client-element.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service"
-    state: absent
-  when: "matrix_client_element_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-client-element.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_element_service_stat.stat.exists | bool"
-
-- name: Ensure Element paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_client_element_data_path }}"
-    state: absent
+    - name: Ensure matrix-client-element.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service"
+        state: absent
 
-- name: Ensure Element Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_client_element_docker_image }}"
-    state: absent
+    - name: Ensure Element paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_client_element_data_path }}"
+        state: absent
diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml
index 090ce567..d6caa5b9 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service"
   register: matrix_client_hydrogen_service_stat
 
-- name: Ensure matrix-client-hydrogen is stopped
-  ansible.builtin.service:
-    name: matrix-client-hydrogen
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_client_hydrogen_service_stat.stat.exists | bool"
+- when: matrix_client_hydrogen_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-client-hydrogen is stopped
+      ansible.builtin.service:
+        name: matrix-client-hydrogen
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-client-hydrogen.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service"
-    state: absent
-  when: "matrix_client_hydrogen_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-client-hydrogen.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_hydrogen_service_stat.stat.exists | bool"
-
-- name: Ensure Hydrogen paths doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_client_hydrogen_data_path }}"
-    state: absent
+    - name: Ensure matrix-client-hydrogen.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service"
+        state: absent
 
-- name: Ensure Hydrogen Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_client_hydrogen_docker_image }}"
-    state: absent
+    - name: Ensure Hydrogen paths doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_client_hydrogen_data_path }}"
+        state: absent
diff --git a/roles/custom/matrix-conduit/tasks/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/setup_uninstall.yml
index efe7d40a..1745ff97 100644
--- a/roles/custom/matrix-conduit/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-conduit/tasks/setup_uninstall.yml
@@ -5,26 +5,15 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service"
   register: matrix_conduit_service_stat
 
-- name: Ensure matrix-conduit is stopped
-  ansible.builtin.systemd:
-    name: matrix-conduit
-    state: stopped
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_conduit_service_stat.stat.exists"
+- when: matrix_conduit_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-conduit is stopped
+      ansible.builtin.systemd:
+        name: matrix-conduit
+        state: stopped
+        daemon_reload: true
 
-- name: Ensure matrix-conduit.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service"
-    state: absent
-  when: "matrix_conduit_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-conduit.service removal
-  ansible.builtin.systemd:
-    daemon_reload: true
-  when: "matrix_conduit_service_stat.stat.exists"
-
-- name: Ensure Conduit Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_conduit_docker_image }}"
-    state: absent
+    - name: Ensure matrix-conduit.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service"
+        state: absent
diff --git a/roles/custom/matrix-corporal/tasks/setup_uninstall.yml b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml
index 81e1b751..6c6e8063 100644
--- a/roles/custom/matrix-corporal/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml
@@ -13,26 +13,16 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-corporal.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
         state: absent
 
-    - name: Ensure systemd reloaded after matrix-corporal.service removal
-      ansible.builtin.service:
-        daemon_reload: true
-
-- name: Ensure matrix-corporal files don't exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
-    - "{{ matrix_corporal_config_dir_path }}/config.json"
-
-- name: Ensure Matrix Corporal Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_corporal_docker_image }}"
-    state: absent
+    - name: Ensure matrix-corporal files don't exist
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service"
+        - "{{ matrix_corporal_config_dir_path }}/config.json"
diff --git a/roles/custom/matrix-coturn/tasks/setup_uninstall.yml b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml
index bf71b90a..e747ff09 100644
--- a/roles/custom/matrix-coturn/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml
@@ -6,42 +6,33 @@
   register: matrix_coturn_service_stat
   when: "not matrix_coturn_enabled | bool"
 
-- name: Ensure matrix-coturn is stopped
-  ansible.builtin.service:
-    name: matrix-coturn
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_coturn_service_stat.stat.exists | bool"
+- when: matrix_coturn_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-coturn is stopped
+      ansible.builtin.service:
+        name: matrix-coturn
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-coturn-reload.timer is stopped
-  ansible.builtin.service:
-    name: matrix-coturn
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  failed_when: false
-  when: "matrix_coturn_service_stat.stat.exists | bool"
+    - name: Ensure matrix-coturn-reload.timer is stopped
+      ansible.builtin.service:
+        name: matrix-coturn
+        state: stopped
+        enabled: false
+        daemon_reload: true
+      failed_when: false
 
-- name: Ensure systemd units don't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
-    state: absent
-  register: matrix_coturn_systemd_unit_uninstallation_result
-  with_items:
-    - matrix-coturn.service
-    - matrix-coturn-reload.service
-    - matrix-coturn-reload.timer
+    - name: Ensure systemd units don't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
+        state: absent
+      with_items:
+        - matrix-coturn.service
+        - matrix-coturn-reload.service
+        - matrix-coturn-reload.timer
 
-- name: Ensure systemd reloaded after unit removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_coturn_systemd_unit_uninstallation_result.changed | bool"
-
-- name: Ensure Matrix coturn paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_coturn_base_path }}"
-    state: absent
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
+    - name: Ensure Matrix coturn paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_coturn_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
index e37b219c..e5479684 100644
--- a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
@@ -12,14 +12,8 @@
         name: matrix-dendrite
         state: stopped
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-dendrite.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
         state: absent
-
-    - name: Ensure Dendrite Docker image doesn't exist
-      community.docker.docker_image:
-        name: "{{ matrix_dendrite_docker_image }}"
-        state: absent
diff --git a/roles/custom/matrix-dimension/tasks/setup_uninstall.yml b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml
index 8a5f5c75..239e4d89 100644
--- a/roles/custom/matrix-dimension/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service"
   register: matrix_dimension_service_stat
 
-- name: Ensure matrix-dimension is stopped
-  ansible.builtin.service:
-    name: matrix-dimension
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_dimension_service_stat.stat.exists | bool"
+- when: matrix_dimension_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-dimension is stopped
+      ansible.builtin.service:
+        name: matrix-dimension
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-dimension.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service"
-    state: absent
-  when: "matrix_dimension_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-dimension.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dimension_service_stat.stat.exists | bool"
-
-- name: Ensure Dimension base directory doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_dimension_base_path }}"
-    state: absent
+    - name: Ensure matrix-dimension.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service"
+        state: absent
 
-- name: Ensure Dimension Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_dimension_docker_image }}"
-    state: absent
+    - name: Ensure Dimension base directory doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_dimension_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml
index 7b4e7667..8f9f1b04 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml
@@ -5,24 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service"
   register: matrix_dynamic_dns_service_stat
 
-- name: Ensure matrix-dynamic-dns is stopped
-  ansible.builtin.service:
-    name: matrix-dynamic-dns
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_dynamic_dns_service_stat.stat.exists"
+- when: matrix_dynamic_dns_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-dynamic-dns is stopped
+      ansible.builtin.service:
+        name: matrix-dynamic-dns
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-dynamic-dns.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service"
-    state: absent
-  when: "matrix_dynamic_dns_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-dynamic-dns.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dynamic_dns_service_stat.stat.exists"
-
-# Intentionally not removing the Docker image when uninstalling.
-# We can't be sure it had been pulled by us in the first place.
+    - name: Ensure matrix-dynamic-dns.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service"
+        state: absent
diff --git a/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml
index c9600d0c..e95ce661 100644
--- a/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service"
   register: matrix_email2matrix_service_stat
 
-- name: Ensure matrix-email2matrix is stopped
-  ansible.builtin.service:
-    name: matrix-email2matrix
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_email2matrix_service_stat.stat.exists | bool"
+- when: matrix_email2matrix_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-email2matrix is stopped
+      ansible.builtin.service:
+        name: matrix-email2matrix
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-email2matrix.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service"
-    state: absent
-  when: "matrix_email2matrix_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-email2matrix.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_email2matrix_service_stat.stat.exists | bool"
-
-- name: Ensure Email2Matrix data path doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_email2matrix_base_path }}"
-    state: absent
+    - name: Ensure matrix-email2matrix.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service"
+        state: absent
 
-- name: Ensure Email2Matrix Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_email2matrix_docker_image }}"
-    state: absent
+    - name: Ensure Email2Matrix data path doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_email2matrix_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml
index 7d93b9ab..e0382984 100644
--- a/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service"
   register: matrix_etherpad_service_stat
 
-- name: Ensure matrix-etherpad is stopped
-  ansible.builtin.service:
-    name: matrix-etherpad
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_etherpad_service_stat.stat.exists | bool"
+- when: matrix_etherpad_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-etherpad is stopped
+      ansible.builtin.service:
+        name: matrix-etherpad
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-etherpad.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service"
-    state: absent
-  when: "matrix_etherpad_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-etherpad.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_etherpad_service_stat.stat.exists | bool"
-
-- name: Ensure Etherpad base directory doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_etherpad_base_path }}"
-    state: absent
+    - name: Ensure matrix-etherpad.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service"
+        state: absent
 
-- name: Ensure Etherpad Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_etherpad_docker_image }}"
-    state: absent
+    - name: Ensure Etherpad base directory doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_etherpad_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-grafana/tasks/setup_uninstall.yml b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml
index 6c054ff0..12c3cde9 100644
--- a/roles/custom/matrix-grafana/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-grafana.service doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
index 8e76ddea..6ddd8937 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-jitsi-jicofo.service doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
index f883a3a2..e3d7094f 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-jitsi-jvb.service doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
index 3fd44f72..4907b2a1 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-jitsi-prosody.service file doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
index 7c99c280..1707d7e9 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-jitsi-web.service doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml
index ed19ad9c..1d99b406 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
   register: matrix_ldap_registration_proxy_service_stat
 
-- name: Ensure matrix-matrix_ldap_registration_proxy is stopped
-  ansible.builtin.service:
-    name: matrix-matrix_ldap_registration_proxy
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool"
+- when: matrix_ldap_registration_proxy_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-matrix_ldap_registration_proxy is stopped
+      ansible.builtin.service:
+        name: matrix-matrix_ldap_registration_proxy
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-ldap-registration-proxy.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
-    state: absent
-  when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_ldap_registration_proxy_base_path }}"
-    state: absent
+    - name: Ensure matrix-ldap-registration-proxy.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
+        state: absent
 
-- name: Ensure matrix_ldap_registration_proxy Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_ldap_registration_proxy_docker_image }}"
-    state: absent
+    - name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_ldap_registration_proxy_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml
index c7e8bf63..b27df269 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service"
   register: matrix_ma1sd_service_stat
 
-- name: Ensure matrix-ma1sd is stopped
-  ansible.builtin.service:
-    name: matrix-ma1sd
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_ma1sd_service_stat.stat.exists | bool"
+- when: matrix_ma1sd_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-ma1sd is stopped
+      ansible.builtin.service:
+        name: matrix-ma1sd
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-ma1sd.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service"
-    state: absent
-  when: "matrix_ma1sd_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-ma1sd.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ma1sd_service_stat.stat.exists | bool"
-
-- name: Ensure Matrix ma1sd paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_ma1sd_base_path }}"
-    state: absent
+    - name: Ensure matrix-ma1sd.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service"
+        state: absent
 
-- name: Ensure ma1sd Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_ma1sd_docker_image }}"
-    state: absent
+    - name: Ensure Matrix ma1sd paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_ma1sd_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-mailer/tasks/setup_uninstall.yml b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
index d8fb65c3..fce8a436 100644
--- a/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
@@ -13,23 +13,13 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-mailer.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
         state: absent
 
-    - name: Ensure systemd reloaded after matrix-mailer.service removal
-      ansible.builtin.service:
-        daemon_reload: true
-
-- name: Ensure Matrix mailer path doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_mailer_base_path }}"
-    state: absent
-
-- name: Ensure mailer Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_mailer_docker_image }}"
-    state: absent
+    - name: Ensure Matrix mailer path doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_mailer_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 50e8ab9b..af086298 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -239,7 +239,6 @@
     state: stopped
     enabled: false
     daemon_reload: true
-  register: stopping_result
   when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
 
 - name: Ensure matrix-nginx-proxy.service doesn't exist
diff --git a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml
index e0eedfd8..afd826f8 100644
--- a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
   register: matrix_ntfy_service_stat
 
-- name: Ensure matrix-ntfy is stopped
-  ansible.builtin.service:
-    name: matrix-ntfy
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_ntfy_service_stat.stat.exists"
+- when: matrix_ntfy_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-ntfy is stopped
+      ansible.builtin.service:
+        name: matrix-ntfy
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-ntfy.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
-    state: absent
-  when: "matrix_ntfy_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-ntfy.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ntfy_service_stat.stat.exists"
-
-- name: Ensure matrix-ntfy path doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_ntfy_base_path }}"
-    state: absent
+    - name: Ensure matrix-ntfy.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
+        state: absent
 
-- name: Ensure ntfy Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_ntfy_docker_image }}"
-    state: absent
+    - name: Ensure matrix-ntfy path doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_ntfy_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml b/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
index 0b3709eb..61b6840c 100644
--- a/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
@@ -20,10 +20,6 @@
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
         state: absent
 
-    - name: Ensure systemd reloaded after matrix-postgres-backup.service removal
-      ansible.builtin.service:
-        daemon_reload: true
-
 - name: Check existence of matrix-postgres-backup backup path
   ansible.builtin.stat:
     path: "{{ matrix_postgres_backup_path }}"
diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
index 7239c0ac..b5ef4f0f 100644
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
@@ -13,13 +13,8 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-prometheus-node-exporter.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
         state: absent
-
-    - name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal
-      ansible.builtin.service:
-        daemon_reload: true
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
index b3fdfd59..bdf72042 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
@@ -13,7 +13,6 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist
       ansible.builtin.file:
diff --git a/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml
index 5fe145fc..9d13d216 100644
--- a/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml
@@ -5,22 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
   register: matrix_prometheus_service_stat
 
-- name: Ensure matrix-prometheus is stopped
-  ansible.builtin.service:
-    name: matrix-prometheus
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_prometheus_service_stat.stat.exists | bool"
+- when: matrix_prometheus_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-prometheus is stopped
+      ansible.builtin.service:
+        name: matrix-prometheus
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-prometheus.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
-    state: absent
-  when: "matrix_prometheus_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-prometheus.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_prometheus_service_stat.stat.exists | bool"
+    - name: Ensure matrix-prometheus.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
+        state: absent
diff --git a/roles/custom/matrix-registration/tasks/setup_uninstall.yml b/roles/custom/matrix-registration/tasks/setup_uninstall.yml
index 623db421..97c14435 100644
--- a/roles/custom/matrix-registration/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-registration/tasks/setup_uninstall.yml
@@ -5,27 +5,16 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
   register: matrix_registration_service_stat
 
-- name: Ensure matrix-registration is stopped
-  ansible.builtin.service:
-    name: matrix-registration
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_registration_service_stat.stat.exists | bool"
+- when: matrix_registration_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-registration is stopped
+      ansible.builtin.service:
+        name: matrix-registration
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-registration.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
-    state: absent
-  when: "matrix_registration_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-registration.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_registration_service_stat.stat.exists | bool"
-
-- name: Ensure matrix-registration Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_registration_docker_image }}"
-    state: absent
+    - name: Ensure matrix-registration.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
+        state: absent
diff --git a/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml
index e398f7a9..5f01daf1 100644
--- a/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service"
   register: matrix_sygnal_service_stat
 
-- name: Ensure matrix-sygnal is stopped
-  ansible.builtin.service:
-    name: matrix-sygnal
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_sygnal_service_stat.stat.exists | bool"
+- when: matrix_sygnal_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-sygnal is stopped
+      ansible.builtin.service:
+        name: matrix-sygnal
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-sygnal.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service"
-    state: absent
-  when: "matrix_sygnal_service_stat.stat.exists | bool"
-
-- name: Ensure systemd reloaded after matrix-sygnal.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_sygnal_service_stat.stat.exists | bool"
-
-- name: Ensure Sygnal base directory doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_sygnal_base_path }}"
-    state: absent
+    - name: Ensure matrix-sygnal.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service"
+        state: absent
 
-- name: Ensure Sygnal Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_sygnal_docker_image }}"
-    state: absent
+    - name: Ensure Sygnal base directory doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_sygnal_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml
index 96509874..3828b735 100644
--- a/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml
@@ -13,15 +13,8 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-synapse-admin.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service"
         state: absent
-
-    - name: Ensure matrix-synapse-admin Docker image doesn't exist
-      community.docker.docker_image:
-        name: "{{ matrix_synapse_admin_docker_image }}"
-        state: absent
-      when: "not matrix_synapse_admin_enabled | bool"
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
index f4531a19..bb1b534c 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
@@ -13,18 +13,13 @@
         state: stopped
         enabled: false
         daemon_reload: true
-      register: stopping_result
 
     - name: Ensure matrix-synapse-reverse-proxy-companion.service doesn't exist
       ansible.builtin.file:
         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
         state: absent
 
-    - name: Ensure systemd reloaded after matrix-synapse-reverse-proxy-companion.service removal
-      ansible.builtin.service:
-        daemon_reload: true
-
-- name: Ensure matrix-synapse-reverse-proxy-companion data deleted
-  ansible.builtin.file:
-    path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
-    state: absent
+    - name: Ensure matrix-synapse-reverse-proxy-companion data deleted
+      ansible.builtin.file:
+        path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
+        state: absent
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
index a828070c..d664d75f 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
@@ -9,11 +9,6 @@
     - matrix-synapse-s3-storage-provider-migrate.service
   register: matrix_synapse_s3_storage_provider_migrate_sevice_removal
 
-- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool
-
 - name: Ensure s3-storage-provider files don't exist
   ansible.builtin.file:
     path: "{{ item }}"
diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml
index ddfa5cf6..252877de 100644
--- a/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml
@@ -5,32 +5,21 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
   register: matrix_goofys_service_stat
 
-- name: Ensure matrix-goofys is stopped
-  ansible.builtin.service:
-    name: matrix-goofys
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_goofys_service_stat.stat.exists"
+- when: matrix_goofys_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-goofys is stopped
+      ansible.builtin.service:
+        name: matrix-goofys
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-goofys.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
-    state: absent
-  when: "matrix_goofys_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-goofys.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_goofys_service_stat.stat.exists"
-
-- name: Ensure goofys environment variables file doesn't exist
-  ansible.builtin.file:
-    path: "{{ matrix_synapse_config_dir_path }}/env-goofys"
-    state: absent
+    - name: Ensure matrix-goofys.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
+        state: absent
 
-- name: Ensure Goofys Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ matrix_s3_goofys_docker_image }}"
-    state: absent
+    - name: Ensure goofys environment variables file doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_synapse_config_dir_path }}/env-goofys"
+        state: absent
diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
index 17fa8a4f..7f081522 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
@@ -5,36 +5,22 @@
     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
   register: matrix_synapse_service_stat
 
-- name: Ensure matrix-synapse is stopped
-  ansible.builtin.service:
-    name: matrix-synapse
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  register: stopping_result
-  when: "matrix_synapse_service_stat.stat.exists"
+- when: matrix_synapse_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-synapse is stopped
+      ansible.builtin.service:
+        name: matrix-synapse
+        state: stopped
+        enabled: false
+        daemon_reload: true
 
-- name: Ensure matrix-synapse.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
-    state: absent
-  when: "matrix_synapse_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-synapse.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_synapse_service_stat.stat.exists"
-
-- name: Ensure Synapse Docker image doesn't exist
-  community.docker.docker_image:
-    name: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ matrix_synapse_docker_image_final }}"
-    - "{{ matrix_synapse_docker_image }}"
+    - name: Ensure matrix-synapse.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
+        state: absent
 
-- name: Ensure sample prometheus.yml for external scraping is deleted
-  ansible.builtin.file:
-    path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
-    state: absent
-  when: "not matrix_synapse_metrics_proxying_enabled | bool"
+    - name: Ensure sample prometheus.yml for external scraping is deleted
+      ansible.builtin.file:
+        path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
+        state: absent
+      when: "not matrix_synapse_metrics_proxying_enabled | bool"

From fa523c647205e3b15715f11d5c8aa436e46be320 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 17:36:42 +0200
Subject: [PATCH 076/198] Remove blank lines

---
 roles/custom/matrix-bridge-appservice-irc/tasks/main.yml  | 1 -
 roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
index 3f84171e..1cc6b35c 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
@@ -18,4 +18,3 @@
   tags:
     - setup-all
     - setup-appservice-irc
-
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
index fa9fd87e..5bf9236b 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
@@ -18,4 +18,3 @@
   tags:
     - setup-all
     - setup-go-skype-bridge
-

From 16c18b0344b3007551bb968b9a94514c99552d00 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 25 Nov 2022 18:59:01 +0200
Subject: [PATCH 077/198] Upgrade Hydrogen (v0.3.4 -> v0.3.5)

---
 roles/custom/matrix-client-hydrogen/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml
index 80bdb021..ac0d8289 100644
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.3.4
+matrix_client_hydrogen_version: v0.3.5
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

From 504d4a4134ec23e67b0345c2cb86970d102af5cd Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Fri, 25 Nov 2022 23:27:43 -0800
Subject: [PATCH 078/198] Add dendrite captcha config to doc and hCaptcha
 (#2290)

* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 docs/configuring-captcha.md                   | 35 +++++++++++++++++--
 group_vars/matrix_servers                     |  8 ++---
 .../custom/matrix-dendrite/defaults/main.yml  | 28 ++++++++-------
 .../matrix-dendrite/tasks/validate_config.yml | 15 ++++++--
 .../templates/dendrite/dendrite.yaml.j2       | 25 +++++++------
 5 files changed, 78 insertions(+), 33 deletions(-)

diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md
index d137cf99..173b34fe 100644
--- a/docs/configuring-captcha.md
+++ b/docs/configuring-captcha.md
@@ -2,9 +2,11 @@
 
 # Overview
 Captcha can be enabled for this home server. This file explains how to do that.
-The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google.
+The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. If your homeserver is Dendrite then [hCapcha](https://www.hcaptcha.com) can be used instead.
 
-## Getting keys
+## ReCaptcha
+
+### Getting keys
 
 Requires a site/secret key pair from:
 
@@ -12,12 +14,39 @@ Requires a site/secret key pair from:
 
 Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option
 
-## Setting ReCaptcha Keys
+### Setting ReCaptcha keys
 
 Once registered as above, set the following values:
 
 ```yaml
+# for Synapse
 matrix_synapse_enable_registration_captcha: true
 matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY'
 matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY'
+
+# for Dendrite
+matrix_dendrite_client_api_enable_registration_captcha: true
+matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY'
+matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY'
+```
+
+## hCaptcha
+
+### Getting keys
+
+Requires a site/secret key pair from:
+
+<https://dashboard.hcaptcha.com/sites/new>
+
+### Setting hCaptcha keys
+
+```yaml
+matrix_dendrite_client_api_enable_registration_captcha: true
+matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY'
+matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY'
+
+matrix_dendrite_client_api_recaptcha_siteverify_api: 'https://hcaptcha.com/siteverify'
+matrix_dendrite_client_api_recaptcha_api_js_url: 'https://js.hcaptcha.com/1/api.js'
+matrix_dendrite_client_api_recaptcha_form_field: 'h-captcha-response'
+matrix_dendrite_client_api_recaptcha_sitekey_class: 'h-captcha'
 ```
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index dd0c730c..cf9c7193 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1474,7 +1474,7 @@ matrix_bot_maubot_registration_shared_secret: |-
   {{
     {
       'synapse': matrix_synapse_registration_shared_secret,
-      'dendrite': matrix_dendrite_registration_shared_secret,
+      'dendrite': matrix_dendrite_client_api_registration_shared_secret,
     }[matrix_homeserver_implementation]
   }}
 
@@ -2898,7 +2898,7 @@ matrix_registration_shared_secret: |-
   {{
     {
       'synapse': matrix_synapse_registration_shared_secret,
-      'dendrite': matrix_dendrite_registration_shared_secret,
+      'dendrite': matrix_dendrite_client_api_registration_shared_secret,
       'conduit': '',
     }[matrix_homeserver_implementation]
   }}
@@ -2975,13 +2975,13 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_
 
 matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
 
-matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
+matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
 
 matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
 
 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.
-matrix_dendrite_turn_uris: |
+matrix_dendrite_client_api_turn_uris: |
   {{
     [
       'turns:' + matrix_server_fqn_matrix + '?transport=udp',
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index a60c33d2..ba84d430 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -76,7 +76,7 @@ matrix_dendrite_systemd_wanted_services_list: []
 # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
 matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
 
-matrix_dendrite_registration_shared_secret: ''
+matrix_dendrite_client_api_registration_shared_secret: ''
 matrix_dendrite_allow_guest_access: false
 
 matrix_dendrite_max_file_size_bytes: 10485760
@@ -89,18 +89,21 @@ matrix_dendrite_sync_api_real_ip_header: ''
 matrix_dendrite_tmp_directory_size_mb: 500
 
 # Rate limits
-matrix_dendrite_rate_limiting_enabled: true
-matrix_dendrite_rate_limiting_threshold: 20
-matrix_dendrite_rate_limiting_cooloff_ms: 500
+matrix_dendrite_client_api_rate_limiting_enabled: true
+matrix_dendrite_client_api_rate_limiting_threshold: 20
+matrix_dendrite_client_api_rate_limiting_cooloff_ms: 500
 
 # Controls whether people with access to the homeserver can register by themselves.
-matrix_dendrite_registration_disabled: true
+matrix_dendrite_client_api_registration_disabled: true
 
 # reCAPTCHA API for validating registration attempts
-matrix_dendrite_enable_registration_captcha: false
-matrix_dendrite_recaptcha_public_key: ""
-matrix_dendrite_recaptcha_private_key: ""
-matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
+matrix_dendrite_client_api_enable_registration_captcha: false
+matrix_dendrite_client_api_recaptcha_public_key: ""
+matrix_dendrite_client_api_recaptcha_private_key: ""
+matrix_dendrite_client_api_recaptcha_siteverify_api: ""
+matrix_dendrite_client_api_recaptcha_api_js_url: ""
+matrix_dendrite_client_api_recaptcha_form_field: ""
+matrix_dendrite_client_api_recaptcha_sitekey_class: ""
 
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Dendrite extensions that have been enabled.
@@ -147,11 +150,10 @@ matrix_dendrite_userapi_database: "dendrite_userapi"
 matrix_dendrite_pushserver_database: "dendrite_pushserver"
 matrix_dendrite_mscs_database: "dendrite_mscs"
 
-matrix_dendrite_turn_uris: []
-matrix_dendrite_turn_shared_secret: ""
-matrix_dendrite_turn_allow_guests: false
+matrix_dendrite_client_api_turn_uris: []
+matrix_dendrite_client_api_turn_client_api_shared_secret: ""
+matrix_dendrite_client_api_turn_allow_guests: false
 
-# Controls whether the self-check feature should validate TLS certificates.
 matrix_dendrite_disable_tls_validation: false
 
 matrix_dendrite_trusted_id_servers:
diff --git a/roles/custom/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml
index 390da938..7ca31b0d 100644
--- a/roles/custom/matrix-dendrite/tasks/validate_config.yml
+++ b/roles/custom/matrix-dendrite/tasks/validate_config.yml
@@ -5,7 +5,7 @@
       You need to define a required configuration setting (`{{ item }}`) for using Dendrite.
   when: "vars[item] == ''"
   with_items:
-    - "matrix_dendrite_registration_shared_secret"
+    - "matrix_dendrite_client_api_registration_shared_secret"
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
@@ -13,4 +13,15 @@
       Your configuration contains a variable, which now has a different name.
       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
   when: "item.old in vars"
-  with_items: []
+  with_items:
+    - {'old': 'matrix_dendrite_enable_registration_captcha', 'new': 'matrix_dendrite_client_api_enable_registration_captcha'}
+    - {'old': 'matrix_dendrite_recaptcha_public_key', 'new': 'matrix_dendrite_client_api_recaptcha_public_key'}
+    - {'old': 'matrix_dendrite_recaptcha_private_key', 'new': 'matrix_dendrite_client_api_recaptcha_private_key'}
+    - {'old': 'matrix_dendrite_registration_disabled', 'new': 'matrix_dendrite_client_api_registration_disabled'}
+    - {'old': 'matrix_dendrite_registration_shared_secret', 'new': 'matrix_dendrite_client_api_registration_shared_secret'}
+    - {'old': 'matrix_dendrite_turn_uris', 'new': 'matrix_dendrite_client_api_turn_uris'}
+    - {'old': 'matrix_dendrite_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_client_api_shared_secret'}
+    - {'old': 'matrix_dendrite_turn_allow_guests', 'new': 'matrix_dendrite_client_api_turn_allow_guests'}
+    - {'old': 'matrix_dendrite_rate_limiting_enabled', 'new': 'matrix_dendrite_client_api_rate_limiting_enabled'}
+    - {'old': 'matrix_dendrite_rate_limiting_threshold', 'new': 'matrix_dendrite_client_api_rate_limiting_threshold'}
+    - {'old': 'matrix_dendrite_rate_limiting_cooloff_ms', 'new': 'matrix_dendrite_client_api_rate_limiting_cooloff_ms'}
diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
index 65cb4c2c..005f9bd6 100644
--- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
@@ -175,7 +175,7 @@ client_api:
 
   # Prevents new users from being able to register on this homeserver, except when
   # using the registration shared secret below.
-  registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }}
+  registration_disabled: {{ matrix_dendrite_client_api_registration_disabled | to_json }}
 
   # Prevents new guest accounts from being created. Guest registration is also
   # disabled implicitly by setting 'registration_disabled' above.
@@ -183,22 +183,25 @@ client_api:
 
   # If set, allows registration by anyone who knows the shared secret, regardless of
   # whether registration is otherwise disabled.
-  registration_shared_secret: {{ matrix_dendrite_registration_shared_secret | string|to_json }}
+  registration_shared_secret: {{ matrix_dendrite_client_api_registration_shared_secret | string | to_json }}
 
   # Whether to require reCAPTCHA for registration.
-  enable_registration_captcha: {{ matrix_dendrite_enable_registration_captcha|to_json }}
+  enable_registration_captcha: {{ matrix_dendrite_client_api_enable_registration_captcha | to_json }}
 
   # Settings for ReCAPTCHA.
-  recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }}
-  recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }}
+  recaptcha_public_key: {{ matrix_dendrite_client_api_recaptcha_public_key | to_json }}
+  recaptcha_private_key: {{ matrix_dendrite_client_api_recaptcha_private_key | to_json }}
   recaptcha_bypass_secret: ""
-  recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }}
+  recaptcha_siteverify_api: {{ matrix_dendrite_client_api_recaptcha_siteverify_api | to_json }}
+  recaptcha_api_js_url: {{ matrix_dendrite_client_api_recaptcha_api_js_url | to_json }}
+  recaptcha_form_field: {{ matrix_dendrite_client_api_recaptcha_form_field | to_json }}
+  recaptcha_sitekey_class: {{ matrix_dendrite_client_api_recaptcha_sitekey_class | to_json }}
 
   # TURN server information that this homeserver should send to clients.
   turn:
     turn_user_lifetime: ""
-    turn_uris: {{ matrix_dendrite_turn_uris|to_json }}
-    turn_shared_secret: {{ matrix_dendrite_turn_shared_secret|to_json }}
+    turn_uris: {{ matrix_dendrite_client_api_turn_uris | to_json }}
+    turn_shared_secret: {{ matrix_dendrite_client_api_turn_shared_secret | to_json }}
     turn_username: ""
     turn_password: ""
 
@@ -206,9 +209,9 @@ client_api:
   # threshold number of "slots" have been taken by requests from a specific
   # host. Each "slot" will be released after the cooloff time in milliseconds.
   rate_limiting:
-    enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }}
-    threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }}
-    cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }}
+    enabled: {{ matrix_dendrite_client_api_rate_limiting_enabled | to_json }}
+    threshold: {{ matrix_dendrite_client_api_rate_limiting_threshold | to_json }}
+    cooloff_ms: {{ matrix_dendrite_client_api_rate_limiting_cooloff_ms | to_json }}
     exempt_user_ids:
     #  - "@user:domain.com"
 

From fe4c2d73f491b8ffa5a5e734fb9766f9c82cdbb7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 26 Nov 2022 16:45:07 +0200
Subject: [PATCH 079/198] Update Ansible version requirements

Tests were carried out like this:

- `virtualenv3 env`
- `./env/bin/pip install ansible==4.10.0 ansible-core==2.11.7`
- `./env/bin/ansible-playbook .....`

The lowest version of `ansible-core` available on PyPI right now is
2.11.0. That version has trouble with `ansible==4.0.0` though.
The errors we were hitting seemed to be resolved by others online by
using `ansible==4.10.0` instead, which has a minimum `ansible-core`
requirement of `2.11.7`, so that's what we went with.

Older versions of Ansible may work, but.. I'm having trouble
installing them and don't want to spend too much time on digging through
ancient versions and testing them out. People should just learn to run
up-to-date software.
---
 docs/ansible.md | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/docs/ansible.md b/docs/ansible.md
index 49dbd7ea..22122283 100644
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -9,19 +9,14 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
 
 ## Supported Ansible versions
 
-Ansible 2.7.1 or newer is required ([last discussion about Ansible versions](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/743)).
-
-Note: Ubuntu 20.04 ships with Ansible 2.9.6 which is a buggy version (see this [bug](https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1880359)), which can't be used in combination with a host running new systemd (more details in [#517](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/517), [#669](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/669)). If this problem affects you, you can: avoid running Ubuntu 20.04 on your host; run Ansible from another machine targeting your host; or try to upgrade to a newer Ansible version (see below).
-
-
-## Checking your Ansible version
+To manually check which version of Ansible you're on, run: `ansible --version`.
 
-In most cases, you won't need to worry about the Ansible version.
-The playbook will try to detect it and tell you if you're on an unsupported version.
+For the **best experience**, we recommend getting the **latest version of Ansible available**.
 
-To manually check which version of Ansible you're on, run: `ansible --version`.
+We're not sure what's the minimum version of Ansible that can run this playbook successfully.
+The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
 
-If you're on an old version of Ansible, you should [upgrade Ansible to a newer version](#upgrading-ansible) or [use Ansible via Docker](#using-ansible-via-docker).
+If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).
 
 
 ## Upgrading Ansible

From e9765ae4a5ed60d2864a32ed458aa8939fa5ca0b Mon Sep 17 00:00:00 2001
From: teutat3s <10206665+teutat3s@users.noreply.github.com>
Date: Sat, 26 Nov 2022 16:16:56 +0100
Subject: [PATCH 080/198] Update docs on how to use synapse & keycloak OIDC

Use up-to-date example from synapse docs

Add link to keycloak website

Add link to synapse docs on OIDC
---
 docs/configuring-playbook-synapse.md | 32 +++++++++++++++++-----------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index 2e14f1ad..b3414d8f 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -56,21 +56,27 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
 
 If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
 
+This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat.
+
+For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#keycloak).
+
 In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
 
 ```
- - idp_id: keycloak
-        idp_name: "Keycloak"
-        issuer: "https://url.ix/auth/realms/x"
-        client_id: "matrix"
-        client_secret: "{{ vault_synapse_keycloak }}"
-        scopes: ["openid", "profile"]
-        authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
-        token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
-        userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
-        user_mapping_provider:
-          config:
-            display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}"
-            email_template: "{% raw %}{{ user.email }}{% endraw %}"
+matrix_synapse_configuration_extension_yaml: |
+  oidc_providers:
+    - idp_id: keycloak
+      idp_name: "My KeyCloak server"
+      issuer: "https://url.ix/auth/realms/{realm_name}"
+      client_id: "matrix"
+      client_secret: "{{ vault_synapse_keycloak }}"
+      scopes: ["openid", "profile"]
+      user_mapping_provider:
+        config:
+          localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
+          display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
+          email_template: "{% raw %}{{ user.email }}{% endraw %}"
+      allow_existing_users: true # Optional
+      backchannel_logout_enabled: true # Optional
 ```
 

From 71de7cd8cd814c9a6632bd03dcc3d0ca250efc4e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 26 Nov 2022 18:51:27 +0200
Subject: [PATCH 081/198] Simplify matrix_backup_borg_postgresql_databases
 definition

There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
---
 group_vars/matrix_servers | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index cf9c7193..2bcb22da 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1655,14 +1655,7 @@ matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection
 matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}"
 matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}"
 matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}"
-matrix_backup_borg_postgresql_databases: |
-  {{
-    (([{
-        'name': matrix_synapse_database_database
-    }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
-    +
-    matrix_postgres_additional_databases)|map(attribute='name') | list
-  }}
+matrix_backup_borg_postgresql_databases: "{{ matrix_postgres_additional_databases | map(attribute='name') if matrix_postgres_enabled else [] }}"
 matrix_backup_borg_location_source_directories:
   - "{{ matrix_base_data_path }}"
 matrix_backup_borg_location_exclude_patterns: |

From 018a609e4715b07cd2a26ce424fd502973679e1d Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 26 Nov 2022 18:57:45 +0200
Subject: [PATCH 082/198] Simplify matrix_postgres_backup_databases definition

Related to 71de7cd8cd814c9a6
---
 group_vars/matrix_servers | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 2bcb22da..940a52e6 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2932,15 +2932,7 @@ matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_passw
 
 matrix_postgres_backup_postgres_data_path: "{{ matrix_postgres_data_path if matrix_postgres_enabled else '' }}"
 
-# the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used
-matrix_postgres_backup_databases: |
-  {{
-    (([{
-        'name': matrix_synapse_database_database
-    }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
-    +
-    matrix_postgres_additional_databases)|map(attribute='name') | list
-  }}
+matrix_postgres_backup_databases: "{{ matrix_postgres_additional_databases | map(attribute='name') if matrix_postgres_enabled else [] }}"
 
 ######################################################################
 #

From ea0c9ed71d9e447033cdcd7f316cc31c36384c6f Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Sat, 26 Nov 2022 18:48:04 +0000
Subject: [PATCH 083/198] update mautrix-telegram 0.12.1 -> 0.12.2

---
 roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
index 0f52cc22..6f2137e4 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -16,7 +16,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.12.1
+matrix_mautrix_telegram_version: v0.12.2
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

From dd9ae0d25c49d4a476445c5ec8fb4f9f28e0139c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 07:24:24 +0200
Subject: [PATCH 084/198] Fix accidentally swapped tags
 (rust-synapse-compress-state and update-user-password)

---
 roles/custom/matrix-synapse/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index bd048d73..3485e894 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -51,13 +51,13 @@
     - when: matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/update_user_password.yml"
   tags:
-    - rust-synapse-compress-state
+    - update-user-password
 
 - block:
     - when: matrix_synapse_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml"
   tags:
-    - update-user-password
+    - rust-synapse-compress-state
 
 - block:
     - when: matrix_synapse_enabled | bool

From 04b9483f0d9e562398e75242452a3a166cc8b001 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 07:23:41 +0200
Subject: [PATCH 085/198] Switch from matrix-postgres to
 com.devture.ansible.role.postgres

---
 .../configuring-playbook-external-postgres.md |   2 +-
 examples/vars.yml                             |   2 +-
 group_vars/matrix_servers                     | 328 ++++++++++--------
 playbooks/matrix.yml                          |   4 +-
 requirements.yml                              |   3 +
 .../tasks/setup_install.yml                   |  12 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/migrate_nedb_to_postgres.yml        |  12 +-
 .../tasks/migrate_nedb_to_postgres.yml        |  12 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../tasks/setup_install.yml                   |   4 +-
 .../matrix-dimension/tasks/setup_install.yml  |   4 +-
 .../matrix-etherpad/tasks/validate_config.yml |   2 +-
 .../matrix-ma1sd/tasks/setup_install.yml      |   4 +-
 .../tasks/setup_install.yml                   |   2 +-
 .../custom/matrix-postgres/defaults/main.yml  | 133 -------
 .../detect_existing_postgres_version.yml      |  75 ----
 .../tasks/import_generic_sqlite_db.yml        | 102 ------
 .../matrix-postgres/tasks/import_postgres.yml | 114 ------
 .../tasks/import_synapse_sqlite_db.yml        |  89 -----
 roles/custom/matrix-postgres/tasks/main.yml   |  43 ---
 .../tasks/migrate_db_to_postgres.yml          | 176 ----------
 .../tasks/migrate_postgres_data_directory.yml |  78 -----
 .../matrix-postgres/tasks/run_vacuum.yml      |  96 -----
 .../matrix-postgres/tasks/setup_postgres.yml  | 215 ------------
 .../tasks/upgrade_postgres.yml                | 188 ----------
 .../tasks/util/create_additional_database.yml |  41 ---
 .../util/create_additional_databases.yml      |  23 --
 .../matrix-postgres/tasks/validate_config.yml |  39 ---
 .../templates/env-postgres-psql.j2            |   8 -
 .../templates/env-postgres-server.j2          |   7 -
 .../init-additional-db-user-and-role.sql.j2   |  19 -
 .../systemd/matrix-postgres.service.j2        |  46 ---
 .../matrix-change-user-admin-status.j2        |  19 -
 .../matrix-postgres-cli-non-interactive.j2    |  12 -
 .../usr-local-bin/matrix-postgres-cli.j2      |  13 -
 ...trix-postgres-update-user-password-hash.j2 |  16 -
 .../tasks/setup_install.yml                   |   4 +-
 .../compress_room.yml                         |  10 +-
 .../rust-synapse-compress-state/main.yml      |  16 +-
 .../tasks/update_user_password.yml            |  34 +-
 .../tasks/validate_config.yml                 |  12 +
 57 files changed, 287 insertions(+), 1800 deletions(-)
 delete mode 100644 roles/custom/matrix-postgres/defaults/main.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/import_postgres.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/main.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/run_vacuum.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/setup_postgres.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/upgrade_postgres.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/util/create_additional_database.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml
 delete mode 100644 roles/custom/matrix-postgres/tasks/validate_config.yml
 delete mode 100644 roles/custom/matrix-postgres/templates/env-postgres-psql.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/env-postgres-server.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2
 delete mode 100644 roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2

diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md
index 1f1a30e4..d3c16cd9 100644
--- a/docs/configuring-playbook-external-postgres.md
+++ b/docs/configuring-playbook-external-postgres.md
@@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit
 If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
 
 ```yaml
-matrix_postgres_enabled: false
+devture_postgres_enabled: false
 
 # Rewire Synapse to use your external Postgres server
 matrix_synapse_database_host: "your-postgres-server-hostname"
diff --git a/examples/vars.yml b/examples/vars.yml
index e1b6cf05..732d7eed 100644
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -35,4 +35,4 @@ matrix_ssl_lets_encrypt_support_email: ''
 #
 # The playbook creates additional Postgres users and databases (one for each enabled service)
 # using this superuser account.
-matrix_postgres_connection_password: ''
+devture_postgres_connection_password: ''
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 940a52e6..2e86eea5 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -287,7 +287,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
     +
-    ([{'name': 'matrix-postgres.service', 'priority': 500, 'groups': ['matrix', 'postgres']}] if matrix_postgres_enabled else [])
+    ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
     +
     ([{'name': 'matrix-postgres-backup.service', 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if matrix_postgres_backup_enabled else [])
     +
@@ -417,7 +417,7 @@ matrix_appservice_discord_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -428,7 +428,7 @@ matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_
 
 # We only make this use Postgres if our own Postgres server is enabled.
 # It's only then (for now) that we can automatically create the necessary database and user for this service.
-matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -509,8 +509,8 @@ matrix_appservice_slack_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
 matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -552,7 +552,7 @@ matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_gene
 
 matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
+matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
 matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
 
 
@@ -581,7 +581,7 @@ matrix_appservice_kakaotalk_systemd_required_services_list: |
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
 matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
@@ -590,7 +590,7 @@ matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserve
 
 matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -617,7 +617,7 @@ matrix_beeper_linkedin_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -655,7 +655,7 @@ matrix_go_skype_bridge_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -666,8 +666,8 @@ matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -693,7 +693,7 @@ matrix_mautrix_facebook_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -712,7 +712,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
 
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
-matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -739,7 +739,7 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -752,8 +752,8 @@ matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_pr
 
 matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -780,7 +780,7 @@ matrix_mautrix_googlechat_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -793,8 +793,8 @@ matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_
 
 matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -821,7 +821,7 @@ matrix_mautrix_instagram_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -836,7 +836,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
 
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
-matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -861,7 +861,7 @@ matrix_mautrix_signal_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
     +
@@ -910,7 +910,7 @@ matrix_mautrix_telegram_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -925,8 +925,8 @@ matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_pr
 
 matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -952,7 +952,7 @@ matrix_mautrix_twitter_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -963,8 +963,8 @@ matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
-matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if matrix_postgres_enabled else '' }}"
+matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}"
 
 ######################################################################
 #
@@ -989,7 +989,7 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1000,8 +1000,8 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge
 
 matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1027,7 +1027,7 @@ matrix_mautrix_discord_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1038,8 +1038,8 @@ matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
 
 # Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
@@ -1175,7 +1175,7 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1186,8 +1186,8 @@ matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1213,7 +1213,7 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1226,8 +1226,8 @@ matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_pr
 
 matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1254,7 +1254,7 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1265,8 +1265,8 @@ matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver
 
 matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1292,7 +1292,7 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1303,8 +1303,8 @@ matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_g
 
 matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1330,7 +1330,7 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1341,8 +1341,8 @@ matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1368,7 +1368,7 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1379,8 +1379,8 @@ matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_g
 
 matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1404,13 +1404,13 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
@@ -1465,7 +1465,7 @@ matrix_bot_maubot_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1480,8 +1480,8 @@ matrix_bot_maubot_registration_shared_secret: |-
 
 matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1504,15 +1504,15 @@ matrix_bot_honoroit_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-synapse.service'] if matrix_synapse_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
@@ -1535,15 +1535,15 @@ matrix_bot_buscarron_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-synapse.service'] if matrix_synapse_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
@@ -1569,13 +1569,13 @@ matrix_bot_postmoogle_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-synapse.service'] if matrix_synapse_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
 
 matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -1631,7 +1631,7 @@ matrix_bot_mjolnir_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
@@ -1649,26 +1649,31 @@ matrix_bot_mjolnir_systemd_required_services_list: |
 ######################################################################
 
 matrix_backup_borg_enabled: false
+
 matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
-matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}"
-matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}"
-matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}"
-matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}"
-matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}"
-matrix_backup_borg_postgresql_databases: "{{ matrix_postgres_additional_databases | map(attribute='name') if matrix_postgres_enabled else [] }}"
+
+matrix_backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
+matrix_backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
+matrix_backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
+matrix_backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
+matrix_backup_borg_postgresql_databases: "{{ devture_postgres_additional_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
+
 matrix_backup_borg_location_source_directories:
   - "{{ matrix_base_data_path }}"
+
 matrix_backup_borg_location_exclude_patterns: |
   {{
     ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
     +
-    ([matrix_postgres_data_path] if matrix_postgres_enabled else [])
+    ([devture_postgres_data_path] if devture_postgres_enabled else [])
   }}
+
 matrix_backup_borg_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
 ######################################################################
@@ -1801,13 +1806,13 @@ matrix_dimension_systemd_required_services_list: |
     +
     ['matrix-' + matrix_homeserver_implementation + '.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1826,15 +1831,17 @@ matrix_etherpad_enabled: false
 
 matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}"
 
-matrix_etherpad_base_url: "{{ 'https://'+ matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}"
+matrix_etherpad_base_url: "{{ 'https://' + matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}"
 
 matrix_etherpad_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
+matrix_etherpad_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+
 matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1998,20 +2005,20 @@ matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval
 
 matrix_ma1sd_systemd_required_services_list: |
   {{
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
 matrix_ma1sd_systemd_wanted_services_list: |
   {{
     (['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-' + matrix_homeserver_implementation + '.service'])
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-mailer.service'] if matrix_mailer_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -2204,29 +2211,49 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-postgres
-#
-######################################################################
+########################################################################
+#                                                                      #
+# com.devture.ansible.role.postgres                                    #
+#                                                                      #
+########################################################################
+
+# To completely disable installing Postgres, use `devture_postgres_enabled: false`.
+
+devture_postgres_identifier: matrix-postgres
+
+devture_postgres_architecture: "{{ matrix_architecture }}"
+
+devture_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
 
-matrix_postgres_enabled: true
+devture_postgres_container_network: "{{ matrix_docker_network }}"
 
-matrix_postgres_architecture: "{{ matrix_architecture }}"
+devture_postgres_uid: "{{ matrix_user_uid }}"
+devture_postgres_gid: "{{ matrix_user_gid }}"
 
-# We unset this if internal Postgres disabled, which will cascade to some other variables
-# and tell users they need to set it (either here or in those variables).
-matrix_postgres_connection_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
+devture_postgres_connection_username: matrix
+devture_postgres_db_name: matrix
 
-matrix_postgres_pgloader_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+devture_postgres_vacuum_default_databases_list: |
+  {{
+    (
+        ([devture_postgres_db_name])
+        +
+        (devture_postgres_additional_databases | map(attribute='name'))
+    ) | unique
+  }}
 
-matrix_postgres_additional_databases: |
+devture_postgres_systemd_services_to_stop_for_maintenance_list: |
+  {{
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+  }}
+
+devture_postgres_additional_databases: |
   {{
     ([{
       'name': matrix_synapse_database_database,
       'username': matrix_synapse_database_user,
       'password': matrix_synapse_database_password,
-    }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+    }] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_dendrite_federationapi_database,
@@ -2260,206 +2287,201 @@ matrix_postgres_additional_databases: |
       'name': matrix_dendrite_mscs_database,
       'username': matrix_dendrite_database_user,
       'password': matrix_dendrite_database_password,
-    }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_ma1sd_database_name,
       'username': matrix_ma1sd_database_username,
       'password': matrix_ma1sd_database_password,
-    }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_bot_matrix_reminder_bot_database_name,
       'username': matrix_bot_matrix_reminder_bot_database_username,
       'password': matrix_bot_matrix_reminder_bot_database_password,
-    }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_bot_honoroit_database_name,
       'username': matrix_bot_honoroit_database_username,
       'password': matrix_bot_honoroit_database_password,
-    }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_bot_postmoogle_database_name,
       'username': matrix_bot_postmoogle_database_username,
       'password': matrix_bot_postmoogle_database_password,
-    }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_bot_maubot_database_name,
       'username': matrix_bot_maubot_database_username,
       'password': matrix_bot_maubot_database_password,
-    }] if (matrix_bot_maubot_enabled  and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_bot_maubot_enabled  and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_bot_buscarron_database_name,
       'username': matrix_bot_buscarron_database_username,
       'password': matrix_bot_buscarron_database_password,
-    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_registration_database_name,
       'username': matrix_registration_database_username,
       'password': matrix_registration_database_password,
-    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_appservice_discord_database_name,
       'username': matrix_appservice_discord_database_username,
       'password': matrix_appservice_discord_database_password,
-    }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_appservice_slack_database_name,
       'username': matrix_appservice_slack_database_username,
       'password': matrix_appservice_slack_database_password,
-    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_appservice_irc_database_name,
       'username': matrix_appservice_irc_database_username,
       'password': matrix_appservice_irc_database_password,
-    }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_appservice_kakaotalk_database_name,
       'username': matrix_appservice_kakaotalk_database_username,
       'password': matrix_appservice_kakaotalk_database_password,
-    }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_beeper_linkedin_database_name,
       'username': matrix_beeper_linkedin_database_username,
       'password': matrix_beeper_linkedin_database_password,
-    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_go_skype_bridge_database_name,
       'username': matrix_go_skype_bridge_database_username,
       'password': matrix_go_skype_bridge_database_password,
-    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_facebook_database_name,
       'username': matrix_mautrix_facebook_database_username,
       'password': matrix_mautrix_facebook_database_password,
-    }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_hangouts_database_name,
       'username': matrix_mautrix_hangouts_database_username,
       'password': matrix_mautrix_hangouts_database_password,
-    }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_googlechat_database_name,
       'username': matrix_mautrix_googlechat_database_username,
       'password': matrix_mautrix_googlechat_database_password,
-    }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_instagram_database_name,
       'username': matrix_mautrix_instagram_database_username,
       'password': matrix_mautrix_instagram_database_password,
-    }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_signal_database_name,
       'username': matrix_mautrix_signal_database_username,
       'password': matrix_mautrix_signal_database_password,
-    }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_telegram_database_name,
       'username': matrix_mautrix_telegram_database_username,
       'password': matrix_mautrix_telegram_database_password,
-    }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_twitter_database_name,
       'username': matrix_mautrix_twitter_database_username,
       'password': matrix_mautrix_twitter_database_password,
-    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_whatsapp_database_name,
       'username': matrix_mautrix_whatsapp_database_username,
       'password': matrix_mautrix_whatsapp_database_password,
-    }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mautrix_discord_database_name,
       'username': matrix_mautrix_discord_database_username,
       'password': matrix_mautrix_discord_database_password,
-    }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_slack_database_name,
       'username': matrix_mx_puppet_slack_database_username,
       'password': matrix_mx_puppet_slack_database_password,
-    }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_twitter_database_name,
       'username': matrix_mx_puppet_twitter_database_username,
       'password': matrix_mx_puppet_twitter_database_password,
-    }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_instagram_database_name,
       'username': matrix_mx_puppet_instagram_database_username,
       'password': matrix_mx_puppet_instagram_database_password,
-    }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_discord_database_name,
       'username': matrix_mx_puppet_discord_database_username,
       'password': matrix_mx_puppet_discord_database_password,
-    }] if (matrix_mx_puppet_discord_enabled  and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_discord_enabled  and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_steam_database_name,
       'username': matrix_mx_puppet_steam_database_username,
       'password': matrix_mx_puppet_steam_database_password,
-    }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_mx_puppet_groupme_database_name,
       'username': matrix_mx_puppet_groupme_database_username,
       'password': matrix_mx_puppet_groupme_database_password,
-    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_dimension_database_name,
       'username': matrix_dimension_database_username,
       'password': matrix_dimension_database_password,
-    }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_etherpad_database_name,
       'username': matrix_etherpad_database_username,
       'password': matrix_etherpad_database_password,
-    }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_identifier) else [])
     +
     ([{
       'name': matrix_prometheus_postgres_exporter_database_name,
       'username': matrix_prometheus_postgres_exporter_database_username,
       'password': matrix_prometheus_postgres_exporter_database_password,
-    }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else [])
+    }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == devture_postgres_identifier) else [])
 
    }}
 
-matrix_postgres_systemd_services_to_stop_for_maintenance_list: |
-  {{
-    ['matrix-' + matrix_homeserver_implementation + '.service']
-  }}
-
-######################################################################
-#
-# /matrix-postgres
-#
-######################################################################
+########################################################################
+#                                                                      #
+# /com.devture.ansible.role.postgres                                   #
+#                                                                      #
+########################################################################
 
 ######################################################################
 #
@@ -2681,7 +2703,7 @@ matrix_synapse_systemd_required_services_list: |
   {{
     (['docker.service'])
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
   }}
@@ -2819,7 +2841,7 @@ matrix_prometheus_postgres_exporter_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
 ######################################################################
@@ -2906,11 +2928,11 @@ matrix_registration_systemd_required_services_list: |
   {{
     ['docker.service']
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+# Postgres is the default, except if not using internal Postgres server
+matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -2925,14 +2947,14 @@ matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_gener
 #
 ######################################################################
 
-matrix_postgres_backup_connection_hostname: "{{ matrix_postgres_connection_hostname }}"
-matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}"
-matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}"
-matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}"
+matrix_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
+matrix_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
+matrix_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
 
-matrix_postgres_backup_postgres_data_path: "{{ matrix_postgres_data_path if matrix_postgres_enabled else '' }}"
+matrix_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
 
-matrix_postgres_backup_databases: "{{ matrix_postgres_additional_databases | map(attribute='name') if matrix_postgres_enabled else [] }}"
+matrix_postgres_backup_databases: "{{ devture_postgres_additional_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
 
 ######################################################################
 #
@@ -2990,7 +3012,7 @@ matrix_dendrite_systemd_required_services_list: |
   {{
     (['docker.service'])
     +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
     +
     (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
   }}
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 8d2be5cb..d97b9283 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -34,7 +34,9 @@
     - custom/matrix-base
     - custom/matrix-dynamic-dns
     - custom/matrix-mailer
-    - custom/matrix-postgres
+
+    - role: galaxy/com.devture.ansible.role.postgres
+
     - custom/matrix-redis
     - custom/matrix-corporal
     - custom/matrix-bridge-appservice-discord
diff --git a/requirements.yml b/requirements.yml
index 0d77588a..69c733f0 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -18,6 +18,9 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
+- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
+  version: f9f0519b2ccc6da7e0480c7cdfe8a67814728243
+
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
 
diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
index d12229e2..142bf38c 100644
--- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
@@ -5,22 +5,22 @@
   - name: Fail with matrix_backup_borg_version advice if Postgres not enabled
     ansible.builtin.fail:
       msg: >-
-        You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
+        You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
         Consider setting `matrix_backup_borg_version` to your Postgres version manually.
-    when: not matrix_postgres_enabled
+    when: not devture_postgres_enabled
 
   - ansible.builtin.import_role:
-      name: custom/matrix-postgres
+      name: galaxy/com.devture.ansible.role.postgres
       tasks_from: detect_existing_postgres_version
 
   - name: Fail if detected Postgres version is unsupported
     ansible.builtin.fail:
-      msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
-    when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
+      msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
+    when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
 
   - name: Set the correct borg backup version to use
     ansible.builtin.set_fact:
-      matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
+      matrix_backup_borg_version: "{{ devture_postgres_detected_version }}"
 
 - name: Ensure borg paths exist
   ansible.builtin.file:
diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
index 156813de..ca304efb 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -12,7 +12,7 @@
     - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_buscarron_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -21,7 +21,7 @@
               systemd_services_to_stop: ['matrix-bot-buscarron.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
index 05dcd7c7..245e641c 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -12,7 +12,7 @@
     - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_honoroit_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -21,7 +21,7 @@
               systemd_services_to_stop: ['matrix-bot-honoroit.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
index 00e25c36..d9ff942e 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
index 993cf8e5..403814d6 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
@@ -9,7 +9,7 @@
     - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -18,7 +18,7 @@
               systemd_services_to_stop: ['matrix-bot-postmoogle.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
index f04e7f69..bb6c8551 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_appservice_discord_database_connString }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-appservice-discord.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
index 9dda2401..79978ecd 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
@@ -2,8 +2,8 @@
 
 - name: Fail if Postgres not enabled
   ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
-  when: "not matrix_postgres_enabled | bool"
+    msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
+  when: "not devture_postgres_enabled | bool"
 
 # Defaults
 
@@ -14,19 +14,19 @@
 
 # Actual import work
 
-- name: Ensure matrix-postgres is started
+- name: Ensure Postgres is started
   ansible.builtin.service:
-    name: matrix-postgres
+    name: "{{ devture_postgres_identifier }}"
     state: started
     daemon_reload: true
-  register: matrix_postgres_service_start_result
+  register: postgres_service_start_result
 
 - name: Wait a bit, so that Postgres can start
   ansible.builtin.wait_for:
     timeout: "{{ postgres_start_wait_time }}"
   delegate_to: 127.0.0.1
   become: false
-  when: "matrix_postgres_service_start_result.changed | bool"
+  when: postgres_service_start_result.changed | bool
 
 - name: Check existence of matrix-appservice-irc service
   ansible.builtin.stat:
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
index 0ed3e18b..58c125ab 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
@@ -2,8 +2,8 @@
 
 - name: Fail if Postgres not enabled
   ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
-  when: "not matrix_postgres_enabled | bool"
+    msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
+  when: "not devture_postgres_enabled | bool"
 
 # Defaults
 
@@ -14,19 +14,19 @@
 
 # Actual import work
 
-- name: Ensure matrix-postgres is started
+- name: Ensure Postgres is started
   ansible.builtin.service:
-    name: matrix-postgres
+    name: "{{ devture_postgres_identifier }}"
     state: started
     daemon_reload: true
-  register: matrix_postgres_service_start_result
+  register: postgres_service_start_result
 
 - name: Wait a bit, so that Postgres can start
   ansible.builtin.wait_for:
     timeout: "{{ postgres_start_wait_time }}"
   delegate_to: 127.0.0.1
   become: false
-  when: "matrix_postgres_service_start_result.changed | bool"
+  when: "postgres_service_start_result.changed | bool"
 
 - name: Ensure matrix-appservice-slack is stopped
   ansible.builtin.service:
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
index de1d0cb5..1a89d648 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
               dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -23,7 +23,7 @@
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
index 3864c3b5..b6d388ca 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_discord_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -23,7 +23,7 @@
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
index 4e3f16e6..b2801de8 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-facebook.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
index 095d6ccc..87e379ea 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
index e4a43c0b..23cf24c6 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-hangouts.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
index c4c48581..76ccf6bb 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-telegram.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
index 4338a691..37915f07 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -23,7 +23,7 @@
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
index 097e0b69..d7cac52c 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -47,7 +47,7 @@
     - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_discord_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -56,7 +56,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-discord.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
index 9022492f..1f3dd3d3 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@@ -45,7 +45,7 @@
     - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -54,7 +54,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-groupme.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
index 640fd6e3..730c34e6 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-instagram.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
index 4f8da659..9d2bcc61 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@@ -41,7 +41,7 @@
     - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_slack_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -50,7 +50,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-slack.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
index 14258f2e..aff6dd95 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -45,7 +45,7 @@
     - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_steam_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -54,7 +54,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-steam.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
index 2ae45d26..c948c48d 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -45,7 +45,7 @@
     - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -54,7 +54,7 @@
               systemd_services_to_stop: ['matrix-mx-puppet-twitter.service']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml
index 2aeb1e2a..e1340d25 100644
--- a/roles/custom/matrix-dimension/tasks/setup_install.yml
+++ b/roles/custom/matrix-dimension/tasks/setup_install.yml
@@ -52,7 +52,7 @@
             - {'table': 'dimension_bridges', 'column': 'isPublic', 'default': ''}
 
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_dimension_sqlite_database_path_local }}"
               dst: "{{ matrix_dimension_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -64,7 +64,7 @@
               additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}"
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-etherpad/tasks/validate_config.yml b/roles/custom/matrix-etherpad/tasks/validate_config.yml
index 10ddc584..64664894 100644
--- a/roles/custom/matrix-etherpad/tasks/validate_config.yml
+++ b/roles/custom/matrix-etherpad/tasks/validate_config.yml
@@ -4,7 +4,7 @@
   ansible.builtin.fail:
     msg: >-
       Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname"
-  when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled
+  when: matrix_etherpad_database_hostname == ''
 
 - name: Fail if wrong mode selected
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
index 9b86008a..e60b664e 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
@@ -28,7 +28,7 @@
     - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_ma1sd_sqlite_database_path_local }}"
               dst: "{{ matrix_ma1sd_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -38,7 +38,7 @@
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
index d26fff6e..ba374aff 100644
--- a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
@@ -2,7 +2,7 @@
 
 
 - ansible.builtin.import_role:
-    name: custom/matrix-postgres
+    name: galaxy/com.devture.ansible.role.postgres
     tasks_from: detect_existing_postgres_version
   when: 'matrix_postgres_backup_postgres_data_path != ""'
 
diff --git a/roles/custom/matrix-postgres/defaults/main.yml b/roles/custom/matrix-postgres/defaults/main.yml
deleted file mode 100644
index 5a0cdb6c..00000000
--- a/roles/custom/matrix-postgres/defaults/main.yml
+++ /dev/null
@@ -1,133 +0,0 @@
----
-# Project source code URL: https://github.com/postgres/postgres
-
-# Controls if the Postgres server managed by the playbook is enabled.
-# You can turn it off and use an external Postgres server by setting this to `false`.
-# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more.
-matrix_postgres_enabled: true
-
-matrix_postgres_connection_hostname: "matrix-postgres"
-matrix_postgres_connection_port: 5432
-matrix_postgres_connection_username: "matrix"
-matrix_postgres_connection_password: ""
-matrix_postgres_db_name: "matrix"
-
-matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
-matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
-
-# matrix_postgres_systemd_services_to_stop_for_maintenance_list specifies the list of systemd services to stop before vacuuming or upgrading.
-# These services will be restarted after the operation completes.
-matrix_postgres_systemd_services_to_stop_for_maintenance_list: []
-
-matrix_postgres_architecture: amd64
-
-# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
-# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
-# On ARM32, `-alpine` images fail with the following error:
-# > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
-matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
-
-matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.22{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.17{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.12{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.8{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.5{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v15: "{{ matrix_container_global_registry_prefix }}postgres:15.0{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v15 }}"
-
-# This variable is assigned at runtime. Overriding its value has no effect.
-matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
-
-matrix_postgres_docker_image_force_pull: "{{ matrix_postgres_docker_image_to_use.endswith(':latest') }}"
-
-# A list of extra arguments to pass to the container
-matrix_postgres_container_extra_arguments: []
-
-# A list of extra arguments to pass to the postgres process
-# e.g. "-c 'max_connections=200'"
-matrix_postgres_process_extra_arguments: []
-
-# Controls whether the matrix-postgres container exposes a port (tcp/5432 in the
-# container) that can be used to access the database from outside the container (e.g. with psql)
-#
-# psql postgresql://username:password@localhost:<port>/database_name
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5432"), or empty string to not expose.
-matrix_postgres_container_postgres_bind_port: ""
-
-# A list of additional (databases and their credentials) to create.
-#
-# Example:
-# matrix_postgres_additional_databases:
-#   - name: matrix_appservice_discord
-#     username: matrix_appservice_discord
-#     password: some_password
-#   - name: matrix_appservice_slack
-#     username: matrix_appservice_slack
-#     password: some_password
-matrix_postgres_additional_databases: []
-
-# A list of roles/users to avoid creating when importing (or upgrading) the database.
-# If a dump file contains the roles and they've also been created beforehand (see `matrix_postgres_additional_databases`),
-# importing would fail.
-# We either need to not create them or to ignore the `CREATE ROLE` statements in the dump.
-matrix_postgres_import_roles_to_ignore: |
-  {{
-    (
-      [matrix_postgres_connection_username]
-      +
-      matrix_postgres_additional_databases|map(attribute='username') | list
-    ) | unique
-  }}
-
-# When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid:
-# - creating users (`CREATE ROLE ..`)
-# - updating passwords for users (`ALTER ROLE matrix WITH SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...`)
-#
-# Both of these operations are done by the playbook anyway.
-# Updating passwords is especially undesirable, because older versions hash passwords using md5 and export them as md5 hashes in the dump file,
-# which is unsupported by default by newer Postgres versions (v14+).
-# When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+.
-# If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default.
-#
-# We also allow for the role name to be quoted, which is rare, but might happen for role names which are special keywords (e.g. `default`).
-matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE \\\"?({{ matrix_postgres_import_roles_to_ignore | join('|') }})\\\"?(;| WITH)"  # noqa jinja[spacing]
-
-# A list of databases to avoid creating when importing (or upgrading) the database.
-# If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`),
-# importing would fail.
-# We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump.
-matrix_postgres_import_databases_to_ignore: |
-  {{
-    (
-      [matrix_postgres_db_name]
-      +
-      matrix_postgres_additional_databases|map(attribute='name') | list
-    ) | unique
-  }}
-
-# We also allow for the database name to be quoted, which is rare, but might happen for database names which are special keywords (e.g. `default`).
-matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE \\\"?({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\\"?\\s"  # noqa jinja[spacing]
-
-# The number of seconds to wait after starting `matrix-postgres.service`
-# and before trying to run queries for creating additional databases/users against it.
-#
-# For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all.
-#
-# On ARM, we wait some more. ARM32 devices are especially known for being slow.
-# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it.
-matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}"
-
-
-matrix_postgres_pgloader_container_image_self_build: false
-matrix_postgres_pgloader_container_image_self_build_repo: "https://github.com/illagrenan/pgloader-docker.git"
-matrix_postgres_pgloader_container_image_self_build_repo_branch: "v{{ matrix_postgres_pgloader_docker_image_tag }}"
-matrix_postgres_pgloader_container_image_self_build_src_path: "{{ matrix_postgres_base_path }}/pgloader-container-src"
-
-# We use illagrenan/pgloader, instead of the more official dimitri/pgloader image,
-# because the official one only provides a `latest` tag.
-matrix_postgres_pgloader_docker_image: "{{ matrix_postgres_pgloader_docker_image_name_prefix }}illagrenan/pgloader:{{ matrix_postgres_pgloader_docker_image_tag }}"
-matrix_postgres_pgloader_docker_image_name_prefix: "{{ 'localhost/' if matrix_postgres_pgloader_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_postgres_pgloader_docker_image_tag: "3.6.2"
-matrix_postgres_pgloader_docker_image_force_pull: "{{ matrix_postgres_pgloader_docker_image.endswith(':latest') }}"
diff --git a/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml
deleted file mode 100644
index 1be8291b..00000000
--- a/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml
+++ /dev/null
@@ -1,75 +0,0 @@
----
-
-# This utility aims to determine if there is some existing Postgres version in use or not.
-# If there is, it also tries to detect the Docker image that corresponds to that version.
-#
-# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible
-# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html
-
-
-- name: Fail detection if expectation fails (Postgres not enabled)
-  ansible.builtin.fail:
-    msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)"
-  when: not matrix_postgres_enabled
-
-- name: Initialize Postgres version determination variables (default to empty)
-  ansible.builtin.set_fact:
-    matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION"
-    matrix_postgres_detected_existing: false
-    matrix_postgres_detected_version: ""
-    matrix_postgres_detected_version_corresponding_docker_image: ""
-
-- name: Determine existing Postgres version (check PG_VERSION file)
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_detection_pg_version_path }}"
-  register: result_pg_version_stat
-
-- ansible.builtin.set_fact:
-    matrix_postgres_detected_existing: true
-  when: "result_pg_version_stat.stat.exists"
-
-- name: Determine existing Postgres version (read PG_VERSION file)
-  ansible.builtin.slurp:
-    src: "{{ matrix_postgres_detection_pg_version_path }}"
-  register: result_pg_version
-  when: matrix_postgres_detected_existing | bool
-
-- name: Determine existing Postgres version (make sense of PG_VERSION file)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}"
-  when: matrix_postgres_detected_existing | bool
-
-- name: Determine corresponding Docker image to detected version (assume default of latest)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_latest }}"
-  when: "matrix_postgres_detected_version != ''"
-
-- name: Determine corresponding Docker image to detected version (use 9.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v9 }}"
-  when: "matrix_postgres_detected_version.startswith('9.')"
-
-- name: Determine corresponding Docker image to detected version (use 10.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v10 }}"
-  when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')"
-
-- name: Determine corresponding Docker image to detected version (use 11.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}"
-  when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')"
-
-- name: Determine corresponding Docker image to detected version (use 12.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
-  when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"
-
-- name: Determine corresponding Docker image to detected version (use 13.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}"
-  when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')"
-
-- name: Determine corresponding Docker image to detected version (use 14.x, if detected)
-  ansible.builtin.set_fact:
-    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v14 }}"
-  when: "matrix_postgres_detected_version == '14' or matrix_postgres_detected_version.startswith('14.')"
diff --git a/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml
deleted file mode 100644
index c3fff520..00000000
--- a/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml
+++ /dev/null
@@ -1,102 +0,0 @@
----
-
-# Pre-checks
-
-- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import."
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Fail if playbook called incorrectly
-  ansible.builtin.fail:
-    msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars"
-  when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')"
-
-- name: Check if the provided SQLite database file exists
-  ansible.builtin.stat:
-    path: "{{ sqlite_database_path }}"
-  register: sqlite_database_path_stat_result
-
-- name: Fail if provided SQLite database file doesn't exist
-  ansible.builtin.fail:
-    msg: "File cannot be found on the server at {{ sqlite_database_path }}"
-  when: "not sqlite_database_path_stat_result.stat.exists"
-
-# We either expect `postgres_db_connection_string` specifying a full Postgres database connection string,
-# or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string.
-
-- when: 'postgres_connection_string_variable_name is defined'
-  block:
-    - name: Fail if postgres_connection_string_variable_name points to an undefined variable
-      ansible.builtin.fail:
-        msg: "postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`"
-      when: "postgres_connection_string_variable_name not in vars"
-
-    - name: Get Postgres connection string from variable
-      ansible.builtin.set_fact:
-        postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}"
-
-- name: Fail if playbook called incorrectly
-  ansible.builtin.fail:
-    msg: >-
-      Either a `postgres_db_connection_string` variable or a `postgres_connection_string_variable_name` needs to be provided to this playbook, via `--extra-vars`.
-      Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:<port>/database_name"` or `--extra-vars="postgres_connection_string_variable_name=matrix_appservice_discord_database_connString"`
-  when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')"
-
-
-# Defaults
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-
-# Actual import work
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-  register: matrix_postgres_service_start_result
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "matrix_postgres_service_start_result.changed | bool"
-
-- name: Import SQLite database from {{ sqlite_database_path }} into Postgres  # noqa name[template]
-  ansible.builtin.command:
-    cmd: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run
-      --rm
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --mount type=bind,src={{ sqlite_database_path }},dst=/in.db,ro
-      --entrypoint=/bin/sh
-      {{ matrix_postgres_pgloader_docker_image }}
-      -c
-      'pgloader /in.db {{ postgres_db_connection_string }}'
-  register: matrix_postgres_import_generic_sqlite_db_import_result
-  changed_when: matrix_postgres_import_generic_sqlite_db_import_result.rc == 0
-
-- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup)  # noqa name[template]
-  ansible.builtin.command:
-    cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup"
-  register: matrix_postgres_import_generic_sqlite_db_move_result
-  changed_when: matrix_postgres_import_generic_sqlite_db_move_result.rc == 0
-
-- name: Inject result
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: Your SQLite database file has been imported into Postgres. The original file has been moved from `{{ sqlite_database_path }}` to `{{ sqlite_database_path }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file."
-        ]
-      }}
diff --git a/roles/custom/matrix-postgres/tasks/import_postgres.yml b/roles/custom/matrix-postgres/tasks/import_postgres.yml
deleted file mode 100644
index d21333ad..00000000
--- a/roles/custom/matrix-postgres/tasks/import_postgres.yml
+++ /dev/null
@@ -1,114 +0,0 @@
----
-
-# Pre-checks
-
-- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import."
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Fail if playbook called incorrectly
-  ansible.builtin.fail:
-    msg: "The `server_path_postgres_dump` variable needs to be provided to this playbook, via --extra-vars"
-  when: "server_path_postgres_dump is not defined or server_path_postgres_dump.startswith('<')"
-
-- name: Check if the provided Postgres dump file exists
-  ansible.builtin.stat:
-    path: "{{ server_path_postgres_dump }}"
-  register: result_server_path_postgres_dump_stat
-
-- name: Fail if provided Postgres dump file doesn't exists
-  ansible.builtin.fail:
-    msg: "File cannot be found on the server at {{ server_path_postgres_dump }}"
-  when: "not result_server_path_postgres_dump_stat.stat.exists"
-
-
-# Defaults
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-- name: Set postgres_import_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_import_wait_time: "{{ 7 * 86400 }}"
-  when: "postgres_import_wait_time | default('') == ''"
-
-# By default, we connect and import into the main (`matrix`) database.
-# Single-database dumps for Synapse may wish to import into `synapse` instead.
-- name: Set postgres_default_import_database, if not provided
-  ansible.builtin.set_fact:
-    postgres_default_import_database: "{{ matrix_postgres_db_name }}"
-  when: "postgres_default_import_database | default('') == ''"
-
-# Actual import work
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-  register: matrix_postgres_import_start_result
-
-- name: Wait a bit, so that Postgres can start
-  when: matrix_postgres_import_start_result.changed | bool
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml
-
-- name: Abort, if no existing Postgres version detected
-  ansible.builtin.fail:
-    msg: "Could not find existing Postgres installation"
-  when: "not matrix_postgres_detected_existing | bool"
-
-# Starting the database container had automatically created the default
-# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`).
-# The dump most likely contains those same entries and would try to re-create them, leading to errors.
-# We need to skip over those lines.
-- name: Generate Postgres database import command
-  ansible.builtin.set_fact:
-    matrix_postgres_import_command: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import
-      --log-driver=none
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      --mount type=bind,src={{ server_path_postgres_dump }},dst=/{{ server_path_postgres_dump | basename }},ro
-      --entrypoint=/bin/sh
-      {{ matrix_postgres_docker_image_latest }}
-      -c "cat /{{ server_path_postgres_dump | basename }} |
-      {{ 'gunzip |' if server_path_postgres_dump.endswith('.gz') else '' }}
-      grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' |
-      grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' |
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname={{ postgres_default_import_database }}"
-  tags:
-    - skip_ansible_lint
-
-# This is a hack.
-# See: https://ansibledaily.com/print-to-standard-output-without-escaping/
-#
-# We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it,
-# which ruins the command (`matrix_postgres_import_command`)
-- name: Note about Postgres importing alternative
-  ansible.builtin.set_fact:
-    dummy: true
-  with_items:
-    - >-
-        Importing Postgres database using the following command: `{{ matrix_postgres_import_command }}`.
-        If this crashes, you can stop Postgres (`systemctl stop matrix-postgres`),
-        delete its existing data (`rm -rf {{ matrix_postgres_data_path }}/*`), start it again (`systemctl start matrix-postgres`)
-        and manually run the above import command directly on the server.
-
-- name: Perform Postgres database import
-  ansible.builtin.command:
-    cmd: "{{ matrix_postgres_import_command }}"
-  async: "{{ postgres_import_wait_time }}"
-  poll: 10
-  register: matrix_postgres_import_postgres_command_result
-  failed_when: not matrix_postgres_import_postgres_command_result.finished or matrix_postgres_import_postgres_command_result.rc != 0
-  changed_when: matrix_postgres_import_postgres_command_result.finished and matrix_postgres_import_postgres_command_result.rc == 0
diff --git a/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml
deleted file mode 100644
index b885ea97..00000000
--- a/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml
+++ /dev/null
@@ -1,89 +0,0 @@
----
-
-# Pre-checks
-
-- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import."
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Fail if playbook called incorrectly
-  ansible.builtin.fail:
-    msg: "The `server_path_homeserver_db` variable needs to be provided to this playbook, via --extra-vars"
-  when: "server_path_homeserver_db is not defined or server_path_homeserver_db.startswith('<')"
-
-- name: Check if the provided SQLite homeserver.db file exists
-  ansible.builtin.stat:
-    path: "{{ server_path_homeserver_db }}"
-  register: result_server_path_homeserver_db_stat
-
-- name: Fail if provided SQLite homeserver.db file doesn't exist
-  ansible.builtin.fail:
-    msg: "File cannot be found on the server at {{ server_path_homeserver_db }}"
-  when: "not result_server_path_homeserver_db_stat.stat.exists"
-
-
-# Defaults
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-
-# Actual import work
-
-- name: Ensure matrix-postgres is stopped
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: stopped
-    daemon_reload: true
-
-- name: Ensure postgres data is wiped out
-  ansible.builtin.file:
-    path: "{{ matrix_postgres_data_path }}"
-    state: absent
-
-- name: Ensure postgres data path exists
-  ansible.builtin.file:
-    path: "{{ matrix_postgres_data_path }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: restarted
-    daemon_reload: true
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-# We don't use the `docker_container` module, because using it with `cap_drop` requires
-# a very recent version, which is not available for a lot of people yet.
-#
-# Also, some old `docker_container` versions were buggy and would leave containers behind
-# on failure, which we had to work around to allow retries (by re-running the playbook).
-- name: Import SQLite database into Postgres
-  ansible.builtin.command:
-    cmd: |
-      docker run
-      --rm
-      --name=matrix-synapse-migrate
-      --log-driver=none
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --entrypoint=python
-      --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
-      --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store
-      --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }}
-      {{ matrix_synapse_docker_image_final }}
-      /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml
-  register: matrix_postgres_import_synapse_sqlite_db_result
-  changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0
diff --git a/roles/custom/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml
deleted file mode 100644
index 02f53b73..00000000
--- a/roles/custom/matrix-postgres/tasks/main.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup | bool and matrix_postgres_enabled | bool"
-  tags:
-    - setup-all
-    - setup-postgres
-    - install-postgres
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres.yml"
-  when: run_setup | bool
-  tags:
-    - setup-all
-    - setup-postgres
-    - install-postgres
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_postgres.yml"
-  when: run_postgres_import | bool
-  tags:
-    - import-postgres
-
-# The `run_postgres_import_sqlite_db` variable had better be renamed to be consistent,
-# but that's a breaking change which may cause trouble for people.
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_synapse_sqlite_db.yml"
-  when: run_postgres_import_sqlite_db | bool
-  tags:
-    - import-synapse-sqlite-db
-
-# Perhaps we need a new variable here, instead of `run_postgres_import_sqlite_db`.
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_generic_sqlite_db.yml"
-  when: run_postgres_import_sqlite_db | bool
-  tags:
-    - import-generic-sqlite-db
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml"
-  when: run_postgres_upgrade | bool
-  tags:
-    - upgrade-postgres
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_vacuum.yml"
-  when: run_postgres_vacuum | bool
-  tags:
-    - run-postgres-vacuum
diff --git a/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml
deleted file mode 100644
index dca284ad..00000000
--- a/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml
+++ /dev/null
@@ -1,176 +0,0 @@
----
-
-- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Fail if util called incorrectly (missing matrix_postgres_db_migration_request)
-  ansible.builtin.fail:
-    msg: "The `matrix_postgres_db_migration_request` variable needs to be provided to this util."
-  when: "matrix_postgres_db_migration_request is not defined"
-
-- name: Fail if util called incorrectly (invalid matrix_postgres_db_migration_request)
-  ansible.builtin.fail:
-    msg: "The `matrix_postgres_db_migration_request` variable needs to contain `{{ item }}`."
-  with_items:
-    - src
-    - dst
-    - caller
-    - engine_variable_name
-    - systemd_services_to_stop
-  when: "item not in matrix_postgres_db_migration_request"
-
-- name: Check if the provided source database file exists
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_db_migration_request.src }}"
-  register: matrix_postgres_db_migration_request_src_stat_result
-
-- name: Fail if provided source database file doesn't exist
-  ansible.builtin.fail:
-    msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}"
-  when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists"
-
-- when: "matrix_postgres_pgloader_container_image_self_build | bool"
-  block:
-    - name: Ensure pgloader repository is present on self-build
-      ansible.builtin.git:
-        repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}"
-        dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}"
-        version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}"
-        force: "yes"
-      become: true
-      become_user: "{{ matrix_user_username }}"
-      register: matrix_postgres_pgloader_git_pull_results
-
-    # If `stable` is used, we hit an error when processing /opt/src/pgloader/build/quicklisp/dists/quicklisp/software/uax-15-20201220-git/data/CompositionExclusions.txt:
-    # > the octet sequence #(194) cannot be decoded
-    #
-    # The issue is described here and is not getting fixed for months: https://github.com/dimitri/pgloader/pull/1179
-    #
-    # Although we're not using the dimitri/pgloader image, the one we're using suffers from the same problem.
-    - name: Switch pgloader base image from Debian stable (likely 10.x/Buster) to Bullseye
-      ansible.builtin.lineinfile:
-        path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}/Dockerfile"
-        regexp: "{{ item.match }}"
-        line: "{{ item.replace }}"
-      with_items:
-        - match: '^FROM debian:stable-slim as builder$'
-          replace: 'FROM debian:bullseye-slim as builder'
-        - match: '^FROM debian:stable-slim$'
-          replace: 'FROM debian:bullseye-slim'
-
-    - name: Ensure pgloader Docker image is built
-      community.docker.docker_image:
-        name: "{{ matrix_postgres_pgloader_docker_image }}"
-        source: build
-        force_source: "{{ matrix_postgres_pgloader_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_pgloader_git_pull_results.changed }}"
-        build:
-          dockerfile: Dockerfile
-          path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}"
-          pull: true
-
-- name: Ensure pgloader Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_postgres_pgloader_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_postgres_pgloader_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_pgloader_docker_image_force_pull }}"
-  when: "not matrix_postgres_pgloader_container_image_self_build"
-
-# Defaults
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-# Actual import work
-
-# matrix-postgres is most likely started already
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-  register: matrix_postgres_service_start_result
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "matrix_postgres_service_start_result.changed | bool"
-
-# We only stop services here, leaving it to the caller to start them later.
-#
-# We can't start them, because they probably need to be reconfigured too (changing the configuration from using SQLite to Postgres, etc.),
-# before starting.
-#
-# Since the caller will be starting them, it might make sense to leave stopping to it as well.
-# However, we don't do it, because it's simpler having it here, and it also gets to happen only if we'll be doing an import.
-# If we bailed out (somewhere above), nothing would have gotten stopped. It's nice to leave this running in such cases.
-- name: Ensure systemd services blocking the database import are stopped
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: stopped
-  failed_when: false
-  with_items: "{{ matrix_postgres_db_migration_request.systemd_services_to_stop }}"
-
-- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres  # noqa name[template]
-  ansible.builtin.command:
-    cmd: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run
-      --rm
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --mount type=bind,src={{ matrix_postgres_db_migration_request.src }},dst=/in.db,ro
-      --entrypoint=/bin/sh
-      {{ matrix_postgres_pgloader_docker_image }}
-      -c
-      'pgloader {{ matrix_postgres_db_migration_request.pgloader_options | default([]) | join(' ') }} /in.db {{ matrix_postgres_db_migration_request.dst }}'
-  register: matrix_postgres_migrate_db_to_postgres_import_result
-  changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0
-
-- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0"
-  block:
-    - ansible.builtin.import_role:
-        name: custom/matrix-postgres
-        tasks_from: detect_existing_postgres_version
-
-    - ansible.builtin.set_fact:
-        matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}"
-
-    - name: Execute additional Postgres SQL migration statements
-      ansible.builtin.command:
-        cmd: >-
-          {{ devture_systemd_docker_base_host_command_docker }} run
-          --rm
-          --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-          --cap-drop=ALL
-          --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-          --network={{ matrix_docker_network }}
-          {{ matrix_postgres_docker_image_to_use }}
-          psql --host=matrix-postgres --dbname={{ matrix_postgres_db_migration_request.additional_psql_statements_db_name }} --command='{{ item }}'
-      with_items: "{{ matrix_postgres_db_migration_request.additional_psql_statements_list }}"
-      register: matrix_postgres_migrate_db_to_postgres_additional_queries_result
-      changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0
-
-- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup)  # noqa name[template]
-  ansible.builtin.command:
-    cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup"
-  register: matrix_postgres_migrate_db_to_postgres_move_result
-  changed_when: matrix_postgres_migrate_db_to_postgres_move_result.rc == 0
-
-- name: Inject result
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: Your {{ matrix_postgres_db_migration_request.engine_old }} database file has been imported into Postgres. The original database file has been moved from `{{ matrix_postgres_db_migration_request.src }}` to `{{ matrix_postgres_db_migration_request.src }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file."
-        ]
-      }}
diff --git a/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml
deleted file mode 100644
index 062a05c4..00000000
--- a/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-
-# We used to store Postgres data directly under `/matrix/postgres` (what is now considered `matrix_postgres_base_path`).
-#
-# From now on, we expect to store Postgres data one directory below now (`/matrix/postgres/data` - `matrix_postgres_data_path`).
-# We wish to use the base directory for other purposes (storing environment variable files, etc.).
-# Mixing those with the Postgres data is no good and it leads to Postgres's `initdb` complaining to initialize
-# a database in a non-empty directory.
-#
-# For this reason, we store the Postgres data in `/matrix/postgres/data` and need to relocate any installations
-# which still store it in the parent directory (`/matrix/postgres`).
-#
-# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible
-# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html
-
-- name: Check if old Postgres data directory is used
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_base_path }}/PG_VERSION"
-  register: result_pg_old_data_dir_stat
-
-- name: Warn if old Postgres data directory detected
-  ansible.builtin.debug:
-    msg: >
-      Found that you have Postgres data in `{{ matrix_postgres_base_path }}`.
-      From now on, Postgres data is supposed to be stored in `{{ matrix_postgres_data_path }}` instead.
-      We'll stop Postgres and relocate the files there for you.
-  when: "result_pg_old_data_dir_stat.stat.exists"
-
-# We should stop Postgres first, before building a list of files,
-# as to ignore any `postmaster.pid` files, etc.
-- name: Ensure matrix-postgres is stopped
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: stopped
-    daemon_reload: true
-  when: "result_pg_old_data_dir_stat.stat.exists"
-
-- name: Find files and directories in old Postgres data path
-  ansible.builtin.find:
-    paths: "{{ matrix_postgres_base_path }}"
-    file_type: any
-    excludes: ["data"]
-  register: "result_pg_old_data_dir_find"
-  when: "result_pg_old_data_dir_stat.stat.exists"
-
-- name: Ensure new Postgres data path exists
-  ansible.builtin.file:
-    path: "{{ matrix_postgres_data_path }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  when: "result_pg_old_data_dir_stat.stat.exists"
-
-- when: "result_pg_old_data_dir_stat.stat.exists"
-  block:
-    - name: Relocate Postgres data files from old directory to new
-      ansible.builtin.command:
-        cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}"
-      with_items: "{{ result_pg_old_data_dir_find.files }}"
-      register: matrix_postgres_migrate_postgres_data_directory_move_result
-      changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0
-
-# Intentionally not starting matrix-postgres here.
-# It likely needs to be updated to point to the new directory.
-# In fact, let's even get rid of the outdated service, to ensure no one will start it
-# and have it initialize a new database.
-
-- name: Ensure outdated matrix-postgres.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service"
-    state: absent
-  when: "result_pg_old_data_dir_stat.stat.exists"
-
-- name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "result_pg_old_data_dir_stat.stat.exists"
diff --git a/roles/custom/matrix-postgres/tasks/run_vacuum.yml b/roles/custom/matrix-postgres/tasks/run_vacuum.yml
deleted file mode 100644
index dfa4be7a..00000000
--- a/roles/custom/matrix-postgres/tasks/run_vacuum.yml
+++ /dev/null
@@ -1,96 +0,0 @@
----
-
-# Pre-checks
-
-- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run vacuum."
-  when: "not matrix_postgres_enabled | bool"
-
-
-# Defaults
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-- name: Set postgres_vacuum_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_vacuum_wait_time: "{{ 7 * 86400 }}"
-  when: "postgres_vacuum_wait_time | default('') == ''"
-
-
-# Actual vacuuming work
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-  register: matrix_postgres_vacuum_start_result
-
-- name: Wait a bit, so that Postgres can start
-  when: matrix_postgres_vacuum_start_result.changed | bool
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml
-
-- name: Abort, if no existing Postgres version detected
-  ansible.builtin.fail:
-    msg: "Could not find existing Postgres installation"
-  when: "not matrix_postgres_detected_existing | bool"
-
-- name: Generate Postgres database vacuum command
-  ansible.builtin.set_fact:
-    matrix_postgres_vacuum_command: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      {{ matrix_postgres_docker_image_latest }}
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c 'VACUUM FULL VERBOSE'
-
-- name: Note about Postgres vacuum alternative
-  ansible.builtin.debug:
-    msg: >-
-      Running vacuum with the following Postgres ansible.builtin.command: `{{ matrix_postgres_vacuum_command }}`.
-      If this crashes, you can stop all processes (`systemctl stop matrix-*`),
-      start Postgres only (`systemctl start matrix-postgres`)
-      and manually run the above command directly on the server.
-
-- name: Populate service facts
-  ansible.builtin.service_facts:
-
-- ansible.builtin.set_fact:
-    matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service'] | default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}"
-
-- name: Ensure services are stopped
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: stopped
-    daemon_reload: true
-  with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}"
-
-- name: Run Postgres vacuum command
-  ansible.builtin.command: "{{ matrix_postgres_vacuum_command }}"
-  async: "{{ postgres_vacuum_wait_time }}"
-  poll: 10
-  register: matrix_postgres_synapse_vacuum_result
-  failed_when: not matrix_postgres_synapse_vacuum_result.finished or matrix_postgres_synapse_vacuum_result.rc != 0
-  changed_when: matrix_postgres_synapse_vacuum_result.finished and matrix_postgres_synapse_vacuum_result.rc == 0
-
-# Intentionally show the results
-- ansible.builtin.debug:
-    var: "matrix_postgres_synapse_vacuum_result"
-
-- name: Ensure services are started
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: started
-    daemon_reload: true
-  with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}"
diff --git a/roles/custom/matrix-postgres/tasks/setup_postgres.yml b/roles/custom/matrix-postgres/tasks/setup_postgres.yml
deleted file mode 100644
index bba0d798..00000000
--- a/roles/custom/matrix-postgres/tasks/setup_postgres.yml
+++ /dev/null
@@ -1,215 +0,0 @@
----
-
-#
-# Tasks related to setting up an internal postgres server
-#
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml"
-  when: matrix_postgres_enabled | bool
-
-- ansible.builtin.import_tasks: "{{ role_path }}/tasks/detect_existing_postgres_version.yml"
-  when: matrix_postgres_enabled | bool
-
-# If we have found an existing version (installed from before), we use its corresponding Docker image.
-# If not, we install using the latest Postgres.
-#
-# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`).
-- ansible.builtin.set_fact:
-    matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}"
-  when: matrix_postgres_enabled | bool
-
-- name: Abort if on an unsupported Postgres version
-  ansible.builtin.fail:
-    msg: "You're on Postgres {{ matrix_postgres_detected_version }}, which is no longer supported. To upgrade, see docs/maintenance-postgres.md"
-  when: "matrix_postgres_enabled | bool and matrix_postgres_detected_version.startswith('9.')"
-
-- name: Inject warning if on an old version of Postgres
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres"
-        ]
-      }}
-  when: "matrix_postgres_enabled | bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest"
-
-# Even if we don't run the internal server, we still need this for running the CLI
-- name: Ensure postgres Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_postgres_docker_image_to_use }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}"
-  when: matrix_postgres_enabled | bool
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure Postgres paths exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - "{{ matrix_postgres_base_path }}"
-    - "{{ matrix_postgres_data_path }}"
-  when: matrix_postgres_enabled | bool
-
-# We do this as a separate task, because:
-# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is)
-# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true
-- name: Ensure Postgres data path ownership is correct
-  ansible.builtin.file:
-    path: "{{ matrix_postgres_data_path }}"
-    state: directory
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    recurse: true
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure Postgres environment variables file created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_postgres_base_path }}/{{ item }}"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    mode: 0640
-  with_items:
-    - "env-postgres-psql"
-    - "env-postgres-server"
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure matrix-postgres-cli script created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli"
-    mode: 0755
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure matrix-postgres-cli-non-interactive script created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive"
-    mode: 0755
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure matrix-change-user-admin-status script created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status"
-    mode: 0755
-  when: matrix_postgres_enabled | bool
-
-- name: (Migration) Ensure old matrix-make-user-admin script deleted
-  ansible.builtin.file:
-    path: "{{ matrix_local_bin_path }}/matrix-make-user-admin"
-    state: absent
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure matrix-postgres-update-user-password-hash script created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash"
-    mode: 0755
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure matrix-postgres.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service"
-    mode: 0644
-  register: matrix_postgres_systemd_service_result
-  when: matrix_postgres_enabled | bool
-
-- name: Ensure systemd reloaded after matrix-postgres.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_postgres_enabled | bool and matrix_postgres_systemd_service_result.changed"
-
-- ansible.builtin.include_tasks:
-    file: "{{ role_path }}/tasks/util/create_additional_databases.yml"
-    apply:
-      tags:
-        - always
-  when: "matrix_postgres_enabled | bool and matrix_postgres_additional_databases|length > 0"
-
-- name: Check existence of matrix-postgres backup data path
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup"
-  register: matrix_postgres_data_backup_path_stat
-  when: "matrix_postgres_enabled | bool"
-
-- name: Inject warning if backup data remains
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory."
-        ]
-      }}
-  when: "matrix_postgres_enabled | bool and matrix_postgres_data_backup_path_stat.stat.exists"
-
-
-#
-# Tasks related to getting rid of the internal postgres server (if it was previously enabled)
-#
-
-- name: Check existence of matrix-postgres service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service"
-  register: matrix_postgres_service_stat
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Ensure matrix-postgres is stopped
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: stopped
-    daemon_reload: true
-  when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists"
-
-- name: Ensure matrix-postgres.service doesn't exist
-  ansible.builtin.file:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service"
-    state: absent
-  when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-postgres.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists"
-
-- name: Check existence of matrix-postgres local data path
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_data_path }}"
-  register: matrix_postgres_data_path_stat
-  when: "not matrix_postgres_enabled | bool"
-
-# We just want to notify the user. Deleting data is too destructive.
-- name: Inject warning if matrix-postgres local data remains
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
-        ]
-      }}
-  when: "not matrix_postgres_enabled | bool and matrix_postgres_data_path_stat.stat.exists"
-
-- name: Remove Postgres scripts
-  ansible.builtin.file:
-    path: "{{ matrix_local_bin_path }}/{{ item }}"
-    state: absent
-  with_items:
-    - matrix-postgres-cli
-    - matrix-change-user-admin-status
-    - matrix-postgres-update-user-password-hash
-  when: "not matrix_postgres_enabled | bool"
diff --git a/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml
deleted file mode 100644
index d5f7e6c3..00000000
--- a/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml
+++ /dev/null
@@ -1,188 +0,0 @@
----
-
-- name: Set default postgres_dump_dir, if not provided
-  ansible.builtin.set_fact:
-    postgres_dump_dir: "/tmp"
-  when: "postgres_dump_dir | default('') == ''"
-
-- name: Set postgres_dump_name, if not provided
-  ansible.builtin.set_fact:
-    postgres_dump_name: "matrix-postgres-dump.sql.gz"
-  when: "postgres_dump_name | default('') == ''"
-
-- name: Set postgres_auto_upgrade_backup_data_path, if not provided
-  ansible.builtin.set_fact:
-    postgres_auto_upgrade_backup_data_path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup"
-  when: "postgres_auto_upgrade_backup_data_path | default('') == ''"
-
-- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-- name: Set postgres_force_upgrade, if not provided
-  ansible.builtin.set_fact:
-    postgres_force_upgrade: false
-  when: "postgres_force_upgrade | default('') == ''"
-
-- name: Fail, if trying to upgrade external Postgres database
-  ansible.builtin.fail:
-    msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
-  when: "not matrix_postgres_enabled | bool"
-
-- name: Check Postgres auto-upgrade backup data directory
-  ansible.builtin.stat:
-    path: "{{ postgres_auto_upgrade_backup_data_path }}"
-  register: result_auto_upgrade_path
-
-- name: Abort, if existing Postgres auto-upgrade data path detected
-  ansible.builtin.fail:
-    msg: "Detected that a left-over {{ postgres_auto_upgrade_backup_data_path }} exists. You should rename it to {{ matrix_postgres_data_path }} if the previous upgrade went wrong, or delete it if it went well."
-  when: "result_auto_upgrade_path.stat.exists"
-
-- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml
-
-- name: Abort, if no existing Postgres version detected
-  ansible.builtin.fail:
-    msg: "Could not find existing Postgres installation"
-  when: "not matrix_postgres_detected_existing | bool"
-
-- name: Abort, if already at latest Postgres version
-  ansible.builtin.fail:
-    msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do"
-  when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade"
-
-- ansible.builtin.debug:
-    msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}"
-
-- name: Ensure services are stopped
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: stopped
-    daemon_reload: true
-  with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}"
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-# We dump all databases, roles, etc.
-#
-# Because we'll be importing into a new container which initializes the default
-# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`) by itself on startup,
-# we need to remove these from the dump, or we'll get errors saying these already exist.
-- name: Perform Postgres database dump
-  ansible.builtin.command:
-    cmd: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-dump
-      --log-driver=none
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      --entrypoint=/bin/sh
-      --mount type=bind,src={{ postgres_dump_dir }},dst=/out
-      {{ matrix_postgres_detected_version_corresponding_docker_image }}
-      -c "pg_dumpall -h matrix-postgres
-      {{ '| gzip -c ' if postgres_dump_name.endswith('.gz') else '' }}
-      > /out/{{ postgres_dump_name }}"
-  register: matrix_postgres_upgrade_postgres_dump_command_result
-  changed_when: matrix_postgres_upgrade_postgres_dump_command_result.rc == 0
-  tags:
-    - skip_ansible_lint
-
-- name: Ensure matrix-postgres is stopped
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: stopped
-
-- name: Rename existing Postgres data directory
-  ansible.builtin.command:
-    cmd: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}"
-  register: matrix_postgres_upgrade_postgres_move_command_result
-  changed_when: matrix_postgres_upgrade_postgres_move_command_result.rc == 0
-
-- ansible.builtin.debug:
-    msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation."
-
-- ansible.builtin.import_tasks: tasks/setup_postgres.yml
-
-- name: Ensure matrix-postgres autoruns and is restarted
-  ansible.builtin.service:
-    name: matrix-postgres
-    enabled: true
-    state: restarted
-    daemon_reload: true
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-
-# Starting the database container had automatically created the default
-# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`).
-# The dump most likely contains those same entries and would try to re-create them, leading to errors.
-# We need to skip over those lines.
-- name: Generate Postgres database import command
-  ansible.builtin.set_fact:
-    matrix_postgres_import_command: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import
-      --log-driver=none
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      --entrypoint=/bin/sh
-      --mount type=bind,src={{ postgres_dump_dir }},dst=/in,ro
-      {{ matrix_postgres_docker_image_latest }}
-      -c "cat /in/{{ postgres_dump_name }} |
-      {{ 'gunzip |' if postgres_dump_name.endswith('.gz') else '' }}
-      grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' |
-      grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' |
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres"
-  tags:
-    - skip_ansible_lint
-
-# This is a hack.
-# See: https://ansibledaily.com/print-to-standard-output-without-escaping/
-#
-# We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it,
-# which ruins the command (`matrix_postgres_import_command`)
-- name: Note about Postgres importing
-  ansible.builtin.set_fact:
-    dummy: true
-  with_items:
-    - >-
-        Importing Postgres database using the following command: `{{ matrix_postgres_import_command }}`.
-        If this crashes, you can stop Postgres (`systemctl stop matrix-postgres`),
-        delete the new database data (`rm -rf {{ matrix_postgres_data_path }}`)
-        and restore the automatically-made backup (`mv {{ postgres_auto_upgrade_backup_data_path }} {{ matrix_postgres_data_path }}`).
-
-- name: Perform Postgres database import
-  ansible.builtin.command:
-    cmd: "{{ matrix_postgres_import_command }}"
-  register: matrix_postgres_upgrade_postgres_import_command_result
-  changed_when: matrix_postgres_upgrade_postgres_import_command_result.rc == 0
-
-- name: Delete Postgres database dump file
-  ansible.builtin.file:
-    path: "{{ postgres_dump_dir }}/{{ postgres_dump_name }}"
-    state: absent
-
-- name: Ensure services are started
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: started
-    daemon_reload: true
-  with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}"
-
-- ansible.builtin.debug:
-    msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well."
diff --git a/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml
deleted file mode 100644
index ce441ee1..00000000
--- a/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-
-# It'd be better if this is belonged to `validate_config.yml`, but it would have to be some loop-within-a-loop there,
-# and that's ugly. We also don't expect this to catch errors often. It's more of a defensive last-minute check.
-- name: Fail if additional database data appears invalid
-  ansible.builtin.fail:
-    msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}"
-  when: "item not in additional_db"
-  with_items: "{{ ['name', 'username', 'password'] }}"
-
-# The SQL statements that we'll run against Postgres are stored in a file that others can't read.
-# This file will be mounted into the container and fed to Postgres.
-# This way, we avoid passing sensitive data around in CLI commands that other users on the system can see.
-- name: Create additional database initialization SQL file for {{ additional_db.name }}
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/sql/init-additional-db-user-and-role.sql.j2"
-    dest: "/tmp/matrix-postgres-init-additional-db-user-and-role.sql"
-    mode: 0600
-    owner: "{{ matrix_user_uid }}"
-    group: "{{ matrix_user_gid }}"
-
-- name: Execute Postgres additional database initialization SQL file for {{ additional_db.name }}
-  ansible.builtin.command:
-    cmd: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run
-      --rm
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      --network {{ matrix_docker_network }}
-      --mount type=bind,src=/tmp/matrix-postgres-init-additional-db-user-and-role.sql,dst=/matrix-postgres-init-additional-db-user-and-role.sql,ro
-      --entrypoint=/bin/sh
-      {{ matrix_postgres_docker_image_to_use }}
-      -c
-      'psql -h {{ matrix_postgres_connection_hostname }} --file=/matrix-postgres-init-additional-db-user-and-role.sql'
-  changed_when: true
-
-- name: Delete additional database initialization SQL file for {{ additional_db.name }}
-  ansible.builtin.file:
-    path: /tmp/matrix-postgres-init-additional-db-user-and-role.sql
-    state: absent
diff --git a/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml
deleted file mode 100644
index 7fe5713e..00000000
--- a/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: Ensure matrix-postgres is started
-  ansible.builtin.service:
-    name: matrix-postgres
-    state: started
-    daemon_reload: true
-  register: matrix_postgres_service_start_result
-
-- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds }}"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "matrix_postgres_service_start_result.changed | bool"
-
-- name: Create additional Postgres user and database
-  ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/create_additional_database.yml"
-  with_items: "{{ matrix_postgres_additional_databases }}"
-  loop_control:
-    loop_var: additional_db
-  # Suppress logging to avoid dumping the credentials to the shell
-  no_log: true
diff --git a/roles/custom/matrix-postgres/tasks/validate_config.yml b/roles/custom/matrix-postgres/tasks/validate_config.yml
deleted file mode 100644
index a6225632..00000000
--- a/roles/custom/matrix-postgres/tasks/validate_config.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-
-- name: (Deprecation) Warn about matrix_postgres_use_external usage
-  ansible.builtin.fail:
-    msg: >
-      The `matrix_postgres_use_external` variable defined in your configuration is not used by this playbook anymore!
-      You'll need to adapt to the new way of using an external Postgres server.
-      It's a combination of `matrix_postgres_enabled: false` and specifying Postgres connection
-      details in a few `matrix_postgres_connection_` variables.
-      See the "Using an external PostgreSQL server (optional)" documentation page.
-  when: "'matrix_postgres_use_external' in vars"
-
-# This is separate (from the other required variables below),
-# because we'd like to have a friendlier message for our existing users.
-- name: Fail if matrix_postgres_connection_password not defined
-  ansible.builtin.fail:
-    msg: >-
-      The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes.
-      You need to perform multiple manual steps to resolve this.
-      See our changelog for more details:
-      https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention
-  when: "matrix_postgres_connection_password == ''"
-
-- name: Fail if required Postgres settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_postgres_connection_hostname"
-    - "matrix_postgres_connection_port"
-    - "matrix_postgres_connection_username"
-    - "matrix_postgres_connection_password"
-    - "matrix_postgres_db_name"
-
-- name: Fail if Postgres password length exceeded
-  ansible.builtin.fail:
-    msg: "The maximum `matrix_postgres_connection_password` length is 99 characters"
-  when: "matrix_postgres_connection_password | length > 99"
diff --git a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2
deleted file mode 100644
index 22058987..00000000
--- a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-PGUSER={{ matrix_postgres_connection_username }}
-PGPASSWORD={{ matrix_postgres_connection_password }}
-PGDATABASE={{ matrix_postgres_db_name }}
-# Prevent errors like this:
-# > could not save history to file "//.psql_history": Permission denied
-# .. due to Postgres not being able to write to the filesystem.
-PSQL_HISTORY=/dev/null
diff --git a/roles/custom/matrix-postgres/templates/env-postgres-server.j2 b/roles/custom/matrix-postgres/templates/env-postgres-server.j2
deleted file mode 100644
index 06feb82a..00000000
--- a/roles/custom/matrix-postgres/templates/env-postgres-server.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-POSTGRES_USER={{ matrix_postgres_connection_username }}
-POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
-POSTGRES_DB={{ matrix_postgres_db_name }}
-# Synapse refuses to run if collation is not C.
-# See https://github.com/matrix-org/synapse/issues/6722
-POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8
diff --git a/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 b/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2
deleted file mode 100644
index a5a3385b..00000000
--- a/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2
+++ /dev/null
@@ -1,19 +0,0 @@
--- `CREATE USER` does not support `IF NOT EXISTS`, so we use this workaround to prevent an error and raise a notice instead.
--- Seen here: https://stackoverflow.com/a/49858797
-DO $$
-BEGIN
-  CREATE USER "{{ additional_db.username }}";
-  EXCEPTION WHEN DUPLICATE_OBJECT THEN
-  RAISE NOTICE 'not creating user "{{ additional_db.username }}", since it already exists';
-END
-$$;
-
--- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
--- TODO - we should escape quotes in the password.
-ALTER ROLE "{{ additional_db.username }}" PASSWORD '{{ additional_db.password }}';
-
--- This will generate an error on subsequent execution
-CREATE DATABASE "{{ additional_db.name }}" WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER "{{ additional_db.username }}";
-
--- This is useful for changing the database owner subsequently
-ALTER DATABASE "{{ additional_db.name }}" OWNER TO "{{ additional_db.username }}";
diff --git a/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2
deleted file mode 100644
index e63267a3..00000000
--- a/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2
+++ /dev/null
@@ -1,46 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=Matrix Postgres server
-After=docker.service
-Requires=docker.service
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true'
-
-# We need /dev/shm to be larger than the default to allow VACUUM to work.
-# See:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
-			--tmpfs=/run/postgresql:rw,noexec,nosuid,size=100m \
-			--shm-size=256m \
-			--network={{ matrix_docker_network }} \
-			{% if matrix_postgres_container_postgres_bind_port %}
-			-p {{ matrix_postgres_container_postgres_bind_port }}:5432 \
-			{% endif %}
-			--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
-			--mount type=bind,src={{ matrix_postgres_data_path }},dst=/var/lib/postgresql/data \
-			--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
-			{% for arg in matrix_postgres_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_postgres_docker_image_to_use }} \
-			postgres {{ matrix_postgres_process_extra_arguments|join(' ') }}
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-postgres
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
deleted file mode 100644
index f378a10f..00000000
--- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
+++ /dev/null
@@ -1,19 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-#!/bin/bash
-
-if [ $# -ne 2 ]; then
-	echo "Usage: "$0" <username> <0/1>"
-	echo "Usage: 0 = non-admin"
-	echo "Usage: 1 = admin"
-	exit 1
-fi
-
-docker run \
-	-i \
-	--rm \
-	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-	--cap-drop=ALL \
-	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
-	--network {{ matrix_docker_network }} \
-	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2
deleted file mode 100644
index 012bb327..00000000
--- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-#!/bin/bash
-
-docker run \
-	--rm \
-	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-	--cap-drop=ALL \
-	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
-	--network {{ matrix_docker_network }} \
-	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} \
-	"$@"
diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2
deleted file mode 100644
index de09a4eb..00000000
--- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2
+++ /dev/null
@@ -1,13 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-#!/bin/bash
-
-docker run \
-	-it \
-	--rm \
-	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-	--cap-drop=ALL \
-	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
-	--network {{ matrix_docker_network }} \
-	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} \
-	"$@"
diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2
deleted file mode 100644
index 0fbf4f21..00000000
--- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-#!/bin/bash
-
-if [ $# -ne 2 ]; then
-	echo "Usage: "$0" <username> <password_hash>"
-	exit 1
-fi
-
-docker run \
-	--rm \
-	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-	--cap-drop=ALL \
-	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
-	--network {{ matrix_docker_network }} \
-	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"
diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml
index 04b2db3e..a2f5c283 100644
--- a/roles/custom/matrix-registration/tasks/setup_install.yml
+++ b/roles/custom/matrix-registration/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
         - ansible.builtin.set_fact:
-            matrix_postgres_db_migration_request:
+            devture_postgres_db_migration_request:
               src: "{{ matrix_registration_sqlite_database_path_local }}"
               dst: "{{ matrix_registration_database_connection_string }}"
               caller: "{{ role_path | basename }}"
@@ -27,7 +27,7 @@
               additional_psql_statements_db_name: "{{ matrix_registration_database_name }}"
 
         - ansible.builtin.import_role:
-            name: custom/matrix-postgres
+            name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
         - ansible.builtin.set_fact:
diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
index e5cf8e8e..dba05775 100644
--- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
+++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
@@ -31,15 +31,15 @@
   ansible.builtin.set_fact:
     matrix_synapse_rust_synapse_compress_state_psql_import_command: >-
       {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
+      --user={{ devture_postgres_uid }}:{{ devture_postgres_gid }}
       --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
+      --network={{ devture_postgres_container_network }}
+      --env-file={{ devture_postgres_base_path }}/env-postgres-psql
       --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work,ro
       --entrypoint=/bin/sh
-      {{ matrix_postgres_docker_image_latest }}
+      {{ devture_postgres_container_image_latest }}
       -c "cat /work/state-compressor.sql |
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres -d {{ matrix_synapse_database_database }}"
+      psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_identifier }} -d {{ matrix_synapse_database_database }}"
 
 - name: Import compression SQL into Postgres
   ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"
diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml
index 17124e25..45716ef0 100644
--- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml
+++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml
@@ -3,8 +3,8 @@
 
 - name: Fail if Postgres not enabled
   ansible.builtin.fail:
-    msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state."
-  when: "not matrix_postgres_enabled | bool"
+    msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot use rust-synapse-compress-state."
+  when: "not devture_postgres_enabled | bool"
 
 
 # Defaults
@@ -53,17 +53,11 @@
   delay: "{{ devture_playbook_help_container_retries_delay }}"
   until: result is not failed
 
-- name: Generate rust-synapse-compress-state room find command
+
+- name: Generate rust-synapse-compress-state room find SQL command
   ansible.builtin.set_fact:
     matrix_synapse_rust_synapse_compress_state_find_rooms_command: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      --network={{ matrix_docker_network }}
-      --env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-      {{ matrix_postgres_docker_image_latest }}
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c
-      'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;'
+      {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;"
 
 - name: Find rooms eligible for compression with rust-synapse-compress-state
   ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}"
diff --git a/roles/custom/matrix-synapse/tasks/update_user_password.yml b/roles/custom/matrix-synapse/tasks/update_user_password.yml
index 3ddc4b8d..799c15a8 100644
--- a/roles/custom/matrix-synapse/tasks/update_user_password.yml
+++ b/roles/custom/matrix-synapse/tasks/update_user_password.yml
@@ -10,37 +10,43 @@
     msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
   when: "password is not defined or password == '<your-password>'"
 
-- name: Fail if not using matrix-postgres container
+- name: Fail if not using integrated Postgres database
   ansible.builtin.fail:
-    msg: "This command is working only when matrix-postgres container is being used"
-  when: "not matrix_postgres_enabled | bool"
+    msg: "This command is working only when Postgres is installed via the the integrated com.devture.ansible.role.postgres role"
+  when: "not devture_postgres_enabled | bool"
 
-- name: Ensure matrix-synapse is started
+- name: Ensure Postgres is started
   ansible.builtin.service:
-    name: matrix-synapse
+    name: "{{ devture_postgres_identifier }}"
     state: started
     daemon_reload: true
-  register: start_result
+  register: postgres_start_result
 
-- name: Ensure matrix-postgres is started
+- name: Ensure Synapse is started
   ansible.builtin.service:
-    name: matrix-postgres
+    name: matrix-synapse
     state: started
     daemon_reload: true
-  register: postgres_start_result
-
+  register: synapse_start_result
 
-- name: Wait a while, so that Matrix Synapse can manage to start
+- name: Wait a while, so that Synapse and/or Postgres can manage to start
   ansible.builtin.pause:
     seconds: 7
-  when: "start_result.changed or postgres_start_result.changed"
+  when: "synapse_start_result.changed or postgres_start_result.changed"
 
-- name: Generate password hash
+- name: Generate user password hash
   ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}"
   register: password_hash
   changed_when: false
 
+- name: Generate user password-change SQL command
+  ansible.builtin.set_fact:
+    matrix_synapse_user_password_change_command: >-
+      {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "UPDATE users SET password_hash='{{ password_hash.stdout }}' WHERE name = '@{{ username }}:{{ matrix_domain }}'"
+
 - name: Update user password hash
-  ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}"
+  ansible.builtin.command:
+    cmd: "{{ matrix_synapse_user_password_change_command }}"
   register: matrix_synapse_update_user_password_result
   changed_when: matrix_synapse_update_user_password_result.rc == 0
+  failed_when: "matrix_synapse_update_user_password_result.rc != 0 or matrix_synapse_update_user_password_result.stdout != 'UPDATE 1'"
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 49e31ebb..00c88192 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -34,3 +34,15 @@
     - {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'}
     - {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'}
     - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'}
+
+- name: (Deprecation) Catch and report matrix_postgres variables
+  ansible.builtin.fail:
+    msg: |-
+      The matrix-postgres role in the playbook has been replaced with the com.devture.ansible.role.postgres role (https://github.com/devture/com.devture.ansible.role.postgres).
+      The new role is pretty much the same, but uses differently named variables.
+
+      Please change your configuration (vars.yml) to rename all matrix-postgres variables (`matrix_postgres_*` -> `devture_postgres_*`).
+      Note that `matrix_postgres_backup_*` variables (used by the `matrix-postgres-backup` role) need to remain as they are for now. Do not rename those!
+
+      The following variables in your configuration need to be renamed: {{ vars | dict2items | rejectattr('key', 'match', 'matrix_postgres_backup_') | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }}
+  when: "vars | dict2items | rejectattr('key', 'match', 'matrix_postgres_backup_') | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict"

From eedf5ad94d4e9d15c44b86cf6d4d75441f64810c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 08:23:43 +0200
Subject: [PATCH 086/198] Remove some hardcoded matrix-postgres references

---
 group_vars/matrix_servers                             | 11 +++++++++++
 roles/custom/matrix-bot-honoroit/defaults/main.yml    |  2 +-
 .../matrix-bot-honoroit/tasks/validate_config.yml     | 11 ++++++-----
 .../matrix-bot-matrix-reminder-bot/defaults/main.yml  |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 roles/custom/matrix-bot-maubot/defaults/main.yml      |  2 +-
 .../matrix-bot-maubot/tasks/validate_config.yml       | 11 ++++++-----
 .../tasks/validate_config.yml                         |  2 +-
 .../matrix-bridge-mx-puppet-discord/defaults/main.yml |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 .../matrix-bridge-mx-puppet-groupme/defaults/main.yml |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 .../defaults/main.yml                                 |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 .../matrix-bridge-mx-puppet-slack/defaults/main.yml   |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 .../matrix-bridge-mx-puppet-steam/defaults/main.yml   |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 .../matrix-bridge-mx-puppet-twitter/defaults/main.yml |  2 +-
 .../tasks/validate_config.yml                         | 11 ++++++-----
 roles/custom/matrix-dendrite/defaults/main.yml        |  2 +-
 .../custom/matrix-dendrite/tasks/validate_config.yml  |  3 ++-
 .../dendrite/systemd/matrix-dendrite.service.j2       |  4 ++--
 23 files changed, 80 insertions(+), 59 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 2e86eea5..30b6f1d7 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1188,6 +1188,7 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1228,6 +1229,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1267,6 +1269,7 @@ matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1305,6 +1308,7 @@ matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1343,6 +1347,7 @@ matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1381,6 +1386,7 @@ matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1411,6 +1417,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
@@ -1482,6 +1489,7 @@ matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_bot_maubot_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1513,6 +1521,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_bot_honoroit_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
 matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
@@ -2984,6 +2993,8 @@ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_p
 
 matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
 
+matrix_dendrite_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+
 matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
 
 # Even if TURN doesn't support TLS (it does by default),
diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml
index 3510f473..186ef3f4 100644
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -43,7 +43,7 @@ matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db"
 
 matrix_bot_honoroit_database_username: 'honoroit'
 matrix_bot_honoroit_database_password: 'some-password'
-matrix_bot_honoroit_database_hostname: 'matrix-postgres'
+matrix_bot_honoroit_database_hostname: ''
 matrix_bot_honoroit_database_port: 5432
 matrix_bot_honoroit_database_name: 'honoroit'
 
diff --git a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
index 0057e3c2..228db8ab 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required honoroit settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_bot_honoroit_password"
-    - "matrix_bot_honoroit_roomid"
+    - {'name': 'matrix_bot_honoroit_password', when: true}
+    - {'name': 'matrix_bot_honoroit_roomid', when: true}
+    - {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
index 610a43a3..03f11767 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
@@ -44,7 +44,7 @@ matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container: "/data/bot.db"
 
 matrix_bot_matrix_reminder_bot_database_username: 'matrix_reminder_bot'
 matrix_bot_matrix_reminder_bot_database_password: 'some-password'
-matrix_bot_matrix_reminder_bot_database_hostname: 'matrix-postgres'
+matrix_bot_matrix_reminder_bot_database_hostname: ''
 matrix_bot_matrix_reminder_bot_database_port: 5432
 matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot'
 
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
index 54f38dd5..f6e7afdf 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
@@ -1,15 +1,16 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required matrix-reminder-bot settings not defined
   ansible.builtin.fail:
     msg: >-
       You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_bot_matrix_reminder_bot_matrix_user_password"
-    - "matrix_bot_matrix_reminder_bot_reminders_timezone"
+    - {'name': 'matrix_bot_matrix_reminder_bot_matrix_user_password', when: true}
+    - {'name': 'matrix_bot_matrix_reminder_bot_reminders_timezone', when: true}
+    - {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"}
 
-- name: (Deprecation) Catch and report renamed settings
+- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml
index 0a73d92e..71353914 100644
--- a/roles/custom/matrix-bot-maubot/defaults/main.yml
+++ b/roles/custom/matrix-bot-maubot/defaults/main.yml
@@ -27,7 +27,7 @@ matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db"
 
 matrix_bot_maubot_database_username: matrix_bot_maubot
 matrix_bot_maubot_database_password: ~
-matrix_bot_maubot_database_hostname: 'matrix-postgres'
+matrix_bot_maubot_database_hostname: ''
 matrix_bot_maubot_database_port: 5432
 matrix_bot_maubot_database_name: matrix_bot_maubot
 
diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
index 5b28d9c0..d8bac550 100644
--- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required maubot settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - matrix_bot_maubot_unshared_secret
-    - matrix_bot_maubot_admins
+    - {'name': 'matrix_bot_maubot_unshared_secret', when: true}
+    - {'name': 'matrix_bot_maubot_admins', when: true}
+    - {'name': 'matrix_bot_maubot_database_hostname', when: "{{ matrix_bot_maubot_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
index 326dca83..a97d292f 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-twitter settings not defined
   ansible.builtin.fail:
     msg: >-
       You need to define a required configuration setting (`{{ item }}`).
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml
index 771af992..be691157 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml
@@ -66,7 +66,7 @@ matrix_mx_puppet_discord_sqlite_database_path_in_container: "/data/database.db"
 
 matrix_mx_puppet_discord_database_username: matrix_mx_puppet_discord
 matrix_mx_puppet_discord_database_password: ~
-matrix_mx_puppet_discord_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_discord_database_hostname: ''
 matrix_mx_puppet_discord_database_port: 5432
 matrix_mx_puppet_discord_database_name: matrix_mx_puppet_discord
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml
index e73a868a..4526198a 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-discord settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_discord_appservice_token"
-    - "matrix_mx_puppet_discord_homeserver_token"
+    - {'name': 'matrix_mx_puppet_discord_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_discord_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_discord_database_hostname', when: "{{ matrix_mx_puppet_discord_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml
index 59b8c193..ca9d7668 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml
@@ -62,7 +62,7 @@ matrix_mx_puppet_groupme_sqlite_database_path_in_container: "/data/database.db"
 
 matrix_mx_puppet_groupme_database_username: matrix_mx_puppet_groupme
 matrix_mx_puppet_groupme_database_password: ~
-matrix_mx_puppet_groupme_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_groupme_database_hostname: ''
 matrix_mx_puppet_groupme_database_port: 5432
 matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml
index d091de6d..60d8fffd 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-groupme settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_groupme_appservice_token"
-    - "matrix_mx_puppet_groupme_homeserver_token"
+    - {'name': 'matrix_mx_puppet_groupme_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_groupme_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_groupme_database_hostname', when: "{{ matrix_mx_puppet_groupme_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml
index aae6eb5a..0f6dd443 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml
@@ -56,7 +56,7 @@ matrix_mx_puppet_instagram_sqlite_database_path_in_container: "/data/database.db
 
 matrix_mx_puppet_instagram_database_username: matrix_mx_puppet_instagram
 matrix_mx_puppet_instagram_database_password: ~
-matrix_mx_puppet_instagram_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_instagram_database_hostname: ''
 matrix_mx_puppet_instagram_database_port: 5432
 matrix_mx_puppet_instagram_database_name: matrix_mx_puppet_instagram
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml
index 383fe502..77be870f 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-instagram settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_instagram_appservice_token"
-    - "matrix_mx_puppet_instagram_homeserver_token"
+    - {'name': 'matrix_mx_puppet_instagram_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_instagram_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_instagram_database_hostname', when: "{{ matrix_mx_puppet_instagram_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml
index eae0b933..b428c40b 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml
@@ -70,7 +70,7 @@ matrix_mx_puppet_slack_sqlite_database_path_in_container: "/data/database.db"
 
 matrix_mx_puppet_slack_database_username: matrix_mx_puppet_slack
 matrix_mx_puppet_slack_database_password: ~
-matrix_mx_puppet_slack_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_slack_database_hostname: ''
 matrix_mx_puppet_slack_database_port: 5432
 matrix_mx_puppet_slack_database_name: matrix_mx_puppet_slack
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml
index ea917f97..f3c9d1eb 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-slack settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_slack_appservice_token"
-    - "matrix_mx_puppet_slack_homeserver_token"
+    - {'name': 'matrix_mx_puppet_slack_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_slack_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_slack_database_hostname', when: "{{ matrix_mx_puppet_slack_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml
index 89541162..9efedb13 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml
@@ -62,7 +62,7 @@ matrix_mx_puppet_steam_sqlite_database_path_in_container: "/data/database.db"
 
 matrix_mx_puppet_steam_database_username: matrix_mx_puppet_steam
 matrix_mx_puppet_steam_database_password: ~
-matrix_mx_puppet_steam_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_steam_database_hostname: ''
 matrix_mx_puppet_steam_database_port: 5432
 matrix_mx_puppet_steam_database_name: matrix_mx_puppet_steam
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml
index 2e54d6ff..b25345dc 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-steam settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_steam_appservice_token"
-    - "matrix_mx_puppet_steam_homeserver_token"
+    - {'name': 'matrix_mx_puppet_steam_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_steam_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_steam_database_hostname', when: "{{ matrix_mx_puppet_steam_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml
index 73674220..8e5e82f0 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml
@@ -71,7 +71,7 @@ matrix_mx_puppet_twitter_sqlite_database_path_in_container: "/data/database.db"
 
 matrix_mx_puppet_twitter_database_username: mx_puppet_twitter
 matrix_mx_puppet_twitter_database_password: ~
-matrix_mx_puppet_twitter_database_hostname: 'matrix-postgres'
+matrix_mx_puppet_twitter_database_hostname: ''
 matrix_mx_puppet_twitter_database_port: 5432
 matrix_mx_puppet_twitter_database_name: matrix_mx_puppet_twitter
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml
index b5b7ef5b..373c1ccb 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mx-puppet-twitter settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mx_puppet_twitter_appservice_token"
-    - "matrix_mx_puppet_twitter_homeserver_token"
+    - {'name': 'matrix_mx_puppet_twitter_appservice_token', when: true}
+    - {'name': 'matrix_mx_puppet_twitter_homeserver_token', when: true}
+    - {'name': 'matrix_mx_puppet_twitter_database_hostname', when: "{{ matrix_mx_puppet_twitter_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index ba84d430..dac77bc1 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -138,7 +138,7 @@ matrix_dendrite_metrics_password: "metrics"
 
 # Postgres database information
 matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
-matrix_dendrite_database_hostname: "matrix-postgres"
+matrix_dendrite_database_hostname: ''
 matrix_dendrite_database_user: "dendrite"
 matrix_dendrite_database_password: "itsasecret"
 matrix_dendrite_federationapi_database: "dendrite_federationapi"
diff --git a/roles/custom/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml
index 7ca31b0d..9b1466e1 100644
--- a/roles/custom/matrix-dendrite/tasks/validate_config.yml
+++ b/roles/custom/matrix-dendrite/tasks/validate_config.yml
@@ -5,7 +5,8 @@
       You need to define a required configuration setting (`{{ item }}`) for using Dendrite.
   when: "vars[item] == ''"
   with_items:
-    - "matrix_dendrite_client_api_registration_shared_secret"
+    - matrix_dendrite_client_api_registration_shared_secret
+    - matrix_dendrite_database_hostname
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
index b83f00bc..4649c3a3 100644
--- a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
@@ -16,8 +16,8 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'
 
-{% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %}
-# Dendrite is too quick to start in relation to its matrix-postgres dependency.
+{% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %}
+# Dendrite is too quick to start in relation to its Postgres dependency.
 # Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up").
 ExecStartPre={{ matrix_host_command_sleep }} 5
 {% endif %}

From 3d5d843418c2d4b5d481a82c2c9cf1163aaaaead Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 08:31:54 +0200
Subject: [PATCH 087/198] Replace some devture_postgres_identifier instances
 with devture_postgres_connection_hostname

---
 group_vars/matrix_servers                     | 91 ++++++++++---------
 .../matrix-postgres-backup/defaults/main.yml  |  2 +-
 roles/custom/matrix-synapse/defaults/main.yml |  2 +-
 .../compress_room.yml                         |  2 +-
 4 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 30b6f1d7..7bc13c75 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -963,7 +963,7 @@ matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen
 
 matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}"
 
 ######################################################################
@@ -1188,7 +1188,7 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1229,7 +1229,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1269,7 +1269,7 @@ matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1308,7 +1308,7 @@ matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1347,7 +1347,7 @@ matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1386,7 +1386,7 @@ matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1417,7 +1417,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
@@ -1489,7 +1489,7 @@ matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_pr
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_bot_maubot_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_bot_maubot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1521,7 +1521,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_bot_honoroit_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
 matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
@@ -1849,7 +1849,7 @@ matrix_etherpad_systemd_required_services_list: |
     ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
 
-matrix_etherpad_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 
 matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
 
@@ -2262,7 +2262,7 @@ devture_postgres_additional_databases: |
       'name': matrix_synapse_database_database,
       'username': matrix_synapse_database_user,
       'password': matrix_synapse_database_password,
-    }] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_identifier) else [])
+    }] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_dendrite_federationapi_database,
@@ -2296,193 +2296,193 @@ devture_postgres_additional_databases: |
       'name': matrix_dendrite_mscs_database,
       'username': matrix_dendrite_database_user,
       'password': matrix_dendrite_database_password,
-    }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_ma1sd_database_name,
       'username': matrix_ma1sd_database_username,
       'password': matrix_ma1sd_database_password,
-    }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_bot_matrix_reminder_bot_database_name,
       'username': matrix_bot_matrix_reminder_bot_database_username,
       'password': matrix_bot_matrix_reminder_bot_database_password,
-    }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_bot_honoroit_database_name,
       'username': matrix_bot_honoroit_database_username,
       'password': matrix_bot_honoroit_database_password,
-    }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_bot_postmoogle_database_name,
       'username': matrix_bot_postmoogle_database_username,
       'password': matrix_bot_postmoogle_database_password,
-    }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_bot_maubot_database_name,
       'username': matrix_bot_maubot_database_username,
       'password': matrix_bot_maubot_database_password,
-    }] if (matrix_bot_maubot_enabled  and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_bot_maubot_enabled  and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_bot_buscarron_database_name,
       'username': matrix_bot_buscarron_database_username,
       'password': matrix_bot_buscarron_database_password,
-    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_registration_database_name,
       'username': matrix_registration_database_username,
       'password': matrix_registration_database_password,
-    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_appservice_discord_database_name,
       'username': matrix_appservice_discord_database_username,
       'password': matrix_appservice_discord_database_password,
-    }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_appservice_slack_database_name,
       'username': matrix_appservice_slack_database_username,
       'password': matrix_appservice_slack_database_password,
-    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_appservice_irc_database_name,
       'username': matrix_appservice_irc_database_username,
       'password': matrix_appservice_irc_database_password,
-    }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_appservice_kakaotalk_database_name,
       'username': matrix_appservice_kakaotalk_database_username,
       'password': matrix_appservice_kakaotalk_database_password,
-    }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_beeper_linkedin_database_name,
       'username': matrix_beeper_linkedin_database_username,
       'password': matrix_beeper_linkedin_database_password,
-    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_go_skype_bridge_database_name,
       'username': matrix_go_skype_bridge_database_username,
       'password': matrix_go_skype_bridge_database_password,
-    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_facebook_database_name,
       'username': matrix_mautrix_facebook_database_username,
       'password': matrix_mautrix_facebook_database_password,
-    }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_hangouts_database_name,
       'username': matrix_mautrix_hangouts_database_username,
       'password': matrix_mautrix_hangouts_database_password,
-    }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_googlechat_database_name,
       'username': matrix_mautrix_googlechat_database_username,
       'password': matrix_mautrix_googlechat_database_password,
-    }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_instagram_database_name,
       'username': matrix_mautrix_instagram_database_username,
       'password': matrix_mautrix_instagram_database_password,
-    }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_signal_database_name,
       'username': matrix_mautrix_signal_database_username,
       'password': matrix_mautrix_signal_database_password,
-    }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_telegram_database_name,
       'username': matrix_mautrix_telegram_database_username,
       'password': matrix_mautrix_telegram_database_password,
-    }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_twitter_database_name,
       'username': matrix_mautrix_twitter_database_username,
       'password': matrix_mautrix_twitter_database_password,
-    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_whatsapp_database_name,
       'username': matrix_mautrix_whatsapp_database_username,
       'password': matrix_mautrix_whatsapp_database_password,
-    }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mautrix_discord_database_name,
       'username': matrix_mautrix_discord_database_username,
       'password': matrix_mautrix_discord_database_password,
-    }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_slack_database_name,
       'username': matrix_mx_puppet_slack_database_username,
       'password': matrix_mx_puppet_slack_database_password,
-    }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_twitter_database_name,
       'username': matrix_mx_puppet_twitter_database_username,
       'password': matrix_mx_puppet_twitter_database_password,
-    }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_instagram_database_name,
       'username': matrix_mx_puppet_instagram_database_username,
       'password': matrix_mx_puppet_instagram_database_password,
-    }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_discord_database_name,
       'username': matrix_mx_puppet_discord_database_username,
       'password': matrix_mx_puppet_discord_database_password,
-    }] if (matrix_mx_puppet_discord_enabled  and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_discord_enabled  and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_steam_database_name,
       'username': matrix_mx_puppet_steam_database_username,
       'password': matrix_mx_puppet_steam_database_password,
-    }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_mx_puppet_groupme_database_name,
       'username': matrix_mx_puppet_groupme_database_username,
       'password': matrix_mx_puppet_groupme_database_password,
-    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_dimension_database_name,
       'username': matrix_dimension_database_username,
       'password': matrix_dimension_database_password,
-    }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_etherpad_database_name,
       'username': matrix_etherpad_database_username,
       'password': matrix_etherpad_database_password,
-    }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_connection_hostname) else [])
     +
     ([{
       'name': matrix_prometheus_postgres_exporter_database_name,
       'username': matrix_prometheus_postgres_exporter_database_username,
       'password': matrix_prometheus_postgres_exporter_database_password,
-    }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == devture_postgres_identifier) else [])
+    }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else [])
 
    }}
 
@@ -2662,6 +2662,7 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat
 # For exposing the Synapse worker (and metrics) ports to the local host.
 matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
 
+matrix_synapse_database_host: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
 
 matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
@@ -2993,7 +2994,7 @@ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_p
 
 matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
 
-matrix_dendrite_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 
 matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
 
diff --git a/roles/custom/matrix-postgres-backup/defaults/main.yml b/roles/custom/matrix-postgres-backup/defaults/main.yml
index abdfa74c..8e45a8e2 100644
--- a/roles/custom/matrix-postgres-backup/defaults/main.yml
+++ b/roles/custom/matrix-postgres-backup/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_postgres_backup_enabled: false
 
-matrix_postgres_backup_connection_hostname: "matrix-postgres"
+matrix_postgres_backup_connection_hostname: ''
 matrix_postgres_backup_connection_port: 5432
 matrix_postgres_backup_connection_username: "matrix"
 matrix_postgres_backup_connection_password: ""
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index f52f414b..9a93a437 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -681,7 +681,7 @@ matrix_synapse_sentry_dsn: ""
 
 # Postgres database information
 matrix_synapse_database_txn_limit: 0
-matrix_synapse_database_host: "matrix-postgres"
+matrix_synapse_database_host: ''
 matrix_synapse_database_port: 5432
 matrix_synapse_database_user: "synapse"
 matrix_synapse_database_password: ""
diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
index dba05775..4eafad1f 100644
--- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
+++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
@@ -39,7 +39,7 @@
       --entrypoint=/bin/sh
       {{ devture_postgres_container_image_latest }}
       -c "cat /work/state-compressor.sql |
-      psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_identifier }} -d {{ matrix_synapse_database_database }}"
+      psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_connection_hostname }} -d {{ matrix_synapse_database_database }}"
 
 - name: Import compression SQL into Postgres
   ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"

From 7b43ef34b776be1704e19c010292db6470de0940 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:16:18 +0200
Subject: [PATCH 088/198] Remove more hardcoded matrix-postgres references

---
 docs/importing-postgres.md                    |   4 +-
 docs/maintenance-postgres.md                  |   2 +-
 docs/updating-users-passwords.md              |   2 +-
 group_vars/matrix_servers                     | 159 ++++++++++--------
 .../matrix-backup-borg/defaults/main.yml      |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../matrix-bot-buscarron/defaults/main.yml    |   2 +-
 .../tasks/validate_config.yml                 |   9 +-
 .../matrix-bot-postmoogle/defaults/main.yml   |   2 +-
 .../tasks/validate_config.yml                 |   9 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  17 +-
 .../defaults/main.yml                         |   4 +-
 .../tasks/validate_config.yml                 |   9 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   4 +-
 .../tasks/validate_config.yml                 |  17 +-
 .../defaults/main.yml                         |   4 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  13 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  16 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  16 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  15 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  17 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/validate_config.yml                 |  12 +-
 .../custom/matrix-dimension/defaults/main.yml |   2 +-
 .../tasks/validate_config.yml                 |  10 +-
 .../custom/matrix-etherpad/defaults/main.yml  |   2 +-
 .../matrix-etherpad/tasks/validate_config.yml |  10 +-
 roles/custom/matrix-ma1sd/defaults/main.yml   |   2 +-
 .../matrix-ma1sd/tasks/validate_config.yml    |   9 +-
 .../tasks/validate_config.yml                 |   2 +-
 .../defaults/main.yml                         |   2 +-
 .../tasks/main.yml                            |   3 +
 .../tasks/validate_config.yml                 |   9 +
 .../matrix-registration/defaults/main.yml     |   2 +-
 .../tasks/validate_config.yml                 |  11 +-
 52 files changed, 275 insertions(+), 225 deletions(-)
 create mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml

diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md
index fe3817f5..a44afdcf 100644
--- a/docs/importing-postgres.md
+++ b/docs/importing-postgres.md
@@ -97,9 +97,9 @@ Once the database is clear and the ownership of the tables has been fixed in the
 Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
 
 ```
-/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
+/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:15.0-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
 ```
 
 ### Hints
 
-To open psql terminal run `/usr/local/bin/matrix-postgres-cli`
+To open psql terminal run `/matrix/postgres/bin/cli`
diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index 1b848703..cf7f5eeb 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -16,7 +16,7 @@ Table of contents:
 
 ## Getting a database terminal
 
-You can use the `/usr/local/bin/matrix-postgres-cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server.
+You can use the `/matrix/postgres/bin/cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server.
 
 If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available.
 
diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md
index 2ea20d2f..30aa8c99 100644
--- a/docs/updating-users-passwords.md
+++ b/docs/updating-users-passwords.md
@@ -1,6 +1,6 @@
 # Updating users passwords
 
-## Option 1 (if you are using the default matrix-postgres container):
+## Option 1 (if you are using the integrated Postgres database):
 
 You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
 
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 7bc13c75..a2c24514 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -429,6 +429,7 @@ matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_
 # We only make this use Postgres if our own Postgres server is enabled.
 # It's only then (for now) that we can automatically create the necessary database and user for this service.
 matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_appservice_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -511,6 +512,7 @@ matrix_appservice_slack_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
+matrix_appservice_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -553,6 +555,7 @@ matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_gene
 matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
 
 matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
+matrix_appservice_irc_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
 
 
@@ -591,6 +594,7 @@ matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserve
 matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_appservice_kakaotalk_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -630,6 +634,7 @@ matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
 
+matrix_beeper_linkedin_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -668,6 +673,7 @@ matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_go_skype_bridge_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -676,6 +682,51 @@ matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_ge
 #
 ######################################################################
 
+
+######################################################################
+#
+# matrix-bridge-mautrix-discord
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_discord_enabled: false
+
+matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_mautrix_discord_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
+
+# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
+# This will be fixed in the upcoming `0.5.0` release of conduit.
+matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-discord
+#
+######################################################################
+
+
 ######################################################################
 #
 # matrix-bridge-mautrix-facebook
@@ -713,6 +764,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_facebook_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -724,16 +776,16 @@ matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_g
 
 ######################################################################
 #
-# matrix-bridge-mautrix-hangouts
+# matrix-bridge-mautrix-googlechat
 #
 ######################################################################
 
 # We don't enable bridges by default.
-matrix_mautrix_hangouts_enabled: false
+matrix_mautrix_googlechat_enabled: false
 
-matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
-matrix_mautrix_hangouts_systemd_required_services_list: |
+matrix_mautrix_googlechat_systemd_required_services_list: |
   {{
     ['docker.service']
     +
@@ -744,37 +796,38 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
+matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
 
-matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using internal Postgres server
-matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
+matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_googlechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
-# /matrix-bridge-mautrix-hangouts
+# /matrix-bridge-mautrix-googlechat
 #
 ######################################################################
 
 
 ######################################################################
 #
-# matrix-bridge-mautrix-googlechat
+# matrix-bridge-mautrix-hangouts
 #
 ######################################################################
 
 # We don't enable bridges by default.
-matrix_mautrix_googlechat_enabled: false
+matrix_mautrix_hangouts_enabled: false
 
-matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
-matrix_mautrix_googlechat_systemd_required_services_list: |
+matrix_mautrix_hangouts_systemd_required_services_list: |
   {{
     ['docker.service']
     +
@@ -785,21 +838,22 @@ matrix_mautrix_googlechat_systemd_required_services_list: |
     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
   }}
 
-matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
+matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
 
-matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # Postgres is the default, except if not using internal Postgres server
-matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
+matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_hangouts_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
 #
-# /matrix-bridge-mautrix-googlechat
+# /matrix-bridge-mautrix-hangouts
 #
 ######################################################################
 
@@ -837,6 +891,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -879,6 +934,7 @@ matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_gene
 matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 matrix_mautrix_signal_database_engine: 'postgres'
+matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
 
 matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -927,6 +983,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_telegram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1002,6 +1059,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1010,48 +1068,6 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-bridge-mautrix-discord
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_mautrix_discord_enabled: false
-
-matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
-
-matrix_mautrix_discord_systemd_required_services_list: |
-  {{
-    ['docker.service']
-    +
-    ['matrix-' + matrix_homeserver_implementation + '.service']
-    +
-    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
-    +
-    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
-  }}
-
-matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
-
-matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
-
-matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-
-# Postgres is the default, except if not using internal Postgres server
-matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
-
-# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
-# This will be fixed in the upcoming `0.5.0` release of conduit.
-matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"
-
-######################################################################
-#
-# /matrix-bridge-mautrix-discord
-#
-######################################################################
-
 ######################################################################
 #
 # matrix-sms-bridge
@@ -1540,6 +1556,8 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [
 # We don't enable bots by default.
 matrix_bot_buscarron_enabled: false
 
+matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
 matrix_bot_buscarron_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -1553,8 +1571,8 @@ matrix_bot_buscarron_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
-matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
 
 ######################################################################
 #
@@ -1570,6 +1588,9 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
 
 # We don't enable bots by default.
 matrix_bot_postmoogle_enabled: false
+
+matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
 matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
 matrix_bot_postmoogle_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/fullchain.pem {% endfor %}"
 matrix_bot_postmoogle_tls_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/privkey.pem {% endfor %}"
@@ -1585,10 +1606,9 @@ matrix_bot_postmoogle_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_bot_postmoogle_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
 
-matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
-
 ######################################################################
 #
 # /matrix-bot-postmoogle
@@ -1822,6 +1842,7 @@ matrix_dimension_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_dimension_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -1850,7 +1871,6 @@ matrix_etherpad_systemd_required_services_list: |
   }}
 
 matrix_etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
-
 matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -2028,6 +2048,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_ma1sd_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
@@ -2845,6 +2866,7 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url |
 ######################################################################
 
 matrix_prometheus_postgres_exporter_enabled: false
+matrix_prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
 
 matrix_prometheus_postgres_exporter_systemd_required_services_list: |
@@ -2943,6 +2965,7 @@ matrix_registration_systemd_required_services_list: |
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_registration_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
 
 ######################################################################
diff --git a/roles/custom/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml
index de086ebd..fbeb1167 100644
--- a/roles/custom/matrix-backup-borg/defaults/main.yml
+++ b/roles/custom/matrix-backup-borg/defaults/main.yml
@@ -39,7 +39,7 @@ matrix_backup_borg_location_source_directories: []
 matrix_backup_borg_postgresql_enabled: true
 matrix_backup_borg_supported_postgres_versions: ['12', '13', '14']
 matrix_backup_borg_postgresql_databases: []
-matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres"
+matrix_backup_borg_postgresql_databases_hostname: ''
 matrix_backup_borg_postgresql_databases_username: "matrix"
 matrix_backup_borg_postgresql_databases_password: ""
 matrix_backup_borg_postgresql_databases_port: 5432
diff --git a/roles/custom/matrix-backup-borg/tasks/validate_config.yml b/roles/custom/matrix-backup-borg/tasks/validate_config.yml
index 66e487dd..bb6cd415 100644
--- a/roles/custom/matrix-backup-borg/tasks/validate_config.yml
+++ b/roles/custom/matrix-backup-borg/tasks/validate_config.yml
@@ -1,12 +1,13 @@
 ---
-- name: Fail if required settings not defined
+- name: Fail if required backup-borg settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_backup_borg_ssh_key_private"
-    - "matrix_backup_borg_location_repositories"
+    - {'name': 'matrix_backup_borg_ssh_key_private', when: true}
+    - {'name': 'matrix_backup_borg_location_repositories', when: true}
+    - {'name': 'matrix_backup_borg_postgresql_databases_hostname', when: "{{ matrix_backup_borg_postgresql_enabled }}"}
 
 - name: Fail if encryption passphrase is undefined unless repository is unencrypted
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml
index 21d9a4a3..290248e0 100644
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
@@ -43,7 +43,7 @@ matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db"
 
 matrix_bot_buscarron_database_username: 'buscarron'
 matrix_bot_buscarron_database_password: 'some-password'
-matrix_bot_buscarron_database_hostname: 'matrix-postgres'
+matrix_bot_buscarron_database_hostname: ''
 matrix_bot_buscarron_database_port: 5432
 matrix_bot_buscarron_database_name: 'buscarron'
 
diff --git a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
index 04238012..3547fc03 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
@@ -1,9 +1,10 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required Buscarron settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_bot_buscarron_password"
+    - {'name': 'matrix_bot_buscarron_password', when: true}
+    - {'name': 'matrix_bot_buscarron_database_hostname', when: "{{ matrix_bot_buscarron_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
index 88a712d5..24bf7cf2 100644
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@@ -42,7 +42,7 @@ matrix_bot_postmoogle_sqlite_database_path_in_container: "/data/bot.db"
 
 matrix_bot_postmoogle_database_username: 'postmoogle'
 matrix_bot_postmoogle_database_password: 'some-password'
-matrix_bot_postmoogle_database_hostname: 'matrix-postgres'
+matrix_bot_postmoogle_database_hostname: ''
 matrix_bot_postmoogle_database_port: 5432
 matrix_bot_postmoogle_database_name: 'postmoogle'
 
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml
index b5d9d1ed..1e31bd4f 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml
@@ -1,9 +1,10 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required Postmoogle settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_bot_postmoogle_password"
+    - {'name': 'matrix_bot_postmoogle_password', when: true}
+    - {'name': 'matrix_bot_postmoogle_database_hostname', when: "{{ matrix_bot_postmoogle_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
index 9e061d67..ec194855 100644
--- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
@@ -60,7 +60,7 @@ matrix_appservice_discord_sqlite_database_path_in_container: "/data/discord.db"
 
 matrix_appservice_discord_database_username: 'matrix_appservice_discord'
 matrix_appservice_discord_database_password: 'some-password'
-matrix_appservice_discord_database_hostname: 'matrix-postgres'
+matrix_appservice_discord_database_hostname: ''
 matrix_appservice_discord_database_port: 5432
 matrix_appservice_discord_database_name: 'matrix_appservice_discord'
 
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
index e005f162..fab6a5b6 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
@@ -1,16 +1,17 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required appservice-discord settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_appservice_discord_client_id"
-    - "matrix_appservice_discord_bot_token"
-    - "matrix_appservice_discord_appservice_token"
-    - "matrix_appservice_discord_homeserver_token"
-    - "matrix_appservice_discord_homeserver_domain"
+    - {'name': 'matrix_appservice_discord_client_id', when: true}
+    - {'name': 'matrix_appservice_discord_bot_token', when: true}
+    - {'name': 'matrix_appservice_discord_appservice_token', when: true}
+    - {'name': 'matrix_appservice_discord_homeserver_token', when: true}
+    - {'name': 'matrix_appservice_discord_homeserver_domain', when: true}
+    - {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed appservice-discord variables
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
index d54a7685..5e8c1191 100644
--- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
@@ -29,8 +29,8 @@ matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
 
 matrix_appservice_irc_database_engine: nedb
 matrix_appservice_irc_database_username: matrix_appservice_irc
-matrix_appservice_irc_database_password: ~
-matrix_appservice_irc_database_hostname: 'matrix-postgres'
+matrix_appservice_irc_database_password: 'some-password'
+matrix_appservice_irc_database_hostname: ''
 matrix_appservice_irc_database_port: 5432
 matrix_appservice_irc_database_name: matrix_appservice_irc
 
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
index f0d887c8..0c4c6c29 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
@@ -3,11 +3,12 @@
 - name: Fail if required settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_appservice_irc_appservice_token"
-    - "matrix_appservice_irc_homeserver_token"
+    - {'name': 'matrix_appservice_irc_appservice_token', when: true}
+    - {'name': 'matrix_appservice_irc_homeserver_token', when: true}
+    - {'name': 'matrix_appservice_irc_database_hostname', when: "{{ matrix_appservice_irc_database_engine == 'postgres' }}"}
 
 # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
 # let the playbook run without errors.
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
index f27f75c5..68169507 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
@@ -90,7 +90,7 @@ matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice
 
 matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk'
 matrix_appservice_kakaotalk_database_password: 'some-password'
-matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres'
+matrix_appservice_kakaotalk_database_hostname: ''
 matrix_appservice_kakaotalk_database_port: 5432
 matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'
 
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
index 4f838e7a..63b17339 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required appservice-kakaotalk settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_appservice_kakaotalk_appservice_token"
-    - "matrix_appservice_kakaotalk_homeserver_token"
+    - {'name': 'matrix_appservice_kakaotalk_appservice_token', when: true}
+    - {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true}
+    - {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
index b5fbc13f..8884edd6 100644
--- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
@@ -57,8 +57,8 @@ matrix_appservice_slack_id_token: ''
 
 matrix_appservice_slack_database_engine: nedb
 matrix_appservice_slack_database_username: matrix_appservice_slack
-matrix_appservice_slack_database_password: ~
-matrix_appservice_slack_database_hostname: 'matrix-postgres'
+matrix_appservice_slack_database_password: 'some-passsword'
+matrix_appservice_slack_database_hostname: ''
 matrix_appservice_slack_database_port: 5432
 matrix_appservice_slack_database_name: matrix_appservice_slack
 
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
index e00eb6d4..ef97635e 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
@@ -1,16 +1,17 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required appservice-slack settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_appservice_slack_control_room_id"
-    - "matrix_appservice_slack_appservice_token"
-    - "matrix_appservice_slack_homeserver_url"
-    - "matrix_appservice_slack_homeserver_token"
-    - "matrix_appservice_slack_id_token"
+    - {'name': 'matrix_appservice_slack_control_room_id', when: true}
+    - {'name': 'matrix_appservice_slack_appservice_token', when: true}
+    - {'name': 'matrix_appservice_slack_homeserver_url', when: true}
+    - {'name': 'matrix_appservice_slack_homeserver_token', when: true}
+    - {'name': 'matrix_appservice_slack_id_token', when: true}
+    - {'name': 'matrix_appservice_slack_database_hostname', when: "{{ matrix_appservice_slack_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
index 4f3d554b..92d9b2e1 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -55,8 +55,8 @@ matrix_beeper_linkedin_appservice_bot_username: linkedinbot
 matrix_beeper_linkedin_database_engine: "postgres"
 
 matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin'
-matrix_beeper_linkedin_database_password: ""
-matrix_beeper_linkedin_database_hostname: 'matrix-postgres'
+matrix_beeper_linkedin_database_password: 'some-password'
+matrix_beeper_linkedin_database_hostname: ''
 matrix_beeper_linkedin_database_port: 5432
 matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin'
 
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
index 61489b7c..59d56ca8 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required beeper-linkedin settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_beeper_linkedin_appservice_token"
-    - "matrix_beeper_linkedin_homeserver_token"
+    - {'name': 'matrix_beeper_linkedin_appservice_token', when: true}
+    - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
+    - {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml
index a6f7aa9d..e3cdea4b 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml
@@ -56,7 +56,7 @@ matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge
 
 matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge'
 matrix_go_skype_bridge_database_password: 'some-password'
-matrix_go_skype_bridge_database_hostname: 'matrix-postgres'
+matrix_go_skype_bridge_database_hostname: ''
 matrix_go_skype_bridge_database_port: 5432
 matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge'
 
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml
index d681299f..c9b3c2ff 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required go-skype-bridge settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_go_skype_bridge_appservice_token"
-    - "matrix_go_skype_bridge_homeserver_token"
+    - {'name': 'matrix_go_skype_bridge_appservice_token', when: true}
+    - {'name': 'matrix_go_skype_bridge_homeserver_token', when: true}
+    - {'name': 'matrix_go_skype_bridge_database_hostname', when: "{{ matrix_go_skype_bridge_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
index 7163954a..bb8846f5 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -67,7 +67,7 @@ matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord
 
 matrix_mautrix_discord_database_username: 'matrix_mautrix_discord'
 matrix_mautrix_discord_database_password: 'some-password'
-matrix_mautrix_discord_database_hostname: 'matrix-postgres'
+matrix_mautrix_discord_database_hostname: ''
 matrix_mautrix_discord_database_port: 5432
 matrix_mautrix_discord_database_name: 'matrix_mautrix_discord'
 
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml
index 4ba7e127..8f4fe29e 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml
@@ -1,10 +1,11 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-discord settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_discord_appservice_token"
-    - "matrix_mautrix_discord_homeserver_token"
+    - {'name': 'matrix_mautrix_discord_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_discord_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_discord_database_hostname', when: "{{ matrix_mautrix_discord_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
index e19fa9de..98972014 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -74,7 +74,7 @@ matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebo
 
 matrix_mautrix_facebook_database_username: 'matrix_mautrix_facebook'
 matrix_mautrix_facebook_database_password: 'some-password'
-matrix_mautrix_facebook_database_hostname: 'matrix-postgres'
+matrix_mautrix_facebook_database_hostname: ''
 matrix_mautrix_facebook_database_port: 5432
 matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook'
 
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml
index 04e45c31..d61981a6 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml
@@ -1,14 +1,15 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-facebook settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_facebook_public_endpoint"
-    - "matrix_mautrix_facebook_appservice_token"
-    - "matrix_mautrix_facebook_homeserver_token"
+    - {'name': 'matrix_mautrix_facebook_public_endpoint', when: true}
+    - {'name': 'matrix_mautrix_facebook_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_facebook_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_facebook_database_hostname', when: "{{ matrix_mautrix_facebook_database_engine == 'postgres' }}"}
 
 - when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
   block:
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
index 9c2d97b2..f432cc63 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -68,7 +68,7 @@ matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-goog
 
 matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat'
 matrix_mautrix_googlechat_database_password: 'some-password'
-matrix_mautrix_googlechat_database_hostname: 'matrix-postgres'
+matrix_mautrix_googlechat_database_hostname: ''
 matrix_mautrix_googlechat_database_port: 5432
 matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'
 
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml
index fc36472e..06cb8de7 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml
@@ -1,14 +1,12 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-googlechat settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_googlechat_public_endpoint"
-    - "matrix_mautrix_googlechat_appservice_token"
-    - "matrix_mautrix_googlechat_homeserver_token"
-- ansible.builtin.debug:
-    msg:
-      - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}'
+    - {'name': 'matrix_mautrix_googlechat_public_endpoint', when: true}
+    - {'name': 'matrix_mautrix_googlechat_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_googlechat_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_googlechat_database_hostname', when: "{{ matrix_mautrix_googlechat_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml
index 8b338fd7..27f3e593 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml
@@ -65,7 +65,7 @@ matrix_mautrix_hangouts_sqlite_database_path_in_container: "/data/mautrix-hangou
 
 matrix_mautrix_hangouts_database_username: 'matrix_mautrix_hangouts'
 matrix_mautrix_hangouts_database_password: 'some-password'
-matrix_mautrix_hangouts_database_hostname: 'matrix-postgres'
+matrix_mautrix_hangouts_database_hostname: ''
 matrix_mautrix_hangouts_database_port: 5432
 matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts'
 
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
index c80586e0..11635642 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
@@ -1,14 +1,12 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-hangouts settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_hangouts_public_endpoint"
-    - "matrix_mautrix_hangouts_appservice_token"
-    - "matrix_mautrix_hangouts_homeserver_token"
-- ansible.builtin.debug:
-    msg:
-      - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}'
+    - {'name': 'matrix_mautrix_hangouts_public_endpoint', when: true}
+    - {'name': 'matrix_mautrix_hangouts_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_hangouts_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_hangouts_database_hostname', when: "{{ matrix_mautrix_hangouts_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
index dcdf6723..75b99656 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
@@ -55,7 +55,7 @@ matrix_mautrix_instagram_database_engine: 'postgres'
 
 matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'
 matrix_mautrix_instagram_database_password: 'some-password'
-matrix_mautrix_instagram_database_hostname: 'matrix-postgres'
+matrix_mautrix_instagram_database_hostname: ''
 matrix_mautrix_instagram_database_port: 5432
 matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram'
 
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml
index 99f7b015..51bedf68 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml
@@ -1,9 +1,10 @@
 ---
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-instagram settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_instagram_appservice_token"
-    - "matrix_mautrix_instagram_homeserver_token"
+    - {'name': 'matrix_mautrix_instagram_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_instagram_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_instagram_database_hostname', when: "{{ matrix_mautrix_instagram_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
index 24ba9b39..736c4557 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -76,7 +76,7 @@ matrix_mautrix_signal_database_engine: 'postgres'
 
 matrix_mautrix_signal_database_username: 'matrix_mautrix_signal'
 matrix_mautrix_signal_database_password: 'some-password'
-matrix_mautrix_signal_database_hostname: 'matrix-postgres'
+matrix_mautrix_signal_database_hostname: ''
 matrix_mautrix_signal_database_port: 5432
 matrix_mautrix_signal_database_name: 'matrix_mautrix_signal'
 
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml
index ea2c1c43..5cabf18c 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml
@@ -1,15 +1,16 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-signal settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_signal_homeserver_domain"
-    - "matrix_mautrix_signal_homeserver_address"
-    - "matrix_mautrix_signal_homeserver_token"
-    - "matrix_mautrix_signal_appservice_token"
+    - {'name': 'matrix_mautrix_signal_homeserver_domain', when: true}
+    - {'name': 'matrix_mautrix_signal_homeserver_address', when: true}
+    - {'name': 'matrix_mautrix_signal_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_signal_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_signal_database_hostname', when: "{{ matrix_mautrix_signal_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
index 6f2137e4..5d2c0c88 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -95,7 +95,7 @@ matrix_mautrix_telegram_sqlite_database_path_in_container: "/data/mautrix-telegr
 
 matrix_mautrix_telegram_database_username: 'matrix_mautrix_telegram'
 matrix_mautrix_telegram_database_password: 'some-password'
-matrix_mautrix_telegram_database_hostname: 'matrix-postgres'
+matrix_mautrix_telegram_database_hostname: ''
 matrix_mautrix_telegram_database_port: 5432
 matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram'
 
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml
index 9711448b..16ebf37d 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml
@@ -1,16 +1,17 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-telegram settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_telegram_api_id"
-    - "matrix_mautrix_telegram_api_hash"
-    - "matrix_mautrix_telegram_public_endpoint"
-    - "matrix_mautrix_telegram_appservice_token"
-    - "matrix_mautrix_telegram_homeserver_token"
+    - {'name': 'matrix_mautrix_telegram_api_id', when: true}
+    - {'name': 'matrix_mautrix_telegram_api_hash', when: true}
+    - {'name': 'matrix_mautrix_telegram_public_endpoint', when: true}
+    - {'name': 'matrix_mautrix_telegram_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_telegram_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed Telegram variables
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
index 684b889a..22475596 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -54,7 +54,7 @@ matrix_mautrix_twitter_federate_rooms: true
 matrix_mautrix_twitter_database_engine: 'postgres'
 
 matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
-matrix_mautrix_twitter_database_password: ''
+matrix_mautrix_twitter_database_password: 'some-password'
 matrix_mautrix_twitter_database_hostname: ''
 matrix_mautrix_twitter_database_port: 5432
 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
index a97d292f..cfd408a7 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml
@@ -3,10 +3,9 @@
 - name: Fail if required mautrix-twitter settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_twitter_appservice_token"
-    - "matrix_mautrix_twitter_homeserver_token"
-    - "matrix_mautrix_twitter_database_hostname"
-    - "matrix_mautrix_twitter_database_password"
+    - {'name': 'matrix_mautrix_twitter_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_twitter_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_twitter_database_hostname', when: "{{ matrix_mautrix_twitter_database_engine == 'postgres' }}"}
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index 7c923b06..186c6297 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -61,7 +61,7 @@ matrix_mautrix_whatsapp_sqlite_database_path_in_container: "/data/mautrix-whatsa
 
 matrix_mautrix_whatsapp_database_username: 'matrix_mautrix_whatsapp'
 matrix_mautrix_whatsapp_database_password: 'some-password'
-matrix_mautrix_whatsapp_database_hostname: 'matrix-postgres'
+matrix_mautrix_whatsapp_database_hostname: ''
 matrix_mautrix_whatsapp_database_port: 5432
 matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp'
 
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml
index 863dc926..0a6a38cd 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml
@@ -1,14 +1,14 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required mautrix-whatsapp settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_mautrix_whatsapp_appservice_token"
-    - "matrix_mautrix_whatsapp_homeserver_token"
-
+    - {'name': 'matrix_mautrix_whatsapp_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_whatsapp_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_whatsapp_database_hostname', when: "{{ matrix_mautrix_whatsapp_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml
index ea1dde10..4be76fd1 100644
--- a/roles/custom/matrix-dimension/defaults/main.yml
+++ b/roles/custom/matrix-dimension/defaults/main.yml
@@ -65,7 +65,7 @@ matrix_dimension_sqlite_database_path_in_container: "dimension.db"
 
 matrix_dimension_database_username: 'matrix_dimension'
 matrix_dimension_database_password: 'some-password'
-matrix_dimension_database_hostname: 'matrix-postgres'
+matrix_dimension_database_hostname: ''
 matrix_dimension_database_port: 5432
 matrix_dimension_database_name: 'matrix_dimension'
 
diff --git a/roles/custom/matrix-dimension/tasks/validate_config.yml b/roles/custom/matrix-dimension/tasks/validate_config.yml
index 5af0ba6d..8f681e08 100644
--- a/roles/custom/matrix-dimension/tasks/validate_config.yml
+++ b/roles/custom/matrix-dimension/tasks/validate_config.yml
@@ -1,11 +1,13 @@
 ---
+
 - name: Fail if required Dimension settings not defined
   ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`) for using Dimension.
+    msg: >
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_dimension_access_token"
-  when: "matrix_dimension_enabled and vars[item] == ''"
+    - {'name': 'matrix_dimension_access_token', when: true}
+    - {'name': 'matrix_dimension_database_hostname', when: "{{ matrix_dimension_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed Dimension variables
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-etherpad/defaults/main.yml b/roles/custom/matrix-etherpad/defaults/main.yml
index 540b2a51..874e9a30 100644
--- a/roles/custom/matrix-etherpad/defaults/main.yml
+++ b/roles/custom/matrix-etherpad/defaults/main.yml
@@ -45,7 +45,7 @@ matrix_etherpad_database_engine: 'postgres'
 
 matrix_etherpad_database_username: 'matrix_etherpad'
 matrix_etherpad_database_password: 'some-password'
-matrix_etherpad_database_hostname: 'matrix-postgres'
+matrix_etherpad_database_hostname: ''
 matrix_etherpad_database_port: 5432
 matrix_etherpad_database_name: 'matrix_etherpad'
 
diff --git a/roles/custom/matrix-etherpad/tasks/validate_config.yml b/roles/custom/matrix-etherpad/tasks/validate_config.yml
index 64664894..2bc773a6 100644
--- a/roles/custom/matrix-etherpad/tasks/validate_config.yml
+++ b/roles/custom/matrix-etherpad/tasks/validate_config.yml
@@ -1,10 +1,12 @@
 ---
 
-- name: Fail if no database is configured for Etherpad
+- name: Fail if required Etherpad settings not defined
   ansible.builtin.fail:
-    msg: >-
-      Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname"
-  when: matrix_etherpad_database_hostname == ''
+    msg: >
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
+  with_items:
+    - {'name': 'matrix_etherpad_database_hostname', when: true}
 
 - name: Fail if wrong mode selected
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml
index a606d0d6..9dc32ce7 100644
--- a/roles/custom/matrix-ma1sd/defaults/main.yml
+++ b/roles/custom/matrix-ma1sd/defaults/main.yml
@@ -64,7 +64,7 @@ matrix_ma1sd_sqlite_database_path_in_container: "/var/ma1sd/ma1sd.db"
 
 matrix_ma1sd_database_username: 'matrix_ma1sd'
 matrix_ma1sd_database_password: 'some-password'
-matrix_ma1sd_database_hostname: 'matrix-postgres'
+matrix_ma1sd_database_hostname: ''
 matrix_ma1sd_database_port: 5432
 matrix_ma1sd_database_name: 'matrix_ma1sd'
 
diff --git a/roles/custom/matrix-ma1sd/tasks/validate_config.yml b/roles/custom/matrix-ma1sd/tasks/validate_config.yml
index af12dd3f..b490a5c6 100644
--- a/roles/custom/matrix-ma1sd/tasks/validate_config.yml
+++ b/roles/custom/matrix-ma1sd/tasks/validate_config.yml
@@ -42,11 +42,12 @@
 - name: Fail if required ma1sd settings not defined
   ansible.builtin.fail:
     msg: >
-      You need to define a required configuration setting (`{{ item }}`) for using ma1sd.
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host"
-    - "matrix_ma1sd_dns_overwrite_homeserver_client_value"
+    - {'name': 'matrix_ma1sd_threepid_medium_email_connectors_smtp_host', when: true}
+    - {'name': 'matrix_ma1sd_dns_overwrite_homeserver_client_value', when: true}
+    - {'name': 'matrix_ma1sd_database_hostname', when: "{{ matrix_ma1sd_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed ma1sd variables
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml
index aab68eaf..285328c2 100644
--- a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Fail if required Postgres settings not defined
+- name: Fail if required postgres-backup settings not defined
   ansible.builtin.fail:
     msg: >-
       You need to define a required configuration setting (`{{ item }}`).
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml
index f0cbfede..5fc8e919 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml
@@ -24,7 +24,7 @@ matrix_prometheus_postgres_exporter_systemd_wanted_services_list: []
 # details for connecting to the database
 matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter'
 matrix_prometheus_postgres_exporter_database_password: 'some-password'
-matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres'
+matrix_prometheus_postgres_exporter_database_hostname: ''
 matrix_prometheus_postgres_exporter_database_port: 5432
 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter'
 
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
index 2cea0604..7ff6d15a 100644
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
@@ -10,6 +10,9 @@
     - install-nginx-proxy
 
 - block:
+    - when: matrix_prometheus_postgres_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
     - when: matrix_prometheus_postgres_exporter_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
   tags:
diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml
new file mode 100644
index 00000000..6acf784f
--- /dev/null
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Fail if required prometheus-postgres-exporter settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - matrix_prometheus_postgres_exporter_database_hostname
diff --git a/roles/custom/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml
index 1e53ae98..c7a45fad 100644
--- a/roles/custom/matrix-registration/defaults/main.yml
+++ b/roles/custom/matrix-registration/defaults/main.yml
@@ -52,7 +52,7 @@ matrix_registration_sqlite_database_path_in_container: "/data/db.sqlite3"
 
 matrix_registration_database_username: 'matrix_registration'
 matrix_registration_database_password: 'some-password'
-matrix_registration_database_hostname: 'matrix-postgres'
+matrix_registration_database_hostname: ''
 matrix_registration_database_port: 5432
 matrix_registration_database_name: 'matrix_registration'
 
diff --git a/roles/custom/matrix-registration/tasks/validate_config.yml b/roles/custom/matrix-registration/tasks/validate_config.yml
index eb140d31..167c7c5c 100644
--- a/roles/custom/matrix-registration/tasks/validate_config.yml
+++ b/roles/custom/matrix-registration/tasks/validate_config.yml
@@ -3,12 +3,13 @@
 - name: Fail if required matrix-registration settings not defined
   ansible.builtin.fail:
     msg: >
-      You need to define a required configuration setting (`{{ item }}`) for using matrix-registration.
-  when: "vars[item] == ''"
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - "matrix_registration_shared_secret"
-    - "matrix_registration_admin_secret"
-    - "matrix_registration_server_location"
+    - {'name': 'matrix_registration_shared_secret', when: true}
+    - {'name': 'matrix_registration_admin_secret', when: true}
+    - {'name': 'matrix_registration_server_location', when: true}
+    - {'name': 'matrix_registration_database_hostname', when: "{{ matrix_registration_database_engine == 'postgres' }}"}
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:

From 72744f9db90fe9024a4b9a0e3d28f0a4a06f34e6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:26:18 +0200
Subject: [PATCH 089/198] /usr/local/bin/matrix-synapse-register-user ->
 /matrix/synapse/bin/register-user

---
 docs/registering-users.md                            |  2 +-
 roles/custom/matrix-synapse/defaults/main.yml        |  1 +
 roles/custom/matrix-synapse/tasks/register_user.yml  |  3 ++-
 roles/custom/matrix-synapse/tasks/setup_install.yml  |  1 +
 .../matrix-synapse/tasks/synapse/setup_install.yml   | 12 +++---------
 .../register-user.j2}                                |  0
 6 files changed, 8 insertions(+), 11 deletions(-)
 rename roles/custom/matrix-synapse/templates/synapse/{usr-local-bin/matrix-synapse-register-user.j2 => bin/register-user.j2} (100%)

diff --git a/docs/registering-users.md b/docs/registering-users.md
index 90c065bf..83f31a22 100644
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@@ -23,7 +23,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
 **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
 
 ```
-/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1>
+/matrix/synapse/bin/register-user <your-username> <your-password> <admin access: 0 or 1>
 ```
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 9a93a437..d643400c 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -55,6 +55,7 @@ matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
 matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
 matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
 matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
+matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin"
 matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
 
 matrix_synapse_container_client_api_port: 8008
diff --git a/roles/custom/matrix-synapse/tasks/register_user.yml b/roles/custom/matrix-synapse/tasks/register_user.yml
index 81748449..21540959 100644
--- a/roles/custom/matrix-synapse/tasks/register_user.yml
+++ b/roles/custom/matrix-synapse/tasks/register_user.yml
@@ -28,6 +28,7 @@
   when: "start_result.changed"
 
 - name: Register user
-  ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
+  ansible.builtin.command:
+    cmd: "{{ matrix_synapse_bin_path }}/register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
   register: matrix_synapse_register_user_result
   changed_when: matrix_synapse_register_user_result.rc == 0
diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml
index 3d56177c..0be0fd2f 100644
--- a/roles/custom/matrix-synapse/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -10,6 +10,7 @@
   with_items:
     - {path: "{{ matrix_synapse_config_dir_path }}", when: true}
     - {path: "{{ matrix_synapse_ext_path }}", when: true}
+    - {path: "{{ matrix_synapse_bin_path }}", when: true}
     - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"}
     - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"}
     - {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
index 429179de..2c6f05b7 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml
@@ -127,17 +127,11 @@
     src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
     mode: 0644
-  register: matrix_synapse_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-synapse.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_synapse_systemd_service_result.changed"
-
-- name: Ensure matrix-synapse-register-user script created
+- name: Ensure register-user script created
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user"
+    src: "{{ role_path }}/templates/synapse/bin/register-user.j2"
+    dest: "{{ matrix_synapse_bin_path }}/register-user"
     mode: 0755
 
 - name: Generate sample prometheus.yml for external scraping
diff --git a/roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/custom/matrix-synapse/templates/synapse/bin/register-user.j2
similarity index 100%
rename from roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2
rename to roles/custom/matrix-synapse/templates/synapse/bin/register-user.j2

From 735e7355a506c6be384e27b9944d1db649cbf7da Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:28:29 +0200
Subject: [PATCH 090/198] Rename variable
 (matrix_synapse_ext_s3_storage_provider_path ->
 matrix_synapse_ext_s3_storage_provider_base_path)

---
 roles/custom/matrix-synapse/defaults/main.yml              | 7 +++++--
 .../tasks/ext/s3-storage-provider/setup_install.yml        | 6 +++---
 .../tasks/ext/s3-storage-provider/setup_uninstall.yml      | 2 +-
 roles/custom/matrix-synapse/tasks/setup_install.yml        | 2 +-
 roles/custom/matrix-synapse/tasks/validate_config.yml      | 1 +
 .../matrix-synapse-s3-storage-provider-migrate.j2          | 4 ++--
 .../matrix-synapse-s3-storage-provider-shell.j2            | 4 ++--
 7 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index d643400c..c1f6b99a 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -49,14 +49,17 @@ matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matri
 matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} "
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
+
 matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"
 matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
 matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
 matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
-matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
 matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin"
-matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
+
+matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
+
+matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
 
 matrix_synapse_container_client_api_port: 8008
 
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
index 684fb2c9..b64bf6d2 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
@@ -10,12 +10,12 @@
 - name: Ensure s3-storage-provider env file installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
-    dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env"
+    dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env"
     mode: 0640
 
 - name: Ensure s3-storage-provider data path exists
   ansible.builtin.file:
-    path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data"
+    path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
@@ -24,7 +24,7 @@
 - name: Ensure s3-storage-provider database.yaml file installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2"
-    dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml"
+    dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data/database.yaml"
     mode: 0640
 
 - name: Ensure s3-storage-provider scripts installed
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
index d664d75f..a112a37c 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
@@ -16,4 +16,4 @@
   with_items:
     - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell"
     - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate"
-    - "{{ matrix_synapse_ext_s3_storage_provider_path }}"
+    - "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml
index 0be0fd2f..28fbc41d 100644
--- a/roles/custom/matrix-synapse/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -13,7 +13,7 @@
     - {path: "{{ matrix_synapse_bin_path }}", when: true}
     - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"}
     - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"}
-    - {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
+    - {path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
     # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
     # because if it's using Goofys and it's already mounted (from before),
     # trying to chown/chmod it here will cause trouble.
diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
index 0758c88f..0f63211d 100644
--- a/roles/custom/matrix-synapse/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -59,6 +59,7 @@
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
+    - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'}
 
 - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2
index d48ae122..70518eb4 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2
@@ -3,9 +3,9 @@
 
 {{ devture_systemd_docker_base_host_command_docker }} run \
 	--rm \
-	--env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \
+	--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
 	--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
-	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \
+	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_base_path }}/data,dst=/data \
 	--workdir=/data \
 	--network={{ matrix_docker_network }} \
 	--entrypoint=/bin/bash \
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2
index b46e89b7..00717705 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2
@@ -4,9 +4,9 @@
 {{ devture_systemd_docker_base_host_command_docker }} run \
 	-it \
 	--rm \
-	--env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \
+	--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
 	--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
-	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \
+	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_base_path }}/data,dst=/data \
 	--workdir=/data \
 	--network={{ matrix_docker_network }} \
 	--entrypoint=/bin/bash \

From 7c5c3aedc4416209a0a1c361620e1159ce6384b0 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:34:46 +0200
Subject: [PATCH 091/198] Put s3-storage-provider scripts under
 /matrix/synapse/ext/s3-storage-provider/bin, not /usr/local/bin

---
 ...ng-playbook-synapse-s3-storage-provider.md |  8 ++---
 roles/custom/matrix-synapse/defaults/main.yml |  1 +
 .../ext/s3-storage-provider/setup_install.yml | 32 +++++++++----------
 .../s3-storage-provider/setup_uninstall.yml   |  6 +---
 .../matrix-synapse/tasks/setup_install.yml    |  3 ++
 .../migrate.j2}                               |  0
 .../shell.j2}                                 |  0
 ...pse-s3-storage-provider-migrate.service.j2 |  2 +-
 8 files changed, 25 insertions(+), 27 deletions(-)
 rename roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/{usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 => bin/migrate.j2} (100%)
 rename roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/{usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 => bin/shell.j2} (100%)

diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md
index 2dba264b..a06d658f 100644
--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -62,7 +62,7 @@ Migrating your existing data can happen in multiple ways:
 
 Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload).
 
-To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`.
+To copy your existing files, SSH into the server and run `/matrix/synapse/ext/s3-storage-provider/bin/shell`.
 
 This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc).
 
@@ -76,12 +76,12 @@ Then use the following commands (`$` values come from environment variables - th
 
 The `s3_media_upload upload` command may take a lot of time to complete.
 
-Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because:
+Instead of running the above commands manually in the shell, you can also run the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because:
 
 - it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool
 - allows you to check and verify the output of each command, to catch mistakes
 - includes progress bars and detailed output for each command
-- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`)
+- allows you to easily interrupt slow-running commands, etc. (the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`)
 
 ### Using another tool in combination with `s3_media_upload`
 
@@ -119,7 +119,7 @@ As described in [How it works?](#how-it-works) above, when new media is uploaded
 
 By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using:
 
-- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script
+- the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script
 - .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
 - .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00
 
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index c1f6b99a..1a9b18a7 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -60,6 +60,7 @@ matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin"
 matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
 
 matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
+matrix_synapse_ext_s3_storage_provider_bin_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/bin"
 
 matrix_synapse_container_client_api_port: 8008
 
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
index b64bf6d2..11958f45 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
@@ -7,19 +7,22 @@
 #
 # Below are additional tasks for setting up various helper scripts, etc.
 
-- name: Ensure s3-storage-provider env file installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
-    dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env"
-    mode: 0640
-
-- name: Ensure s3-storage-provider data path exists
+- name: Ensure s3-storage-provider paths exists
   ansible.builtin.file:
-    path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data"
+    path: "{{ item }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
+    - "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}"
+
+- name: Ensure s3-storage-provider env file installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
+    dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env"
+    mode: 0640
 
 - name: Ensure s3-storage-provider database.yaml file installed
   ansible.builtin.template:
@@ -29,12 +32,12 @@
 
 - name: Ensure s3-storage-provider scripts installed
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2"
-    dest: "{{ matrix_local_bin_path }}/{{ item }}"
+    src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/bin/{{ item }}.j2"
+    dest: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}/{{ item }}"
     mode: 0750
   with_items:
-    - matrix-synapse-s3-storage-provider-shell
-    - matrix-synapse-s3-storage-provider-migrate
+    - shell
+    - migrate
 
 - name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed
   ansible.builtin.template:
@@ -45,8 +48,3 @@
     - matrix-synapse-s3-storage-provider-migrate.service
     - matrix-synapse-s3-storage-provider-migrate.timer
   register: matrix_synapse_s3_storage_provider_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
index a112a37c..83e8a0f7 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml
@@ -11,9 +11,5 @@
 
 - name: Ensure s3-storage-provider files don't exist
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
     state: absent
-  with_items:
-    - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell"
-    - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate"
-    - "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml
index 28fbc41d..d1ef7ed4 100644
--- a/roles/custom/matrix-synapse/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -13,7 +13,10 @@
     - {path: "{{ matrix_synapse_bin_path }}", when: true}
     - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"}
     - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"}
+
     - {path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
+    - {path: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
+
     # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
     # because if it's using Goofys and it's already mounted (from before),
     # trying to chown/chmod it here will cause trouble.
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
similarity index 100%
rename from roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2
rename to roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
similarity index 100%
rename from roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2
rename to roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2
index 159681a0..626c8385 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2
@@ -4,4 +4,4 @@ Description=Migrates locally-stored Synapse media store files to S3
 [Service]
 Type=oneshot
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStart={{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate
+ExecStart={{ matrix_synapse_ext_s3_storage_provider_bin_path }}/migrate

From 40cf9cd72c0373faccc4eae70165faaafa20393b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:41:03 +0200
Subject: [PATCH 092/198] /usr/local/bin/matrix-dendrite-create-account ->
 /matrix/dendrite/bin/create-account

---
 roles/custom/matrix-dendrite/defaults/main.yml           | 1 +
 roles/custom/matrix-dendrite/tasks/register_user.yml     | 2 +-
 roles/custom/matrix-dendrite/tasks/setup_install.yml     | 9 ++++++---
 roles/custom/matrix-dendrite/tasks/setup_uninstall.yml   | 7 +++++--
 .../create-account.j2}                                   | 0
 5 files changed, 13 insertions(+), 6 deletions(-)
 rename roles/custom/matrix-dendrite/templates/dendrite/{usr-local-bin/matrix-dendrite-create-account.j2 => bin/create-account.j2} (100%)

diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index dac77bc1..37054518 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -14,6 +14,7 @@ matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config"
 matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage"
 matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store"
 matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
+matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
 matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
 
 # By default, we make Dendrite only serve HTTP (not HTTPS).
diff --git a/roles/custom/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml
index 6b4de7e9..1e2fc100 100644
--- a/roles/custom/matrix-dendrite/tasks/register_user.yml
+++ b/roles/custom/matrix-dendrite/tasks/register_user.yml
@@ -29,6 +29,6 @@
 
 - name: Register user
   ansible.builtin.command:
-    cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
+    cmd: "{{ {{ matrix_dendrite_bin_path }} }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
   register: matrix_dendrite_register_user_result
   changed_when: matrix_dendrite_register_user_result.rc == 0
diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml
index 1c557e7f..c516c5b7 100644
--- a/roles/custom/matrix-dendrite/tasks/setup_install.yml
+++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml
@@ -9,6 +9,7 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - "{{ matrix_dendrite_config_dir_path }}"
+    - "{{ matrix_dendrite_bin_path }}"
     - "{{ matrix_dendrite_ext_path }}"
     - "{{ matrix_dendrite_nats_storage_path }}"
 
@@ -81,8 +82,10 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
     mode: 0644
 
-- name: Ensure matrix-dendrite-create-account script created
+- name: Ensure Dendrite scripts created
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account"
+    src: "{{ role_path }}/templates/dendrite/bin/{{ item }}.j2"
+    dest: "{{ matrix_dendrite_bin_path }}/{{ item }}"
     mode: 0750
+  with_items:
+    - create-account
diff --git a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
index e5479684..f6a537b3 100644
--- a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml
@@ -13,7 +13,10 @@
         state: stopped
         daemon_reload: true
 
-    - name: Ensure matrix-dendrite.service doesn't exist
+    - name: Ensure Dendrite paths don't exist
       ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
+        path: "{{ item }}"
         state: absent
+      with_items:
+        - "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
+        - "{{ matrix_dendrite_bin_path }}"
diff --git a/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 b/roles/custom/matrix-dendrite/templates/dendrite/bin/create-account.j2
similarity index 100%
rename from roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2
rename to roles/custom/matrix-dendrite/templates/dendrite/bin/create-account.j2

From c9281482614255bf7d2f9571d30c10338e709ffb Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:43:25 +0200
Subject: [PATCH 093/198] Make uninstall tasks for Synapse delete bin/

---
 .../matrix-synapse/tasks/synapse/setup_uninstall.yml       | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
index 7f081522..6b8ae5a0 100644
--- a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml
@@ -14,10 +14,13 @@
         enabled: false
         daemon_reload: true
 
-    - name: Ensure matrix-synapse.service doesn't exist
+    - name: Ensure Synapse paths don't exist
       ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
+        path: "{{ item }}"
         state: absent
+      with_items:
+        - "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
+        - "{{ matrix_synapse_bin_path }}"
 
     - name: Ensure sample prometheus.yml for external scraping is deleted
       ansible.builtin.file:

From fb86f6d5e73406a369b41f5444a104d3adbfb7b0 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:47:02 +0200
Subject: [PATCH 094/198] /usr/local/bin/matrix-remove-all ->
 /matrix/bin/remove-all

---
 docs/uninstalling.md                                     | 4 +---
 roles/custom/matrix-base/defaults/main.yml               | 2 ++
 roles/custom/matrix-base/tasks/setup_matrix_base.yml     | 9 +++++----
 .../matrix-remove-all.j2 => bin/remove-all.j2}           | 2 --
 4 files changed, 8 insertions(+), 9 deletions(-)
 rename roles/custom/matrix-base/templates/{usr-local-bin/matrix-remove-all.j2 => bin/remove-all.j2} (92%)

diff --git a/docs/uninstalling.md b/docs/uninstalling.md
index 73af01d9..73a414ed 100644
--- a/docs/uninstalling.md
+++ b/docs/uninstalling.md
@@ -12,7 +12,7 @@
 
 ## Uninstalling using a script
 
-Installing places a `/usr/local/bin/matrix-remove-all` script on the server.
+Installing places a `/matrix/bin/remove-all` script on the server.
 
 You can run it to to have it uninstall things for you automatically (see below). **Use with caution!**
 
@@ -25,8 +25,6 @@ If you prefer to uninstall manually, run these commands (most are meant to be ex
 
 - delete the Matrix-related systemd `.service` and `.timer` files (`rm -f /etc/systemd/system/matrix*.{service,timer}`) and reload systemd (`systemctl daemon-reload`)
 
-- delete some helper scripts (`rm -f /usr/local/bin/matrix*`)
-
 - delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`)
 
 - delete the Docker networks: `docker network rm matrix matrix-coturn` (might have been deleted already if you ran the `docker system prune` command)
diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 34d8c65b..33805e51 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -117,6 +117,8 @@ matrix_user_gid: ~
 matrix_base_data_path: "/matrix"
 matrix_base_data_path_mode: "750"
 
+matrix_bin_path: "{{ matrix_base_data_path }}/bin"
+
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
 
 # This is now unused. We keep it so that cleanup tasks can use it.
diff --git a/roles/custom/matrix-base/tasks/setup_matrix_base.yml b/roles/custom/matrix-base/tasks/setup_matrix_base.yml
index f954bd79..3d95af02 100644
--- a/roles/custom/matrix-base/tasks/setup_matrix_base.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Ensure Matrix base path exists
+- name: Ensure Matrix base paths exists
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
@@ -9,14 +9,15 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - "{{ matrix_base_data_path }}"
+    - "{{ matrix_bin_path }}"
 
 - name: Ensure Matrix network is created in Docker
   community.docker.docker_network:
     name: "{{ matrix_docker_network }}"
     driver: bridge
 
-- name: Ensure matrix-remove-all script created
+- name: Ensure remove-all script created
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2"
-    dest: "{{ matrix_local_bin_path }}/matrix-remove-all"
+    src: "{{ role_path }}/templates/bin/remove-all.j2"
+    dest: "{{ matrix_bin_path }}/remove-all"
     mode: 0750
diff --git a/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/custom/matrix-base/templates/bin/remove-all.j2
similarity index 92%
rename from roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
rename to roles/custom/matrix-base/templates/bin/remove-all.j2
index f9b174e5..5dd862ae 100644
--- a/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
+++ b/roles/custom/matrix-base/templates/bin/remove-all.j2
@@ -23,8 +23,6 @@ else
 
 	systemctl daemon-reload
 
-	echo "Remove matrix scripts"
-	find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
 	echo "Remove unused Docker images and resources"
 	docker system prune -af
 	echo "Remove Docker matrix network (should be gone already, but ..)"

From 707e909b9b2b122be15f6b376c720496ae84430b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:53:23 +0200
Subject: [PATCH 095/198] 
 /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew ->
 /matrix/ssl/bin/lets-encrypt-certificates-renew

---
 roles/custom/matrix-base/defaults/main.yml    |  6 ------
 .../matrix-base/tasks/validate_config.yml     |  1 +
 .../matrix-coturn/tasks/setup_install.yml     |  6 ------
 .../matrix-nginx-proxy/defaults/main.yml      |  1 +
 .../matrix-nginx-proxy/tasks/ssl/main.yml     |  1 +
 .../tasks/ssl/setup_ssl_lets_encrypt.yml      | 19 +++----------------
 .../lets-encrypt-certificates-renew.j2}       |  0
 ...lets-encrypt-certificates-renew.service.j2 |  2 +-
 8 files changed, 7 insertions(+), 29 deletions(-)
 rename roles/custom/matrix-nginx-proxy/templates/{usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 => bin/lets-encrypt-certificates-renew.j2} (100%)

diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 33805e51..63aee58a 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -121,12 +121,6 @@ matrix_bin_path: "{{ matrix_base_data_path }}/bin"
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
 
-# This is now unused. We keep it so that cleanup tasks can use it.
-# To be removed in the future.
-matrix_cron_path: "/etc/cron.d"
-
-matrix_local_bin_path: "/usr/local/bin"
-
 matrix_host_command_sleep: "/usr/bin/env sleep"
 matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml
index b3c7fb18..b3551e2e 100644
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -17,6 +17,7 @@
     - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
     - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
     - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}
 
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined
diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml
index 31b5446c..ab94db27 100644
--- a/roles/custom/matrix-coturn/tasks/setup_install.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_install.yml
@@ -1,11 +1,5 @@
 ---
 
-# This is a cleanup/migration task. It can be removed some time in the future.
-- name: (Migration) Remove deprecated cronjob
-  ansible.builtin.file:
-    path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
-    state: absent
-
 - name: Ensure Matrix Coturn path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 886e3513..0830d4f4 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -573,6 +573,7 @@ matrix_ssl_lets_encrypt_key_type: rsa
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
+matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin"
 
 # If you'd like to start some service before a certificate is obtained, specify it here.
 # This could be something like `matrix-dynamic-dns`, etc.
diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
index e9d270cf..6eff8cbf 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
@@ -24,6 +24,7 @@
   with_items:
     - "{{ matrix_ssl_log_dir_path }}"
     - "{{ matrix_ssl_config_dir_path }}"
+    - "{{ matrix_ssl_bin_dir_path }}"
   when: "matrix_ssl_retrieval_method != 'none'"
 
 
diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
index 77361f3f..a1b14e3b 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -1,17 +1,4 @@
 ---
-
-# This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name.
-# This migration task can be removed some time in the future.
-- name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
-    - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
-    - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
-    - "/etc/cron.d/matrix-ssl-lets-encrypt"
-
 #
 # Tasks related to setting up Let's Encrypt's management of certificates
 #
@@ -36,8 +23,8 @@
 
     - name: Ensure Let's Encrypt SSL renewal script installed
       ansible.builtin.template:
-        src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
-        dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2"
+        dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
         mode: 0755
 
     - name: Ensure SSL renewal systemd units installed
@@ -63,5 +50,5 @@
 
     - name: Ensure Let's Encrypt SSL renewal script removed
       ansible.builtin.file:
-        path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
         state: absent
diff --git a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2
similarity index 100%
rename from roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
rename to roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2
diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
index c7f372d9..b2f07aca 100644
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
@@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates
 [Service]
 Type=oneshot
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
+ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew

From 2688e8bfc3d9fb14f08f6b28432691b0dff1ff14 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 10:02:45 +0200
Subject: [PATCH 096/198] Optimize initial installation by not reloading
 systemd after each .service install

We expect `--tags=start` to handle systemd reloading, so we don't need
to do it manually each time we install/uninstall a .service file.
---
 .../matrix-bot-buscarron/tasks/setup_install.yml  |  7 +------
 .../matrix-bot-go-neb/tasks/setup_install.yml     |  6 +-----
 .../matrix-bot-honoroit/tasks/setup_install.yml   |  6 +-----
 .../tasks/setup_install.yml                       | 11 -----------
 .../tasks/setup_install.yml                       |  6 +-----
 .../matrix-bot-maubot/tasks/setup_install.yml     |  6 ------
 .../matrix-bot-mjolnir/tasks/setup_install.yml    |  6 +-----
 .../matrix-bot-postmoogle/tasks/setup_install.yml |  5 -----
 .../tasks/setup_install.yml                       |  6 +-----
 .../tasks/setup_install.yml                       |  6 +-----
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  6 +-----
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  6 +-----
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  6 ------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../tasks/setup_install.yml                       |  7 +------
 .../matrix-bridge-sms/tasks/setup_install.yml     |  6 ------
 .../tasks/setup_install.yml                       | 11 -----------
 .../matrix-client-cinny/tasks/setup_install.yml   |  6 ------
 .../matrix-client-element/tasks/setup_install.yml |  6 ------
 .../tasks/setup_install.yml                       |  6 ------
 .../custom/matrix-conduit/tasks/setup_install.yml |  6 ------
 .../matrix-dimension/tasks/setup_install.yml      |  7 +------
 .../matrix-dynamic-dns/tasks/setup_install.yml    |  6 ------
 .../matrix-email2matrix/tasks/setup_install.yml   |  6 ------
 .../matrix-etherpad/tasks/setup_install.yml       |  6 ------
 .../tasks/setup_install.yml                       | 15 ---------------
 roles/custom/matrix-ma1sd/tasks/setup_install.yml |  7 +------
 .../custom/matrix-mailer/tasks/setup_install.yml  |  6 ------
 .../tasks/setup_nginx_proxy.yml                   | 11 -----------
 roles/custom/matrix-ntfy/tasks/setup_install.yml  |  6 ------
 .../tasks/setup_install.yml                       |  6 ------
 .../matrix-prometheus/tasks/setup_install.yml     |  6 ------
 .../matrix-registration/tasks/setup_install.yml   |  7 +------
 .../custom/matrix-sygnal/tasks/setup_install.yml  |  6 ------
 .../matrix-synapse/tasks/goofys/setup_install.yml |  6 ------
 52 files changed, 25 insertions(+), 327 deletions(-)

diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
index ca304efb..e8cffa93 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -89,15 +89,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
     mode: 0644
-  register: matrix_bot_buscarron_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_buscarron_systemd_service_result.changed | bool"
 
 - name: Ensure matrix-bot-buscarron.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-bot-buscarron.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_bot_buscarron_requires_restart | bool"
diff --git a/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml
index 70aec14a..1db16b91 100644
--- a/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml
@@ -42,13 +42,9 @@
     mode: 0644
   register: matrix_bot_go_neb_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_go_neb_systemd_service_result.changed | bool"
-
 - name: Ensure matrix-bot-go-neb.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-bot-go-neb.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_bot_go_neb_requires_restart | bool"
diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
index 245e641c..85a11510 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -91,13 +91,9 @@
     mode: 0644
   register: matrix_bot_honoroit_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_honoroit_systemd_service_result.changed | bool"
-
 - name: Ensure matrix-bot-honoroit.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-bot-honoroit.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_bot_honoroit_requires_restart | bool"
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
index 3838fa07..515cd997 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -61,14 +61,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
     mode: 0644
-  register: matrix_bot_matrix_registration_bot_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-bot-matrix-registration-bot.service"
-    state: restarted
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
index d9ff942e..89cff917 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -92,13 +92,9 @@
     mode: 0644
   register: matrix_bot_matrix_reminder_bot_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed | bool"
-
 - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-bot-matrix-reminder-bot.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_bot_matrix_reminder_bot_requires_restart | bool"
diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
index 22f53b6f..97f189c4 100644
--- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
@@ -65,9 +65,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
     mode: 0644
-  register: matrix_bot_maubot_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-bot-maubot.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_maubot_systemd_service_result.changed|bool"
diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
index 995e3b2b..3088fe8b 100644
--- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
@@ -66,13 +66,9 @@
     mode: 0644
   register: matrix_bot_mjolnir_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_mjolnir_systemd_service_result.changed | bool"
-
 - name: Ensure matrix-bot-mjolnir.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-bot-mjolnir.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_bot_mjolnir_requires_restart | bool"
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
index 403814d6..f0c09166 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
@@ -86,8 +86,3 @@
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
     mode: 0644
   register: matrix_bot_postmoogle_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-bot-postmoogle.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
index bb6c8551..1a222e19 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -109,13 +109,9 @@
     mode: 0644
   register: matrix_appservice_discord_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-appservice-discord.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_discord_systemd_service_result.changed"
-
 - name: Ensure matrix-appservice-discord.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-appservice-discord.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_appservice_discord_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
index 7b58f81e..43dce01a 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -199,13 +199,9 @@
     mode: 0644
   register: matrix_appservice_irc_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-appservice-irc.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_irc_systemd_service_result.changed"
-
 - name: Ensure matrix-appservice-irc.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-appservice-irc.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_appservice_irc_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
index 89a0de0b..bcf213cd 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
@@ -109,9 +109,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
     mode: 0644
-  register: matrix_appservice_kakaotalk_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed
diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
index f1751012..9a72f69d 100644
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
@@ -87,15 +87,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
     mode: 0644
-  register: matrix_appservice_slack_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-appservice-slack.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_slack_systemd_service_result.changed"
 
 - name: Ensure matrix-appservice-slack.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-appservice-slack.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_appservice_slack_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
index 734b6e60..194ef017 100644
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
@@ -86,9 +86,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
     mode: 0644
-  register: matrix_appservice_webhooks_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_appservice_webhooks_systemd_service_result.changed"
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
index 1dff0912..e553b912 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
@@ -88,9 +88,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
     mode: 0644
-  register: matrix_beeper_linkedin_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_beeper_linkedin_systemd_service_result.changed"
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
index 1a89d648..874b3dff 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -128,13 +128,9 @@
     mode: 0644
   register: matrix_go_skype_bridge_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_go_skype_bridge_systemd_service_result.changed"
-
 - name: Ensure matrix-go-skype-bridge.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-go-skype-bridge.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_go_skype_bridge_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
index 9a0cac35..23b7de5d 100644
--- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
@@ -34,9 +34,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
     mode: 0644
-  register: matrix_heisenbridge_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-heisenbridge.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_heisenbridge_systemd_service_result.changed
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
index e13af198..2afed50b 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
@@ -110,9 +110,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
     mode: 0644
-  register: matrix_hookshot_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-hookshot.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_hookshot_systemd_service_result.changed
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
index b6d388ca..1d613fb6 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
@@ -101,13 +101,9 @@
     mode: 0644
   register: matrix_mautrix_discord_systemd_service_result
 
-- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_discord_systemd_service_result.changed"
-
 - name: Ensure matrix-mautrix-discord.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-discord.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_discord_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
index b2801de8..676ee0fa 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
     mode: 0644
-  register: matrix_mautrix_facebook_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_facebook_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-facebook.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-facebook.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_facebook_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
index 87e379ea..eeeea1c5 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
     mode: 0644
-  register: matrix_mautrix_googlechat_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_googlechat_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-googlechat.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_googlechat_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
index 23cf24c6..99044306 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
     mode: 0644
-  register: matrix_mautrix_hangouts_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_hangouts_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-hangouts.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_hangouts_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
index 878bdceb..68891c9e 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
@@ -70,9 +70,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
     mode: 0644
-  register: matrix_mautrix_instagram_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_instagram_systemd_service_result.changed"
diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
index c2f518f3..41e6394f 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@@ -121,9 +121,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
     mode: 0644
-  register: matrix_mautrix_signal_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
index 76ccf6bb..0fdd064e 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -141,15 +141,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service"
     mode: 0644
-  register: matrix_mautrix_telegram_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_telegram_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-telegram.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-telegram.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_telegram_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
index f68360be..d5c26c2b 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
@@ -72,15 +72,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service"
     mode: 0644
-  register: matrix_mautrix_twitter_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_twitter_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-twitter.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-twitter.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_twitter_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
index 37915f07..4d33e5ce 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -126,15 +126,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
     mode: 0644
-  register: matrix_mautrix_whatsapp_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mautrix_whatsapp_systemd_service_result.changed"
 
 - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mautrix-whatsapp.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mautrix_whatsapp_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
index d7cac52c..b038b691 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -118,15 +118,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-discord.service"
     mode: 0644
-  register: matrix_mx_puppet_discord_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_discord_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-discord.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_discord_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
index 1f3dd3d3..fa7025aa 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
     mode: 0644
-  register: matrix_mx_puppet_groupme_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_groupme_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-groupme.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_groupme_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
index 730c34e6..8aca9562 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -98,15 +98,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
     mode: 0644
-  register: matrix_mx_puppet_instagram_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_instagram_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-instagram.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_instagram_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
index 9d2bcc61..3768a46e 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-slack.service"
     mode: 0644
-  register: matrix_mx_puppet_slack_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_slack_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-slack.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_slack_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
index aff6dd95..40503c39 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-steam.service"
     mode: 0644
-  register: matrix_mx_puppet_steam_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_steam_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-steam.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_steam_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
index c948c48d..dddcd87e 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -116,15 +116,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2"
     dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
     mode: 0644
-  register: matrix_mx_puppet_twitter_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_twitter_systemd_service_result.changed"
 
 - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-mx-puppet-twitter.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_mx_puppet_twitter_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml
index 2050797a..b3d78a34 100644
--- a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml
@@ -51,9 +51,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service"
     mode: 0644
-  register: matrix_sms_bridge_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-sms-bridge.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_sms_bridge_systemd_service_result.changed
diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml
index 8de14d19..8a8bf326 100644
--- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml
@@ -125,14 +125,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-cactus-comments.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service"
     mode: 0644
-  register: matrix_cactus_comments_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-cactus-comments.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_cactus_comments_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-cactus-comments.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-cactus-comments.service"
-    state: restarted
diff --git a/roles/custom/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml
index 09b117be..46458f0b 100644
--- a/roles/custom/matrix-client-cinny/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml
@@ -69,9 +69,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-client-cinny.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service"
     mode: 0644
-  register: matrix_client_cinny_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-client-cinny.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_cinny_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml
index cff30f4c..16f75ab4 100644
--- a/roles/custom/matrix-client-element/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-element/tasks/setup_install.yml
@@ -104,9 +104,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service"
     mode: 0644
-  register: matrix_client_element_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-client-element.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_element_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
index 6905081a..7a886a88 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
@@ -73,9 +73,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service"
     mode: 0644
-  register: matrix_client_hydrogen_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-client-hydrogen.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_client_hydrogen_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-conduit/tasks/setup_install.yml b/roles/custom/matrix-conduit/tasks/setup_install.yml
index ebc5447b..ef47c620 100644
--- a/roles/custom/matrix-conduit/tasks/setup_install.yml
+++ b/roles/custom/matrix-conduit/tasks/setup_install.yml
@@ -39,9 +39,3 @@
     src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service"
     mode: 0644
-  register: matrix_conduit_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-conduit.service installation
-  ansible.builtin.systemd:
-    daemon_reload: true
-  when: "matrix_conduit_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml
index e1340d25..f2256191 100644
--- a/roles/custom/matrix-dimension/tasks/setup_install.yml
+++ b/roles/custom/matrix-dimension/tasks/setup_install.yml
@@ -126,15 +126,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service"
     mode: 0644
-  register: matrix_dimension_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-dimension.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dimension_systemd_service_result.changed | bool"
 
 - name: Ensure matrix-dimension.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-dimension.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_dimension_requires_restart | bool"
diff --git a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
index 2367e9cb..e64cc0a7 100644
--- a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
+++ b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
@@ -61,9 +61,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2"
     dest: "/etc/systemd/system/matrix-dynamic-dns.service"
     mode: 0644
-  register: matrix_dynamic_dns_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-dynamic-dns.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_dynamic_dns_systemd_service_result.changed"
diff --git a/roles/custom/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml
index 74050633..8cfbc5ea 100644
--- a/roles/custom/matrix-email2matrix/tasks/setup_install.yml
+++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml
@@ -61,9 +61,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service"
     mode: 0644
-  register: matrix_email2matrix_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-email2matrix.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_email2matrix_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-etherpad/tasks/setup_install.yml b/roles/custom/matrix-etherpad/tasks/setup_install.yml
index bb5e0e53..d4e2952e 100644
--- a/roles/custom/matrix-etherpad/tasks/setup_install.yml
+++ b/roles/custom/matrix-etherpad/tasks/setup_install.yml
@@ -32,9 +32,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service"
     mode: 0644
-  register: matrix_etherpad_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-etherpad.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_etherpad_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml
index 3ac8f9b8..3814b139 100644
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml
@@ -12,9 +12,6 @@
     - {path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}", when: true}
   when: "item.when | bool"
 
-- ansible.builtin.set_fact:
-    matrix_ldap_registration_proxy_requires_restart: false
-
 - name: Ensure matrix_ldap_registration_proxy repository is present on self-build
   ansible.builtin.git:
     repo: "{{ matrix_ldap_registration_proxy_container_image_self_build_repo }}"
@@ -49,15 +46,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-ldap-registration-proxy.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service"
     mode: 0644
-  register: matrix_ldap_registration_proxy_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ldap_registration_proxy_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-ldap-registration-proxy.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-ldap-registration-proxy.service"
-    state: restarted
-  when: "matrix_ldap_registration_proxy_requires_restart | bool"
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
index e60b664e..d0385a7f 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
@@ -156,15 +156,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service"
     mode: 0644
-  register: matrix_ma1sd_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-ma1sd.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ma1sd_systemd_service_result.changed | bool"
 
 - name: Ensure matrix-ma1sd.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-ma1sd.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_ma1sd_requires_restart | bool"
diff --git a/roles/custom/matrix-mailer/tasks/setup_install.yml b/roles/custom/matrix-mailer/tasks/setup_install.yml
index 11355165..c03d0af6 100644
--- a/roles/custom/matrix-mailer/tasks/setup_install.yml
+++ b/roles/custom/matrix-mailer/tasks/setup_install.yml
@@ -58,9 +58,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
     mode: 0644
-  register: matrix_mailer_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mailer.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_mailer_systemd_service_result.changed | bool
diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index af086298..dd11721a 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -214,14 +214,8 @@
     src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service"
     mode: 0644
-  register: matrix_nginx_proxy_systemd_service_result
   when: matrix_nginx_proxy_enabled | bool
 
-- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
-
 
 #
 # Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
@@ -247,11 +241,6 @@
     state: absent
   when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
 
-- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
-
 - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
   ansible.builtin.file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
diff --git a/roles/custom/matrix-ntfy/tasks/setup_install.yml b/roles/custom/matrix-ntfy/tasks/setup_install.yml
index 5ad8e507..38adb122 100644
--- a/roles/custom/matrix-ntfy/tasks/setup_install.yml
+++ b/roles/custom/matrix-ntfy/tasks/setup_install.yml
@@ -36,9 +36,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
     mode: 0644
-  register: matrix_ntfy_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-ntfy.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_ntfy_systemd_service_result.changed"
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
index ba374aff..1057e385 100644
--- a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
@@ -49,9 +49,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
     mode: 0644
-  register: matrix_postgres_backup_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-postgres-backup.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: matrix_postgres_backup_systemd_service_result.changed | bool
diff --git a/roles/custom/matrix-prometheus/tasks/setup_install.yml b/roles/custom/matrix-prometheus/tasks/setup_install.yml
index 8c18ce66..1d3d6669 100644
--- a/roles/custom/matrix-prometheus/tasks/setup_install.yml
+++ b/roles/custom/matrix-prometheus/tasks/setup_install.yml
@@ -50,9 +50,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
     mode: 0644
-  register: matrix_prometheus_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-prometheus.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_prometheus_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml
index a2f5c283..21b678e8 100644
--- a/roles/custom/matrix-registration/tasks/setup_install.yml
+++ b/roles/custom/matrix-registration/tasks/setup_install.yml
@@ -103,15 +103,10 @@
     src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service"
     mode: 0644
-  register: matrix_registration_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-registration.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_registration_systemd_service_result.changed | bool"
 
 - name: Ensure matrix-registration.service restarted, if necessary
   ansible.builtin.service:
     name: "matrix-registration.service"
     state: restarted
+    daemon_reload: true
   when: "matrix_registration_requires_restart | bool"
diff --git a/roles/custom/matrix-sygnal/tasks/setup_install.yml b/roles/custom/matrix-sygnal/tasks/setup_install.yml
index 27424314..7c9caf38 100644
--- a/roles/custom/matrix-sygnal/tasks/setup_install.yml
+++ b/roles/custom/matrix-sygnal/tasks/setup_install.yml
@@ -36,9 +36,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service"
     mode: 0644
-  register: matrix_sygnal_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-sygnal.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_sygnal_systemd_service_result.changed | bool"
diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
index 7649beb4..e758d0dd 100644
--- a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
@@ -43,9 +43,3 @@
     src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
     mode: 0644
-  register: matrix_goofys_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-goofys.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_goofys_systemd_service_result.changed"

From d1b2fd50bef5c71a0b8c8042d8f7ff811111adda Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 10:04:03 +0200
Subject: [PATCH 097/198] Remove manual service enablement/start for
 backup-borg

This is done via devture_systemd_service_manager_services_list_auto
already.
---
 .../matrix-backup-borg/tasks/setup_install.yml   | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
index 142bf38c..56a4f3c9 100644
--- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
@@ -105,19 +105,3 @@
     src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
     mode: 0644
-  register: matrix_backup_borg_systemd_timer_result
-
-- name: Ensure systemd reloaded after matrix-backup-borg.service installation
-  ansible.builtin.service:
-    daemon_reload: true
-  when: "matrix_backup_borg_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-backup-borg.service enabled
-  ansible.builtin.service:
-    enabled: true
-    name: matrix-backup-borg.service
-
-- name: Ensure matrix-backup-borg.timer enabled
-  ansible.builtin.service:
-    enabled: true
-    name: matrix-backup-borg.timer

From 3d1ea3e79ea9a89c05d022ef6a75f2a9dc897a9b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 10:10:00 +0200
Subject: [PATCH 098/198] Auto-delete old matrix scripts from /usr/local/bin

---
 .../tasks/cleanup_usr_local_bin.yml                | 14 ++++++++++++++
 .../matrix_playbook_migration/tasks/main.yml       |  6 ++++++
 2 files changed, 20 insertions(+)
 create mode 100644 roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml

diff --git a/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml
new file mode 100644
index 00000000..e7abd471
--- /dev/null
+++ b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Find leftover matrix scripts in /usr/local/bin
+  ansible.builtin.find:
+    path: "/usr/local/bin"
+    patterns: "^matrix-.*"
+    use_regex: true
+  register: matrix_usr_local_bin_files_result
+
+- name: Ensure /usr/local/bin does not contain matrix scripts
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ matrix_usr_local_bin_files_result.files }}"
diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml
index 491fabcd..96b68b60 100644
--- a/roles/custom/matrix_playbook_migration/tasks/main.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -5,3 +5,9 @@
   tags:
     - setup-all
     - install-all
+
+- block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_usr_local_bin.yml"
+  tags:
+    - setup-all
+    - install-all

From 4bb3a38de62af5585c75ef2397807daf70d55273 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 11:24:53 +0200
Subject: [PATCH 099/198] Upgrade com.devture.ansible.role.postgres

---
 requirements.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.yml b/requirements.yml
index 69c733f0..951bb5e1 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: f9f0519b2ccc6da7e0480c7cdfe8a67814728243
+  version: 0985b594b17942e7aa6346d8967c02c3686cecb1
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096

From 910cd9adf0db78f8b90ee1834211198ab7793a5d Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 11:27:01 +0200
Subject: [PATCH 100/198] Replace import_role calls with include_role calls

---
 roles/custom/matrix-backup-borg/tasks/setup_install.yml         | 2 +-
 roles/custom/matrix-bot-buscarron/tasks/setup_install.yml       | 2 +-
 roles/custom/matrix-bot-honoroit/tasks/setup_install.yml        | 2 +-
 .../matrix-bot-matrix-reminder-bot/tasks/setup_install.yml      | 2 +-
 roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml      | 2 +-
 .../matrix-bridge-appservice-discord/tasks/setup_install.yml    | 2 +-
 .../custom/matrix-bridge-appservice-irc/tasks/setup_install.yml | 2 +-
 .../matrix-bridge-go-skype-bridge/tasks/setup_install.yml       | 2 +-
 roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml     | 2 +-
 .../matrix-bridge-mautrix-discord/tasks/setup_install.yml       | 2 +-
 .../matrix-bridge-mautrix-facebook/tasks/setup_install.yml      | 2 +-
 .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml    | 2 +-
 .../matrix-bridge-mautrix-hangouts/tasks/setup_install.yml      | 2 +-
 .../matrix-bridge-mautrix-telegram/tasks/setup_install.yml      | 2 +-
 .../matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml      | 2 +-
 .../matrix-bridge-mx-puppet-discord/tasks/setup_install.yml     | 2 +-
 .../matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml     | 2 +-
 .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml   | 2 +-
 .../matrix-bridge-mx-puppet-slack/tasks/setup_install.yml       | 2 +-
 .../matrix-bridge-mx-puppet-steam/tasks/setup_install.yml       | 2 +-
 .../matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml     | 2 +-
 roles/custom/matrix-dimension/tasks/setup_install.yml           | 2 +-
 roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml            | 2 +-
 roles/custom/matrix-ma1sd/tasks/setup_install.yml               | 2 +-
 .../matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml      | 2 +-
 roles/custom/matrix-postgres-backup/tasks/setup_install.yml     | 2 +-
 roles/custom/matrix-registration/tasks/setup_install.yml        | 2 +-
 roles/custom/matrix-synapse/tasks/goofys/setup_install.yml      | 2 +-
 28 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
index 56a4f3c9..647aabf4 100644
--- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml
+++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml
@@ -9,7 +9,7 @@
         Consider setting `matrix_backup_borg_version` to your Postgres version manually.
     when: not devture_postgres_enabled
 
-  - ansible.builtin.import_role:
+  - ansible.builtin.include_role:
       name: galaxy/com.devture.ansible.role.postgres
       tasks_from: detect_existing_postgres_version
 
diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
index e8cffa93..f255b141 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -20,7 +20,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-buscarron.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
index 85a11510..f71f2416 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -20,7 +20,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-honoroit.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
index 89cff917..46633547 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
index f0c09166..cede2d35 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
@@ -17,7 +17,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-postmoogle.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
index 1a222e19..bf5ecf42 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-appservice-discord.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
index 43dce01a..a5fdacde 100644
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: custom/matrix-base
     tasks_from: ensure_openssl_installed
 
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
index 874b3dff..fd36600b 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-go-skype-bridge.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
index 2afed50b..e9b277ce 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: custom/matrix-base
     tasks_from: ensure_openssl_installed
 
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
index 1d613fb6..d83101eb 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-discord.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
index 676ee0fa..6e8f62cd 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-facebook.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
index eeeea1c5..d3eee66c 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
index 99044306..ee0534af 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-hangouts.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
index 0fdd064e..23a092dc 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-telegram.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
index 4d33e5ce..fd961ec1 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -22,7 +22,7 @@
               systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
index b038b691..d2cb83c4 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -55,7 +55,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-discord.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
index fa7025aa..b174f0e0 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@@ -53,7 +53,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-groupme.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
index 8aca9562..ce3ecc6f 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -21,7 +21,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-instagram.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
index 3768a46e..e2fb6b51 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@@ -49,7 +49,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-slack.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
index 40503c39..6bf2edc7 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -53,7 +53,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-steam.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
index dddcd87e..71b1b575 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -53,7 +53,7 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-twitter.service']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml
index f2256191..e44cc73f 100644
--- a/roles/custom/matrix-dimension/tasks/setup_install.yml
+++ b/roles/custom/matrix-dimension/tasks/setup_install.yml
@@ -63,7 +63,7 @@
               additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}"
               additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}"
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
index d273b425..68be1efb 100644
--- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
+++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: custom/matrix-base
     tasks_from: ensure_openssl_installed
 
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
index d0385a7f..492cbf41 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
@@ -37,7 +37,7 @@
               systemd_services_to_stop: ['matrix-ma1sd.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml
index 7ebdec79..b17e4e56 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: custom/matrix-base
     tasks_from: ensure_openssl_installed
   when: "matrix_ssl_retrieval_method == 'self-signed'"
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
index 1057e385..fee5d3ff 100644
--- a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
+++ b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
@@ -1,7 +1,7 @@
 ---
 
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: galaxy/com.devture.ansible.role.postgres
     tasks_from: detect_existing_postgres_version
   when: 'matrix_postgres_backup_postgres_data_path != ""'
diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml
index 21b678e8..a3a4bddc 100644
--- a/roles/custom/matrix-registration/tasks/setup_install.yml
+++ b/roles/custom/matrix-registration/tasks/setup_install.yml
@@ -26,7 +26,7 @@
                 - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE;
               additional_psql_statements_db_name: "{{ matrix_registration_database_name }}"
 
-        - ansible.builtin.import_role:
+        - ansible.builtin.include_role:
             name: galaxy/com.devture.ansible.role.postgres
             tasks_from: migrate_db_to_postgres
 
diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
index e758d0dd..7fd4659d 100644
--- a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
@@ -1,6 +1,6 @@
 ---
 
-- ansible.builtin.import_role:
+- ansible.builtin.include_role:
     name: custom/matrix-base
     tasks_from: ensure_fuse_installed
 

From 4b111d05d5b23b9df3c80f328b625ddd1e1c92db Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 28 Nov 2022 07:44:59 +0200
Subject: [PATCH 101/198] Pass devture_postgres_db_migration_request to
 com.devture.ansible.role.postgres in a cleaner way

---
 .../custom/matrix-bot-buscarron/tasks/setup_install.yml  | 9 ++++-----
 roles/custom/matrix-bot-honoroit/tasks/setup_install.yml | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../custom/matrix-bot-postmoogle/tasks/setup_install.yml | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 .../tasks/setup_install.yml                              | 9 ++++-----
 roles/custom/matrix-dimension/tasks/setup_install.yml    | 9 ++++-----
 roles/custom/matrix-ma1sd/tasks/setup_install.yml        | 9 ++++-----
 roles/custom/matrix-registration/tasks/setup_install.yml | 9 ++++-----
 21 files changed, 84 insertions(+), 105 deletions(-)

diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
index f255b141..6ae0f9b9 100644
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -11,7 +11,10 @@
 
     - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_buscarron_database_connection_string }}"
@@ -20,10 +23,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-buscarron.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_bot_buscarron_requires_restart: true
 
diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
index f71f2416..f7b264a8 100644
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -11,7 +11,10 @@
 
     - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_honoroit_database_connection_string }}"
@@ -20,10 +23,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-honoroit.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_bot_honoroit_requires_restart: true
 
diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
index 46633547..39bf63e6 100644
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_bot_matrix_reminder_bot_requires_restart: true
 
diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
index cede2d35..ed2bcc9d 100644
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
@@ -8,7 +8,10 @@
 
     - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
               dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
@@ -17,10 +20,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-bot-postmoogle.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_bot_postmoogle_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
index bf5ecf42..4a6419ed 100644
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_appservice_discord_database_connString }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-appservice-discord.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_appservice_discord_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
index fd36600b..6146637f 100644
--- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
               dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
@@ -22,10 +25,6 @@
               systemd_services_to_stop: ['matrix-go-skype-bridge.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_go_skype_bridge_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
index d83101eb..f16422f7 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_discord_database_connection_string }}"
@@ -22,10 +25,6 @@
               systemd_services_to_stop: ['matrix-mautrix-discord.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_discord_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
index 6e8f62cd..758a5fed 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-facebook.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_facebook_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
index d3eee66c..c1258471 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_googlechat_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
index ee0534af..f8fdb023 100644
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-hangouts.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_hangouts_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
index 23a092dc..383d4827 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mautrix-telegram.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_telegram_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
index fd961ec1..1cf883c5 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
               dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}"
@@ -22,10 +25,6 @@
               systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mautrix_whatsapp_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
index d2cb83c4..8bf19f80 100644
--- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@@ -46,7 +46,10 @@
 
     - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_discord_database_connection_string }}"
@@ -55,10 +58,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-discord.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_discord_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
index b174f0e0..9db25e86 100644
--- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@@ -44,7 +44,10 @@
 
     - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
@@ -53,10 +56,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-groupme.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_groupme_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
index ce3ecc6f..be68d9fc 100644
--- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}"
@@ -21,10 +24,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-instagram.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_instagram_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
index e2fb6b51..e75d47e5 100644
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@@ -40,7 +40,10 @@
 
     - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_slack_database_connection_string }}"
@@ -49,10 +52,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-slack.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_slack_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
index 6bf2edc7..ca2de448 100644
--- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@@ -44,7 +44,10 @@
 
     - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_steam_database_connection_string }}"
@@ -53,10 +56,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-steam.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_steam_requires_restart: true
 
diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
index 71b1b575..a8450205 100644
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@@ -44,7 +44,10 @@
 
     - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
               dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}"
@@ -53,10 +56,6 @@
               engine_old: 'sqlite'
               systemd_services_to_stop: ['matrix-mx-puppet-twitter.service']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_mx_puppet_twitter_requires_restart: true
 
diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml
index e44cc73f..26617f7a 100644
--- a/roles/custom/matrix-dimension/tasks/setup_install.yml
+++ b/roles/custom/matrix-dimension/tasks/setup_install.yml
@@ -51,7 +51,10 @@
             - {'table': 'dimension_bridges', 'column': 'isEnabled', 'default': ''}
             - {'table': 'dimension_bridges', 'column': 'isPublic', 'default': ''}
 
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_dimension_sqlite_database_path_local }}"
               dst: "{{ matrix_dimension_database_connection_string }}"
@@ -63,10 +66,6 @@
               additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}"
               additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}"
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_dimension_requires_restart: true
 
diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
index 492cbf41..6fe20342 100644
--- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml
@@ -27,7 +27,10 @@
 
     - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_ma1sd_sqlite_database_path_local }}"
               dst: "{{ matrix_ma1sd_database_connection_string }}"
@@ -37,10 +40,6 @@
               systemd_services_to_stop: ['matrix-ma1sd.service']
               pgloader_options: ['--with "quote identifiers"']
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_ma1sd_requires_restart: true
 
diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml
index a3a4bddc..9278f2ef 100644
--- a/roles/custom/matrix-registration/tasks/setup_install.yml
+++ b/roles/custom/matrix-registration/tasks/setup_install.yml
@@ -12,7 +12,10 @@
 
     - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
       block:
-        - ansible.builtin.set_fact:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
             devture_postgres_db_migration_request:
               src: "{{ matrix_registration_sqlite_database_path_local }}"
               dst: "{{ matrix_registration_database_connection_string }}"
@@ -26,10 +29,6 @@
                 - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE;
               additional_psql_statements_db_name: "{{ matrix_registration_database_name }}"
 
-        - ansible.builtin.include_role:
-            name: galaxy/com.devture.ansible.role.postgres
-            tasks_from: migrate_db_to_postgres
-
         - ansible.builtin.set_fact:
             matrix_registration_requires_restart: true
 

From 0d322a5c86f3d001de3cf1bde76c215fe4938bed Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 28 Nov 2022 08:09:57 +0200
Subject: [PATCH 102/198] Announce matrix-postgres replacement and
 /usr/local/bin cleanup

---
 CHANGELOG.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb347c42..8bd1210d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,34 @@
+# 2022-11-28
+
+## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
+
+**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
+
+The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability.
+
+The new role is an upgraded version of the old `matrix-postgres` role with these notable differences:
+
+- it uses different names for its variables (`matrix_postgres` -> `devture_postgres`)
+- when [Vacuuming PostgreSQL](docs/maintenance-postgres.md#vacuuming-postgresql), it will vacuum all your databases, not just the Synapse one
+
+You'll need to run `make roles` to install the new role. You would also need to rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix.
+
+Note: the systemd service still remains the same - `matrix-postgres.service`. Your data will still be in `/matrix/postgres`, etc.
+Postgres-related scripts will be moved to `/matrix/postgres/bin` (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`, etc). Also see [The playbook no longer installs scripts in /usr/local/bin](#the-playbook-no-longer-installs-scripts-in-usrlocalbin).
+
+## The playbook no longer installs scripts to /usr/local/bin
+
+The locations of various scripts installed by the playbook have changed.
+
+The playbook no longer contaminates your `/usr/local/bin` directory.
+All scripts installed by the playbook now live in `bin/` directories under `/matrix`. Some examples are below:
+
+- `/usr/local/bin/matrix-remove-all` -> `/matrix/bin/remove-all`
+- `/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`
+- `/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew` -> `/matrix/ssl/bin/lets-encrypt-certificates-renew`
+- `/usr/local/bin/matrix-synapse-register-user` -> `/matrix/synapse/bin/register-user`
+
+
 # 2022-11-25
 
 ## 2x-5x performance improvements in playbook runtime

From 81054bb19c8f115e3a8eeda0cc55d09aa55a63fa Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 28 Nov 2022 09:05:22 +0200
Subject: [PATCH 103/198] Upgrade com.devture.ansible.role.postgres

---
 group_vars/matrix_servers | 9 ---------
 requirements.yml          | 2 +-
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index a2c24514..988488c7 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2263,15 +2263,6 @@ devture_postgres_gid: "{{ matrix_user_gid }}"
 devture_postgres_connection_username: matrix
 devture_postgres_db_name: matrix
 
-devture_postgres_vacuum_default_databases_list: |
-  {{
-    (
-        ([devture_postgres_db_name])
-        +
-        (devture_postgres_additional_databases | map(attribute='name'))
-    ) | unique
-  }}
-
 devture_postgres_systemd_services_to_stop_for_maintenance_list: |
   {{
     ['matrix-' + matrix_homeserver_implementation + '.service']
diff --git a/requirements.yml b/requirements.yml
index 951bb5e1..64551b9e 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: 0985b594b17942e7aa6346d8967c02c3686cecb1
+  version: e55623caa4c33fa22e897966f4def7ae04dc8261
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096

From 5b266471270b20dd3dd4721d99f32f035b29670f Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 28 Nov 2022 09:24:25 +0200
Subject: [PATCH 104/198] Upgrade Certbot (v1.31.0 -> v2.0.0) and switch to new
 default key type (ecdsa)

More details about the new key type can be found here:
https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys

Existing RSA-based keys will continue to renew as RSA until manual
action is taken. Example from the documentation above:
> certbot renew --key-type ecdsa --cert-name example.com --force-renewal

In the future, we may add a command which does this automatically for
all domains.
---
 roles/custom/matrix-nginx-proxy/defaults/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 0830d4f4..839211e0 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -554,7 +554,7 @@ matrix_ssl_lets_encrypt_staging: false
 # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
 matrix_ssl_lets_encrypt_server: ''
 
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.31.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v2.0.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~
@@ -567,8 +567,8 @@ matrix_ssl_lets_encrypt_support_email: ~
 matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'
 
 # Specify key type of the private key algorithm.
-# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys
-matrix_ssl_lets_encrypt_key_type: rsa
+# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys
+matrix_ssl_lets_encrypt_key_type: ecdsa
 
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"

From 4b2d30a474d0bd9f2ff9f61f104238592b27058e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 28 Nov 2022 18:33:18 +0200
Subject: [PATCH 105/198] Fix matrix_dendrite_client_api_turn_shared_secret not
 being defined

Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
---
 group_vars/matrix_servers                              | 2 +-
 roles/custom/matrix-dendrite/defaults/main.yml         | 2 +-
 roles/custom/matrix-dendrite/tasks/validate_config.yml | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 988488c7..f2b307b1 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -3026,7 +3026,7 @@ matrix_dendrite_client_api_turn_uris: |
     else []
   }}
 
-matrix_dendrite_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
+matrix_dendrite_client_api_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
 
 matrix_dendrite_disable_tls_validation: "{{ true if matrix_ssl_retrieval_method == 'self-signed' else false }}"
 
diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index 37054518..67a485e9 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -152,7 +152,7 @@ matrix_dendrite_pushserver_database: "dendrite_pushserver"
 matrix_dendrite_mscs_database: "dendrite_mscs"
 
 matrix_dendrite_client_api_turn_uris: []
-matrix_dendrite_client_api_turn_client_api_shared_secret: ""
+matrix_dendrite_client_api_turn_shared_secret: ""
 matrix_dendrite_client_api_turn_allow_guests: false
 
 matrix_dendrite_disable_tls_validation: false
diff --git a/roles/custom/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml
index 9b1466e1..53c17498 100644
--- a/roles/custom/matrix-dendrite/tasks/validate_config.yml
+++ b/roles/custom/matrix-dendrite/tasks/validate_config.yml
@@ -21,7 +21,8 @@
     - {'old': 'matrix_dendrite_registration_disabled', 'new': 'matrix_dendrite_client_api_registration_disabled'}
     - {'old': 'matrix_dendrite_registration_shared_secret', 'new': 'matrix_dendrite_client_api_registration_shared_secret'}
     - {'old': 'matrix_dendrite_turn_uris', 'new': 'matrix_dendrite_client_api_turn_uris'}
-    - {'old': 'matrix_dendrite_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_client_api_shared_secret'}
+    - {'old': 'matrix_dendrite_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_shared_secret'}
+    - {'old': 'matrix_dendrite_client_api_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_shared_secret'}
     - {'old': 'matrix_dendrite_turn_allow_guests', 'new': 'matrix_dendrite_client_api_turn_allow_guests'}
     - {'old': 'matrix_dendrite_rate_limiting_enabled', 'new': 'matrix_dendrite_client_api_rate_limiting_enabled'}
     - {'old': 'matrix_dendrite_rate_limiting_threshold', 'new': 'matrix_dendrite_client_api_rate_limiting_threshold'}

From 8c5e34b37fdf831a71a4f1fd3afd54a66802591f Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 29 Nov 2022 08:20:36 +0200
Subject: [PATCH 106/198] Upgrade ddclient (v3.10.0-ls105 -> v3.10.0-ls106)

---
 roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml
index 86129e61..95e197f3 100644
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.10.0-ls105
+matrix_dynamic_dns_version: v3.10.0-ls106
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

From d5e8d2a93946b8553e9fa2dc32cc207090275609 Mon Sep 17 00:00:00 2001
From: Array in a Matrix <tensor@arrayinamatrix.xyz>
Date: Tue, 29 Nov 2022 11:58:00 -0500
Subject: [PATCH 107/198] update dendrite

---
 roles/custom/matrix-dendrite/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml
index 67a485e9..32f262ad 100644
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
 
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "docker.io/"
-matrix_dendrite_docker_image_tag: "v0.10.7"
+matrix_dendrite_docker_image_tag: "v0.10.8"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

From b25385dffd422f52f7685ad964a9862ffa4b8d28 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 29 Nov 2022 20:16:29 +0200
Subject: [PATCH 108/198] Upgrade com.devture.ansible.role.postgres

---
 requirements.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.yml b/requirements.yml
index 64551b9e..c8daa650 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: e55623caa4c33fa22e897966f4def7ae04dc8261
+  version: b547c81ed69a659be22016df35cc0d82cb444a76
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096

From 3424a1169dbb9c78d4a6b3f8a644f35011762118 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?=
 <laszlo.varady@protonmail.com>
Date: Wed, 30 Nov 2022 02:44:15 +0100
Subject: [PATCH 109/198] Fix Docker installation typo in FAQ

---
 docs/faq.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/faq.md b/docs/faq.md
index d2b88cf6..25d02e7c 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -317,7 +317,7 @@ If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by def
 Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
 
 ```yaml
-matrix_playbook_docker_installation_enabled: true
+matrix_playbook_docker_installation_enabled: false
 ```
 
 ### I run another webserver on the same server where I wish to install Matrix. What now?

From 7e2e2626a042246962b1c4ec90988af332671ebd Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 08:13:39 +0200
Subject: [PATCH 110/198] Make hookshot variable names consistent with the rest
 of the playbook

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2256
---
 docs/configuring-playbook-bridge-hookshot.md  |  2 +-
 .../matrix-bridge-hookshot/defaults/main.yml  | 39 ++++++-----
 .../tasks/validate_config.yml                 | 56 ++++++++++-----
 .../templates/config.yml.j2                   | 69 +++++++++----------
 4 files changed, 94 insertions(+), 72 deletions(-)

diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 89ab0768..54f6636b 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -93,4 +93,4 @@ To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This
 
 ### Collision with matrix-appservice-webhooks
 
-If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`).
+If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index 4e696584..a81d4706 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -52,7 +52,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook
 # You need to create a GitHub app to enable this and fill in the empty variables below
 # https://matrix-org.github.io/matrix-hookshot/setup/github.html
 matrix_hookshot_github_enabled: false
-matrix_hookshot_github_appid: ''
+matrix_hookshot_github_auth_id: ''
 # Set this variable to the contents of the generated and downloaded GitHub private key:
 # matrix_hookshot_github_private_key: |
 #   -----BEGIN RSA PRIVATE KEY-----
@@ -61,7 +61,7 @@ matrix_hookshot_github_appid: ''
 # Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info.
 matrix_hookshot_github_private_key: ''
 matrix_hookshot_github_private_key_file: 'private-key.pem'
-matrix_hookshot_github_secret: ''  # "Webhook secret" on the GitHub App page
+matrix_hookshot_github_webhook_secret: ''  # "Webhook secret" on the GitHub App page
 matrix_hookshot_github_oauth_enabled: false
 # You need to configure oauth settings only when you have enabled oauth (optional)
 matrix_hookshot_github_oauth_id: ''  # "Client ID" on the GitHub App page
@@ -69,14 +69,17 @@ matrix_hookshot_github_oauth_secret: ''  # "Client Secret" on the GitHub App pag
 # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
 matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
 matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
+
 # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
-matrix_hookshot_github_ignore_hooks: "{}"
-matrix_hookshot_github_command_prefix: '!gh'
-matrix_hookshot_github_showIssueRoomLink: false  # noqa var-naming
-matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}"
-matrix_hookshot_github_including_labels: ''
-matrix_hookshot_github_excluding_labels: ''
-matrix_hookshot_github_hotlink_prefix: "#"
+matrix_hookshot_github_defaultOptions_ignoreHooks: {}  # noqa var-naming
+matrix_hookshot_github_defaultOptions_commandPrefix: '!gh'  # noqa var-naming
+matrix_hookshot_github_defaultOptions_showIssueRoomLink: false   # noqa var-naming
+matrix_hookshot_github_defaultOptions_prDiff:   # noqa var-naming
+  enabled: false
+  maxLines: 5
+matrix_hookshot_github_defaultOptions_includingLabels: ''  # noqa var-naming
+matrix_hookshot_github_defaultOptions_excludingLabels: ''  # noqa var-naming
+matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix: "#"  # noqa var-naming
 
 
 matrix_hookshot_gitlab_enabled: true
@@ -91,7 +94,7 @@ matrix_hookshot_gitlab_instances:
     url: https://gitlab.com
 
 # This will be the "Secret token" you have to enter into all GitLab instances for authentication
-matrix_hookshot_gitlab_secret: ''
+matrix_hookshot_gitlab_webhook_secret: ''
 
 
 matrix_hookshot_figma_enabled: false
@@ -104,17 +107,17 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hooks
 #       teamId: your-team-id
 #       accessToken: your-personal-access-token
 #       passcode: your-webhook-passcode
-
+matrix_hookshot_figma_instances: {}
 
 matrix_hookshot_jira_enabled: false
 # Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth
-matrix_hookshot_jira_secret: ''
+matrix_hookshot_jira_webhook_secret: ''
 matrix_hookshot_jira_oauth_enabled: false
-matrix_hookshot_jira_oauth_id: ''
-matrix_hookshot_jira_oauth_secret: ''
+matrix_hookshot_jira_oauth_client_id: ''
+matrix_hookshot_jira_oauth_client_secret: ''
 # Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth"
 matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth"
-matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}"
+matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}"
 
 
 # No need to change these
@@ -122,10 +125,10 @@ matrix_hookshot_generic_enabled: true
 # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
 matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
 # urlprefix gets updated with protocol & port in group_vars/matrix_servers
-matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
-matrix_hookshot_generic_allow_js_transformation_functions: false
+matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
+matrix_hookshot_generic_allowJsTransformationFunctions: false
 # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
-matrix_hookshot_generic_user_id_prefix: '_webhooks_'
+matrix_hookshot_generic_userIdPrefix: '_webhooks_'
 
 
 matrix_hookshot_feeds_enabled: true
diff --git a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
index 3392f1b6..91d29ece 100644
--- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
@@ -1,5 +1,34 @@
 ---
 
+- name: (Deprecation) Catch and report renamed Hookshot variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
+    - {'old': 'matrix_hookshot_generic_urlprefix', 'new': 'matrix_hookshot_generic_urlPrefix'}
+    - {'old': 'matrix_hookshot_generic_allow_js_transformation_functions', 'new': 'matrix_hookshot_generic_allowJsTransformationFunctions'}
+    - {'old': 'matrix_hookshot_generic_user_id_prefix', 'new': 'matrix_hookshot_generic_userIdPrefix'}
+    - {'old': 'matrix_hookshot_github_secret', 'new': 'matrix_hookshot_github_webhook_secret'}
+    - {'old': 'matrix_hookshot_github_appid', 'new': 'matrix_hookshot_github_auth_id'}
+    - {'old': 'matrix_hookshot_github_oauth_id', 'new': 'matrix_hookshot_github_oauth_client_id'}
+    - {'old': 'matrix_hookshot_github_oauth_secret', 'new': 'matrix_hookshot_github_oauth_client_secret'}
+    - {'old': 'matrix_hookshot_github_oauth_uri', 'new': 'matrix_hookshot_github_oauth_redirect_uri'}
+    - {'old': 'matrix_hookshot_github_ignore_hooks', 'new': 'matrix_hookshot_github_defaultOptions_ignoreHooks'}
+    - {'old': 'matrix_hookshot_github_command_prefix', 'new': 'matrix_hookshot_github_defaultOptions_commandPrefix'}
+    - {'old': 'matrix_hookshot_github_showIssueRoomLink', 'new': 'matrix_hookshot_github_defaultOptions_showIssueRoomLink'}
+    - {'old': 'matrix_hookshot_github_pr_diff', 'new': 'matrix_hookshot_github_defaultOptions_prDiff'}
+    - {'old': 'matrix_hookshot_github_including_labels', 'new': 'matrix_hookshot_github_defaultOptions_includingLabels'}
+    - {'old': 'matrix_hookshot_github_excluding_labels', 'new': 'matrix_hookshot_github_defaultOptions_excludingLabels'}
+    - {'old': 'matrix_hookshot_github_hotlink_prefix', 'new': 'matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix'}
+    - {'old': 'matrix_hookshot_jira_secret', 'new': 'matrix_hookshot_jira_webhook_secret'}
+    - {'old': 'matrix_hookshot_jira_oauth_id', 'new': 'matrix_hookshot_jira_oauth_client_id'}
+    - {'old': 'matrix_hookshot_jira_oauth_secret', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
+    - {'old': 'matrix_hookshot_jira_oauth_uri', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
+    - {'old': 'matrix_hookshot_gitlab_secret', 'new': 'matrix_hookshot_gitlab_webhook_secret'}
+
 - name: Fail if required settings not defined
   ansible.builtin.fail:
     msg: >-
@@ -15,8 +44,8 @@
       You need to define a required configuration setting (`{{ item }}`) to enable GitHub.
   when: "matrix_hookshot_github_enabled and vars[item] == ''"
   with_items:
-    - "matrix_hookshot_github_appid"
-    - "matrix_hookshot_github_secret"
+    - "matrix_hookshot_github_auth_id"
+    - "matrix_hookshot_github_webhook_secret"
 
 - name: Fail if required GitHub OAuth settings not defined
   ansible.builtin.fail:
@@ -24,8 +53,8 @@
       You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth.
   when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''"
   with_items:
-    - "matrix_hookshot_github_oauth_id"
-    - "matrix_hookshot_github_oauth_secret"
+    - "matrix_hookshot_github_oauth_client_id"
+    - "matrix_hookshot_github_oauth_client_secret"
 
 - name: Fail if required Jira settings not defined
   ansible.builtin.fail:
@@ -33,7 +62,7 @@
       You need to define a required configuration setting (`{{ item }}`) to enable Jira.
   when: "matrix_hookshot_jira_enabled and vars[item] == ''"
   with_items:
-    - "matrix_hookshot_jira_secret"
+    - "matrix_hookshot_jira_webhook_secret"
 
 - name: Fail if required Jira OAuth settings not defined
   ansible.builtin.fail:
@@ -41,14 +70,14 @@
       You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth.
   when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''"
   with_items:
-    - "matrix_hookshot_jira_oauth_id"
-    - "matrix_hookshot_jira_oauth_secret"
+    - "matrix_hookshot_jira_oauth_client_id"
+    - "matrix_hookshot_jira_oauth_client_secret"
 
 - name: Fail if required Figma settings not defined
   ansible.builtin.fail:
     msg: >-
-      You need to define at least one Figma instance to enable Figma.
-  when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined"
+      You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma.
+  when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0"
 
 - name: Fail if required provisioning settings not defined
   ansible.builtin.fail:
@@ -58,15 +87,6 @@
   with_items:
     - "matrix_hookshot_provisioning_secret"
 
-- name: (Deprecation) Catch and report renamed Hookshot variables
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "item.old in vars"
-  with_items:
-    - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
-
 - name: (Deprecation) Catch and report old metrics usage
   ansible.builtin.fail:
     msg: >-
diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
index 527afafa..2eded104 100644
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
@@ -14,69 +14,68 @@ github:
   auth:
     # Authentication for the GitHub App.
     #
-    id: {{ matrix_hookshot_github_appid }}
+    id: {{ matrix_hookshot_github_auth_id | to_json }}
     privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
   webhook:
     # Webhook settings for the GitHub app.
     #
-    secret: {{ matrix_hookshot_github_secret|to_json }}
+    secret: {{ matrix_hookshot_github_webhook_secret | to_json }}
 {% if matrix_hookshot_github_oauth_enabled %}
   oauth:
     # (Optional) Settings for allowing users to sign in via OAuth.
     #
-    client_id: {{ matrix_hookshot_github_oauth_id }}
-    client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }}
-    redirect_uri: {{ matrix_hookshot_github_oauth_uri }}
+    client_id: {{ matrix_hookshot_github_oauth_client_id | to_json }}
+    client_secret: {{ matrix_hookshot_github_oauth_client_secret | to_json }}
+    redirect_uri: {{ matrix_hookshot_github_oauth_redirect_uri | to_json }}
 {% endif %}
   defaultOptions:
     # (Optional) Default options for GitHub connections.
     #
-    ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }}
-    commandPrefix: "{{ matrix_hookshot_github_command_prefix }}"
-    showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }}
-    prDiff: {{ matrix_hookshot_github_pr_diff }}
-    includingLabels:{{ matrix_hookshot_github_including_labels }}
-    excludingLabels: {{ matrix_hookshot_github_excluding_labels }}
+    ignoreHooks: {{ matrix_hookshot_github_defaultOptions_ignoreHooks | to_json }}
+    commandPrefix: {{ matrix_hookshot_github_defaultOptions_commandPrefix | to_json }}
+    showIssueRoomLink: {{ matrix_hookshot_github_defaultOptions_showIssueRoomLink | to_json }}
+    prDiff: {{ matrix_hookshot_github_defaultOptions_prDiff | to_json }}
+    includingLabels: {{ matrix_hookshot_github_defaultOptions_includingLabels | to_json }}
+    excludingLabels: {{ matrix_hookshot_github_defaultOptions_excludingLabels | to_json }}
     hotlinkIssues:
-      prefix: "{{ matrix_hookshot_github_hotlink_prefix }}"
+      prefix: {{ matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix | to_json }}
 {% endif %}
 {% if matrix_hookshot_gitlab_enabled %}
 gitlab:
   # (Optional) Configure this to enable GitLab support
   #
-  instances:
-    {{ matrix_hookshot_gitlab_instances }}
+  instances: {{ matrix_hookshot_gitlab_instances | to_json }}
   webhook:
-    secret: {{ matrix_hookshot_gitlab_secret|to_json }}
+    secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }}
 {% endif %}
 {% if matrix_hookshot_figma_enabled %}
 figma:
   # (Optional) Configure this to enable Figma support
   #
-  publicUrl: {{ matrix_hookshot_figma_publicUrl }}
-  instances: {{ matrix_hookshot_figma_instances }}
+  publicUrl: {{ matrix_hookshot_figma_publicUrl | to_json }}
+  instances: {{ matrix_hookshot_figma_instances | to_json }}
 {% endif %}
 {% if matrix_hookshot_jira_enabled %}
 jira:
   # (Optional) Configure this to enable Jira support
   #
   webhook:
-    secret: {{ matrix_hookshot_jira_secret|to_json }}
+    secret: {{ matrix_hookshot_jira_webhook_secret | to_json }}
 {% if matrix_hookshot_jira_oauth_enabled %}
   oauth:
-    client_id: {{ matrix_hookshot_jira_oauth_id|to_json }}
-    client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }}
-    redirect_uri: {{ matrix_hookshot_jira_oauth_uri }}
+    client_id: {{ matrix_hookshot_jira_oauth_client_id | to_json }}
+    client_secret: {{ matrix_hookshot_jira_oauth_client_secret | to_json }}
+    redirect_uri: {{ matrix_hookshot_jira_oauth_redirect_uri | to_json }}
 {% endif %}
 {% endif %}
 {% if matrix_hookshot_generic_enabled %}
 generic:
   # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
   #
-  enabled: {{ matrix_hookshot_generic_enabled }}
-  urlPrefix: {{ matrix_hookshot_generic_urlprefix }}
-  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
-  userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
+  enabled: {{ matrix_hookshot_generic_enabled | to_json }}
+  urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
+  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
+  userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
 {% endif %}
 {% if matrix_hookshot_feeds_enabled %}
 feeds:
@@ -90,7 +89,7 @@ feeds:
 provisioning:
   # (Optional) Provisioning API for integration managers
   #
-  secret: {{ matrix_hookshot_provisioning_secret|to_json }}
+  secret: {{ matrix_hookshot_provisioning_secret | to_json }}
 {% endif %}
 passFile:
   # A passkey used to encrypt tokens stored inside the bridge.
@@ -100,12 +99,12 @@ passFile:
 bot:
   # (Optional) Define profile information for the bot user
   #
-  displayname: {{ matrix_hookshot_bot_displayname }}
-  avatar: {{ matrix_hookshot_bot_avatar }}
+  displayname: {{ matrix_hookshot_bot_displayname | to_json }}
+  avatar: {{ matrix_hookshot_bot_avatar | to_json }}
 metrics:
   # (Optional) Prometheus metrics support
   #
-  enabled: {{ matrix_hookshot_metrics_enabled }}
+  enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
 logging:
   # (Optional) Logging settings. You can have a severity debug,info,warn,error
   #
@@ -114,20 +113,20 @@ logging:
 widgets:
   # (Optional) EXPERIMENTAL support for complimentary widgets
   #
-  addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }}
+  addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms | to_json }}
 {% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
   roomSetupWidget:
-    addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }}
+    addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite | to_json }}
 {% endif %}
 {% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
-  disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }}
+  disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges | to_json }}
 {% endif %}
-  publicUrl: {{ matrix_hookshot_widgets_publicUrl }}
+  publicUrl: {{ matrix_hookshot_widgets_publicUrl | to_json }}
   branding:
-    widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }}
+    widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle | to_json }}
 {% endif %}
 {% if matrix_hookshot_permissions %}
-permissions: {{ matrix_hookshot_permissions }}
+permissions: {{ matrix_hookshot_permissions | to_json }}
 {% endif %}
 listeners:
   # (Optional) HTTP Listener configuration.

From 84f306b236e50b04240d4cb7b466e547d1a01189 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 08:16:33 +0200
Subject: [PATCH 111/198] Add support for enableHttpGet and waitForComplete
 Hookshot options

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2256
---
 roles/custom/matrix-bridge-hookshot/defaults/main.yml       | 4 +++-
 roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index a81d4706..30f3eba3 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -122,13 +122,15 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
 
 # No need to change these
 matrix_hookshot_generic_enabled: true
+matrix_hookshot_generic_enableHttpGet: false
 # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
 matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
 # urlprefix gets updated with protocol & port in group_vars/matrix_servers
 matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
-matrix_hookshot_generic_allowJsTransformationFunctions: false
 # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
 matrix_hookshot_generic_userIdPrefix: '_webhooks_'
+matrix_hookshot_generic_allowJsTransformationFunctions: false
+matrix_hookshot_generic_waitForComplete: false
 
 
 matrix_hookshot_feeds_enabled: true
diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
index 2eded104..4138f599 100644
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
@@ -73,9 +73,11 @@ generic:
   # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
   #
   enabled: {{ matrix_hookshot_generic_enabled | to_json }}
+  enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
   urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
-  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
   userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
+  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
+  waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }}
 {% endif %}
 {% if matrix_hookshot_feeds_enabled %}
 feeds:

From 4a62df2ea3057484c4d35b3fce0ae7a6f547e2e6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 08:18:41 +0200
Subject: [PATCH 112/198] Make Hookshot logging-level configurable

---
 roles/custom/matrix-bridge-hookshot/defaults/main.yml       | 2 ++
 roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index 30f3eba3..09d214fe 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -146,6 +146,8 @@ matrix_hookshot_provisioning_enabled: false
 matrix_hookshot_provisioning_internal: "/v1"
 matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}"
 
+# Valid logging levels are: debug, info, warn, error
+matrix_hookshot_logging_level: warn
 
 matrix_hookshot_widgets_enabled: true
 matrix_hookshot_widgets_port: 9003
diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
index 4138f599..c3b0bbd4 100644
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
@@ -110,7 +110,7 @@ metrics:
 logging:
   # (Optional) Logging settings. You can have a severity debug,info,warn,error
   #
-  level: warn
+  level: {{ matrix_hookshot_logging_level | to_json }}
 {% if matrix_hookshot_widgets_enabled %}
 widgets:
   # (Optional) EXPERIMENTAL support for complimentary widgets

From bc64d8ed9a69f0a7226df7ef611ad367886aed10 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 08:32:29 +0200
Subject: [PATCH 113/198] Upgrade prometheus-node-exporter (v1.4.0 -> v1.5.0)

---
 roles/custom/matrix-prometheus-node-exporter/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml
index 9b89519c..070e8616 100644
--- a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.4.0
+matrix_prometheus_node_exporter_version: v1.5.0
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 

From de979bc6a22a99384f17b07c4bf44c3a221deb9b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 09:42:06 +0200
Subject: [PATCH 114/198] Upgrade com.devture.ansible.role.postgres

---
 group_vars/matrix_servers | 6 +++---
 requirements.yml          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index f2b307b1..91583397 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1686,7 +1686,7 @@ matrix_backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connectio
 matrix_backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
 matrix_backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
 matrix_backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
-matrix_backup_borg_postgresql_databases: "{{ devture_postgres_additional_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
+matrix_backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
 
 matrix_backup_borg_location_source_directories:
   - "{{ matrix_base_data_path }}"
@@ -2268,7 +2268,7 @@ devture_postgres_systemd_services_to_stop_for_maintenance_list: |
     ['matrix-' + matrix_homeserver_implementation + '.service']
   }}
 
-devture_postgres_additional_databases: |
+devture_postgres_managed_databases_auto: |
   {{
     ([{
       'name': matrix_synapse_database_database,
@@ -2978,7 +2978,7 @@ matrix_postgres_backup_connection_password: "{{ devture_postgres_connection_pass
 
 matrix_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
 
-matrix_postgres_backup_databases: "{{ devture_postgres_additional_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
+matrix_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
 
 ######################################################################
 #
diff --git a/requirements.yml b/requirements.yml
index c8daa650..f7b72d1a 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: b547c81ed69a659be22016df35cc0d82cb444a76
+  version: 381feb7f671c60e8875298102a7c9b41242979ee
 
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096

From 65019a57744a636da21ab97f29666f9b21475df8 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 30 Nov 2022 08:30:50 +0000
Subject: [PATCH 115/198] Update prometheus 2.40.2 -> 2.40.4

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index e4c55da9..a6f22110 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.2
+matrix_prometheus_version: v2.40.4
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From d37adfba4e546e4bda3b93d6ccfddf30d54b27b4 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 30 Nov 2022 08:48:07 +0000
Subject: [PATCH 116/198] Update grafana 9.2.6 -> 9.2.7

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index fa55c9c2..fb1d66b1 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.2.6
+matrix_grafana_version: 9.2.7
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From 4eed49f9312dca2af4cafde6905ece965dc13843 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 10:59:25 +0200
Subject: [PATCH 117/198] Replace custom/matrix-postgres-backup role with
 galaxy/com.devture.ansible.role.postgres_backup

This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
---
 CHANGELOG.md                                  |  9 +++
 docs/configuring-playbook-postgres-backup.md  | 17 +++---
 group_vars/matrix_servers                     | 59 ++++++++++++-------
 playbooks/matrix.yml                          |  5 +-
 requirements.yml                              |  3 +
 .../matrix-postgres-backup/defaults/main.yml  | 45 --------------
 .../matrix-postgres-backup/tasks/main.yml     | 20 -------
 .../tasks/setup_install.yml                   | 51 ----------------
 .../tasks/setup_uninstall.yml                 | 39 ------------
 .../tasks/validate_config.yml                 | 27 ---------
 .../templates/env-postgres-backup.j2          | 12 ----
 .../systemd/matrix-postgres-backup.service.j2 | 31 ----------
 .../tasks/validate_config.yml                 | 10 ++--
 13 files changed, 69 insertions(+), 259 deletions(-)
 delete mode 100644 roles/custom/matrix-postgres-backup/defaults/main.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/main.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/setup_install.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/tasks/validate_config.yml
 delete mode 100644 roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2
 delete mode 100644 roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8bd1210d..3be19f00 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+# 2022-11-30
+
+## matrix-postgres-backup has been replaced by the com.devture.ansible.role.postgres_backup external role
+
+Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup).
+
+You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix.
+
+
 # 2022-11-28
 
 ## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md
index 75b599c8..2510ecc1 100644
--- a/docs/configuring-playbook-postgres-backup.md
+++ b/docs/configuring-playbook-postgres-backup.md
@@ -1,6 +1,6 @@
 # Setting up postgres backup (optional)
 
-The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
+The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you via the [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup) Ansible role.
 
 For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead.
 
@@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al
 Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
 
 ```yaml
-matrix_postgres_backup_enabled: true
+devture_postgres_backup_enabled: true
 ```
 
 Refer to the table below for additional configuration variables and their default values.
@@ -18,12 +18,13 @@ Refer to the table below for additional configuration variables and their defaul
 
 | Name                              | Default value                | Description                                                      |
 | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
-|`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
-|`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
-|`matrix_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
-|`matrix_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
-|`matrix_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
-|`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups|
+|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
+|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
+|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
+|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
+|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
+|`devture_postgres_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_data_path` |
+|`devture_postgres_data_path` | `"{{ devture_postgres_base_path }}/data"` | Storage path for postgres-backup database backups |
 
 
 ## Installing
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 91583397..6824d892 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -289,7 +289,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
     +
-    ([{'name': 'matrix-postgres-backup.service', 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if matrix_postgres_backup_enabled else [])
+    ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
     +
     ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else [])
     +
@@ -2241,6 +2241,7 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
 #
 ######################################################################
 
+
 ########################################################################
 #                                                                      #
 # com.devture.ansible.role.postgres                                    #
@@ -2504,6 +2505,42 @@ devture_postgres_managed_databases_auto: |
 #                                                                      #
 ########################################################################
 
+
+########################################################################
+#                                                                      #
+# com.devture.ansible.role.postgres_backup                             #
+#                                                                      #
+########################################################################
+
+devture_postgres_backup_enabled: false
+
+devture_postgres_backup_identifier: matrix-postgres-backup
+
+devture_postgres_backup_architecture: "{{ matrix_architecture }}"
+
+devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup"
+
+devture_postgres_backup_container_network: "{{ matrix_docker_network }}"
+
+devture_postgres_backup_uid: "{{ matrix_user_uid }}"
+devture_postgres_backup_gid: "{{ matrix_user_gid }}"
+
+devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
+devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
+devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
+
+devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
+
+devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
+
+########################################################################
+#                                                                      #
+# /com.devture.ansible.role.postgres_backup                            #
+#                                                                      #
+########################################################################
+
+
 ######################################################################
 #
 # matrix-sygnal
@@ -2965,26 +3002,6 @@ matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_gener
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-postgres-backup
-#
-######################################################################
-
-matrix_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
-matrix_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
-matrix_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
-matrix_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
-
-matrix_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
-
-matrix_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
-
-######################################################################
-#
-# /matrix-postgres-backup
-#
-######################################################################
 
 ######################################################################
 #
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index d97b9283..5b6f1cce 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -97,8 +97,11 @@
     - custom/matrix-nginx-proxy
     - custom/matrix-coturn
     - custom/matrix-aux
-    - custom/matrix-postgres-backup
+
+    - role: galaxy/com.devture.ansible.role.postgres_backup
+
     - custom/matrix-backup-borg
+
     - custom/matrix-user-creator
     - custom/matrix-common-after
 
diff --git a/requirements.yml b/requirements.yml
index f7b72d1a..0711fa4e 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -21,6 +21,9 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
   version: 381feb7f671c60e8875298102a7c9b41242979ee
 
+- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
+  version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b
+
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
 
diff --git a/roles/custom/matrix-postgres-backup/defaults/main.yml b/roles/custom/matrix-postgres-backup/defaults/main.yml
deleted file mode 100644
index 8e45a8e2..00000000
--- a/roles/custom/matrix-postgres-backup/defaults/main.yml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-# Project source code URL: https://github.com/prodrigestivill/docker-postgres-backup-local
-
-matrix_postgres_backup_enabled: false
-
-matrix_postgres_backup_connection_hostname: ''
-matrix_postgres_backup_connection_port: 5432
-matrix_postgres_backup_connection_username: "matrix"
-matrix_postgres_backup_connection_password: ""
-
-matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs"
-matrix_postgres_backup_schedule: "@daily"
-matrix_postgres_backup_keep_days: 7
-matrix_postgres_backup_keep_weeks: 4
-matrix_postgres_backup_keep_months: 12
-matrix_postgres_backup_healthcheck_port: "8080"
-matrix_postgres_backup_databases: []
-matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup"
-
-# Specifies where the Postgres data is.
-# We use this to autodetect the Postgres version during playbook runtime (by parsing the `PG_VERSION` file contained there).
-# You can leave this empty to prevent auto-detection.
-matrix_postgres_backup_postgres_data_path: ""
-
-matrix_postgres_backup_architecture: amd64
-
-# matrix_postgres_backup_docker_image_distro controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
-# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
-# On ARM32, `-alpine` images fail with the following error:
-# > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
-matrix_postgres_backup_docker_image_distro: "{{ 'alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else 'debian' }}"
-
-matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6-{{ matrix_postgres_backup_docker_image_distro }}-2aa03d1"
-matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_v15: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:15-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5"
-matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v15 }}"
-
-# This variable is assigned at runtime. Overriding its value has no effect.
-matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}'
-
-matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}"
diff --git a/roles/custom/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml
deleted file mode 100644
index 4db5c82e..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-- block:
-    - when: matrix_postgres_backup_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_postgres_backup_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  tags:
-    - setup-all
-    - setup-postgres-backup
-    - install-all
-    - install-postgres-backup
-
-- block:
-    - when: not matrix_postgres_backup_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  tags:
-    - setup-all
-    - setup-postgres-backup
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml b/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
deleted file mode 100644
index fee5d3ff..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/setup_install.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-
-
-- ansible.builtin.include_role:
-    name: galaxy/com.devture.ansible.role.postgres
-    tasks_from: detect_existing_postgres_version
-  when: 'matrix_postgres_backup_postgres_data_path != ""'
-
-# If we have found an existing version (installed from before), we use its corresponding Docker image.
-# If not, we install using the latest Postgres.
-#
-# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`).
-- ansible.builtin.set_fact:
-    matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image | default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}"
-
-- name: Ensure postgres backup Docker image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_postgres_backup_docker_image_to_use }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}"
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure Postgres backup paths exist
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0700
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - "{{ matrix_postgres_backup_path }}"
-
-- name: Ensure Postgres environment variables file created
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    mode: 0640
-  with_items:
-    - "env-postgres-backup"
-
-- name: Ensure matrix-postgres-backup.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-    mode: 0644
diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml b/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
deleted file mode 100644
index 61b6840c..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/setup_uninstall.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-
-- name: Check existence of matrix-postgres-backup service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-  register: matrix_postgres_backup_service_stat
-
-
-- when: matrix_postgres_backup_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-postgres-backup is stopped
-      ansible.builtin.service:
-        name: matrix-postgres-backup
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-postgres-backup.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service"
-        state: absent
-
-- name: Check existence of matrix-postgres-backup backup path
-  ansible.builtin.stat:
-    path: "{{ matrix_postgres_backup_path }}"
-  register: matrix_postgres_backup_path_stat
-
-# We just want to notify the user. Deleting data is too destructive.
-- name: Inject warning if matrix-postgres backup data remains
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it."
-        ]
-      }}
-  when: matrix_postgres_backup_path_stat.stat.exists | bool
diff --git a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml
deleted file mode 100644
index 285328c2..00000000
--- a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-
-- name: Fail if required postgres-backup settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_postgres_backup_connection_hostname"
-    - "matrix_postgres_backup_connection_username"
-    - "matrix_postgres_backup_connection_password"
-    - "matrix_postgres_backup_connection_port"
-    - "matrix_postgres_backup_schedule"
-    - "matrix_postgres_backup_keep_days"
-    - "matrix_postgres_backup_keep_weeks"
-    - "matrix_postgres_backup_keep_months"
-    - "matrix_postgres_backup_path"
-    - "matrix_postgres_backup_databases"
-
-- name: (Deprecation) Catch and report renamed settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "item.old in vars"
-  with_items:
-    - {'old': 'matrix_postgres_backup_docker_image_suffix', 'new': 'matrix_postgres_backup_docker_image_distro'}
diff --git a/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2
deleted file mode 100644
index 5a3a1ffd..00000000
--- a/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-POSTGRES_USER={{ matrix_postgres_backup_connection_username }}
-POSTGRES_PASSWORD={{ matrix_postgres_backup_connection_password }}
-POSTGRES_HOST={{ matrix_postgres_backup_connection_hostname }}
-POSTGRES_DB={{ matrix_postgres_backup_databases|join(', ') }}
-POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }}
-SCHEDULE={{ matrix_postgres_backup_schedule }}
-BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }}
-BACKUP_KEEP_WEEKS={{ matrix_postgres_backup_keep_weeks }}
-BACKUP_KEEP_MONTHS={{ matrix_postgres_backup_keep_months }}
-HEALTHCHECK_PORT={{ matrix_postgres_backup_healthcheck_port }}
-POSTGRES_PORT={{ matrix_postgres_backup_connection_port }}
\ No newline at end of file
diff --git a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2
deleted file mode 100644
index 618eb548..00000000
--- a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2
+++ /dev/null
@@ -1,31 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=Automatic Backup of  Matrix Postgres server
-After=docker.service
-Requires=docker.service
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true'
-
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-backup \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--network={{ matrix_docker_network }} \
-			--env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \
-			--mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \
-			{{ matrix_postgres_backup_docker_image_to_use }}
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-postgres-backup
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 00c88192..f4ce2bdc 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -41,8 +41,10 @@
       The matrix-postgres role in the playbook has been replaced with the com.devture.ansible.role.postgres role (https://github.com/devture/com.devture.ansible.role.postgres).
       The new role is pretty much the same, but uses differently named variables.
 
-      Please change your configuration (vars.yml) to rename all matrix-postgres variables (`matrix_postgres_*` -> `devture_postgres_*`).
-      Note that `matrix_postgres_backup_*` variables (used by the `matrix-postgres-backup` role) need to remain as they are for now. Do not rename those!
+      The matrix-postgres-backup role in the playbook has been replaced with the com.devture.ansible.role.postgres_backup role (https://github.com/devture/com.devture.ansible.role.postgres_backup).
+      The new role is pretty much the same, but uses differently named variables.
+
+      Please change your configuration (vars.yml) to rename all `matrix_postgres`-prefixed variables (`matrix_postgres_*` -> `devture_postgres_*`).
 
-      The following variables in your configuration need to be renamed: {{ vars | dict2items | rejectattr('key', 'match', 'matrix_postgres_backup_') | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }}
-  when: "vars | dict2items | rejectattr('key', 'match', 'matrix_postgres_backup_') | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict"
+      The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }}
+  when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict"

From d5ea17d66f7d4da735285c81779b03e3787570e4 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 11:18:39 +0200
Subject: [PATCH 118/198] Make postgres-backup priority start later

---
 group_vars/matrix_servers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 6824d892..f816a08f 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -289,7 +289,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
     +
-    ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
+    ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
     +
     ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else [])
     +

From 0a018ac22bc46a8562444cd5651067eeb83c5513 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 11:22:00 +0200
Subject: [PATCH 119/198] Add internal Postgres instance (if enabled) to
 postgres-backup dependencies

---
 group_vars/matrix_servers | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index f816a08f..71bd1881 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2520,6 +2520,13 @@ devture_postgres_backup_architecture: "{{ matrix_architecture }}"
 
 devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup"
 
+devture_postgres_backup_systemd_required_services_list: |
+  {{
+    (['docker.service'])
+    +
+    ([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else [])
+  }}
+
 devture_postgres_backup_container_network: "{{ matrix_docker_network }}"
 
 devture_postgres_backup_uid: "{{ matrix_user_uid }}"

From dc817f30cef022362254e02c075df85c80c908f0 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 11:50:21 +0200
Subject: [PATCH 120/198] Upgrade Grafana (9.2.7 -> 9.3.0)

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index fb1d66b1..2aacd23d 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.2.7
+matrix_grafana_version: 9.3.0
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From e3d21e8096bf59ce6af8f3e09a21c71da0b2c6ea Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 30 Nov 2022 11:55:23 +0200
Subject: [PATCH 121/198] Rename some default Hookshot variables

Fixup for 7e2e2626a042246962b1c

Some references were left unrenamed which caused `validate_config.yml`
to trigger.
---
 roles/custom/matrix-bridge-hookshot/defaults/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index 09d214fe..b06db280 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -64,11 +64,11 @@ matrix_hookshot_github_private_key_file: 'private-key.pem'
 matrix_hookshot_github_webhook_secret: ''  # "Webhook secret" on the GitHub App page
 matrix_hookshot_github_oauth_enabled: false
 # You need to configure oauth settings only when you have enabled oauth (optional)
-matrix_hookshot_github_oauth_id: ''  # "Client ID" on the GitHub App page
-matrix_hookshot_github_oauth_secret: ''  # "Client Secret" on the GitHub App page
+matrix_hookshot_github_oauth_client_id: ''  # "Client ID" on the GitHub App page
+matrix_hookshot_github_oauth_client_secret: ''  # "Client Secret" on the GitHub App page
 # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
 matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
-matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
+matrix_hookshot_github_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
 
 # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
 matrix_hookshot_github_defaultOptions_ignoreHooks: {}  # noqa var-naming

From 8ca6cdd016a35377ca5d2693b9c2fd719cf21db0 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 30 Nov 2022 12:25:51 +0000
Subject: [PATCH 122/198] fix hookshot role

---
 .../custom/matrix-bridge-hookshot/templates/registration.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2
index d076ea10..87509a12 100644
--- a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2
@@ -18,7 +18,7 @@ namespaces:
       exclusive: true
 {% endif %}
 {% if matrix_hookshot_generic_enabled %}
-    - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
+    - regex: "@{{ matrix_hookshot_generic_userIdPrefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
       exclusive: true
 {% endif %}
   aliases:

From ea401170e11bab53b57dce555eb47ddaa06b4879 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Thu, 1 Dec 2022 15:16:33 +0000
Subject: [PATCH 123/198] Update prometheus 2.40.4 -> 2.40.5

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index a6f22110..77e7fb1a 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.4
+matrix_prometheus_version: v2.40.5
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From 9e9303015906d3824ba7bc80a521cf4d6c5be7c3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 1 Dec 2022 23:29:33 +0200
Subject: [PATCH 124/198] Upgrade Grafana (9.3.0 -> 9.3.1)

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index 2aacd23d..49f2eb51 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.3.0
+matrix_grafana_version: 9.3.1
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From a353bda7a1df55862bcda00109b514ac731d3dba Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 1 Dec 2022 23:30:09 +0200
Subject: [PATCH 125/198] Upgrade appservice-slack (2.0.1 -> 2.0.2)

---
 roles/custom/matrix-bridge-appservice-slack/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
index 8884edd6..6fb6d7e7 100644
--- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps
 
 # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
-matrix_appservice_slack_version: 2.0.1
+matrix_appservice_slack_version: 2.0.2
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}"
 matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

From d59bbfdfc9acdc6b9436c7a393bea269b1f0cc1e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 2 Dec 2022 19:14:29 +0200
Subject: [PATCH 126/198] Upgrade Hookshot (2.4.0 -> 2.5.0)

---
 roles/custom/matrix-bridge-hookshot/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
index b06db280..14c0e6df 100644
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 2.4.0
+matrix_hookshot_version: 2.5.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -135,7 +135,7 @@ matrix_hookshot_generic_waitForComplete: false
 
 matrix_hookshot_feeds_enabled: true
 matrix_hookshot_feeds_pollIntervalSeconds: 600  # noqa var-naming
-matrix_hookshot_feeds_pollTimeoutSeconds: 10  # noqa var-naming
+matrix_hookshot_feeds_pollTimeoutSeconds: 30  # noqa var-naming
 
 
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.

From 4589f9405385b0b9f34a567583d79159f73b68eb Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 2 Dec 2022 19:17:35 +0200
Subject: [PATCH 127/198] Upgrade Postgres (minor versions upgrade)

---
 requirements.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.yml b/requirements.yml
index 0711fa4e..eef5b054 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -19,7 +19,7 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: 381feb7f671c60e8875298102a7c9b41242979ee
+  version: e75973e3a4edc12dfc3e880e43b12ebecbf82c61
 
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
   version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b

From ceb2c3027701e104b361e3c42f20e737a0117aa2 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 3 Dec 2022 15:37:17 +0200
Subject: [PATCH 128/198] Upgrade mautrix-signal (v0.4.1 -> v0.4.2)

---
 roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
index 736c4557..18681feb 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
-matrix_mautrix_signal_version: v0.4.1
+matrix_mautrix_signal_version: v0.4.2
 matrix_mautrix_signal_daemon_version: 0.23.0
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"

From b31731ebf843fb3e873a4599f19791b4c5685349 Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@qlyoung.net>
Date: Sun, 4 Dec 2022 01:14:20 -0500
Subject: [PATCH 129/198] fix s3 storage provider not ensuring data dir

This path is accessed by the s3 storage provider stuff and needs to be
ensured.

Broken by 7c5c3aedc
---
 roles/custom/matrix-synapse/defaults/main.yml       | 1 +
 roles/custom/matrix-synapse/tasks/setup_install.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 1a9b18a7..ca8a095c 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -61,6 +61,7 @@ matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
 
 matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
 matrix_synapse_ext_s3_storage_provider_bin_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/bin"
+matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data"
 
 matrix_synapse_container_client_api_port: 8008
 
diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml
index d1ef7ed4..921df753 100644
--- a/roles/custom/matrix-synapse/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -16,6 +16,7 @@
 
     - {path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
     - {path: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
+    - {path: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
 
     # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
     # because if it's using Goofys and it's already mounted (from before),

From 7464604ddd119aa72be7b17f51bf226b7aca166e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 4 Dec 2022 10:17:55 +0200
Subject: [PATCH 130/198] Make use of
 matrix_synapse_ext_s3_storage_provider_data_path in a few more places

---
 .../tasks/ext/s3-storage-provider/setup_install.yml             | 2 +-
 .../templates/synapse/ext/s3-storage-provider/bin/migrate.j2    | 2 +-
 .../templates/synapse/ext/s3-storage-provider/bin/shell.j2      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
index 11958f45..c892e0b6 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
@@ -27,7 +27,7 @@
 - name: Ensure s3-storage-provider database.yaml file installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2"
-    dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data/database.yaml"
+    dest: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}/database.yaml"
     mode: 0640
 
 - name: Ensure s3-storage-provider scripts installed
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
index 70518eb4..6ce085f2 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
@@ -5,7 +5,7 @@
 	--rm \
 	--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
 	--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
-	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_base_path }}/data,dst=/data \
+	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
 	--workdir=/data \
 	--network={{ matrix_docker_network }} \
 	--entrypoint=/bin/bash \
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
index 00717705..a5494882 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
@@ -6,7 +6,7 @@
 	--rm \
 	--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
 	--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
-	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_base_path }}/data,dst=/data \
+	--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
 	--workdir=/data \
 	--network={{ matrix_docker_network }} \
 	--entrypoint=/bin/bash \

From 64145990790906428a59d17aa9d46c67eb5b5614 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 09:46:11 +0200
Subject: [PATCH 131/198] Upgrade Coturn (4.6.0 -> 4.6.1)

---
 roles/custom/matrix-coturn/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml
index b2aff984..3a125de4 100644
--- a/roles/custom/matrix-coturn/defaults/main.yml
+++ b/roles/custom/matrix-coturn/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
-matrix_coturn_version: 4.6.0-r0
+matrix_coturn_version: 4.6.1-r0
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

From b2a40effaf2451afff851f95b00395ff08e3aff1 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 10:02:54 +0200
Subject: [PATCH 132/198] Fix Element self-building by switching to
 docker-buildx

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2318
---
 .../tasks/setup_install.yml                     | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml
index 16f75ab4..813b4da0 100644
--- a/roles/custom/matrix-client-element/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-element/tasks/setup_install.yml
@@ -50,16 +50,13 @@
   when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool"
 
 - name: Ensure Element Docker image is built
-  community.docker.docker_image:
-    name: "{{ matrix_client_element_docker_image }}"
-    source: build
-    force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_client_element_docker_src_files_path }}"
-      pull: true
-  when: "matrix_client_element_container_image_self_build | bool"
+  ansible.builtin.command:
+    cmd: |-
+      {{ devture_systemd_docker_base_host_command_docker }} buildx build
+      --tag={{ matrix_client_element_docker_image }}
+      --file={{ matrix_client_element_docker_src_files_path }}/Dockerfile
+      {{ matrix_client_element_docker_src_files_path }}
+  when: matrix_client_element_container_image_self_build | bool
 
 - name: Ensure Element configuration installed
   ansible.builtin.copy:

From d8df03dfc90b10fd8c939ff5d8d5f6ae821ba9e5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 11:46:22 +0200
Subject: [PATCH 133/198] Mark Postgres v15 as supported for borg backup

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2257

Fixed in https://gitlab.com/etke.cc/borgmatic/-/commit/d134cd7c4c0aadecc2c00df45bd8371e248aa81f
(thanks to `alpine:latest` now being `alpine:3.17.0`, which includes
Postgres v15)
---
 roles/custom/matrix-backup-borg/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml
index fbeb1167..472abe97 100644
--- a/roles/custom/matrix-backup-borg/defaults/main.yml
+++ b/roles/custom/matrix-backup-borg/defaults/main.yml
@@ -37,7 +37,7 @@ matrix_backup_borg_location_source_directories: []
 
 # postgres db backup
 matrix_backup_borg_postgresql_enabled: true
-matrix_backup_borg_supported_postgres_versions: ['12', '13', '14']
+matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
 matrix_backup_borg_postgresql_databases: []
 matrix_backup_borg_postgresql_databases_hostname: ''
 matrix_backup_borg_postgresql_databases_username: "matrix"

From 1f1a3dfc3807a3cbc115904c15d6cd2235d1d97a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 14:42:02 +0200
Subject: [PATCH 134/198] Ensure database port is passed to Borg as an integer

Without this, it's a string and borg says:

> At 'hooks.postgresql_databases[INDEX_HERE].port': '5432' is not of type 'integer'
> /etc/borgmatic/config.yaml /etc/borgmatic.d /tmp/.config/borgmatic/config.yaml /tmp/.config/borgmatic.d: No valid configuration files found

.. and fails to do anything.
---
 roles/custom/matrix-backup-borg/templates/config.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-backup-borg/templates/config.yaml.j2 b/roles/custom/matrix-backup-borg/templates/config.yaml.j2
index 210b7a65..105c0ce1 100644
--- a/roles/custom/matrix-backup-borg/templates/config.yaml.j2
+++ b/roles/custom/matrix-backup-borg/templates/config.yaml.j2
@@ -34,7 +34,7 @@ hooks:
     hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
     username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
     password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
-    port: {{ matrix_backup_borg_postgresql_databases_port|to_json }}
+    port: {{ matrix_backup_borg_postgresql_databases_port | int | to_json }}
   {% endfor %}
 {% endif %}
   after_backup:

From 64b03c2dfdcbe9f8794045cae6387306269e52b7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 14:56:38 +0200
Subject: [PATCH 135/198] Fix backup-borg repository initialization for
 borgmatic 1.7+ (or borg 2.0)

---
 .../templates/systemd/matrix-backup-borg.service.j2             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
index 533f6e42..8048c2e4 100644
--- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
+++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
@@ -31,7 +31,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --n
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_backup_borg_docker_image }} \
-			sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"
+			sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}"
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
 			--log-driver=none \

From 7b123907e05e2837bb8f101ef3d9d9a789bdb118 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 15:15:47 +0200
Subject: [PATCH 136/198] Fix borg repository URL format

Reference: https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls

Otherwise, we'd get:

> /etc/borgmatic.d/config.yaml: Remote repository paths without ssh:// syntax are deprecated. Interpreting "user@hostname:matrix" as "ssh://user@hostname/./matrix"
---
 docs/configuring-playbook-backup-borg.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md
index f3cfc6de..b6b5cb09 100644
--- a/docs/configuring-playbook-backup-borg.md
+++ b/docs/configuring-playbook-backup-borg.md
@@ -40,7 +40,7 @@ Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to
 ```yaml
 matrix_backup_borg_enabled: true
 matrix_backup_borg_location_repositories:
- - USER@HOST:REPO
+ - ssh://USER@HOST/./REPO
 matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE"
 matrix_backup_borg_ssh_key_private: |
   -----BEGIN OPENSSH PRIVATE KEY-----

From 8005557061c0e795be334d47ae8f6669ecf4ab8c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 15:28:07 +0200
Subject: [PATCH 137/198] Give backup-borg container more permissions to
 perform the backup

Running with a user (like `matrix:matrix`) fails if Etherpad is enabled,
because `/matrix/etherpad` is owned by `matrix_etherpad_user_uid`/`matrix_etherpad_user_gid` (`5001:5001`).

The `matrix` user can't acccess the Etherpad directory for this reason
and Borgmatic fails when trying to make a backup.

There may be other things under `/matrix` which similarly use
non-`matrix:matrix` permissions.

Another workaround might have been to add `/matrix/etherpad` (and
potentially other things) to `matrix_backup_borg_location_exclude_patterns`, but:

- that means Etherpad won't be backed up - not great
- only excluding Etherpad may not be enough. There may be other files we
  need to exclude as well

---

Running with `root` is still not enough though.

We need at least the `CAP_DAC_OVERRIDE` capability, or we won't be able to read the
`/etc/borgmatic.d/config.yaml` configuration file (owned by
`matrix:matrix` with `0640` permissions).

---

Additionally, it seems like the backup process tries to write to at least a few directories:
- `/root/.borgmatic`
- `/root/.ssh`
- `/root/.config`

> [Errno 30] Read-only file system: '/root/.borgmatic'
> Error while creating a backup.
> /etc/borgmatic.d/config.yaml: Error running configuration file

We either need to stop mounting the container filesystem as readonly
(remove `--read-only`) or to allow writing via a `tmpfs`.

I've gone the `tmpfs` route which seems to work.

In any case, the mounted source directories (`matrix_backup_borg_location_source_directories`)
are read-only regardless, so our actual source files are protected from unintentional changes.
---
 .../templates/systemd/matrix-backup-borg.service.j2         | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
index 8048c2e4..760fd574 100644
--- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
+++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
@@ -33,12 +33,16 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --n
 			{{ matrix_backup_borg_docker_image }} \
 			sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}"
 
+# The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container
+# can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file,
+# owned by `matrix:matrix` on the filesystem.
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
 			--log-driver=none \
 			--cap-drop=ALL \
+			--cap-add=CAP_DAC_OVERRIDE \
 			--read-only \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--network={{ matrix_docker_network }} \
+			--tmpfs=/root:rw,noexec,nosuid,size=100m \
 			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \

From b1c77f9bf29e42949988daaf58ac2114579e7a83 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 5 Dec 2022 15:45:33 +0200
Subject: [PATCH 138/198] Add comment to matrix-backup-borg.service

Related to 8005557061c0e795be334
---
 .../templates/systemd/matrix-backup-borg.service.j2            | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
index 760fd574..900369b9 100644
--- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
+++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2
@@ -36,6 +36,9 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --n
 # The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container
 # can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file,
 # owned by `matrix:matrix` on the filesystem.
+#
+# `/root` is mountes as temporary filesystem, because we're using `--read-only` and because
+# Borgmatic tries to write to at least a few paths under `/root` (`.config`, `.ssh`, `.borgmatic`).
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
 			--log-driver=none \
 			--cap-drop=ALL \

From 7f2cdd9889f419e35c955effe978e8ac4a59b5ec Mon Sep 17 00:00:00 2001
From: felixx9 <51174875+felixx9@users.noreply.github.com>
Date: Tue, 6 Dec 2022 08:47:54 +0100
Subject: [PATCH 139/198] matrix_ to devture_

I'm not sure, but this should be changed to devture_postgres_... !?
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-11-28

```yaml
matrix_postgres_process_extra_arguments: [
  "-c 'max_connections=200'"
]
```
---
 docs/configuring-playbook-synapse.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index 50860a17..cf60da76 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -37,7 +37,7 @@ If you'd like more customization power, you can start with one of the presets an
 If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example):
 
 ```yaml
-matrix_postgres_process_extra_arguments: [
+devture_postgres_process_extra_arguments: [
   "-c 'max_connections=200'"
 ]
 ```

From 9ab2a72e86f7ae0d3420784ca3ad7dc34c77c68c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 10:12:31 +0200
Subject: [PATCH 140/198] More matrix_postgres -> devture_postgres changes

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2319
---
 docs/maintenance-postgres.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md
index cf7f5eeb..f2ca907d 100644
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -99,7 +99,7 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
 
 ## Tuning PostgreSQL
 
-PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `matrix_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change.
+PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `devture_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change.
 
 **Note**: the configuration generator at https://pgtune.leopard.in.ua/ adds spaces around the `=` sign, which is invalid. You'll need to remove it manually (`max_connections = 300` -> `max_connections=300`)
 
@@ -109,7 +109,7 @@ These are not recommended values and they may not work well for you. This is jus
 
 Here is an example config for a small 2 core server with 4GB of RAM and SSD storage:
 ```
-matrix_postgres_process_extra_arguments: [
+devture_postgres_process_extra_arguments: [
   "-c shared_buffers=128MB",
   "-c effective_cache_size=2304MB",
   "-c effective_io_concurrency=100",
@@ -120,7 +120,7 @@ matrix_postgres_process_extra_arguments: [
 
 Here is an example config for a 4 core server with 8GB of RAM on a Virtual Private Server (VPS); the paramters have been configured using https://pgtune.leopard.in.ua with the following setup: PostgreSQL version 12, OS Type: Linux, DB Type: Mixed type of application, Data Storage: SSD storage:
 ```
-matrix_postgres_process_extra_arguments: [
+devture_postgres_process_extra_arguments: [
   "-c max_connections=100",
   "-c shared_buffers=2GB",
   "-c effective_cache_size=6GB",
@@ -142,7 +142,7 @@ matrix_postgres_process_extra_arguments: [
 
 Here is an example config for a large 6 core server with 24GB of RAM:
 ```
-matrix_postgres_process_extra_arguments: [
+devture_postgres_process_extra_arguments: [
   "-c max_connections=40",
   "-c shared_buffers=1536MB",
   "-c checkpoint_completion_target=0.7",

From 84d529b54226002920a1cacedc19dc7ad18e85bd Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 15:47:07 +0200
Subject: [PATCH 141/198] Upgrade Synapse (v1.72.0 -> v1.73.0)

Synapse Worker configuration updates are coming later.
---
 roles/custom/matrix-synapse/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index ca8a095c..08fbd7b6 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.72.0
+matrix_synapse_version: v1.73.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

From 135bb5af3e4c0c2cca6e70a18910647ce45896e7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 15:47:35 +0200
Subject: [PATCH 142/198] Do not specify send_federation in Synapse config

It's unnecessary when `federation_sender_instances` is populated.

Source: https://github.com/matrix-org/synapse/commit/6acb6d772a77a4398c112d82118c5b79755a91cb
---
 roles/custom/matrix-synapse/defaults/main.yml               | 5 -----
 roles/custom/matrix-synapse/tasks/validate_config.yml       | 2 ++
 .../matrix-synapse/templates/synapse/homeserver.yaml.j2     | 6 ------
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 08fbd7b6..e096bc85 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -569,11 +569,6 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400
 # Adjusting this value manually is generally not necessary.
 matrix_synapse_federation_sender_instances: []
 
-# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`).
-# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers.
-# Adjusting this value manually is generally not necessary.
-matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}"
-
 matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}"
 matrix_synapse_workers_media_repository_workers_port_range_start: 18551
 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551
diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
index 0f63211d..c0a9a729 100644
--- a/roles/custom/matrix-synapse/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -60,6 +60,8 @@
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
     - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'}
+    - {'old': 'matrix_synapse_send_federation', 'new': '<unnecessary - Synapse relies on federation_sender_instances now>'}
+
 
 - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 9b02346c..c8fea706 100644
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -2836,12 +2836,6 @@ opentracing:
 
 ## Workers ##
 
-# Disables sending of outbound federation transactions on the main process.
-# Uncomment if using a federation sender worker.
-#
-#send_federation: false
-send_federation: {{ matrix_synapse_send_federation | to_json }}
-
 # It is possible to run multiple federation sender workers, in which case the
 # work is balanced across them.
 #

From 663fe29ddb935682cc5c6a1567b342b6ef4d097c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 15:49:56 +0200
Subject: [PATCH 143/198] Do not specify start_pushers in Synapse config

It's unnecessary when `pusher_instances` is populated.

Source: https://github.com/matrix-org/synapse/commit/6acb6d772a77a4398c112d82118c5b79755a91cb
---
 roles/custom/matrix-synapse/defaults/main.yml                | 5 -----
 roles/custom/matrix-synapse/tasks/validate_config.yml        | 1 +
 .../matrix-synapse/templates/synapse/homeserver.yaml.j2      | 1 -
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index e096bc85..19c6d2b1 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -554,11 +554,6 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200
 # Adjusting this value manually is generally not necessary.
 matrix_synapse_federation_pusher_instances: []
 
-# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`).
-# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers.
-# Adjusting this value manually is generally not necessary.
-matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}"
-
 # matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn.
 # See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender
 matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}"
diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
index c0a9a729..56f12bf6 100644
--- a/roles/custom/matrix-synapse/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -61,6 +61,7 @@
     - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
     - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'}
     - {'old': 'matrix_synapse_send_federation', 'new': '<unnecessary - Synapse relies on federation_sender_instances now>'}
+    - {'old': 'matrix_synapse_start_pushers', 'new': '<unnecessary - Synapse relies on pusher_instances now>'}
 
 
 - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
index c8fea706..3767a3fc 100644
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -2853,7 +2853,6 @@ federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_
 {% if matrix_synapse_federation_pusher_instances | length > 0 %}
 pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }}
 {% endif %}
-start_pushers: {{ matrix_synapse_start_pushers | to_json }}
 
 # When using workers this should be a map from `worker_name` to the
 # HTTP replication listener of the worker, if configured.

From 13e739910445c25d3b7437c1c643086effa01068 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 15:52:16 +0200
Subject: [PATCH 144/198] Handle /timestamp_to_event via Synapse workers

Related to https://github.com/matrix-org/synapse/commit/8f10c8b054fc970838be9ae6f1f5aea95f166c98
---
 roles/custom/matrix-synapse/vars/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml
index 18bb5e18..46277c87 100644
--- a/roles/custom/matrix-synapse/vars/main.yml
+++ b/roles/custom/matrix-synapse/vars/main.yml
@@ -134,6 +134,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/federation/(v1|v2)/send_leave/
   - ^/_matrix/federation/(v1|v2)/invite/
   - ^/_matrix/federation/v1/event_auth/
+  - ^/_matrix/federation/v1/timestamp_to_event/
   - ^/_matrix/federation/v1/exchange_third_party_invite/
   - ^/_matrix/federation/v1/user/devices/
   - ^/_matrix/key/v2/query
@@ -161,6 +162,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$
+  - ^/_matrix/client/v1/rooms/.*/timestamp_to_event$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$
 
   # Encryption requests

From 9edc7da67d7a00c984b2777c34ee50290f92345b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 6 Dec 2022 15:53:38 +0200
Subject: [PATCH 145/198] Do not specify now-unnecessary worker_main_http_uri
 Synapse worker setting

Related to

- https://github.com/matrix-org/synapse/commit/c15e9a0edb696990365ac5a4e5be847b5ae23921
- https://github.com/matrix-org/synapse/commit/01a052789266179c70c10ea6a6253c64fd9990d2
---
 roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
index 2b0df98d..f0e6fe90 100644
--- a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
@@ -10,10 +10,6 @@ worker_replication_host: matrix-synapse
 worker_replication_http_port: {{ matrix_synapse_replication_http_port }}
 {% endif %}
 
-{% if matrix_synapse_worker_details.type == 'generic_worker' %}
-worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}
-{% endif %}
-
 {% set http_resources = [] %}
 
 {% if matrix_synapse_worker_details.type == 'user_dir' %}

From ba4580a1fd2045db86b40c0b78d342db5b4f40d5 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 6 Dec 2022 14:50:56 +0000
Subject: [PATCH 146/198] Update element v1.11.15 -> v1.11.16

---
 roles/custom/matrix-client-element/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index eb93691f..480e41a4 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.11.15
+matrix_client_element_version: v1.11.16
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

From ba13231c58479d4a2de8f25594c5c2ecc6261344 Mon Sep 17 00:00:00 2001
From: Aine <aine@etke.cc>
Date: Tue, 6 Dec 2022 22:51:17 +0200
Subject: [PATCH 147/198] update postmoogle 0.9.9 -> 0.9.10

---
 .../matrix-bot-postmoogle/defaults/main.yml   | 33 +++++++++++--------
 .../matrix-bot-postmoogle/templates/env.j2    |  8 ++++-
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
index 24bf7cf2..14795d1f 100644
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.9
+matrix_bot_postmoogle_version: v0.9.10
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@@ -78,18 +78,6 @@ matrix_bot_postmoogle_prefix: '!pm'
 # Max email size in megabytes, including attachments
 matrix_bot_postmoogle_maxsize: '1024'
 
-# DEPRECATED, use !pm users instead
-# A list of whitelisted users allowed to use the bridge.
-# If not defined, everyone is allowed.
-# Example set of rules:
-# matrix_bot_postmoogle_users:
-# - @someone:example.com
-# - @another:example.com
-# - @bot.*:example.com
-# - @*:another.com
-matrix_bot_postmoogle_users:
-  - "@*:{{ matrix_domain }}"
-
 # A list of admins
 # Example set of rules:
 # matrix_bot_postmoogle_admins:
@@ -99,9 +87,17 @@ matrix_bot_postmoogle_users:
 # - @*:another.com
 matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
 
-# Sentry DSN
+# Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn
 matrix_bot_postmoogle_sentry: ''
 
+# Sentry integration
+matrix_bot_postmoogle_monitoring_sentry_dsn: "{{ matrix_bot_postmoogle_sentry }}"
+matrix_bot_postmoogle_monitoring_sentry_rate: 20
+
+# healthchecks.io integration
+matrix_bot_postmoogle_monitoring_healthchecks_uuid: ''
+matrix_bot_postmoogle_monitoring_healthchecks_duration: 60
+
 # Log level
 matrix_bot_postmoogle_loglevel: 'INFO'
 
@@ -147,6 +143,15 @@ matrix_bot_postmoogle_tls_key: ""
 # Mandatory TLS, even on plain SMTP port
 matrix_bot_postmoogle_tls_required: false
 
+# trusted proxies
+matrix_bot_postmoogle_proxies: []
+
+# reserved mailboxes
+matrix_bot_postmoogle_mailboxes_reserved: []
+
+# mailbox activation flow
+matrix_bot_postmoogle_mailboxes_activation: none
+
 # Additional environment variables to pass to the postmoogle container
 #
 # Example:
diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2
index 855bd882..3b22040b 100644
--- a/roles/custom/matrix-bot-postmoogle/templates/env.j2
+++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2
@@ -7,7 +7,6 @@ POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }}
 POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}
 POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }}
 POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
-POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
 POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
 POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
 POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
@@ -16,5 +15,12 @@ POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
 POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
 POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
 POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }}
+POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies }}
+POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }}
+POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }}
+POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }}
+POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }}
+POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved }}
+POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }}
 
 {{ matrix_bot_postmoogle_environment_variables_extension }}

From fda65a0a5659641eb3c198e4ef7d8865db2deaff Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 7 Dec 2022 11:38:47 +0000
Subject: [PATCH 148/198] postmoogle - add missing join()s

---
 roles/custom/matrix-bot-postmoogle/templates/env.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2
index 3b22040b..072d12da 100644
--- a/roles/custom/matrix-bot-postmoogle/templates/env.j2
+++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2
@@ -15,12 +15,12 @@ POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
 POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
 POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
 POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }}
-POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies }}
+POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies | join(' ') }}
 POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }}
 POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }}
 POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }}
 POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }}
-POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved }}
+POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved | join(' ') }}
 POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }}
 
 {{ matrix_bot_postmoogle_environment_variables_extension }}

From 8ebf18a885cd0920137ed683f1f47cad6536f82e Mon Sep 17 00:00:00 2001
From: ikkemaniac <stuud1@hotmail.com>
Date: Wed, 7 Dec 2022 15:58:36 +0100
Subject: [PATCH 149/198] add prometheus-nginxlog-exporter role (#2315)

* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>
---
 ...configuring-playbook-prometheus-grafana.md |    5 +
 ...onfiguring-playbook-prometheus-nginxlog.md |   59 +
 group_vars/matrix_servers                     |   28 +
 playbooks/matrix.yml                          |    1 +
 .../templates/nginx/nginx.conf.j2             |   13 +-
 .../defaults/main.yml                         |   49 +
 .../examples/grafana.png                      |  Bin 0 -> 136574 bytes
 .../examples/metrics.png                      |  Bin 0 -> 128982 bytes
 .../tasks/inject_into_nginx_proxy.yml         |   31 +
 .../tasks/main.yml                            |   29 +
 .../tasks/setup_install.yml                   |   47 +
 .../tasks/setup_uninstall.yml                 |   39 +
 .../tasks/validate_config.yml                 |   32 +
 .../templates/nginx-proxy.json                | 1705 +++++++++++++++++
 .../prometheus-nginxlog-exporter.yaml.j2      |   37 +
 ...ix-prometheus-nginxlog-exporter.service.j2 |   46 +
 .../templates/prometheus.yml.j2               |    7 +
 .../templates/nginx/nginx.conf.j2             |   13 +-
 18 files changed, 2139 insertions(+), 2 deletions(-)
 create mode 100644 docs/configuring-playbook-prometheus-nginxlog.md
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
 create mode 100644 roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2

diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md
index f86566a9..0b785c35 100644
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -15,6 +15,9 @@ matrix_prometheus_node_exporter_enabled: true
 # You can remove this, if unnecessary.
 matrix_prometheus_postgres_exporter_enabled: true
 
+# You can remove this, if unnecessary.
+matrix_prometheus_nginxlog_exporter_enabled: true
+
 matrix_grafana_enabled: true
 
 matrix_grafana_anonymous_access: false
@@ -39,6 +42,7 @@ Name | Description
 `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
 `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
 `matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
+`matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus.
 `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
 `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
 `matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@@ -73,6 +77,7 @@ Name | Description
 `matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network)
 `matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
+`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
 `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
 `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
diff --git a/docs/configuring-playbook-prometheus-nginxlog.md b/docs/configuring-playbook-prometheus-nginxlog.md
new file mode 100644
index 00000000..832efbd8
--- /dev/null
+++ b/docs/configuring-playbook-prometheus-nginxlog.md
@@ -0,0 +1,59 @@
+# Enabling metrics and graphs for NginX logs (optional)
+
+It can be useful to have some (visual) insight into NignX logs.
+
+This adds [prometheus-nginxlog-exporter](https://github.com/martin-helmich/prometheus-nginxlog-exporter/) to your matrix deployment.
+It will provide a prometheus 'metrics' endpoint exposing data from both the `matrix-nginx-proxy` and `matrix-synapse-reverse-proxy-companion` logs and automatically aggregates the data with prometheus.
+Optionally it visualizes the data, if [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) is enabled, by means of a dedicated Grafana dashboard named `NGINX PROXY`
+
+You can enable this role by adding the following settings in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_prometheus_nginxlog_exporter_enabled: true
+
+# required depency
+matrix_prometheus_enabled: true
+
+# optional for visualization
+matrix_grafana_enabled: true
+```
+
+x | Prerequisites | Variable | Description
+|:--:|:--:|:--:|:--|
+**REQUIRED** | `matrix-prometheus`| `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
+_Optional_ | [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) | [`matrix_grafana_enabled`](configuring-playbook-prometheus-grafana.md)|[Grafana](https://grafana.com) is the visual component. It shows (on the `stats.<your-domain>` subdomain) graphs that we're interested in. When enabled the `NGINX PROXY` dashboard is automatically added.
+
+## Docker Image Compatibility
+
+At the moment of writing only images for `amd64` and `arm64` architectures are available
+
+The playbook currently does not support building an image.
+You can however use a custom-build image by setting
+```yaml
+matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
+matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
+```
+
+## Security and privacy
+
+Metrics and resulting graphs can contain a lot of information. NginX logs contain information like IP address, URLs, UserAgents and more. This information can reveal usage patterns and could be considered Personally Identifiable Information (PII). Think about this before enabling (anonymous) access.
+Please make sure you change the default Grafana password.
+
+## Save metrics on an external Prometheus server
+
+The playbook will automatically integrate the metrics into the Prometheus server provided with this playbook. You can choose to save data on an external Prometheus instance.
+
+The metrics of this role will be exposed on `https://matrix.DOMAIN/metrics/nginxlog` when setting
+```yaml
+matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: true
+
+# required dependency
+matrix_nginx_proxy_proxy_matrix_metrics_enabled: true
+```
+The playbook can provide a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`.
+
+The following variables may be of interest:
+
+Name | Description
+-----|----------
+`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service.
\ No newline at end of file
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 71bd1881..e3f63bb3 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -297,6 +297,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
     +
+    ([{'name': (matrix_prometheus_nginxlog_exporter_container_hostname + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
+    +
     ([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else [])
     +
     ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else [])
@@ -2235,6 +2237,9 @@ matrix_ssl_architecture: "{{
 
 matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}"
 
+matrix_nginx_proxy_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
+matrix_nginx_proxy_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
+
 ######################################################################
 #
 # /matrix-nginx-proxy
@@ -2820,6 +2825,9 @@ matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_wor
 matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
 matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
 
+matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
+matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
+
 ######################################################################
 #
 # /matrix-synapse-reverse-proxy-companion
@@ -2861,6 +2869,20 @@ matrix_prometheus_node_exporter_enabled: false
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-prometheus-nginxlog-exporter
+#
+######################################################################
+
+matrix_prometheus_nginxlog_exporter_enabled: false
+
+######################################################################
+#
+# /matrix-prometheus-nginxlog-exporter
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-prometheus
@@ -2888,6 +2910,10 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp
 matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}"
 matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}"
 
+matrix_prometheus_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
+matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string)
+| default('') }}"
+
 ######################################################################
 #
 # /matrix-prometheus
@@ -2937,6 +2963,8 @@ matrix_grafana_dashboard_download_urls: |
     (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else [])
     +
     (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else [])
+    +
+    (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
   }}
 
 matrix_grafana_default_home_dashboard_path: |-
diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 5b6f1cce..92e027fb 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -80,6 +80,7 @@
     - custom/matrix-synapse-admin
     - custom/matrix-prometheus-node-exporter
     - custom/matrix-prometheus-postgres-exporter
+    - custom/matrix-prometheus-nginxlog-exporter
     - custom/matrix-prometheus
     - custom/matrix-grafana
     - custom/matrix-registration
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
index 5aeeb6f4..6b56878a 100644
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
@@ -39,7 +39,18 @@ http {
 
 	{% if matrix_nginx_proxy_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
-	{% else %}
+	{% endif %}
+
+	{% if matrix_nginx_proxy_access_log_syslog_integration_enabled %}
+	log_format prometheus_fmt 'matrix-nginx-proxy $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] '
+								'$host "$request" '
+								'$status "$http_referer" '
+								'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log syslog:server={{ matrix_nginx_proxy_access_log_syslog_integration_server_port }},tag=matrix_nginx_proxy prometheus_fmt;
+	{% endif %}
+
+	{% if not matrix_nginx_proxy_access_log_enabled and not matrix_nginx_proxy_access_log_syslog_integration_enabled %}
 	access_log off;
 	{% endif %}
 
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml
new file mode 100644
index 00000000..2e85d629
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml
@@ -0,0 +1,49 @@
+---
+# prometheus-nginxlog-exporter exports nginx logs in a prometheus usable format on a `/metrics/ endpoint
+# See: https://github.com/martin-helmich/prometheus-nginxlog-exporter/
+
+matrix_prometheus_nginxlog_exporter_enabled: true
+matrix_prometheus_nginxlog_exporter_version: v1.10.0
+
+matrix_prometheus_nginxlog_exporter_container_hostname: 'matrix-prometheus-nginxlog-exporter'
+matrix_prometheus_nginxlog_exporter_container_metrics_port: '4040'
+matrix_prometheus_nginxlog_exporter_container_syslog_port: '6514'
+
+matrix_prometheus_nginxlog_exporter_docker_image_arch: ['amd64', 'arm64']
+matrix_prometheus_nginxlog_exporter_docker_image_name_prefix: "{{ 'ghcr.io/martin-helmich/' }}"
+matrix_prometheus_nginxlog_exporter_docker_image_tag: "{{ 'latest' if matrix_prometheus_nginxlog_exporter_version == 'master' else matrix_prometheus_nginxlog_exporter_version }}-{{ matrix_architecture }}"
+matrix_prometheus_nginxlog_exporter_docker_image: "{{ matrix_prometheus_nginxlog_exporter_docker_image_name_prefix }}prometheus-nginxlog-exporter/exporter:{{ matrix_prometheus_nginxlog_exporter_docker_image_tag }}"
+matrix_prometheus_nginxlog_exporter_docker_image_force_pull: "{{ matrix_prometheus_nginxlog_exporter_docker_image.endswith(':latest') }}"
+matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: true
+
+# Controls whether prometheus-nginxlog-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/nginxlog`.
+# This will only take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: false
+
+# matrix_prometheus_nginxlog_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_prometheus_nginxlog_exporter_dashboard_urls: []
+
+matrix_prometheus_nginxlog_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-nginxlog-exporter"
+matrix_prometheus_nginxlog_exporter_config_path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}/config"
+
+# A list of extra docker arguments to pass to the container
+matrix_prometheus_nginxlog_exporter_container_extra_arguments: []
+
+# List of systemd services that matrix-prometheus_nginxlog_exporter.service depends on
+matrix_prometheus_nginxlog_exporter_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-prometheus_nginxlog_exporter.service wants
+matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list: []
+
+# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its HTTP port (tcp/4040 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4040"), or empty string to not expose.
+matrix_prometheus_nginxlog_exporter_container_http_host_bind_port: ''
+
+# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its SYSLOG port (udp/6514 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6514"), or empty string to not expose.
+# NOTE: is an UDP connection!
+matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port: ''
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png
new file mode 100644
index 0000000000000000000000000000000000000000..49fa021134bb147e7efc13eab28c5a3396a373f6
GIT binary patch
literal 136574
zcmbTdV|Zju+cug^H1Wg}+qOMH$C}tSC$_DQ&53PiV%xSRwv*lW^M23$etZAieN-Pw
ztzK2Vy6RG0=Xr%I$Vni=;lP1`fgu7Ue<*>0L8O7+tzV%*R}x-!zJdNgI*9;OzJgv}
zUyZ}Sz=*&AKZI4>GS4<#wb9K!{#;LuGn~!Z_#x7U!39JZE-gz()u#NAVbjeIKcPq&
zJ8*S9p-A61l#!Ror!Zrj>0fRqY4Xd>S1%d;GHZ}RfBR|#E?hd>&v&^*TfKd8cIIkY
z%(vy9KHnf_75ti5P{2wJXlp|f{RS!gpSHs&T6GHce>%e7f?h)<S)l&sBT&zh6e#oG
z4rJbH7@6{a#|f8kkc^=JJFYDH|L3r_Du{ok{8(+!q<@HskyP3ccvL}$=ho0TzJFm!
zDUZG8;o=5YI)|kA`p6%AHZJ3Eu`x&UfxFOr>Tc7oHRCo)@}Eb{lUw2C0cK<b4j7is
zaT#k2ZqC%MXIOeiF7=FrXJ(%9#HxKO8=aX+tEh--LxRvqcCdFWQ#;!1th=<77V|B5
zapAA7bfd+QPdhCcbo=Lb<;{`-s%~-l{6I5K&+WWmGD<%F=m@ayuF00iD9u7Y($y(F
zwo}=vI%>qQ8@OcrjRq(p`Wo;*O~K{|kovzJA{E?tW4QnG3DMUDak8|3J0guJ|F2<|
z&Tt80n@z^4=$q}<6%*B!ED{ow6mqE^L#G-VY1Zovn0^4X;+^enw;>i>&PsAx+WJAG
z3eI_fxAV2?)YLmzVc#vuI;ACWSdod-C0C;JHBW~<@h`ltHr1#0K|F^CC(-5QxL^PP
z4}+N4qQj5hbLI_hZVkN?3;19<N+h+l%-<1Q1uHs<=An>d7u_1Hp@cj<a2&3g3yX`F
z98{WHT3h#a*K@Bth$cHdV<RKsv(I^RXUu6EI(l*`|K1FE{^cr{ZA>=qy0GYbDxv{n
zk%1e_mu<XX_{m|=iyjbgnE14LFqQ(A%6Zv}x}~O|-s<R1-X$w~tE-&GZ15c%pU=Fc
zF)r&@w9`;??V+z$xFow8$J=X^%p7da^+to+X7)S5kdvLKmZMoOkbV5J!st}+sOIb!
z=D@8wu17~p+GB`V?XN|6YiVjXwcf7#Z$;y&!+)x>*_;>kM_YOpuHLP+-dR2KS>TsQ
zJt1rFPAMH$*>Whm5Ql=`s)u}c>#^xu>MRKuE279Qn`+KN=?pivAh;hUB{#W^i)OYt
zpZ_+(FrB}^+zRl>h|dr$Wb?g@aPlo4!qMucPL=TzjPCnxk=iI?bQR^MIs!UT#Ew7M
zE415l)V)W>Xd<wUY;oGG4DjB)G0I(ah?J?jK0>mFm`p~wUYu<M%L_!r-?&9w-eYq(
z2`OjH-|=a>5aC;|rXM?aS3|t*CiVkKv0dLNbYp#|X0fZH2)NVB)Y;`k;)%@1I&bfG
zlhii#`>(Xt4vx06$fY+c`@;Tq`*_35vUJy|1HE5e^XAAG4SyUsIXHj|RdX^~&Z{>(
z2cvfiPyIHD55C-@4MvF;AB*ehySl$-yneq5Q+T*oqlfG0<)0dx%jgLV-Pv8=j(NQJ
zz1L!w18&}^X=qq5(CUip=-^<WI=$X&<tlc6&Krk8+g)C7<=NASS8~5sqzW9z)C||4
zxAk5yqF>0IYO*JmCf2Q<o>3eGKvB+~`ediqArQ_~U)lL~+tO*&RV=^4V=)l1oyqKU
zyPoqYjo3}^vYWtOPMt^C^uj*atciLhM}(Yz!DcfhmiBnP{*b=3XL{b;lxLTE*!CyR
z0tntf_-<zFV-lC9vmT~#<Ehsq*03ax>ETFxK6^baBCKXqqjtFRx1&1MI-g5k!kAuJ
zR(H9*dxGm_b@6kzd9ydU$>|L5lgi(YCDmD;(yy;~M;(ZMakDu7VtT<dftAM%g)4bm
zJH^@<INr!kSYK74=_}1b$@vzG_8eYU=vY`fr5_^r!omOEwSTbWyCbCw7?WD&Y5r5Z
z^|h#DJ;N`V@w)ehsUiiRonE|aVD|`SmTB*c1hU<sP*sSj0K|6|S6FX|<m<oPOZEc_
zX*QCimnj&T1PyWitQ0joPn1;{?y4m0c;f{|Yx&wAc@>>nRk{<zH3OC1v6Lzn&I|c^
zTmDhs1=2y=V0JKi00}h#+8i`IUXL(R3FJj*w|k}TE{KygGqAS8AKICf;b{yb=?a!?
zn(NvdX&lZJR*O|_W~j29oK`ZL(T!lG3+B%j2d-dzm~1H)%4V~p1?(PyAK77R6BAk2
z$nt{&t>8N-d6_)k`Aig?oUUKm9{ZPu2tk&^db6&}@w%)7`*qxyhwN=~>2xYiM|4er
z0wCI_D)98|I>7IMdm4L6)ln|>&~VHV<iEi)J+C3Ft4VhhbFr^r4Cl&+qt<Bfv@UTB
ztn0jJ5~G?sRy4Z4zoz71NcVnqK|{lh?#UgRn80V0xBKUN`wG|vE1$Y16F4eWBkSwo
zV<$ZFuh!vXxumVF+4L*J@9$3>ACGj!07wl8-v@JTvs<_&_lva2@3!Rv3g8Kv%FVag
zQ+M9mr)LL3IvT8k@ZSPS)mU0`q>H-*K7yAnA}(A(zmNbvJ<`n6PA&_nbmyz|;pv{*
z(;t!IxdltSg;mNq0R7CISW$6gRDx!Hu<EY2oz}zM>}KuykpK?ppSt3d<Oy&bRhNZt
z%iGl(Vk#Rx(2V>Su{3A!x~Y#OIdpnGtBrzJ_xZ(XpNG|CZAfOD;{+-f*isV-2dl3e
zDmEd^Ejp+$k0FLsP5@Zvv2eau^OT#%lqTHRZoa?=?$9T<9<(>lmF5cF<_HYEj-Gn>
z%_9XDErM)8{3$p-U_4t^YL`A-<(QT#!1yR-%Sn7Ip!SyVcc9J3QAX5$sYH8z_*VbX
zC$HKA2hEB0a(zrR?oy4z9u7yvYxdM9Yl@n0SCCE0P#S;9Or=FwBz=4Of}l_TC%s#8
zQp$XT=M%~cw^mA`mfY?^G0e7`J4W@#IbieS%qiLTk@>Rgj*5{1S?q!%HdvXjQofj`
z77?_hKFf|6BUUVPuUuGZ1S=s(Xr?n`%xV0BmGr(aDLX3!&5LchW?~d0Rqp4jo?p<L
zOsSrHdrn0T+}#>PQWA&dX}d&I62lm%;}@({Ydt1tKqd>yPqn~gbv_N`s+JrY7K^v$
ziY9-20qt1N#zdBKvFP*(>dXl$ydJN|**9$L6PXO2`Wn@G26HyeK|#LO8m7kgSexTt
z;co68dmwKqmooey*mONNdO3Z_s5Mh$#6AW7IZ|C~|M7jbM9M?2cfg8E*;H^0EkOe9
z_#mcJ`|UmC11<H=4_U6%0FT!(0<si?e^4ghZVpwAYQ3+6uk#-n<|9c2J+K2cO&wGG
z{0S<z;~i1?Qk6*g42$>bI8V&t=s>G*ty48o4`f($wCOA18k|v8nv;CK!4j+t-ZIMT
zzCsK>|A4cz=SwuM{A0-T0pyZElqXYMk$Vc4&py{ovg#d<=jr>ajtS~(fJx(OTe~<W
zUr^`!<*I_sN>4?yrQF?IU0pf50pHA2I-eZXQSZ74ZPL@DUTnG?>CmiPjOl5!RjU$R
zyMm<PGwIe_T~ZtyuXe-*#Yk|Bk?ww{osY>_6TkJ-wX|-=V&EWDcg6l>Q0znfdpGOJ
zEPt3U-Nv6Ho7a__F~<+?0m7p-msaDYm>#FiqsScB8k<ujReH~q6>lwl<r+Vi@1L74
zVS2jmK_kAO*`M!iIX`dTD*>TpusW3QSz=q(24i-wD^0fSgq?g)geiY{#^>D-v1259
zZ69>0+V!e|J^`Y69-6VfX(yZMEGdnb%rV3lrjwOggOfqKr|hRL*K^HQ%P84_^`hKE
z#oXC@5)34-e3JpS1c_>7wPe;ik$Sz%jah?p$j!p!t<$cP%6BeO#zQG%v<eVfsQf8D
zTZ7#7`~n~NV=+DUX-1SrwaZPpzcUa@PS{LQ1)3bJ-yONlSR?roR2*9xK1dfOMj8lN
zvl*I_HlRsUIDDr3=b;fYnQLpnsMv7^NsY7;u$m%rMC&e01O0a!Q=vXD7T&7V)J$Sx
z<i_DV@@p6$D{?8p;4(HsgR`mc>qVX;7P(pum$c<FcoK*MLm_Hhw;0G;Kqk6UT-xo&
zchARj!;`vLxCDdTt45H8N5yciot3RETZ?-$4KBAUS48}J3=k5U>h(SS6<(p+4u^FF
z9V}aW;mv}`x4IkWkt`b82k7iv6?6QZphs&xCx81|-42Vi(pSwZmq5W@WV1Fn?+yFg
z5{1piz;tApF9sT$i(_Dzgb*Ie-QT!?DX%%+W)3kEY1C+q3M~QGKd5&f1$t6Ix7Sx#
zd~j8@&vYRU6gi;an#qn!70i*>S&VsrJPk+%$_I`w3YWC1t#G1~hXM|7M#nzsn8Tx@
zqpMn-<SoP0%#f{F<?7#;HXuXK_L}((j8_`|lt-hXvRq`fZPN^(y{*~d@jLi!HHXGk
zSo+7hCU|b+q1a;K;!bdG(eGtkCS!P-E8><_wpKX7{??$puk5qAMPzMP8rL4K`&O-H
zuO$7;F){VH%Cw{$juHd1tz`Mv-sZW}@#R+K)#bx^$Aw$Bw`X;GH_Y(F@p>(6q4nW@
z66#Ai4NpwfTU>#dUIN~AMth<wWgBX}FPfl@>_FZg)!>w_jOP)S`^TCfwfUbCOV&W&
z?qsQ_O}*#mF#OFxN+$D*wfzBsUf}kdPh^v>jQ0`ip&Nyh@u~b<p7M<8Hd)cfmQs2L
ze+s#T@@<BcBpdbv`W(ZB!O&m+W0Gp4WIWi^?kLwm9w+BZ@npN%yoc}oPoX(`8%1za
zZ{GaZKW!uo)`If_(@{IUu~No(W$2ck_ijbG-XEbT7*l)lQhW;clZ!1^fBg*#e5Rq4
z-=fOnu1HJeAA2&E7yH8IX!0(h{Y!6fT!WGM<!Q{iU3XDDBW&}H*$T#Iq5^x0nfaE-
z2!`|Uu!~dOho%0ksMSQlv2LW+FM6=(tXL9AO0UT#-lR>zE(^W_A?WKmU3qjou;!Wc
z<?wqztOTo7h~P)1N@h5Vnk8;xlxT%Eu6Q>kC3C?g#in3l;A2qQU0tL>U+h|oVh^Ir
zqR`Obba`t~f_R=XS~#X_OzXgFAo*_nwpX1<k?^itKyNVmFjYHThY}w@FO%J-)6=Un
zDcczWE@ws0R5vcEL{!hrO!)LPtMQRB3OZXcQ_p&<m1nK#eeVW5GIHP25;FB?n-$Y>
zD>?=Mq(!w3Gcr^10;hGbmL48Fpq`tD3zZB*C;~xDu~}%Z4Hw8&fC&ibgoQ^}&2{nq
z6A-Xh9)P?EZ0y&8rJ-(|*O%q#mN^K%Z_C)RA)4bFu-aS?Ft4OQrZ3AayR7zP-n>nJ
zG_oW#y|^SEF7`w`XvGD%@dZ6$j|UTv)*L*}vChJ2JrFt2>OZx78mJ^?U*>8r&zr3w
zu6-{I>@I%V?r(+AL-UJ6DU7xVt+ecLT5{;{wiGb06B&M*KKv*$04IA@g+#!Sd3=y{
zAj;@3**jbF4LJ1>T8N34mm8wI=ImPkF2#Tv{e{rXMNmt`=Q&vvK#$GiO7XFRlF8oK
zJH#Ghqi4HQR>1ilBH))JL25mIvfknr)%iLVr`~JQ?l-v5pCUTG++X^<T@ln)n^p`F
z)nV3fkQRvwz7hS_&Tq|a)F-h52c9+F!94zB6q8+Ia=B)kPZ9@y>Ym+*%dSt26D+d-
z+4C2k1Snq9&cv;;+q!T}iH?pI2l?+}Gnih|UQ6OO;Q3m2WFeW(PWRm0oD_et<>5L+
zVn*hZ2@0hG9J0H#E`d0d3JpeXo`aEDVJ0ovA#%Tdt2=&{Vt$|%+B}&7-8o*ThVP(Z
z>(=}N|L;}cc$5;{J60Wfb~w|wYDORbNjB=BLQp%{`K4hP-%O8|UdEMEX)3nf=}dHJ
ztmUamr_pg1^H}F(d*7QX`1!0PsKwAqjEFm|u7ujUaG)fzw+?BxrqwJw02F<hpo{V=
zJ6Flho{mV>%ibMG!m13MuwI+w?u+esRrnUj5mNVV`T?`R)70JNcW_jv2xj5S5}hn4
zuYWmN5+KS%yeIHigWx=KaM5>s?^f^@ZAwr?Qtt(Eju3k+eLJatzj_k=9_`c3om&x#
zll|2n;jC<Twc4)sDsua6{{flgAjyl(mh3&l&RAA^p-!gqQxcl3<<HCe42I>SUCdUm
zS$W9KN&>69OD{NPRi}qp4i1?%4*L(Kd;ks0e5Li0pEy#J7#tBr-JC5@c{48!Yb1SY
zaoTsJVBE(8f%tPZq^e?n#4X%8r`lv&g7tYVQs_lk;OXMq$<Oc2gH`o{x|Z-uMrbY0
znq@Us#}QU&@I(fCXZ~AZ+<eS`;tTmtx#A4LlW=8qOz4(&0d&`1O}XvaVPX$`m9+?p
zhf=nI!B1OVJI%E@*H=;D6|Jem1;|Y#w^zREu3funTR-gFI`w)Om0y&zk|!5GJ=mKW
zZs|}j@fDwH(?`F7yd~X-J@v}UN`?9}KdA)YaE2Yjmx}QH(WEV>y+P+c=}`|Sb2+pr
z1wZu0Ezt>3R4wxqis$M*&S{E{mh7u^>&uc0>M?)8LqAg=!>}4(*?(z+K_x(eQ-4jB
z0;;GdU{CYMnPGK|6Z%@0-z%DFxi>(Us0hE#pP)UxJk5<3I5+lN%~?_<h&zi$2n>EG
zudqFw%QvI!jmW-a_wkr7dZHG*sb~v4z)0NLK0Tg~q=w!|>No>geXaZWwuRfcC7gaq
zFkvZQbSP6LvoKUi@yr+yuX`+34^|pU;3SNW9B2F%cv5D+{Vh6ZF_|fo@2w{I7K*g{
zcY*##TKcrnIvaGWnZxtA@JBzy=S5%InYrmf$Xwx1`<#+=mwfMDsL5bG(m?TFph!e0
zMP1|ppLk*<rOUqn+YVs#d{Lg5e2e(kx=1!TVhE}1D=Wkds$&A*$IPb4990@pH2OHe
zQh=Y*35_cb3DHB{{1EIFXj}zR7uZWjMEUbjpAN(08xClFy1Ze~J*W2$4=0Zmkx>W;
zRE^&I;53=EBO-nj%%DzpnuU*HL|x$F;zrBkFBumV7pwjK_(tH+q&e03B_bb;g~R2+
z{5*YoV=V>Reda7&N;E!m#+-~PJtDC<>U%WNnq`e}5y0Z;coc#xS=p_;eDA>L=yWeM
zpXx^@uU7e%mJQ%A8=bY<6GKlYK$n<mUdWUi>Q*L!9Ytq;B*bj3Y~@#<%7vNbTu8K4
zSVWuK(CG^IN^td*uLlRx1ClG9@-+@TuC)zV0*dlZ(we_N{L+o(rPjG(;=JDTPywO+
zXkq@jUr)mh32lJg?sAR84omIM(Xe|BmJZ*7^^_nXJ!gy)6-)b7QEuT6v;<guT(&=$
zOn|C8?Bme$`)It#x#=1MVYE4w$xup?*qh>lJsQIsFm%U!k`~pwQj1Apfi%z8ff-4W
zb?0$MCmgOZh2IQ2NRSBletXZC-0G(1`ic~WO<w(<&|VXn5_+cVGe;}mU0+#PnwmHy
zBVdhoVp1$#wqd+J3ok3t`n{q*`8gvGQbx-~ellf#hX2-ru5p{?J4EK5)ba$5z6B9G
zlCDk48u@pp7ebtJtBdrM7>l7v2%Y<R4(0LPG{aZ`ozfTD8I2eudsS>w?>?X@Frw$}
z0|hzXLw^erG*AQq5t}Sw2U69fgvEMNQ$ho9GS<>1f4bo!7*yyuhZ$7M?JW2nO|KsE
z30ADjYmx*1M#nSttZ4>nU>_x5aHtxkb>=oXe$3UkI_&YZyV#f=MBE1lzM*4)0@i-3
zFopVGZT*^;fl7%P8L#*dVjwL;AwbcrfX#`O$BMz@AKvtC{~G&suQs>!pL3lDP(y)<
zQ8SVoq`BHU8xGFSl%+x58VyA1_}5ZtN6YQ(z=oD`vQuF>yP%~+TQ<8xur@v%4j18B
zJ)&J1suToN*b@sk&dFX9lZ0RQEC6u02vMACwW>Ikfe^)}i5FIuKS}G-8QkujcS&j0
zgr;McLjYyts#47xb7anS9pfs?wz<yM^nTLQWk)`2c;X*g+4`naLT~Gz`}!-*AtK59
zM%J1MdO~WA#h#)VhyAyiJh*ZkOOg|3BCN^;G*r*4^whs>AzMdS;)64YYYkFD=uyAZ
z+w-Xo&QFZ<Zfu`M()7-%bkw&0eOKrst*AtV(?s`c#P$>y_o!UJX}U3&1!Zxhz2s98
zQ@7OS6pCdRHrCg#PtJzA-rGm@xb&QJJO?CYkGT(EUs^|Vjh)<=2!o2Ki2%X$5*Ke#
zK|!)7N9Irw{*S%aj@_VO+~}?(6fBOcRQ1uQkv#3X6)qz|Cd$sC+<((5Z;%%_5F>}$
zw{AyY&pXo_{Pv8d%WG$BLL_5OTu<^sfLBn~!D5qyQ;@-w28N4kO?E?wa_D$?<a_1Y
zT`J^Aado})eXT~{9b-b1LsWH*`Sq55yvxX2JX7av^y`SB4IFWKg)Gg_35yk(;8ACs
zNS`!S5jP7qdmz#8JNme@RTlHVMp3xa(Jr#MhIR#Yx>0o37;8`_ahb0yY}3ip)yQ!w
zX_^9aCLDCHY2Z2I#O6JHklkJPO;B{HQKsl4(73p;cX0Z|2g58M_@_}(L9g3K?j8yz
z`4i-Z3q#hYx3GJM4EldgIJq@ml6R)*!vI|zxqhcL8c~~fl-(36+fR(d4nJz+(0o$~
z1>WK+VKJ$WlPp>%yQ)9NHc#Pl^KR#TnL0Nx9&DH8wS~#^4aufTh*p+2{|0($Rd6&l
zNv1L#V)%CMuI1X_{&}=cz2dL$%#vJx0oO93Q9~VP5}K~Q8W`SvXBw+}P4BhxEN?EY
zu)n;zGMAn4NLpS_oyEeWkp&V_`^I#oC#R(Ua48q&V=_UwV0c(AnJ*y^{*@FJ<ZoqQ
zP}p=aC@SBA=6Mdcl;6wk`2x+opluwN$-}yvC%`rWXEL_wWD<*K)xbds8O#?5KAo=$
zSZ;6I5yDiw=DZzSGzA*%O~btGtp0$&kYT~_Mrwr$ZRSp{H{iTN!W+n3>H4A9-g_|2
zBsXBD^fyUGsYW?)Q>7!yPLYVww^I?tGMg>Uy=SQ(P7n=t>8F>E$b?-fMtLnAC`V^@
zpZ-%O$JC|`DK0*K@-KV2<uA6SyI)rP4#HoWo(k%UqaB@{N%;%%oyQiY3QVj#AR!&^
zmh<2)u>yssO6Q2#Z<(Y3d+QhM>-P3VzdwaMkkWp9CK7W0(xL7=Xvxo2xyGw3-}}v?
z>;9bMj4#ruSgD+9tS>xT4b~n9PRtoe7#`VHn!2sXckbR)9}$NhTr4_njI+~dPYSxO
zuGsFaJjQ0R+n{vRllj@e-uZeH2`tuo`dj|ndby?OjggtMK$^M0aurxabMwlW4v0aZ
zz!q{Gu*v@t3@8dB1LO)0j6VA8yy3fI!CR;~Db&z@w!<&M6h&I8-ziHP=uK*skC8N0
z;BfrJrRccFkZ+7MIZB_>@Mega*G7|rz`VJ*<2@=W!wV1b7DxR9E5NVnk??!=dx4L^
zNr<o)pAo}U6kkuW;iaY|K&qF7vpBdNA#D-gqQxgU?i7q>)%gimid-Ip{D@7^yDLf8
zF4kysoxj7YEfMPc?W>0=-b7vO^}*5-_TwxhL55(+_D%XquT6MCz(At3xDtYzkuuZz
zhX#4*Q;iX%UajpGcBde+7n6S}8c*%f+Sk)LyT};a5lrL9<d$-x=a@xE7F*ekIC{Ww
z1OYrK!EwuuM9|SsS4{y)$mMiYs|t<{o%&qfn@^02);Xr@Vno)_^vKXvh{x;lA*V2n
zhw1x-{g3H)`_N9U56J$r(TQEIO3!G`aC*6f==*tr$L}IJZ?0O9uN;W(TrC5YKSyrJ
zbnH%N&QL5D`cL9RE=xdoO8^2c1!S`r&k{7I6BqTTmjGvCR^o6U3_OyG0I9O~3b@co
zWEOXGT%{>%v)hN$eU6K<L>O=Qt*O?!tRz95T%)6y2CKES59Is8ql2wy6KV6`nm-ap
zinzTAJmO+Fn9sIa0>@mP;`4J?@|51Plk^bDQZ(^ZviWwAtM#83<euC-XR37c#9hy$
zKl6T8aL21V=9fwy%jW(}VO}jDLGcitIFn?b*cj(q-5BR3jr!iaTvHHX@|qtGp+E~O
zYMt5mO@oQVQG*SKo`9e-yzC$uLJXs!#oo!OdVZVkAS=g}F}5Lywh&y+uEc`F6|yT!
z(~*rBB~Ta~OUo+wtDkXXrL51V$shFrrv`?Ylu@b{T{V@NQ*RwAO(%`D#-4?A;|EI$
zVv7oi>A^K|_h&P;@bK(!z`~mA^!rZTDpa&p$vaD=asmZrr|z^TykWZXKyUmS*BXvM
zofdoH9V;jZA9Nd%*9A4{NDQJBIt|sQ6-R2$ukevWv$e<&Z|B_3bsg>LX^DmC=#3DA
zLEq&16M<l=cLJsW@f1U0mykr(o}iRP?bgIaGMZ{;zWs9Iv$3V;CpDcNFyUyP!(4>{
zGG)ht&uQE5qMN&JgBy6b&?IWU<A*-dX)Leqbqp9A)TUJ-AwU6V1n*bRIu@F`AfF6Z
zQR35iPOsW_WIH6^7;YLJSi#`r7*<_FZE1)+JqDAp3$|VF*XxIpVmC{Brpq%~2Hw0b
zdWQ-G(PhiUQ2yb7nfmV?JM1o-Dt}NV)Xhm`j-@}5^iUiwniR?QlOds-#O2<j>w_C(
zU7HbugR5z>|7I{y$=or#5^ep;Gp(Wop|5ma2O5X`_jtm>PG1rE`_%O4>G7V-_QRNi
zLb8ZKKx|E^DoDs(&fY-i+o(?&gNh7DR^$98v=$4d7=z5&HN|6bq=g={O=4&?a6#}Z
z>a7hM+MqlG-cxaGp5M@axd6FSNuZeLkETAg+r(Tw1SlKfJnM^2MA2=3db&5Ht1|#s
z4duOISY|RWf?-QQU`_{{i5N~KfIE+Ls1+W6CUx|&;UJH=w>@(ngufx0u_MpC(hP5d
z-^Y~z*y%i~!o>tk{=#Dp7qG>CYjsDXy!2XC6^7#;0T}NI-yR~y?<y(8S*&+(YqCg6
z%>)__T0^sGT9Xg|B%9|j!5SkwLb^Md!RZ?ig}mgKzVa`+^Zmuq$>TZqq(ah$iW?`H
zDG$|7f!Se_#uUlkH9~shrc-IU&JcdmH^J6gcz7?33L8!%z+K8@-Vp2)Z6L9LOKQM$
z{A@Ac`cqF4>UVK58Uc#b;{`t`F{5Fc4+`&?8gOiWCxrf0xe^*(Dwa+I9G+Klu&~UQ
zyDDI{LO~Fu1<6mMsM_(E$ikUm&{RCyKtYU*oKV@M&(4dHyc7kjw_w|Hz;Px3nUg$Y
zRL^|0*M_7`5?%Q)4h|3H{;?$zNL94X3-c|YWPu!FUczf-`C2f^h!DJl+c=iXkfz(q
zpUNdpU1csGG|c<><9#H%yTqqg#o!!<tw325>TX{XmH7dhC>)E!*~`<X+q@KP?n~?d
zz4x%~46%p6N?O?nStvsiny2q=uxRe~t6(4Mj(+oRI<%aB$My{{A8fu-l;*e3qDn|!
zVG!i7N1Tu@-sWtf-6YV%N^Ak5th_SsVGOBlu6O`ev8u__=4|Lq4?kOH8m(|uzL(D@
zs@rk|5ogtNzZ_n-=bUL04o>CR6i(%rBAifToVFM~Iq_>1h_hJrikN13g%kEhMn%x9
z%oT={qPjZxE6j3#yceIryM^Y7ru!>(R2D@aA!KJw6O08{KYMA>VM58h)kHybZW>On
z7oWKPwLwxdfy`wwYM-oP=S_XM5S78-iuWFyGV1St-s1em>;i6-ligSA>m{nb!$zUG
z8tofTjlX?UMjv#z0kH=5%TlS<B!+T+{82(o$9RVpKBCiQ|5#YHN_#R0Rymc;0S5^w
zCitB#FyN4h_86AKPM6Y>t=wO=oc>Jtr;3o0yta1PYCyh+c_R*=W)p*|AHU<BemI2J
zj~|)8L3ngaOUwL-xgT_3_Ep&Qn}2xkD7|EBYb(~IsQOAe^hhiI2E=*9y7JAm4wvl9
zgbE!EvIhcoP^Fxxmai`!`EZ;`&3-=Hv5e4?>as<w6ZsnWRPsX{npl}G_|5PHJBh{G
zbfq5Se$6)qwK5OoXwT~KsI%iBVu~P@l$c+QlLj${GKZtj-)Ypvq5lBwLs*yIv6nqj
zkynC%M9ux(?X*Qt8$mkFen1&RAj;1SA#nsHv|_g32|2iRjqgg~=$)`b5B$d)i%_z|
z+_ToJ(~Dvxj6A^=EEkV3j3r^X28Wd&s9U-T(;UpK-PD<U3<>%HRDr>18?wh_7{uJu
zwSmEy5&doB5q6iIrk7nCAnc0O=C2HgorbT(P0@@wHjCSLP}0(wr;HUn)6)R*7xF$R
zlR=*C2}-`7C`V2mxl_{sL3T<_k0_ZeA58|*#oI4bg4a<F#x~1iI#WeXPv%bm)W$Ot
zYP+D&_AyL6W8vIzF=g~b?OCLZa4lD&Q_P~?qLq<62p-icox(=&$Y)s6q32fMdUUiQ
z+*<$|%iSrt6<|p=i6P~Z$O`kYtHxPlZ1Q`X71ds|H2iA1vgS-(M%m=1cIdFx;#$By
z7_9cX*<$c|`rG$*bUKN*;+h%>@UX^d=q;Yo|DyRlOtZPXX0MC*jIwKeA>$MGn(<?8
zTg?YKW^jAfAKYkgn)*?V!A?+4DY%%R!QSS!*!s9Ts1&|yyALU2#g`i5b<rD}pXOV}
zo?ZQ^zICaNq)a>vS29;jZN0$ZJEmutq-(BDbsl6xg9Nb7p{Dz^Rmc4P&sUzpi=(0G
zGJe=m?)FTRwb$FtWz2!2ST?cR!#??I-8<AdLG|#hyp7BbN3?<>SetgF{O)R84Ff&L
z5}-E>cw&R7*X@K)+q==%=!mX7+p&JA*j;kH!xY9v`w5krH}EbUpTrABWV6l8theVa
z{W{CzwoFe`_KeBs!x5Ok?=2@eXMmqI{WjYLQ|}sYy)u~Ib6EwU@@N@0k?m7p&`<0G
z-(H{yD?81-!5omSMTg)JKIVE$O}pCZK;A1j@be#l>FP3xHiZ?WU@vzkjKFc4l5xm=
zoam;>3{B9kfs*ODRB+(n{z0Lk7)V#lpwqRN*Bh5J4W#@Ok~6_6=n#H=Wv+8E&j=-(
zG{-u-tmSV(VoS++CV2^tZ`YY?jFRpal4a&&WY!0BvQ>-xu0@9G{y-P*|H0MDMT$1@
zoMlyu%a-W(XXaNObG$og0RP&f!^Btp{ngR}ZJW&;jt?C`t7E<+pvYLlDYj^tM7UfR
z!Qv-bM<#1UY!vmeq9SuLnVhvoB%3kSMjLWbCoueCm%!yr(7%yWk>d#IqQ7qkyrccT
zkDWW>YS<0uDUrF^X%pkYW<A8+Ua$?>{kxVlCP3}6-ejwlrJZ1ZUE%f)+-+fN{1Z`0
z!O;XMvuP(V5)~7w39oK|<4-^7M%4JckOxSw0xf+;O8Or*jS!&u^?YBs=ZYtcU*^+}
zfvDl(;e-1BB*9`rC9E27=t1tf;l_Ld#8o(LxbKTE2p#2n1P$8qYDSoP*bH|1V%507
zudYbI45N0N;m+mF^JtjM3F0A;8m}?L3~J;|Y5@aRUNZ3eV4h|?bLrhn)wsKyd5h=J
ziOMsb8a|}t<&TP!wsuxFaX~Z(5S2?edlQs!qs#Ot+HPEKF*h_anm(<BHPsRL13E+M
zJlPxGul{W0Q8P_S7?+bp7r;~P-DA}#%6*XnR^HMMm?iTmtyHPIRW&=~cWMovwY{ii
zO)iM+`nzg;^95S44zlWBk={9}8jVh)I5{v1dOgBt#15?EfC;sZ%*baSUaEbHPp2A;
zXI=)8lV(Q_b#Gq^RvlRvDV5^<Ab*wb@^uEk7Iwnk`b0U5jvJZL+1>xE_H1BdzXEZw
zpS^wR+a<f%F@(+W3%bjllgsy5OZRm%Eq5ib#%BI|IPfr!E_5`KIB+eW_X%akWE@<T
zSPIk3=PfA9pOB?Z@wz!`CgXXERn6W0r6B4rYch5qUfk_0APVUywi>h6b`2Kw^6wXm
zokRbrrwjj!j@jZ|--?K2<j!%@EbFkfJ6J1{+X(uc22X0*kY6S}VOVa~TWDS%M><Pe
z$!MB*YfERQvl*mmANDXvZ{NdV(XM$vVxeI7+<(1ry&z=B`9_D|1>NGk?HH-r@(o6J
zc$(pAVx|$Y3ZNxt)esoKdq@S3m=q5NJD)Z((A^<GYM@PkI5~`&w71K(ea@&;??fCN
zAzj|kSIZTxT)bL2lXC6nCtc;`jXB#!^@qEMe{}=jlSfmsvvs+Wq(Ir8@aV`Q2_Yhs
zql$@?f0EU>SpVdJD!t<utIBS1l0ep*^<!t`AEFM(0UEN?+S*<~{<;jWjukw?w)hVn
zC%l#$Xd}J#`!3%Lb%)oN%*!l3CFafL)Xtl)*tKH&E(R!Q)8P<xzePaHi9r6$B<St9
z=3Zj#Xu3f{vraJL6|JM!JycmBy<<9z?4@Fy3`I_vzPFa_)Y0&>FzDvBOu>ioX0@l+
zCe~nz^U~p!ZDKI7{!GL7A!ca|4Y%@eMQJoeD!YHxh@*nuXi1~)=eUOAJ&Ku?vT(h$
z9-$z}_Dl~fAxDc#dx+yGD#n8jgJE}fzd$i_WOXcv!BB-Nd)nF@17aa1yIp|jAA_K1
zaHmzxNQSf3ULO$)DY3~f_^yP%B9`XhE8P)Z<<#ul9DK22nt+Yz4ttHCc)@^8GA~Z_
zLv~u#IQ^%O`jx8<MVitaW@Wj`%Zo`w+8<0;inL3-xaaGrd&Buz4TDcSH01Y+L$BE^
zjo1X}$?@jo?G)%SI>f5%$kcy$v|<!Zomx<`>rzV7@=hZ_-lJ(qsmw{C60XLndaq9d
zqStKSOu~XPE`m<`EpB!gmK(C<EQMuzEvrPp=A!Z3iYjp~l6;Svu6rQLbKn<$XQYXN
z$gR?LzYF1LosHqqGPfjv(4$aC2ak&RigXHts-<mX#5yMpE+e{K)!lkPO60;IgU$nr
zW@XXU`)En2TO<cL9SF=cznA;M_!VRO_*nbIs5KuBv}|BH2YRfQH|wV;-_-y5F+&|~
z23;r2oZe&DGH4~dUg-W*?ne3Z6iT^wpm8%C=(^V2MX^iYk_?g5Wva#=TjmJlE{#k>
z9$H^v7GTgZoK|ZZNY2>k>s|9y!HbPQ*)Ou!HIwBEb*;HtfV2X(p5~8t$db$FDrhVu
z8T0V)FdOtH^6E~FOfukcyUg}mkR#pHTg>s))%|rS4&fo6oA$*sTHVrrEYe3kb#?N|
zgKqd0(Bddp9YLo&_m5B%%lpRQ^U|e{ByZc=-LU6Tz>`CPXf%=0qnb(7UoClbK_WvN
zyEw2L9UhH2@>_w@l1K68{(4VoegF=CtI^>C6b6D28+Lts?Q(rTq8eR^S=Lz^zONw4
zvb0NccRWZkmWHbPDaI(}gVz_>>o_h17x3jZ$})|=AY7Us>XFJc*i(0v$s?CM-)&c7
zwsvZ1rS98RMz4M=BjH-*iJMqbjz)Ow`YC-s&x7ltQ{rJ`>P-F*!&hYDxtu(0p|op&
z_UlgvMslh9^Y!+W2OXQz*zTE5bi1FoC6?GvW=l{Q?F=Qy^W(kU1Z=bA(d-6ZK0gSq
zHEKQ@?yUj}4to3R{_I~+guG&0o^kXJY19ATgyHrw=j`#@B@^8h^FBMqbo)h3D|W1@
zY1aJ6ba|H*M}ZyHfRn<XZVo~5D-gDb-|OCL5RdjuT!PfB)c==*Oket7&2UjPUhFyl
zX0=<%4K4w>&rCuT8>JoYbiIf(x|u!j>R|h|_TZe}1YwQ-UtaV2t!3e8&F>6s>q|U`
z#T87C_H}NN;}D~!j*hanqZgEa>EV`I(PU|9(69g}t8ckc+OTHrvqM-OPFXsom$3gn
z#=QjSCT#aO3q>wh*@?D5oJIWUZR_goxz*Jl4+A5ucNfO^XOvGJh}hh&lUe_;tKZnE
zBA_&qYt=8T!Id+NHN+K1WAnNO;79pUs)^PajWwWYShxeZ9{)=HFT>l%ms+P$#z0A9
z5(!S8FST!2*S(`*JlsjGJo~gv#S%nA=iq26S+F!7S$&+dW;S5K0V&G<p|KGg&X`65
zh~2G_@qei5K<$rSc1cCLePffnr4;^d4euxr*&Oy8@-L`74=Q6b(+H=_Y}M<nk}jPo
zE7Hw~LFHr~084p-)bGKbO_XTWz!BqKV-}-Yb+~#v05IMJyHPV(vyy_7GBoOrE#CTH
z!uY(ON0#yG%F5pUu}HR}ysqv5P+Ut3gj_Wg7EvT5rD^n`{Cn?P<NO*dH9j6*ZGAl@
zC1<<RIq>!-Dpkf*8;9*j@=xQ!;syQ0e^=a>-gyn|nE`~N8kw2N+g5#4@pNg@VLCe9
zb8++T9q+3^{9iM(FSL^>|5gG$MSyN~^=yemgrRWt(p-%Jnzglc8M6q8GXI|z)LrF~
zV$8G53pAtagq{Nt%VA(bL8L>&+BmcMy|dX|9?^g62A;;s)Br_Nzr_m{61j(`LL)!M
z>g2nB+hn+4XqxF}qwsoqDrWr4qgO!u`x98YV9A^&W5VEczlwo}hxfFEd#S=T!<Htq
zyrNd|@W1s5R9T}ltv$YfdBP$b?d|)mn-W*BZud*~e%)WjWR&B2zakLPogr9Qlpa)Q
z^bU&4y11y`L(~0Nw6Cy~t1Vd;ES*~mMoi7jZV%T!_ciYp;Fiom>ocF<TJc||zev(T
zIhk^@3I>j1Q{j(#I?$q!FRf9F{#!$FfqhRiQb8xC_z%7kL;9~yJXw{fEx2M1M3Idg
zESh54P-G+|^kvw6){h^M0|u?B-Gzuj0bXYTDe#xx(Vj1Lgds5{Eqtf0-kCEDj06sc
zd02oO74cV*^8^J+S?S7~C$QbFpY<0@o|4Y^zMvgem;%Zqj0Dk*rB3{&Od}^xRjbya
zcIvF7Gh#{RqmKYh+}g^0@BoGJ7a62MuD?18{HAM!MQzD+8C@ZbK(!y~xvJ$Be>W>e
zgS{NK$}}EN`3u`(1VLL|Vm4tCJ;*n2`7>>d&g<k}iaZs}vhi<Bh8Q>iI1v3J01{~_
zuik2+g|%LPqObQkBgSRPnoR%SNdQH<)e@Bq?Kh2euoUV!n+J!+Y7$}pE1MSgWvvw}
z*1fr$`c_t=y1FA1T6*5+P<2jq!;@9&v*w_SwsJ^=O6g<&O8-|3wQ8V@-&rOd4yWUQ
zF-yuao@7d*`i}ERT~uXsa>j_m0(QPVp;V{F^`6wXpze^6==D>c|A=i1<wE&koqpxS
z__&lr`GTs&J|6%$W7!B&u}IB-YhZ#bl`cVFu)dDx=;TyWKSwf_v;_%TzWO;}TD-8T
zsVU+Qs((djN#!zq40CvLve&S7`#-v?XGu7*wz9gaZ)H^3gAV&|xroSpSu=n_-HPq@
z=ElCpwZEqaJYhs-Sxs57;+>rwAf9XjTI>(1I_`Cu7&KYqe`U*3sMDH3D{;k|gp@Tp
zgHw5Uj5SwDBcqpxhim6}J4m%$IGKo&H>3X)wvdc69P&TP5!6P?ef<ZQclqO)PIE&S
zRT<`HH+`dn`44oQL(Ub{T34p*nunet8stv(epjn;+5|;ieZ8b~JHW9HNoUsC(Xk#7
z7AcnE7Wj{m(*9@ZMZC>8)4)GlhyVDAJL8Y&BxJrYQT;(`o%ja58E*o*W8U|^t@W%^
z#PW?yG}|+4kOpcXGg#L(GnG_2>}#hV09?W7=pJDsM83FG%V@Z@KRO}u+3C~A@gg($
zpvn15M1Y|jDX$Am{My!mqX=fxMwiigVcudfWCX18!%twJz}|S3-U!>5lIbR2U{xQ%
zZ;LtcI21XrtI!~*oc>(N=N!U-gITM$E<;3*-`kNJ=A2f7{2lXT*2g0|tgUPr-+TQo
z5F-YP3*U$Rqv8Bxrv^V_UJJs<0~3}V%CG`+Jk!?ib+|n^mR^$A<0o&Mce1#0=uce>
z7~1fm#!-TNxsmslJD*PU_LhF)*4Qd>zU631WRyECw>=YKuE{mv-~0Z$JC6yJMOtz2
z{r3F&s@=-)vii@mNF(_-AfHLu9zT+;vn{PIm1W2miiUzv1{>1O!EV*w)+L2D3L6vY
zQ6^{v>!HsoF-1=;T95;}{Q=ali6SHPh=FIu!Q(fZwb*6kT9etn3O6@r%KCFMwTu1^
zW%iIWu<nK@Alj8%ZSlnuNjyKXdD6;Va@B?H@{?~P(0cg&4g&~2j@8m(0=wj-vdoba
zaS0)PoaN-d@ybZT?iupIn$ySN!M&qJ60a%qd+s>LK9SJ$Gk)y(G)18qTLS*bSzB)E
zvhOe7msk!Lp=(V&avNG-+cg;%pPC5j<ObYtH@61!CH5!x#9b2su&>VeX_!!R6SP!!
zWy@8x%Q3x4X25vMJdHHM*<FrZEsv*SC!0r+-q|ekSu<krdbaP$3}gb$cbzmKg+eC=
z<gVi`$&A!uofD*rS)L&`rW#9?Xvq}bLTDJ{R|b<QTS{K~>i`5^@J_2ZP4@SR8(z61
zq)EomA$J6ni~vQT!?~At+xE^34wjh}y*lWKQCm9`B#}wZ!O>RK)fS^ZO?gJS<Hex8
zEL!A2`40Vw*vx7dH($ug@E5nAKznq-iXtvxWbO@1zFl=$D*n4vXY)}tD+|_gU$nNJ
z=J;7~M*C>GF;M*Fpp&dnYkL>tj0Y*-={BY$Y^d^bk8NCYqDOC&lo|Q!hHT6R!OH_|
zFZ+{VA$SCHa>e>Z!{7A)+95;5xY|p;7z*wgV_tOmYxKUKK!ywA^QLq)oqe%C(Dkka
zQhVk=#tUNdPjPDYs^c!&I((?YLlfU0mO;|Wu8GT2u<)B9!u~<VuoJ_Z%bW_rRi*iQ
z3?P9qk;Y`)E3Zxgk%LjdK$)EJj7L0Bl}*XsuoQ)7*U)mVK%w4vk#M_luR!_)dq&<b
z>`$KaRW{L9_qbub&&l9pwm&h@{*hntcu*-1P#se48;&!3M;?z*mL5n4`DbHpr76+U
zzQ{pvvebQw#dux8Ez!rYA$TSD2^ZMU6eheJy#~E?CDGO6yvq3&A01n?v<)Bc`H*|v
zYW=X%)t^tewFl<y?4c~%{hjDh=9FIh!gj7_It_t5*DsJ%7|7^&whf4a8;%yAJJ?aP
zSS#Z;&fH#|T!M`Z>k$ELy&{clmVak2<7JtC&C#mS<A{d`u%}!D5MP-~q*;bk#p5$O
za-8I+^mC6K8N@c<z014)agghuWu2sc85z8w>VSVzIUvFb7DXx;!z3c8{K*V-0aO=&
zhJ}^#_v6Jg5E#zD0$DGLoX)0b6uvcfUs2RRaLb^J&!bOk=4kYYhPPQ;9tAlkrL>mU
z<osu_C-N|>J+DcdlDB{eJ3(<}wP2C0w|2uVon3W!R;P!q`L_eSnam7~<RonvHU7qd
z0-c<W`LWVfy&jPOiNCmyk$oI^D+c}h+i=V>fM?dme>u0wdH8dR;3s)ZW`Ir2N3j_B
zM%RxI7xW6PN*dqa5lA}w8gw?<#P-K-IPJ@M$3Dcy2Ts~;45%Q_WvP~b0Uar*9RVU)
zf{s%)Pkq11C^kz@Yep$Nw<`o>`t7z7tgR!L=H;&)1%#K=v0CD0p|+?Q_iQ16uV{C8
ztZ)mz#qidiNJB#KrCMUP<a!5B5nrOQB{##novhd7_NyX~XXYRPtO(uVu?3xXIImqg
zl9>~bUj}9S1g@=+sx;+7o++4d#nDi+RR>>wa<z{3+xQ08NU~la^M!^MKsriv6no2f
zzUog_X$U<vQZ!_|VQ*eoQeAr%|0y+FZhj@hoD=?dGbBi{YJmP(<dBp1w9eN%Lu;Bi
zZ-ggsH0tM%Uw${=txNFFt}c}|Qp|x$f%XWqqf`q9^rxNv-ob*fHV~BjWf5{7RLJIc
z!EbReldd7`q*3qkbLaIDO)MuIR>HdRPxMBn?gv{dsb2nV0q@n4#5dP{ZxLid;^stw
zG*ui;8J>xL!1E{DV0_IjepQiX+!|P!&|41j5TVcr@$FeRw+j=V7~BsVcnVR~+M*Uy
zQ4TnIg*8pq9{}J8S98)hfzh@34L;U)>GC4Auod^DL4WkuiZhNJV!QFF&lLYB=M8Su
zbRB<whcyoMN2J00$FBS}f2h8Zp_MlBvdsH*NkP682zU7F(@z3X=uYX$1NI=h&#>eE
zh<<XAj(cM=`h@<IOc)?!fZ9H;?W5Culf#$zi8MxDb*3&ekH`vKt8cKipfEUJ({7Cm
zPFxIMyrr0}NTb)FC;T%|mlJ0r2+U1sIbi{xa>U8-!@tlW{89cIBMQ?LZ@UsY>IvtM
z|Dyj|+_=?IxR`HzM)X!3uf1rT$5~_ukROP`RyIZO5Y^z6Bpn&Ta(Z5u-Om*2@P^*q
zt`Kp=6D=>&=&$fd7)!ac=Z+28+}hdM8wn;=3g61e$cUiULf+4n?~JLXaFQv7^@e!{
zdYtj*%Ybom`;Y|`7a`>BA@2lj9k9-NxWB;$*z1)yk<Cp^bTaiI#C|mafgRrwUJS=T
z1v{XY$%oPVKLw0tpaLKeH5C8k<YWP3lwWw3r+@<9=!1c&_>Al=B`dT3QgY4@>IwNd
z8~pFc*(R>sNwXp;z?0zU3<Dy9I&gh|Z2$YXUl6??cR-}oCRw(@lRRQCo@eSEpU`Aa
zDvV{cQSFOl(ja)ab(A~QR*A6Oinz?Ka>LE}IO5>0ml0Y|DMt%H;ZC=BU3+Ro)@rx`
zOnq3I;bSeiN+0*8T;;cFL)H~IeIx_08{c6CE?0k~EeuLx^teLv8#?uno|)co`*JgZ
zY^cE}k$n?x@>DiC$Lr>?9@*Dky`kNKOD5lsTQINZgJNeqSuu6Ec0(z-3v&|*92x!z
zV<;hUr30XCb?@RPw&NsFD-C>=9IHW2)A-R0`=i>dqI!hGzLUAh9T!&Xk$gkEt0ztk
zGv3vk7pv(bGLo~k6H#^rj^P%Q71NjumMoOQT#}5JUr_xPv5qw_ErAwjpjNtNrJQzI
z`DMiBTOf~>#bJAt-Vjzti3okOvBD7}EOPs+;??QaHRadd_X-fG3MyIw8P>JWW!1wv
z=)f*}Y&}9>@o29wb}O}?YE;hhj)R>>M1M0o$%?7C9$x~oyVSVb4Vl|A;mPnmD4T4=
zr~B$TU0!>s`3dXvB?V+1f7w!BngKC<frU|2B#bh7YL`P6j=S_g8MRjI9RIcnFr2ju
zkrbHiAggu;$+YeS&FM!)B~rjr7$SVJQ?=T001Wj|Q#^fiM*)7Lp$rlGOFzCh%b4pL
z$8cK9!A4h<GcPdmek76kFfINJw;=vc378`(n~VOung2P_8=)u4`N`2&ZVb`M#`~c2
ztNiD6YBrlZiiiBvD)DbYt7>}ik5Vph?#U`ZU+=`L)VI@O!@<<}&~+xnv-O$PKlq}#
zG?+rcUPH2^5TbGf$)|#j_I=`TLx!wHag{a_Msv24UhY9Mc>m=BJW~(hdv3FT(7p`{
z3eO%9Dyu@Qz}ZNsqC#uex~c|FB9xhOarqO|Vh?oTBa!=DQYN~jRNBhEBKGiFu-d(w
z;WI-u^NoaeO?{*|1in3SoT0m}lhEdM{l`}Nmi?ChColrRsUQfW-gWB&&bKPJsXhsG
ziBD5ag34J^e62xnf+wcW>deu@Wg&m<lRjLWb!Ew@)`C6Mb}uJC>5)kD&Mo|*(gXpZ
zc<?Y%@$G=(T4E_-L!SiS3kPClo$CRuG=}wS<_FFB`{0bvJ{IH?w>_&H#>fC1ET&^G
zXTmO@Uy)pKShyrr?H9#58(Fk!VK(}w>MYK5DSk%=X^6}<q>e`0YN1TFwBtz_BU|p2
zPqWLaf`XP+Fr-gY*F9WhKpYV<<Rch(KzpMQb(Pp!wUjiqQVF<CUPCaZ=K97)Cl`7s
z2{<a*1@6@3qlC!UZ>UO`=dYRdM{ygit`{;P>)uD5PIe0v_|)oU?3;E7d2wQ3&5XK#
zQXSJ$`}5IlZ}>61(swU5LV(VihBkMU6eLseHQz+uic9mfz9Q5OZZvb+GC)mZSxW~m
zZqzP)2edSWQrU=(Hk=8AUp^#ODKWF|m54*>=R!i2cME^8@KY<dstlT4L*{JC)p>eK
zCDX=6cVb;McIS6Aqb;-L8^%J-mu!LY(jtl%z?Cs~UIJn$5w*@b)Ax4G(;oM}uE+?*
z@r$KL57w&~@oD+QgbqM`nba9E=%%rthAm0oZAq>Uulzm2(=0Jxss@}6%;0jorSSL1
zuJ*gN-g3tAo(M^7b~A0q6bU;TB}*H3G#P`i-`%g32pK-y-*n1ov|P*!N_nIe*sH*1
zxG&mC!I3aLR<y0U=zUgRQuJ@|gFVyB6bgRfFIgSHw;9zTVTjq;PVOwE!9hRRQ5U@Y
ze|USVsJNP-Z8RhSf)m^c?lQPTa2YJPyE}txkl+&BCAhn5aCdiicZYxS+V`D{f30(F
z&c2w%G}XJit9sXT*YkAkuh9To0+kO<3YAWn$78Re*J*1U6<>lw!kZM@v<QQE$I?nY
zIXw5N4~0HNPtTWryhrMj(CRwjK*u8})v@!4q2^s}(INNZg!aPf)KcJS&Z7IF63FRd
zL@?|~FKyA8gqmUh+nfd6Q%rtJR!s6<{#nJNr!gh?w^mvC{*Sx?WJ#9SA1KN{@thKe
zhT3-}6Nf)A_#?YUJ4H!J@d@7b$_+Z2N0Pr1*WX1F6HAC7Bz0X#=N3%3kg~QiprWBA
zs{s+Tx)=N$3wEDKSfw(yXIG92*xpeOV2au4Ua2S+aznLq4PaT*ZVj)#3yWgrtXfPf
z3iry=!v{qRIoTVZ9A8H<$uBiHwQ(zXwEr^fm+#Cb^b(&)yoy2Vm3pqeR-j$<lIa;e
zk<X6UYS-s@`<R~<-Q`tIyW!R^98!DlKmVQnIp*H-F{-IYh~v7?h=7MWuAju6gTH|A
zh8nory*6ezC-~_?lj;;Ql*f_YO5p8H&t~uU@&ofFPjDm{5Nvh3COMy#j;Cck`Ki{r
z8gV}UGry>dGlRy?4nS@`(N!})qa!udyF(yORUE~<@G?{{UUGeG=xl{XtD3k}|DkGy
zk7@HJB~|j%g#%vNGEmz@#yc>5y85IZjkb6s-?5k@A_8Cd_f*))@Q=KGQ}wnf=%W&R
z!$q@Eo-H!bbYbnMpDH~^w(x>M34RhxNq6y75A4<5t2A5k`$~lLPc}Jv9IpWGa#jAH
z8j1=+%;fW*1wRqJri3}?RlY^eAkime^`a6|IqUvF-ZV0qBm)Ys=JsfjF`bIkgXR2P
z21wV)9!FO&S73?!k>7kJe24cFDUVO^Y#kk+RJx2H1O<&avXH?VvR9DcnN36Q({|wY
zM;2@u1~N4tx5Btfy2K5G7Tk@rPb9p-<=|T)3w{sw9R}@<y_d_CWTmA|_ZYN;gOe&!
zEQI<USDYX{f%Zq{k08TOiGU#}s8v$1etBTgf9d)4f`PS-;6YZ)aV#k~srNQ3vA{f+
zLf%j{(jR|Salua_je)6f9de6~Mxj!vBc@BP9|dHa>FG&??w0;3c-QP?!>+{qZ&z9b
z$l;i>v$NHzEWa9Oa%R506)089>~{10<QtGJO?Jc@fAda)AQuSTwYp>(R{pE|pNP7L
z26Chl{rx{OJHNuKv)K5F{UV+&Q%YE@Jv45%S}#pGUTjUn7+G3R9t$5$YpOOhbNl(o
zB(Fq*6AqOvk5T5KWy*r1cr&q<?;9eMPr}N216c#MzfS(tft*}M6Tv}!dg)v(5@6<r
z!XNovh<gX|*fv8*pxEcZIJ(Hz)(-?fLf#z=#eRfZ-5#77N*dEuS5=*CRB+b3YW$3X
zV>v0HP+m{M!?Im?SW#2ctzIrB4~)M?XGko<362aU0bFz(4fl#hX8Vy)4;o0q5_MN+
zXQE)E2X~x1gi=Vg-&nSmc?K1h@e}!fH^DO8?dkH_U3O&#ek-T)1^#Or+0)#Hk)+tz
z{^(q|PcR5x6ViX?)gQH9plOEycdLn${*`rU0~h4|WBZ^vzmG}(ND=`>|L2C}BwzoP
z`4kiNMd2S+`w#4EJABY~!cdN9XoC5-2~9FG($}M^=mE5UO7xge4FAl~KVKQKVVM4&
z4#<LuVgI`|^4EVl88nyLTnrbI^)ogWD6GixP6qK-RW&iYi25s$9{Ey&;lK4aSxrpx
z`#M%JifM~YRMpfrb!|e^(pGbxqW@P1`)wC6MLQ;2i5+ojbAoknEcl;&+P`T#q`Y%z
zP(BfkL>wtNJP3#bge+m+RT{rqI%!9Wd3Kaeaj9&Kl&zQ^Dxk2pN*<qpj&*p`Al;uO
zT;ju-8G>w@S8K|3AZ1l>8U5G2joFV9=r;s(JK^{lTyytZO~>1COU+d>gQ{80CLlC<
zs?vKx*)L^}r|`qcy~VtqJ-=ut<TIJh!}@C1#*qAF7M#oW&p}y~SmC|HcfNvxFfedp
zO43h1q?wY&(lF|av>wh=8i!N3d?LBnvcf`pLah~{Adf=ME?0v1rtcIRTphUG$3!<&
z3-Jj(UpQ~l;xL!Ej;ODnobWtxT(g%s`d9rDB<zcOQwU%B#k^#As%OnEr>?Jbuvc>-
z(wn$bIWIBu&rB(I=fcPOJo|8eOr6b8J{o(}>Qh*FpGm=3X&*9lYi!k5>Ft!a9NZp{
zRc4h7wpYg7=d=<MEN?6qwl^jni|)h|GFuM|3~IE`uT>)pZi`wReIKEDMCjGD34I8)
z_DA02r($IdkBwEFoIHh2GBXqX_U)U5v^4WU8)?kLa*{%m84`}`4_l`(`r%^MoZ%r9
z1AUR1UFm`HVBNd!yZZ-mT562g6YexSD-W~nt?u;F4F*b!{B^~8xDi;>PYaK%es3HR
zUzIBEa0kvZX0qM<aOUynf!EBYsdX+Eiz;@)2%3WlLV0$8&%aZNZNg3TBSRd_b^J=(
zpGBe%oL}G*6`H2{YN$#`49Du>(^?`cSOm7h*81A7TvzI@%_@V(l%aHoYw5v`_mviQ
z`j-|7uULXr?;F`uSMiOh%vuwmMAPBtx#bfH0^-hUrc)>RY-)tZj%ddxB5f<KG&bfK
zSBCLvbJjoZMTylc^C4sv+9Qq(WIfP#eX^1g)n2+~|D3HARyV%%+~5FxWb7%*iVG=c
zYjw*jHFvB#Q9;h37MnMhQ(B_Kn!-mmbryIS;;^;1!>!8h$;ij{#)cZ#J)m}War(xm
z`*<-QHp-B+p2-*%;u{x^9-<#Q_7tjCZ;ZONgf7$mot9?Y`;cw6JoRfi3I+%JeL#<e
zQ-z@+b1J$(W%lg4QHf5q&)FK~H3I_|0wM;CW}{0qzPqfR9E75NnfA6!vTtuMltrxO
zomKo&<H+tbmDBCK*>5b2{*z$_mVuAQ+TGFNNAn<Nm`HXny_?Rl3&01fUuDlN=FDBs
zlV=2`cr=r@FEGHQ>hu{J_Nw*zGi<r?PZ;0pTy*kE5~T=j@b?ENyceBz!JLA$JVty9
zYoo4^i<*Wx%AR!c?79lQ8Co}tG4Z(Moxb`f_Gc~&UJGSw{f+5hkMSy&y2$2_!$VUQ
zG7zz`QzfbG{Jg(EG6sNLuCxV}n0aVaMtP8oPum<`9hjIgEcIt5cYxS0eBq&L{6AS|
z8|QM*R6wdN9?Vj2sr{KvKL}f;%ID=;Cf@GNCz;|I*19{XP+iLH>`F+@sQvrljwV^m
zw9(#1mY6;OOSSCG>y9Pf?)Y*VO|%1|64P_DNp|Hwck{5hv7p#re!AGPkOxjCftQ-Y
z)dkSnJ+ND+$qZM#&T}3v=rmy_@<=hKQocY`*Q@aQib~gLwWP^U&96v$1Cj0CNlq5{
z)oiQX`_qZ1rM!UZLYch?rAisDp{hpiVDYBz!Nw&R1s>CdQb=oclS4;uT!w1X2-?&k
zn6CC#_T&H}mY*8+e!<co#`P64F-}rq1yk;kpd;6M3VQAJFDxT^k`#)pWX%_jD5qN(
zMy_c5Pm_B?iY5HdQaY-nB<2-QMwfO<7#SvlPrYPvAWMvA<2BxxgyMT^YqPPqEGa`7
za*SK@Gw-PV0%yhVXNLR>&C8x-22PfZL5GuN1bYr)A!Yi60Zujoc2Cz3@65YD$IE7P
z*UV5ffb3A=63+INaSA3(=4(s|o~-kHM^ost+w*O*^-0s#dYf**!6&865itYTd|&k5
zpsf;}mgpEgQAQ|`#|fS?Uh9?rUcWCBZ|{Xj;NkqrLRWIFMuVV4GU9#uSW2S_w}<N1
zrU-x=(%_toUX0hJq7d^fb4^3qjNcqzkD4;V@!`DLW`B3@>*mf29tV1eRZpGA^$L3p
zRV?6BXB8f=Xhfz}?sLw^)b(uyI;AD{y^b?iF4+2q_)5Z>>@2>-7-%HWQWh=U>RWo`
z5eI*>-l$;ETo@wKnj44qa_>bLw;|3`NX@}K)?TJ(N#YH+#<Mi{GK~!j2Nx$Y>gTWK
zGAU%xw!D*mD3FGXNywWwWZoOV9E${P7W45~Jre#N-5~eD#prvJ83(7im-t?*$El^B
zV5m`1>$3Y8Y3IqV$c7k@nr#ak;giEJ=kh9-r+tYg#yHL=ARtwV$a_fwc%lG>pGmH5
z)D@{yP5q_yO1aCK$;60;`nE`@UVCHtmMYYBSZ7$rgO;}|5#x97f`utl8LG4!ynwV>
zSRhL0ET>dM^z(Fh^O|I{`SqbTuIHv2h7FGxtZdcU^4Lk&^nU9zXC=p|AGiFkE^#k2
zT<P_sm*d5{fRVs*134vlmAcB!GQkCKz?RTG;)DhRM21iiwD(+;aX(-iZa`6PAmF#-
ziq9;@k}EnA4de%fjL>vdmc5cI;R!ytZwbyq7H3kWKEaH;$>rKZ)C>eBGT&0%_WC*5
ze935^Lk{%qsZjQHx%cwZHwZ<@#L;Kuv2UO*0?=(ePHfKPAvtP=X=+?zXD~EMGN~`8
zL~hJ|<#RZc^E+wB6W*Fi-~Cb3o$(k)v{phfU!bdTqCk#d<FnOjUg~*p?*v(bAog$)
z8fA$9$g;B;OO!a1-wMw|<Ecp0U}97G6opG;L+vhNZ?0$C8_vO-do(BNZ28$jR*bjq
zY|5=pPtFSTjEYCOuOEoh5IU10i>mjL_EMqoD{~S0SfG(4a(;ce{+Z(kRi*XPRihw|
z6w!%Gk%_(xlcT{A%?JeuX3asiJhKs|2K8Rh)i@4YYJ(Ik1_y`wXHTM5x><r+({F2m
zSu)00?-47FuD)86z0X0xPYbCIr5i-RW}@+T@zU4dWSSdjp&%mqoIOE_`qoks5RMg=
z;_lV!c{hb>%mT{m#n;=|B<VgVzA&EJG!?36bf4ij)J8F<bl;`l_!a`^xN7NNe8F{O
zT)yX2r!zZpZv6ltY<pAdJwjcKuO0yS8J@2V<w@htJ8p8>?e>^WpIA{Ztk6V>uJ`gU
zxWK`(9)2&^BHmL0n%Km%=w9xS4KLsas12~2DvX9Cl2of+*Ap#`D%#y-Ke=ZZ)t&ii
zBTywS#hGcxviY@VCb{$E@4h?>d{10z1M${J$^~<=#{4=%Fg#AJ#e);?YPGj;LwfNm
z%;uJ7$`7`Wwzj+VAf<QYGu&L3F41ZYM<+=!D5q4_(BRj?7{ltkNvYJ;j*}t0{-sv?
zt--&{V0jz~i|cBf1j0Dobh%Kj?A>Aw&GC{u-PUr>=Nf0Ye3XtlAY_PHE!ypEZ-^oN
z@sd!`XMrADnspzOC<kpNDjPT|6<K?16>$2Nfj;RnDC`LgdJ(%JON}r7$Ve5GnjwN4
z2^Z`+Zzc0_zdXD?Q2kf}tb6+%yeV73@-p@L_?BjqsFMXqrI;`q%u1Fu&*qEDGYbTY
zoj55@5f~g~@B^OYn072wI@KV;{oo>Y5miNxjVG=T@EBvWLh9*Yb=7JBR-SYmt>!50
zBm6<?xkNiBXyY84hJ;eWiq!i&7Z&n9{(jXDCwFRiDn$zAsRq4k&)0kDv>A0s$bvyU
zu&^*&*0z+N<tLKPM1(~^>>RO~KN<i2`MJ1je-y}kxK`|ZT^zpPKo{RS^`T4k+J6|S
zSz21K<HJT5Z*EFEQ6a=6KcJMW#FkE}>33o6%GZ^tMkwq~RqLqX_cq>SKV!1IFdF7r
zx{w*tzhg+;ma<#}g|i4qbM@S|))V4w7WUfP@2y_{77E{;zkOLi6oDL{kIzxw!bm!?
z_?8bJ!FkgX!dwgGIm8`D3$x4;f06Qm5HC6Qs13wlzmOi+aD=DM8*IaO04$GeHyX)x
z!K1k`vhACUBt+5GPPWc&&sItE_-KtaR>1JuXQFV2Vib}hVh#`ehBZ*5H8=6(u;mxk
z&TO#y&FgiWPLhB37jOnS6hf}Vs&e$eyFE+HCi^=eI;f<YDpwd49Vw*rLmf^<U7aA2
zPk%ul!&X*hZ65~YmE;+d>!YBtj86YBzjuz-XSxvONNs{)G{J32KZ~!<`Zka#85a?*
z9i0tk;r<y~Jtbx!&abS8N-i#Wb_lmJxBgljqX>SVqisN2Wxm-l1dt@Z`VuN#o?NpO
z!m$Je87XmCU=ukx4A5PIcriQ0CBw;>xFEwt;X>$gJtR@=T)6j0zKMso4c9W7TymNT
z>;=V0qix8G$_+D4<^7C?l{6<cVFQ|sEbNE1$G{pJ?-mrnZ-96IZH5gcg@x3VdH0hg
zxpG$#)6;%M=9J?FB(-y%U90_1Iy)m$HGAQ(yO~9%t!p`+JqSR~xE1wym}BfYU*5)(
zZ<V>GaYbl#@LQ7`ApabQ9NVK#$Sg&hOHA7D7~Wyuv&u!EcFD$zs8#RB>y%(_>6(DM
z-!i}+Wr?jrT3)^~-|0!2_Qf6Dx%xn1s%&Jt^_Dr~xQ22z_Vf}VgT;a5aNMOW$@O>w
z91~q}KHa<J!_Qqr$Tv_!NKlS6T6i%05<ZXXp2#}|mqFOHu3g7toeZ};P*!8Yd+3%J
z<>0`^&#)8@F`guHK`M(-NS#T^xq6_yMPKDL32m7eAGvAdd2Y4%<Mw9NsNn+fgEw#N
zgV8a8K_Wl9zGBNt%SDw!L;OynV=ffH5$K-E@I3l`qAw^|p<@M+yY>B@uPw+O&r%>f
zyhqo6n&ShtjH=q<IzW~PdkdjEJKD*ZsNK5dd0n~Jw2XhJDOE7&?LAFuDs2#K3p=f{
zUu*UUyFE70xhRV$TG@S|{L~6I!solUUg}v6PSc<kj2JbU{HdSO(Y_&2H1$>YN*A3y
zf)F70W5If4tLgRqV*x>7m)?>M<@u$fpf-ZgA}ZhJVsw$q_Mt!oCZ}H#>&pOiu)9FK
z_$-|Fu6O8oWgFP4&Wk<H5?>rxSMj7N3X4JKbj#Mg783KT>QBIPWrhsYaNKH{7vsl^
zfdQT#=989rhD_4kQ&XXKYcImK;*4FQ@Lq?HXnUg9r*arqL1{o8+h`YVemAEw!QFnK
zm7aS0R0Q~R(d=7eqD7%K%jwEzhU)x<VzQk@?~b2ieEC|~NABF6rT*-<AyF0M<6)M$
zkYr0pnZKl96B1;Nr?e16*06*_-`~+wKzh!sUKbdPJr7_Hb07yBEm&WB9oEu1qFFMf
zZs1EryLpkXy;h}Vie=R<-=!TjdVY^Go%u1y=hZTi$5*!a^i(;dgUlTsGNJoL8&XLL
zP?Tvp(!V^si~@p0V+IY!UW4}Ji#{U37bq(!l4P1rm@(u0!eQ+GfWr>kV6+U!1j_$D
z^zv2}0)i7A)*MZhx7mzG8=OH+QM(62<$2We7}Q|~PH)XIV--&V$VIM3i;mYFud4uy
z)WV4@K5O;36cd@xdhi?156wAdt%Vx(l*ZV7$KR>}=(Jx>JE_X@b5UF#m@ZVm&E_-R
zk+aTna_FTPC78XMG{nBcfP~A^<m}$)^0vD_|2pcAC4txiJU2i&56NXdjZjuA!^W>G
zvz|9@WzCz}+T1<=ZCSUAc-o+9lIFTUVIMi0Cf#Ux=oN3}mKM?D@aI#cEG|DwRo^T<
zi0Jh-O;RM=_U$t<WNRtHMI{oXbqI-!lf1u}aqQGiUl(2a&z~+V4@Z+_5xgq(BL=rE
zNhSQ45<p?n!hKtZ8Zs_orq;13j!jEUX<<d2%&*z2x_iSgz(=~5o1>hy1=pdV*$!+^
z2P}C}NE$KcVIjmyyNffRj_c=UE@?_<8~@;5NcKHp!LBNAf8kF=>FC_tyok4Ts%k6V
z$^(OgDA4X2$H(cfcI_pk{VY*-2IR(2iL$&Gk@}&sbIt{2vg^x(oR+HGF$fT%nz%?g
zo^~LCj$Cc;ReGbZ!yApXOI3-k%|hcCo}q0caIa4~ML4}a;qEZ`?@GmhM#K3TmlK#V
z4{c)D!<#ZyPEY8Q@2q~YyXGr>W+Bo@YB$H1ipL|Jt$L5|&H_#~)Y*cD@5b8Evp?4K
zgGRO86lO2xxNxBrGtS=43xJ7Xw5qrLP6sb|L&hIh+ReK^6AU7}p2_8ZC%^ODbF(Hi
zCN*7RQPz_Bz3Tia#yh1yNVa|bN?zgNri*JHM`*r%N8s^%E=N~TKg@JF<>EDn;XrdD
zxyB-p6Z@CG{Ek*{1m55}SiDWcj23M?DJB1{Y+Bq`2vwey%ms8l2XCzan}##+!2Fs+
z`C!ItNZbYOJ&>r=JN4`Qg~8Ii8z$o3!meyGqrCk&QCka~3O0X*vRG<o^kC|v2{#H&
z@YN7S^-Y9i2gVv;XYL{l?-74ZHofDg8+{H`iScdTyRaO4qb|JHka78{qmSh9gq?vx
zUV5EhbgnN<RO>bwp?=%yvub=$u(LeJUh|kw7zH19ANlEo)_>XhEqt|aQwdYTzG%#Z
z|E*(RmTzlIuN`m`XoJ1j4xnF<@zaP!G{9i=T>Qx8lA|-h)+Ut5Wksa0Rxa{Lhm3FJ
z_SP}XzsKAX3<sOZQE%8y2$%Q(@*Xs-*@&`Vn0_&B6g%?D`)g|Z|2wsfx=mU170=%A
zTq!<*#;VXN0bNZ32+xva_OJTqev#Iy9GeAmTgO>q7RHe#C!(>E93u~3NOooD=kvOe
z(=2@yHq58#_kch{Qqdj=ia=6gVicxB+s+B<<bEvlu#RQK0kJ}+2S$bA3I_EUQNACH
zVjZgkKHdGFqQ}?OYd_#0x@FIqGFI1g3QCg#SPd#ltn^^jplnH=_$R>;R`s7>ri3x*
z(k+tTp)xWo{NO{-l(VtXeZ6hQQlPIk-k>M0O|LnbN)~it-Jc!7^c)mXrdt$?#Ti>0
z!mwpp4XLuZ%eIa{V%ZfYJ6snIc&Yg5S3i7Sv=9b`o)*m0=$j$t)fL|?Dt9@N>5M6<
z(QT){KrBO1AWV?hby!R_{{&6~D(Qq~eM4`>!y<f~HlqHf80O5zXmdoTIJbLkb@sB4
z6Cx|zQI$z?Y79$x8(Z>3UaDd2T5B!}PTk03zfjMY07_Z$7czh5#0c}qAdEj=H#aAu
zzGur+#x~h}TNrHtWSlQ;gl%XPnyB%*qpD=lQpz>4JXqD}a&%tXDa?DaLd;3tT-Y@a
z<(UmNCc@%4BQ3MOyTH@nOZxzEu^$?nFU&{tyMN?n>%m}-EUTooP`i``BVo7VUOb+A
z&HNL$H$i9lk!*}+&1Wlahs-()tU!!N{p(Gs$TUHnaK6rIy$mL!EtpO#Nx57%r4aRx
zAp5N`55T7EsNpbHj_C15LeyH-rYhF$4z7H=q}S$Xnek;pwkqyVdG|@z-AHggF=jio
z^P_%^@DS8GSJr%#>eUR{&Bc%n_>8KEDS5=$I}6}RG{(o{<l%iCHq`i)QV&+2{t7G<
z1EFA`<k}Z9@>p>pyr>NTc3&O};b%!rLDCI*?1S-b%FZm5AUL=&JnCohKOVV8lg*KT
zh^<woPrvieC-K~%!Z(C&oZ*U^hP8GwowY8uHxHJBD;Q4=G%~|I^N2uxtOhf@)XGqV
zANDIQXRQz{1KxpYDG?}nf}6D@c(RmIfzFSUd0DKLdh*?*IeGjVW+@kzWSN!Dy?pek
z{fYwN8_Q){!U@Nn?t~uVd+MY9&;ik57|;~WVaFyo5P|Ghky-|;59_FIY*fEb(zqWe
zAOt!J6|qaoQ^~$Sg5#QH&o&?JZ`|H}CHj?g2KmGP&)=`?@1>g<dRld(`XXi%=f~q^
za;GSQ)Z75U9nJdEO;;w;|KS-G(S;1);C>LMR7abnih7Eb(L_`Q1%a`-cGHIsQrh~9
z$sp`8l{Q^vGP8w7>aWF^ph;5Z-!Nc|BPRCeefiLC;=r-$B#MZVoZ^oNGO~FTFk;Xh
znu+o<hP}x{vnM<^_b(Sf{ycb(V0?XjU%<nVltE-tZc893z_Eg}He3Nk7nVr-U7Ad2
zQW9e6t=A{;`2|Misb5n```C~0oKQ&zW1+e2=}wxZ<u+Cxo)-K@bboM(ds(JbgF6Yx
z$oH~bfHn+hF%5m<Y!~cwuW9r`@rg|7k|*xtT+>M8&Gx?kTkwu%uYFo{szhfGoCK_2
zZ|&W<vjDrVpC1^S`Gb7C(kSY`E{y)7SmpaMgzLR~$!saFoudujLmx3Tp@aQ~$97_-
zVmMOUYiU`UyU~-)zhDkHk0uaLexj1p&~=uHh$yOHUsYc}-Rp9)#GU}Mm>OIG5}b<}
zht)Fq0hApeZ3hCqsW`&?Q@g(zys<ll3Pkygp7x*(MpK;qgkWG{z#;c^SMn?EUHiQ<
ztK;R`6Q8^PKsRmsQ9~R;w;lOe+TAQNkXnr){g;LR;3BOZj*H0Tz+i7n%WD@5ng}q+
zYHj^MrBg;+_OSep!(&@_*N`8aVLw~GD=+NjmZD6jJ>V_e;v@7L87V2&+tC~&7Lc1j
z^&bGK`zq$@xJtGmY$``5Z$qu*-hjV7p`+!_MrUpDPj>y?-Pisq^4C|Dhw~U8**b%N
zb;5ui!=Pt>yKFX^&iey=d#ue(4)@dR4;j$V&=ZA2xUmc>pK)6W#<F@Yu4#R2!qpFO
zDf86WdK9CphTBO087i>}dD6Yfd{D=|PCL|hlgdpzKDVD;fp2c4zlRTx8>jI2o-r-v
z$~##zXx_cfl>;oh*S+nq{!ErX_SA+VSL^K74H|-Hv9i1ldpf1y;cc~Fah<g~gG{{q
z4^nGs0@nFUXn&A~Vf+X7+PsMwLLndYE7#<~GksJpznQmMvz#K3m1P)B=ca@B7iViB
z2ZOYh%1}a@#=o&paGvK+s`$#O{^#EWz&aUYWiS=tU6O^t`y?TgmzVPQcOS;xEzJJK
z+FWjSs{AEZX=*AbwhogCIMR8YalljMu^nu9w?vb%G~<cQ##C^jPzwY*`(4W!c!l=Y
z*t(^t5`f05G}pAsc;bZbpDqG3rW)j{uQRp~-hoy7XPs7Mu&3<nce;6SAo5_34$?gR
zuWm6>f(g?VpXTjqg(@yCZ#XV%7qX4+$s&4*Ry(YC#(6$CzM0fP0j8Ta{|EnF;4r$9
zPxUU6U#)@Xj=@B9BN9(aqv-&T)9I?{+-R%mbOqIyF{6J5)_o*s$Dq1h3F?1jXL$ZS
zmag&MzH}U%g<TXOxe9bw2kkqQzjC`aesuB)2?5~R`mf2V5)6L2ma6HUA|xvLY-)gz
zm~_bhLngbgat98&c6^}1L?N@~^;|PITx%u%)dvlAA8@x=hUs5$^ul8&@jrNz=#qGk
z4A{+_KR;)%Pq;SGPZdu`vbLRXKs9D<g7Kr^#)*H`dfzXhnSho4)0+afTB|L@lQsEy
zQEm--D|<NC?e<7h9A)%aKutl4CPzcS!_}M})vgXOJT<P2_9g%AYo7=7L)(;`)1ax{
z-}XrlGGx-Blp1t&O?Z?U+nCFw5(xdQfW49p&^E5;bhPEqx3-{CF2^Jxe-&>g#=gU4
zA#g~pNjOQ#n_T5(IGL2sd;3;ry)-h1P?|A7WSBdzY%ngX@X(^b3kyoArjW5E8AvO#
z@#yuxIFp|sKeK50NAc<D;C8>HnNUF0Q3pY7F^>_OOSKFv&7{hGz_{oMYzOf{{7%hE
z^WLfFi`!o;Bv0{PmhEJ=4m3+ts9Vafp)(gfkC2Cdb!Gom_`UZ>Q--XGupi>JMQeIw
z{OUH<)j!$|;)w?ChGuQ&tF@QK2J!!n*t$US$hq0?96Lg+aGYQ?-$xhl(-;aaS!l{Y
z&raF0R10XEx~;If5`2tfgBDOJ!ECqU_&xg|R9NQC5}H5HshbaB&@XLGw(8EFl(Mu}
zX?tSsq$S(k>;8qAjsBMo75+Z;`Dsfl?MsFFW7?<c=jna6WF2E0!<RhX5-pa%a<`|A
zyblgD4~7TUUY^a!IKzcEJx+DNBQd+u2zx)}3dbXQ(OJOId_Gj9%+x}Q6%y*w&X_83
zUr1Iszy9&{P03nKprh0-^X&=-TD2RHZL)<p{0LK6;x)yn`YsPT@m((?V%eH>ka<8t
zB+@8$4|=ga%RYAm6&x6F?P9}_#ui)SB1kkTotg~YC6v{BJzTL=Z3_Z;nn%e#oky^8
z#2)>o*ut#VU$LI0OB!>2!Ic|--Z=T&%iW(vf4TZ02gXDN#;9>dY14aO`=PI_%zTOy
z>u#Y$_l&R2HSm}{5t<x}0~|N8F~*ifT{cDHN9QFAzWKAYYHXD`{?a=ebx9EcnT`S@
zdU%sDrJFrs6#$|RN{`H0vIZ^3Q!(@A_e2=7N&T@qeV>qc2a_M9I0?)@8X$|Qj2aI7
z(!i?BJIs{un5l*+`y9B?;zkC2x~Pyn<m@q(OUh;N#hWgzrx!F)kn_311`#xu`eieC
zG6=S=mT%{Y$VNfiJ=lsSzLG*tcBiiE;dSeA-UQXeT(gzRI==(U!AA-yt$F$?=3t?U
zzBHhWToIB5(v0)cIl!^x2WVU3mXJdzHH9!u^tpFDpzPplnZE4EUEh^NC@e>>*5-Yo
z1_#Tr=u2P#oJRaXUxOXtR8~#|u9y>uY58*oq7Ji@oMTn+(cgaiUN(B8iosWjtm($g
ze<l0@xaI=a7fG=CC0I%-zaqN>iN)fM{zX&M^f<aVoUFb2RoP7r-Pw{H6gj<7jl;V?
zSI$FbF(2(>&BW{!XvBT39KJeowk5g#ETTf~_?k?GpVjzqN8n_s-O=0r9IWs){5b_d
zs<Yz46OOPCS*9ed@9+x=Wt}iV+NeM1v*zOwN4)}zsa3gty(uYQt;I&AEt{Ci2*qe4
zC*7c$-O;)r##soo1KRM7;r@A<GCl?I{PmJ8c?J+7^n-ucBjF5w$i}Y~X@^5UGBjKb
zOEftI02Tp^p^~D3`YvZh$)X<tpA+dbZ<MTP$)*gBD%#nIzs}>vTs5lEt@N(1g2Ce4
zSRhJc8sX|&z{>=6h?G>@D+r5~?(~F(Fx<@{r$G&iyZxju(pw}uIWFgJ`@q3!IhgAz
zvXb*sDTV7Fw>lLA+*NQZ_M}iQU-V5#aNc#-)?NjsF{RWmIuGXgW2c|2<}3Ng)s1Qn
z$Mpfpi+k~nS6hU-4?WG+CgH65$@3VR#qD>Yh>lYmzr#^I6x=B*EQighGF!3M6QuC6
zptxQlLA6h%l;@Xk_lGOO-nU4!Gk^o`mh6&hdp|=I3@-Q`qq;k7m>eF-*{oOlcF{>L
zSfRt?=w@Xd(R1yF)-pcg6)rhbYNaUVH=Gz@L}2v?3Ypl^v)<tl$cj};#@Ui4F>^cH
zveUh+kiJP<w#SC_)}o+aT8z8KcMJi^cJG}cg!7?8%%`Q_8&oM8sijjJ(Gs1)d#}~>
z&d~8&%RrUsgbUQ3=NSSTb^c<35PcN?`7jN3%)+*|$Xnj2{s{@}V3mZu*`b7FRX8r?
ziPfnrs{_`pY)}woO<pe=@W`J5C{5nHefr@7IL^1$>o#3}8u^gcMn_4cieFAHmFqNR
zM(grQra8P{)%l_r)-1&KoW&|PeIfFxKVUDG9&b%8hNK^!y$&a6S?D`@(HjIJuD?X)
z+cQDB9O`9>`m%fV&4F%_Hy0CEg}jUpJHu(8%|4Crlvb5$vv%vtF*7A|YInf8X=tFK
z1ceP&35Vi{DAs&dG6-x<gJQP89Y&8!4Ei)lpb``Q!O0jlM2jR~SiQsdfku_ln~Ef5
zSI7^c&h4T6?*-XMFjXfX0~2$|M2Jtf^M2sZu-|obeDz@4{;;{JPq?TqHNciuXqf#~
z<47vr^5xP;HYIXFsLM}hYNObSG_xmLNyU7Lx}Zp~BTuWa`clft1UuSH{?ckurS6@Q
zh(-~<jf(bAPE3I1dlmfLH3I25Sao{Zr;r|#7#|k>7iXreNR;XOT<C`(m2NFigvJ7X
zjv5)xw4)emV+6mK+F-EZ@8NJuf|p^@M^Q<ci2^`aOlZ5|I1}$fE6tX|9$iz7XN+uH
z7)8a~nWhV6iWz)kh<8|2^l2`oUb!vVrk9X|(W=R=e*{OyQyibr95OCyXq3nNg8Dmb
zGlL!oF?WOzK*T%;3DqM<v=XG0#Zh0~H|Zb}KItB;)(kZTHqeoeDNFeI(3q{K!aple
zqG&IGkGqett*sm)1o?N#X@2hc8ao7BCY>V=HyTJKY2x#JE;d3WQgk`Z<jHan=Wtg&
z!12~@^W^A428obKtkyjAy!SUEn*4jUt0j-JyxshT@AR>ZL&o)3!OB<iwQl%}wHE#w
zyCsD<$8c`C`SJjq%^(#Br5;m72s-0C>#wH60QL_o7>O1TXqJ)*`THNL%Zsp-(9t2&
zlGH>ij7e9KBa2M!XcGBf^c6}5bbdd){>Z<`neu0)1#_CA+&(xnoSM9Z4OliM1<clB
z5iB5VN%QqYw0<qvRXP|ieS8`4VHusaociQk8kORm@kLX5tM_0^*g&R76v1w2zHl@f
zfFOCm81OQZv?ThiJZ(?1%2#10*=5ZgYO3>dU&)YXug?1M3>sQsRs)WV-T6A-D_29L
zA7<8X+awyjg-8YE63zazYhBUVP5}RdWmPIqX}ZU0gzC2HC_Fd2^KsQG#$etuiDOE|
z@{kK{p2gIW1Fd~&f9>V-(zW3Z_y_h`Mf|53v7KEdyjwlH-|ERr;ycve;^VK_z(+@(
zcH=hks#C%DKl>kQQ6H?jM82VE6y4!`FSjB#i67NH8RS=UCqby+J)5fZ=gcJ1>AKt3
z?Db7-H?A`6dT)I4NmQc*^@E1H;guAtz4H`WypBZouUp&K#8+G$&kM4y_LPok*&{s@
zc;m50PvN5PI1+N=C`EOoCxH<Lrp-+I(WCa;XB-tao$D|L*i6SNc^*qqo$7MK!xE7e
zN}ayG;!2K+$9xg;gf&?ez5S&M6fl6p^HVk-La{L8Ygy2JRpZhN8;*_rcE1+w3eMFA
zlEJ;snHT)M2bNW+nM8v_*wsRwR18PGDRGK*F`D@c3G>@?TzT7bR7T#IiA$G9&a&#j
z_055WA$hvy@6MRY`Fr@?gy1!%`>9G`GGh>v@n^i``dCn5X26-@OgeI`AU^iP3bLCc
ze)srU;8Z`+P?Dlewb3cg`$-<ts}mmbaDsvLvA(Om>wz#FHcErSq(IY<3D;-)-O&``
zeBuK~Dtap{UK7qMZ|}$|u6Ou5k7LHK%ei6Z=?pJJI&3?Z<_HG6Ejz>a-I3SxcYng>
zR-N_?Ta}3w(&bZ?{k7oW%#d3tc)@>v_VddXnW20W^b78eP-|@fr^cx+u(3O&kvnJ{
zBmV`=QktL1F*#G8C)Y82Xju_1gp#36?XvSD+X3ge@|ntph{W*@;1qhiTJbH_l)lQ0
z)-gDYb?&g$gR2&MiPS+9HHNojwKbejyj^9<WKf5&QK69&T6n$sv`f$uq27RTL%nEc
zbYRG~4E(Sph*qWYj%1_RxN3dg>RX!Rx6vtV5M=b&$Yx+tb0fi-@IrE%OCEvY?q$p}
zp=NS#IJyp_$Dv!9>Ci-p0n%zg5ruA_P1wElg8>E8w`?SU>p3(~-93yE*T%zKxoe6z
zXv@NTyPBvSbf|5cjM4vS!)MsJh}zvamm}d<G#^NyJJ5iHT~EUCk~o8f_{Qg-!LIXL
zH48nBi>32q5rs{2nCqi5+3B<)A0b~-DJIIm*;Jw^Yb&F+=IH$fza3?>uB!AG9+qVP
zL^<NqQt4zo2~$HJJ3YOFBm+hG4We!`VHAwG=Xv`=0Ff{jyl_CDArE`9bfefIn_gqW
zg(`49Z|*>KTRqBR$Ea2L&-3O?38s3t)Oo+&xN&z1328h0OBUYb7y55^_WzE$D*lt|
z?<F#Fry*(o|2MAc|AiSlk(3p!&HJ>GJa$r<5$F%a?7SMrV?*;#Gn+H|(LiIFuUlOi
zdqx_6`*45ca*P;5rZeofsYJ0=+{=TY{MG-6%*9{R|J!8#-#N4r83P_#3;R};HB}#D
zF<1T&w9E11y8VUW?J8w!YOf{0+u!uGmK%vkgUK(<45)W4)G^QV`&JW42Viy)Djm3Y
zJQ2CM=xlCFn%s^DF@L^W$SzXsbdz=&2?_dT++Vd=J~36)RFMJz8zSsN;Fz2REdW47
z!kxtY{}4|aZoD$)iLuf_WWocl@w%_hNngVMZa*;p$i{G!@ZUj`8-O)Yp8jGxvUfW_
z25y9zInj0De+J$IK8um++Z)I~HdOcT?p>RXJWb2#S=NBS^~|oifA@c>5XzPOe<;a`
zEHPlimgD!lZ*4^|hAkMd6UL2}&&cBfX&hS(%gIRqgg+-dv($n^WG+O&W%k4cjx2T+
z0ckQK@&MuN0d?wbIHEsn=WPKy>y99P{>&D{Xr##8qlPrn*QZ5W>t}RkC}lx0SPHMB
z;r$c&Jc|-=#B;B+#?ue7?TkU+lnx~R6xc}EHg>52W*w-cz$c(@u2s>BwXfAzdHvzf
zI(gF(4H471crU+?r(Ns3RP$!ME)AJCsh=J<7+lMynoQGCu`-aXM={OV&};D;F1Q$Q
zn`L+lX<8^HDWMZ<H(OF;uH$`3cY&ddE9mlObUL7lu5PiA-(lV@UFc|eQ|cl<+D#U0
zVfCUp%0tYI#TYI^Fd9gv3o|dE*qvwTrR53uijoK>s&z1*!c8a}u7|a}j<6w!=!7EW
zm+DEL!6uqCi#U1u#iQ_=R6C8hiB4C$+vaxk-6CM5>aZo7K?_EWe`}!!CJzh`b@MU}
zM7q=-P%iHBs$)$5$}w_Xsv_nM^b}MW0$HlprFWy0x@7mMB#K-c44<CU3YifoygC}~
z_Wgv^k-wU5$ZuJC$|@lJp}8IF?Gn%ME?)8csz+WvQ=NBEgJA0(6;D-ipa0pDHSDdk
zT<g<ClY8rv;0%_mgX$+eKyW0?Yt;d6&FcLOZIJSW+(0>$(^DO4+L5$KT>lY816Jz2
zqLB3um!w3}7;JC^t^2RXPFor0F8<m=#s7Z)9-8apRh4w%UV3+B<J$S&W$tj&IUINA
zjiQ+x90l3k<=Bs`^HdwC_HSrAFk=x$M$aC{K?qHL9iy1-m&#*xdf=#Sv}^8DrzT~{
z`-}WUZjX1_%39<%Fhd8D)46#X)L)&u0OfKS=1!AaA#dd1=X`H8<pNlTzL}fDu`!oT
zVdSgKbfxbJ#nyi31C`JzQUO@qS-eTSMr7WhPO!<F$T9`Mni27^=3g$H!iN&m-EZdu
z?lJ0!cMqL*Wzq*%n<Hvoo#;QbMqDbim(Qc-XVC$^Q}MTi8+TE(a33wdAj)e*`FP7@
zicDMAQ7C18tz-u7v&NHP7@5wPd^z!uS{El(L8Q}P9G2FU8kaw+W`!?yiB{71r9M^E
za75ftaiEfyagit1eyd2OD>J=A2Tb9J>(Uby=*V-Ca=SYfKZ!0&>{(gA-#q{$zR~;o
zo=H4yG(T#;pV`JU+!$Hj0q`V2d6ybz6V)P)A@h02_Il88Z>b%x+yjy6kbNOFXDbO9
zd}Ov0J)d37@tNOLe;4*&my^YdXaM$K((lnL$saEfN6o8N`KO}RY>)|W%meDR-m@d(
z6S0AoV|)#&36oe0kn^3iJ7?;l1}va14nn?b2GXi2l>|mwv54i3h_c&a@zv7kxgL+x
zB<7+E26=BZ-v0P5ZMNtQ@M}_n&4l6ZicjJPy!i_bQJlaz@_8^`x#MU*1#7QalZ(#C
z?UxQb&yIvB2|ZSSsfFWzTSl!W(fC9)``z9-f6`kYhj4^IaKMw~fb)Qnsxci6f3^16
zR*JJDmecv*+?D3Jh_ebL)-8o840lm7z?>ww9qcQet9^YLZnBiRbDz(1pHv&p3M)ZM
zZq$-X9u=G88%IDxR)4uLv97)VeFS%;+V%i%rfqXRVS-PU1+&xN0hgny+?}5ae&vsD
zE_DMH5gxAx)e?6ZS9z1-RJzgKXv{~2pUN4L1_IJj^p>ezSz12Z7UuvGHx)8wLKBTN
zH!`7xb}s}9;<SSK4Gpi?5<aRv<tqI#gp$FUt=3T`05n<xIXuA&j5KUOh0TNItTtm;
z{*trDLI<4mxYKKDMdH-}bzwpRvsWkVs|0IT@fKFwv3hW<fmC9<CBuZs(!~Mh3f0AV
zDFYdQDU`R^*`aZ&8X&lkW>i<X7E=g%x=#jzc5upbUyS84Xsi3N=eR}5pPG!0sk(NN
z82{lpyDpX`-DoPrQM0BP=o%RKdTpk8QK*!-o~>~|#D5CY2Cu3Be#q-8`#2poKLyHS
zR}`yfNJfJRSI-nYXKlz1A|6y3ZvM42b+#*6u=sp0v3U=jm&=&Dz)-R9MGnoiu81uN
z(p^@j>A2ppxwP0TZ@cYnh=?C43Zr9~ViLw7Z(owMl!ICr86*PvqygL<5o9K)w&j=W
zeIdJmJ1Z7!Aw>|?8zl*mMlZ9|uG%-iRv4Gx*%C{p%mx`PPg7*5C-t{q=4!){ALR<|
z<yrKOI338ItXb)FVb&rNyJ}g+<8b=VFEKQe`6CKbd;wK4wh0UHWh+1JnPu}a#d$}c
z3CXLOWqO##e>Cb$lbCj?lG8TJB;T^k?s)%loY>r+N)?#frz=`q)!Pb+0=EDBnEcYs
zHI@ZF1g@yb?6cKJKQaA@jJVA9dY+$DeKtpBXfp>dqu-y?JxCrsf)st@j_>AzhA)!l
z&5$>Ml)m&O-Nt|cbeSRdEiT)1XwFz};1X@-cvn9uZ+fiU-f?5@xq;_9%dCB$9(IN@
z#Q3IKJxqF2v*rB_jj^UU)RmO#^8;^qbvhnvgrB#^@ZFPs#<6vEEs`Vk5#ad+a}Q-x
zJ|dO0qnyhtu7uNr@>Rkd{5z>K2Refzn(+qkzt#l3Be86-?y1>8C{!6qvJ$(T#oQeh
zzrO{*r@2Lw3QS-QE0|S(yEz|8=<JE>3zCW0=)bU4XD^aP$RDvpOwi1`w*enT3gS68
z1!LXI<&}q#Qv0czwiT1USzWyokW2mIiUw{Jm;K=PYmkW6G{z#4+(xmYDn+B5Nq_w5
z`-bj4$->vrY$j)ex4oYG6~06f--g1Z$i)n1$?m&10Z2?WJd~*SQ>Ly)4hKCB^W|Og
zK$W%{o1|UufI1O|fHV;qtLIo@00)YEaCn3Sp=eRBfjFb@C_MA<1?8a++XFIYnelQR
zTY&B9vsM^c=(lc>u8VQ#r7Sx-8TnSIl*0^w#ej(#PSW?Gu6mD|Pu8oxI4fe8qvM?%
zi-`utc|yT6zm(99;n0N3MeWx&)4~QEq9yt@b%BBI5bP`ifep5F23XeW#KBZZ8GDBM
z1}N#a95KGqac+te6rdgRPqz<nnIGS}YNwkNZ>~Ca$NAu86(hmyzvOgpolm6X(LXPo
zI%}mq=CSs&wsR++x7_^TR0xg?e!;|+dj}evE(;HJ^V6y?wH>pOn7)z18ZO>aS@}Vi
zB4pHGaxeRr-c9ElSmH6%n<6xTbHmOn2ajDmJQQssv_g2)%Bt#y*Ciq7%JHz~9(Wfa
zD)c*Ro6W6_CLM}Qryq;;@HidP+g>~hrnm@m9XF2o95!Imu^~jVzvGMryJoApQAxpM
z`!w58=Mt*WFA?!m7r_>oAq^)cuSy~;td1+Av0%Zh@dsa|l&yKc%Cn+?j((kLsf3h~
zh)t|+B3FCArJ*{bd%Up+r~f#OllM{lM##+k3sx6MHlujeN#j;Dd)pyenRCglkn}1O
z@2ONIi~izuE5)Sn=>o@{^RY8*z%@OKfraYI{(i>xYqn$VRbr#V=;Y)iIL=ySME8pm
z4Rh1+&xttK3eaJKX3e0-Vx(X=f0k@5N1b$9Z+!KIKYFV~Y90hx%dvc!SZ1>OhL*6D
z`FH;MZ#JKk3?7d2!sII|>I6UJ=!pUtWF30HoI>G3#GPk9HO}vSNUj@=WHW~g%-EkT
zl^iY=$eNKvvsHc@TlMT?S32{?^Y)aD#uz+(|CQ~12yqn}8agtX-MX;c@8a*MeK%Qi
zN4IV>Yd43ENWURDI_%Kne)%3F5NjA>Lc&^M|A^Rreicv2W3z(Amx#HG5hLW4XyfF}
z=&I*@*lwP0abgvNP$-6^+j9CDuhF?4^&M%a!r%yT*`#)3Ivzl)nSekZRYx(`$MuZ5
z^sTkee2;hSU3%-%g6s5nsh$?1mFCE-=5NUyBjyw>XgKdV3l!Ph6&Q@Ce6P`1BisSj
z0f+NYGJ`o8#Kai0*&2FdEowHz)HdfjO|P{F?sVpqiI!hISylv$h^a=ZF4NP;gPi#0
zwhlL9Ew>}0YtYy#N5xpInaq0*B?HSoLX~&_ase9q+PyzV*{VFu31+INI`iZs%xKi)
zR(6eyYI(2IpVTszJ4XZ;e|21c7mzqVZ=Yhto44YcihZ_GZ<Db%rE?i$7)p*Arhjg>
zXQw==;*q8<!$AHGl5zlz6N+1fK|lX2KIX$og#HrrLYw*L_S5=}a~9*5)r6rk@5HFu
zT~N-5(RB#_@94YTm{U%mdc_{5UevNP3zBPI)$B?<+#`Eu>jVC-<sIA7!qYCZ%?e!&
zKW{)yE=WzoK_9%5nDgpU!F@bW2qoMoG}mEb$mPnvZi{99)@OUPr4Z^GPnAbC)peVs
zQ}I06KJk{`cMjAVoyhZSY)R8Q+AddhMYF}*{tba^aukZ~6rNJ3L%&{Zronj>g6r};
z;pWjy8`orVy_bby;re=;pX6Myt~r0ez2MkyYaf|{Rq4$KopQ4~=_JFk-3_r_lGY*H
zOuu;vel=S372VQNYS(Z2nJYeyh6N^fs1zvpy~`yVimfA7jwKzTv5#;O7PX{8r80XH
zzuYj2y;Fx}ucka#GKQNLuTQ;^Oj1|klCRkC#zsYii~I-MF?_3g1PJam9F48QbGv@D
z7PuQiqGIkjex)0!9j{K4)~L2kwL^DaM(e_Hwis<Lz(%Y~=)w-(si|(3AG@M?dvfEt
zazb}VQ#(BvHNqd;Nv%F)Hj?CQi4{lxwO}MNs4&X_blK$xN=szzt$)^>ef$*K%Rg!X
znv4L^iqaqDdH4A!(3`B2;oDk2hG6R4$67sT37sfnFsMf^t&T-Qw#yCTp)PAYY#u;k
zvs+NyjN%NB`*@l*xWh8EvZhU=Al5Y4c$~COxx5ajB-XZLV<Hlae!nG9_Il=!^{N?l
z2cFh?JRMj%^`v(~zHm+bj_PR&M!K99yAtQGMDh!O&vHKr2fCTTha$clyo;dUY{l%Y
z-qvM)M8p9`;tVCWvEUa`D6~iT9M1rs+c6*PbU^gYFJ7;cD_w_5?jBmUyxinh%b_||
zbgzQejZZT4CDmXqWrR&PLLOq;7^mMMr-fPzQ}*~<VOpDi4=$+Ct7%pQHHuQ@bWV_?
z>Dj_Kg}HGvS;{o7I(p#k0g3q*{N@OjIYI95j8)G#!g?;w+BXDE`zA2T7ij{u_^!xt
zJ$3Y=p`On0fbd73F`icIcO|hFsT7v++^<<dX5$5B-4Q}%YSnB{x2IH7d??Y;oDTZ}
zocK}VuAw{E8ml|O)<dp`@oyC@H22Kg^NHOMJTJ5Ospnf;&nK;9$K0t}c>}mWARWqR
zQ>e=8qF;EqR-Xa$<j{#~t~t#JtJEB6lmPXcy6Wm2luEepB9fO+-y^<$r<OC5nTe}3
z=@)yC!DO*QGKHLwDjA-Huk}0~TAnBi%<k01vAW7%Lc7~!nRd$vy5r6G1N`9#OqM-c
z3vz90M1%)vYvwvHo7lSTXVXw!Ho+;%bm>0}88C?yQHuGMU7yXw3(@pmZ1!15t|=);
z1bgc8o$<v9(tSw39x>t>W5br}J?|#0t*jWBcPdDY_$Exs_2W=owQVlIQrY{FF><8h
zH{bB6Vy(X9O#W%r*8+>^pddvk#{_h+d-`=+Mf}%=!WL^767=U1Z<LRw`nzyPR3h)M
zvY=R8vZTMuzFGhOE@&ch`aJD)Vz%4>GcbT4E>nc`JH54ep?VL=Yo#ViI)zPndnokp
zzLORIB)!T}w%T8~dVe@wrm<bQo%2XaF|#-AlpkaFB`t}$eQ!=0mwJ;?_^&G`I?mmB
z0URA;T)!+XRA{EhhMs(|KAdae*GoOSxT6T$YA)3IQ<1CohzTrm;Odoe$p`=WuM5V<
z-fG}@rWz@Y%L#J5FNs;T&ZF|IlGokY-TQ1|B%QZet<@MDm2}Eg8RK&}okllk8T-3t
zR8jGA^l*%N?FCulnJiWxSQL);_4VFPB)!`5LEq_kxwnF->tMQ)hTF+fWlrs{T2a&`
z%S}VK$F30TR^iVe-v<-N!|7k{^#t9$$_8WUD{UCV&z^sqOMFI=o-QfB&f*N$?_f=Y
zO|H@DWN|9TPT^e`U^s<8#b^j~s!#zFtf3)^(!~N+g};>%LY)vl+#8<q4xGIxl{m7e
zS2-Je`!GB^=ok8?=>*;PCE8cjHtq{mWbbOs9lyE$AKKmnD5`F08wCTrD4>EQNrD8)
zIVS~FG6E_&C&@Wy5ReQ*&LT;2&RH@8gMuW<ImaOn4F5vUIj`UO-+S+WtM0YRD$AKY
zdv&kwr@No-y%z~2Mo~jU<IBAa#iy_y94wocVxjkiY^2u3r9ED!L{UFl2n`^la9t?G
zT!t9X(DI<%p*h(ft5Z^j?RXZKWZQMaEKs(_>%u}qF}3S15bzV~*eAs=?JwBq{vUpA
zNRyi{PZ*^=0MmGIX4;?T45;evYu3rFo(E1SrLITx+KIYifr#U%EA`*|oS$Z^O*=fB
zxBU~BSbc!!-L;LlGbI&_72avS`Fl_D6#KHN?ZD3gb73jB@6F4tMt}U|iC@%{olkPx
z^(cj^aOsTI77<U9-rge*ri_2N16QoH^h%nL7m9yFJq_(x?tajWq-PSRrBv!qhu%K^
zzKh#-D)ohHn3ZRP1GDkJx95$}@(`p>zuQsH!ij&n;bhOjPblwgvTwJOrT)>zTWZIs
z?U^QYlw|HpHL~kL;OjpWubCxRz|m}L;1dVav23O8Vn+4m@tV=)l4S0O8=}M#x#5}~
z`dn2nf4i*2$XiR?tNxTTA(ST9V+y`HVYlNgqnV3|=eYe#OXr6h6S?1n|K$Xx^fgp)
z;1(*?Qv##5<B{{t+0qAC#QZ5hi3If};8vK#3r&M9N5AbvJU_>FojG|ISUif=!FYkO
zHowD0U!zOKL~?zu4r%|=Ij3+LMk>F<(ExV?Fy~pj7r*UmgMN$(w=rlXoOE*iw}V1E
zFPRw*ojsw{&$@i<jbImAObNf`eeiiIT4v8N_0nM&P0n;A;9Zd%C12h1HXLd<rwZdi
za`T^u1rX`qj`5cgg``pQg~7j;_gSn?_TtI!pZQGnum9`|gUEnyW4Pg}R~qYu9A{j6
zF`fS%(&%fjQ+$UX0OK-6R11w$2vdR&f_{J7EDklo0$~w&>MbswB`(Dd1feP<A~shl
zWul~<m;D8gAGn}|+MC&inB#q%FT}qlUSApY*N<XNH_L`)W(ZF7c&QC3OY<QKV)z)3
z&PnnLRfBI%O;1lRk>`rGE8Hzr!-*M1HkmWmYS#0Iyk)DByvT-|++vrk%i@UBo$b~6
zSG&f`gHU=Z{6Mx^IF586+k1(ej}p$qTi4kApljaxpmi-U@pQgHL*&pDyuF}yJx4t_
z#_VSnkzWb%*C!ESD{+$nL-}usT~C_tdqY_of&<B2A?LkVUo;EkGFCgsLX0m1sxZlH
zV|R^@Hqsdw$?ongU9S0se3UpHcB=v*;e*Lc<LwF62}TXx2=Hp%9CtWhs(>StVzGWV
zGoxB#WQ-;q2~4p6kZ5+OF1lu_UsZ(lU^K)1YO#`Xut1r`XS%`3ZthwAE^W(E1*LPe
z4Dr2c;aU)dP&b$vI_u{$I8aZK+99Iuz}9UU7dELQ)1p=ynnakwlDNzs;NnVyS3j36
z4-FmTlBc7z`rKUa+!YZ{i(^t_J1)XlT3Om#Uy4ZJGkbYke8DiZ4Yv8jEHtll4D7-|
z29?qcj>swQnVO<~7D~#uflxfZ?(O|)$JHwKdW~XH$s8!2n4_a(hAp$Q%(qLc>H0)I
zJ7ad^8Ai40_XA%9kbNry$>Y@?(tIx!TE9MI)b$0s8)cmfewMvU$L&rtS2b63`bUY_
zsOadh_VvB#YR28_$!+Y{F#0#JRN}_T%>z7X)n+|9l*t;aOtbikwQm{voz#hFf-YtW
zDt&CgUeX{k7(Fcl5HB8TV4hxih+|0P*f!o{FjU*$FB48Cq?k1&S)@h)u(?@e4e55Y
z1<luf7nxK~;9Xc)sMk=|)!F$#`AP8{_GExwUl)S3qU9EJ9m<T0i^G~0OnjwE6db}a
z1n~I*7MrL+XQB&lbbo(;WK%P^Z~yphO@pd~Dj-0)#U#EUSuz~9-3dIouJQ`6P-Wf1
zrBET0W+16bXCUb<qh@{N^P7R+vLuy`vvY=4eLb@usZW#}GW<**^-<QoV!<NjUg|HN
zK0Qxnxe+(eFIat#KhI4mWNOvAE0TEjmiM6tLULe$SurOc<DoH?VoKDLM|vODf+{|n
zK)C4w+N$AW4ew^D9z^ALY&*iI;PN&{Z~abn7FIb;$0K=WU2l6=Tgc7l5H~>+v$mw>
zoAwu-FQSYI;VaJE7C&2m<SF^?T>0IbZC?)7T|h)TFMKy964@v9L~M`U3F)5H97SYa
zCp+`<Oo=#=Wp}!CA8CFERX~cv<{10N&Vv^_+STrC&^VUk=`?<eJ4(5D=_<^?-2Lya
z;?=Woa73@BdF5YVbN>Y;6m*$3V;o>+pu{<jF_6*;xG<980?CtvglaW~6*E7hIsx^+
zY~%p;RQ(z$aOeS!lzB{of6ahPo^@F*kY@&Y0WkS+*qQrLVg$g{4ffNp-Zx$#)?-ir
z|I>`-)XxA8s02|B2lEbt7By2Z6!mb3xr-M&<J0uLel}AsGp~zyGoWio%g8XoSFSq7
zZAzjykBiSnDkbgCkGEf4E};n?9cDJKa#~Ks@MwADe)A;rJoJ2rY%CPj+b2KxJP%v~
zM=I&`m3WrvcLLw#j{hH^M4!k!B5b>itD*4Y#}A<37W78H24_XQr@f4{1Iaay1sIZn
zj-!&3+heSRbM3l|U-UU_jr+d{A%K)K__rqpCJHaA^E(~HCG%~fzntNZ+4V|!x8!oP
zL0#&0Vu?*6adNp-<M|GAku*Bb0RS{r2MO9#^+|VzG~}bixRTR^Esi#e&tWL%?DnOJ
z$&W(Skc0#k@W$+5ruew(^wZN@DBw3(Jg@fmE6u+Lms!a^2JiQmr}gUSSLL98jKiXT
zR;2T}gz|c?LQw@u8VX&Z!5=?}P$w>TEC;tO9-mq^z}1K}nUyoBhL?jW1Oysh^TjjJ
ztRZVGr~6atI1)Lm@R`&rjed}N8Nyd&%_p0)Niv`6T#WYqxUDHJF53I`RQ4h>1T3}|
z?6sV&ZMh9EY4c><^0Z^aG-{u!e_x%QpOc#=01>D%<82+pv4#D%Ej}r~ePJyXZgh)p
zkkNH2A6dSaeEMn(xKF9FiR4OYMmwsr*F|lgYp+yny%h_F%d{3M4h~LlfB(|j_a`s<
zQh($-WZ0UlBm8z+ln0v&&kb+q<+-8u^!3p@7M0f4@-CQm;7#dHc5=V^g(>4dnYC?+
z(h23?$;f@v$29KjBr<sjj#dN-Uim`5V2Y%Xk<piXPbgKp1lHw|)nK!0q@>xSqc@aC
zrTsgqE!6j%&0zvH1n`xCl_8{Zsa|%?a@otUBu=wYUoNwEW%lc$Xjmko(KNCX@kvtY
zch6%@%?+V(Men`T(6u}+TR6?fBRLuz7dNe%|5D-RfR78WW$nl^*=iq6nK~b+>7MM$
zFG~FUuDHvhaXXj;2V{`fcz4)A*F89?S*-)|z_055^6R#y4ad#zWcI4xR|_mx2769O
ztvWWi?40G+p65SzXWh30k1T+b>YHvno8->59uAvXmQi%f-kUkK5k&TIgu2)XCUaZp
zZ2X{mesa|oxI1s#$+~|jDY(B@5t@FA-Ew(s=HIzEyO+lX$|W4BE^mv;@#-Q_aY^94
z)@4d8D;ue`oWpvd#tIZ;XVU^*n>v#bMjBA6s=jUUXPm7+G9z+0`AB)fqTZYUl5~Wn
zd@8qp-f*xyBLQ<t_g8=To$2_*#9q5Wk++`c#G$vVbFU?%dc#O8nDZ|gsT0pIjD9Cm
zX+mySD3AH_P=(yIp4lpT6cam(b%cK}+>k-?C%#`G2T;Rwol_XaJA9#25~tdFD*<u2
zR?sc@<-QexX;FVqj}9W-0+ZO4qgV2XuS(PHU5V=32Z0oZk+WQMUcYa>So0x>S&EWU
zw?vd*)N$hno;Rqn?v0ajGi*NPF!t2`Quu*rQS)mDY!V;b5N{WUW`@X!Yd->jTR~)8
z|AkG$q?0*AwaoLAiJmlv>U{RD(<*}vUuH_m4E@r}QOnU!*CAIqLpmXbGf)2I%a<>j
zD`TSAs+~LrE-XNhzt7e+_gvdO_~RSA*lM|)H%!%R&3PB*n%@8xd?0xUDC#c&d;k<c
z=ulnYQomBejNEJV&5yH{XCDN$h?U!+$GzAMzUhV|9i%Vcvd2?Jv@Z5>vdNlX;N9h&
zI_8^40yK0HYX+GpFec}B5ImmH1D7&)5v~lRYo-N0G1NuK7U^sT|62FNX_tXo63sK9
zQ*gz#PEkNfNdi)E<`Fwc^d^USk2SyJ)@Le?P(r9xYX2S8wU;2nv?uABgONw)<p7CG
zm5U{f%+0yH6=@TYh6T$)%3uB1PSsc)ga{r)y)F-R3hTcXAHxcdeP7<BTThCRqYLar
zIk>dP_MehW%M5n8+z|CwGm<qGFmM`bh-A7)hm%qZS|jwMJ#Q1P2jWnF^0>(TqW8lc
zA+5V&Gn}X@Nt*9|i%@60YYB<oAV0CA4o&dgDX&ip`6wQqBb&r_T2B$`ImZmna&kEc
z@)~Y9@s~+P%4XOSXgagWKH@R#C=!#9kXWcQ*47(gVUUoV=oPysEID28z}8i2rYuEG
zQq^``G*S2q02#)pfaNXTnci{wPMz{|$NqS0dLaHP`Btkpw1fhbd<A0{{Z2}`F{@B%
zKK7hXRuKGV{0BiKqymn*-xvI|mZ$@VjoqbJ<upU65=jTwzW!LBg(N0Q8m(~0F>A}@
za@0d0<<ZJoh<ijtM4^P9ZrLOi?N%7LVZ9GQ>V;P?w*tyF-n_TOKvWLf)6`}}MR~Ys
zFND7JrP688NAaXnSBxy<tTW5p>}^_MVG8TI!^_*t$Gfz`6lC6^p`pPduSM{ywVhNo
zlL6jn`qLzW`&@54Fsx5Di#ed$EekulyYlAzwp4hSljDRh*ufx7W@Sup!b|g{r4utq
zL%-Xyu{jIg#z>vSt<^9r4W(20D$WGp1o#)Ih-i{F@YRn9QLw<0gLwJ)CU{eB&yuOd
z-E^|F{BAoj!As(~9D38KxIr;|e~@wVVLx+0RWe93wft!l6}gC@r$y0uck4e&WJyfd
z!~+K6cv?<Ef@+{d-TZmo8ysB7MIUw9dJR_hg{zH?O~=SbhT8V(kkl%{*EO2nKW(Z$
z+PJDKm<gChtuZD&RHpu?DA1#&Etzx6C=`UsI94DY2{;<d;9DyNr^!%^M_%4x-6wJm
z;{lXU3Yoa5Vp4tBag3_ZW}7b)1-!WT_b~uZ;x8F3BDgXJmm_&|{yT--dD8a6sOr(o
zc4naDv~s1)TimBGi7ehHuQ)sY`i^V-0=Tvhk>7WIprr@2hRSz#!^pcABLv0F%^B@h
zFFSrT>M}LCX?_@<pG!TNSqLQ09d2}C=xW>-R#jDPL?BhbbTbJ=zq*yDp)d#IJ}?C-
zc52olP#NNs<;W#}{bBNARhm#FLx-*$)M{4YE{QzdjT&2?pm=K%4c{Hayp4NBs2Kyc
z{8uuM;yAN(r#=OgPfu05cnC;;;lKr5Z;W^7>|yx^69Ygt1KsNc;Dw|()zq&K*!}}H
zacsBs*&SqYK&g7Yik4!@^C6Y%JfVC)thaLOu|I&drC&)T`_hT*(6!7sQrI^wTYiB7
zxa2YMV~}2Ym@r=7CUk$mxtN0FI`0LWVt_e*o$ZN#_4aRDyvDY9Su=3pan}-7U*%Cz
z83@|%kR2jqlguL>BA`w#`H+e8AZp<$SouK%%|vz4bulg4cSF!cq)oV%H!Q;pG_W1E
z!BUB+6LAvS;tleR0lD}A!qZ#1uY-O$x6rDiZ@soa4IX8_Uf3>wqK?}S04d_4n<}nj
zwV|l`ZeBo55+D|VTEwRYl-Kl$hON<K>_p~oL1-FxX#vu5UT4`|&t~lRleDg{?bRg)
zFPBUc*n*Tu!Wx4%IcWeg+h3~$ZBhO4@OuqF27Y*r+$uktq_)v3EwkD9`R^6zE0pe4
zz1#uG`d=;$(4WoQ5MCxLCspH8U%&zA{<_bpD>VOCvI=Rly7eluTn>{={|8`1aYV00
zxOTfJYhBi*d!3lvAKG;>yQ+VMvcJGCwuUd8>4SiDXNeWfX@-kV<zTJj>u(9)U+WOF
zi>3Qb9H1LA^q;qNh&=D(XWBiL&9w!H9SJyBA0pN-)Yl3g6xf$<bCgU`0jWbA`0&0W
zL{;*ia(x)no33?xo6R19b;nUY14Bc$^@@m7KwqK|>aSV5(w-l$cUNz#pPfcy;JG&b
z8PJZIr6DbvIJs=jtZKACdmmy9-ueE2facjGHCB$Ggo(P(AIFx6-8gMX8f&cqEHvR9
z^2Rruw4wC<z9>kjta;(A|3>OKfy}!~xn9ynMl^u!)L%d7wC8VE--#VVw$JX6cb;RJ
zF)SxEZ5p_GRmuTw>jR{wp|HlEU1jxA{PH&QX1V=7FhIO2Ai)0tI(HGei?NR^O8_;m
zsn8&8P%PE2u{9%$ssg80gU!I$7-88kT?hX80@~RzxBu`^!NKiDe8Iym9kUFu7xV?1
z4aZZCP)#aonljx*el7QPzT@0&2F2o9zME1>wAU!#xW6Ibe+=KtJgGQXHN?a1XJee%
z;>1sDoCS(_<ceN=>l(H%RupR((RZe%J};M7*zjKT5uxvBIAxP8rn|7rbL*Jds)D=y
zUy(b|bdI^G?w58@3o(<Ce5@un?Y|zT(ax38k{gUiCY$_N6GvIt?5yx?S3|p3*LPCk
zdNhbfa1X7f%!ZiwRb&CAo!vR~qy{K6K#iT@`9^b7%8&f2T}M$-N)yj%y}Nzckc7x3
zW#%AR@X*@ISV%|+;AJ)1NUJrscv^hww{QF?)C@6Y8#$;JqN1TDgWG(FURVg_4Cb&E
z2Mn;PjS(4)ii3mWM<D7m_zF`Gtj}ovs|$+E*@|77*G?7X^2I79in|@!uSCJ+20O>y
z6%3FVNH)1*Y|S(!-$Wl`peD0&n(*C*)UwtJaWi|op#KFS3~fW%cZoQy|B_AOG}Jbw
z_h4S@24xz`K{FnAR@RnIFXZ;&_GEe;+!!!L&p;ZGz<JiL?<us4?mOi5O>#O}ZK=6F
zFdx_MhZ~)U{hCfI`&(J6j@OU=wQwPucR3=1w@d$vcmk_^YLe!Cdg=^Fq0aFdn#knn
z_S|TZ1I;mdUqhMa5TZ(8k-vf+1}Sx7?BjokKzT|iYtx&QDcI<{jVJgb7rdz}1L|xm
zVJF~yBMZ|f-Q^CGE0H7>qX1s=05L@<Xc@6vEnuZ-6c2q1DrFOxH)I84yxxJsZUtrl
zYg7fbYLbG}MeIN_PniWG?oLqm*9JyOq@yHB*H;Tc-d~Vt0Gt|<H=M)j@H2+;BqE&^
zR+G93TOMFzfv+UQhfEIw!a%ua|1#0Xcfyci8SjO7R-^Okji(9PBjt^gmNf#;>RRp4
zVmRen|AEB1O`CWd!0V%3nMyg$M&M4MS9HthY=F7o8nWoA9cHy~F1i|MsHi{!*84s4
zRd5W0<u57LMk-heJXN2YZfK#DmzM`??&J%uV0^(RmJU;^a-XCgz<teA%&mg&U^YVY
z{XtSM+&3tztcP0RH(%5f%<%($>l#i&wGr70>VOITKj5yYVMMQo1W}pPt3O|wkUAe7
zT@97$iov#ihLyCOQO=dcbPJ-^acxA~v^Hqj7Z<z?T6B(}sqG0a>isSjC^1dYyy%f>
z$XLD*O7i{w6LI+zJV5>4G6>x^>*egiR#XEKHE42srEWES;dpXq8T{3~yi~{i_bk9-
zKvm=3LJR8q$(4s__a1e5WbQt-`K61~x%QLV#p)JzP(+gO*?!o^ot>|l^(-oN4rTL%
z8lZuPxd{cU!^Ci}fUkyLGlkq}zscvfegAv0NWf$KOcH*}z{uzT&}Xr`sPS{-pblC3
zIr9s7uH%>fg;D(5>;4{vJ!1v5-kW5y>+N@RYD&sZMNl3QwX7S)>VxR`RMkaO2VNt+
zz>2@~8@B!xzi$H$i!wuxNa>p<w*+LJ6RoD(PiZz1Fd|@eba5b;z6O8W@j2M0=Hg$r
zCboor>c18rbG`VhpM{&1K$4-de&)@ukzrxdP^+Ndg7xqE7BgN)zg~7v+^bu4RD4WU
z(m6_ELjN|cPjhCAkz_$1KZ^5-f#^xo^P<;>qI<C`BP9N#M9(jSU^|P3nqIE}gAV=n
zrUAcijKd=_%NZ;1A6OtkiM;l%DC_xD&1!q;1l}-;$?90Z+kJ?{kAk#fj=Nk*4KJ?w
z2ExDt|95Z=gSe7l(c)+$su<{KyMn0Iq>aGIsg(fbFY)v`WyAEgXvKEqJ1NdgoZ=Ry
zA01|tF8pqvM#cUGCRJM+8isBauL_N63<$azLQ;bsD7<jJgEKzVrTXuCIpb<R2KoMc
z6Q`27E+}d6IyKgMzICpvD~!}$lswl*Ly-4q8qn@NYngtx3>bG4WG3~|Ejn4_{KMK*
zqO?={aLhPUX@fBHD{z<#8z&5fs>AT8dhLlq3V-hv$nk>lvR)}Z=Yx7v(AWQnr5=6H
zFONg?#+X{enHEVm&K%VKtavg^Yy?zy03`q+$v%E&2DyFaZ9>$lkFNPx04L_}Yf{Fu
zFBXPP7;Vk($yHq|?Aj3fy)B4m9fL@^1j^hw-7Pf!7KK%p$X(kV4KdV?YJlr5B>Uh&
z9`7&fNhz<Mb;K}aiss>ySn|5h^oPEzb*xvz=Ktc~k1&kVpXB9=Q~A9x9naZE=w`kB
z<m9;KDKb<~|G1<l{gl?Lfl3Zj)shD`#CQPGT|B_&1Fvj5erO*5)a$~Cv(oVoF=SNG
z1grNg;yZLPC!DR<pukYC(=Jq(l7V0ABK7xrRbJllNOo0{(r=^i!(G4q;z^l33KC}h
zo-(1@>$dlA$!`ccg7oY~7^(pO|I{rnYc1V$f=r+f<K(FOTi|0^R7%0i$(r1M>8p;@
z@Z+1a{IUMhP|dw2<H#2&nkoi$LbbjgV)Q_QYZNsI)gH_Gq|e?qe#>G%^shfG5f{xb
zH)h(9Nx!G--Q7lz#9n8e2lc&Y)zUhAnB!!-yMHPFy%E;BM1B?o=J6edm=lk#iy6i1
zZ2)wQ<hLNNP^Y%zPfTeKJ~5WP9Cm^9eBx*5lmvBpTEolXdI$C6t%(6*tLC1c4rcUQ
zM~p3T{hy>02*u(iyYgHC@y)(*iyAfYB2Gr&6kSH&rA0S9;Pxc+KV}KI{dOz;&Cvl3
zul87(qzlx{T{ptO%!M3^Y83ey`O<sLa*W|WEmO`vJ^{bwiXP`3S`$xFo%@g}F%DJU
z-u+M8u;EYp?q8DQE>|oNKVfI2%f|@1t7^I>tD3aKUHX&RDzv!e77^DRC<euK6@n_T
zs~wppNqE;>FyZMJ**~<G<$A=MuN?72NNB)G`zP|Uqnq~4xS3iP=nW_ZV|b)=^=&d2
z1Ow^l!HQZh>Y-?<r`_y2#Q#&P&p>oW5lr*V7M~*HDNabZ<0cC|-egukxI@E>WiVlx
zl3z`U<3Hm$-TQekf^~;WSt3GAGUwr7^}g(?G7j{BCi8n~oR+FySPq;j>bb+a8$G?f
zXsz>4zYxTgS+CYJY;iH^?~Tuu`3*8}c35{fE@F;iy%MMT+IU$X4S#ecC-jO&h<I0T
z%Pb>#@ofcE>e&p2h&k{?L%7lBuz;Y8Kfs|U>PaH#%gN}8;xu^5qdul!i>f@lM1^+$
z>KMVC8vF_#Juw}*r!u;13&GX4H(wo`c=b_UYR|%JC`YNR`$QV1U`kE1Ck^|K1NB$5
zv3dEZlZY?hHq?rI3VM*zuNYgTT%vWGT=uN4bUJ9tQPDI5VQRT&?X1t9h~XgdUL^h)
z3;V{1n63M@;m!Uk$o3rbDl$JyYyPc(;0lA@8_W%d^j%GGG-Ib-RKjZW36fHCP!A*~
z-X`B`MsGGYZY>Xz3<88N)~QOf&vP=7QQM5yNxV;denn*c=6sx0^a{l@op<wy8L#19
zJ}j@?dW-o|!HdQM>`2n!b|oiOjDEt&G4;^|NJIalz!SeOLB4r^=t?oAX4WMn0E_sb
z?ZaU0%Eog+_?CX{bX|rp<AbO#+*_j>o>MkAOzLbdN~<WIyz-}MyH#Z%WfMwA7*1r5
zg}bNY3lk-N@VD+2LxH9R&rfH?JP0W%4``q4^mI<X;HJ&${?(G~5@;7iI${(y_C7Cs
znn05Ew-d%P!L8T3WZyajbCipVrTk7eVxM2b0t)bSG_wxYxVFWzOue?_zp?5K_f=VP
zl#I>Gxc4799{p;nv4e=%%ILQZz`l-A$L+KJ2dlqT4%+eIevp3K|94I5e`XK=q2j>_
zX=6^%jDyf3_hHW@-}FCI{SPSN0n}a0*v*9owa+j4e80!B-|kfBxi*rOm1R9FTl0`^
ztWuH#O`GS#D>C8%rW&m5w*}mXJ027$f6$4}TfOK++)GA}xcDD<pStcB&X&fti4`AQ
z7HVDE`FBRQ$mLj|@6sDH?ov*C|CU|+w{k)5(k;f6xSZtz$2TxGtgxOJM7eHe4~m?q
zMcMwFMcg`I))DgPssU6~tjTao#v+ks0{`V?BUfj2nf;j_f9m(xn3&Wb1@Wyr(+zyq
zkDF|7929HJO){5#VVlElPBZ!=PWA26=NS)DU$U$w6`);r3%uG$W}G);DWT~xKPteR
zkb~TI9?5QwT1-?J^H?>WQJRev<sA~Dg7E;p)h&2!sl15rxxozvFRdN7!dfk9WWH-k
zoS{wo5zqGqWpWKU0_k|Bg^{r<&?28V#04KBnH!d*UWV8DF_f$;Q!g^oy$o#cZ8bw1
zZW!|iy(fR#bl2J*c!6l>{VgjF+Zn&FiE8XnN%y8(;K+6Nnv>jYg$g4kaCd3O-|evv
zzTHD71cKFGBKsKo;H7$tCKI3W^k<V=iA$Qr2H}V|2E2reV-TXHn>kKcLh^44v;T-d
ziwcT^X)6P2tf%$57mM=<LYvLkYSp|!o&-lM<q;6q<4_V$V)Yu!m2=`^gQ2B+gdVf)
zyd>dLVQjN*R$dY(6|nga0bzSrFRQbDiw+9DSKZjDwTKyYLYGO_N9p4+(kyl5Kp@wY
zvyG9k)joz|y5qCA6flS$iRZ8d;I*GzxvnT6kNWjd)3x#RJ}fMTR-Sya&Y`ME0Y$#^
z6xr<dg_XDlv+_4E0uXvqmOu!weLuodzD*x2%m_A>cmdbG2L}@dgbv->CO@-W{5$n8
zkdI{}b7b^=x~tg~UMK(U_O^l-ZpTY2E3C`OgX>de4A*lVt2MLSzgn4r_sX2tMU!~U
zFj~Q!66;!h28zGy@z%J)w+h;;vi}Zok02^m4RD$?u==6lyC>`iyH)nQ@Y0eo9PxK4
zVDf8uxR)G~mIliZLkDleLJfPweS?w#=FT(g&Y&%O_W7H~TPE0oUZHXc*=qV&NN$=-
z%7D6O`?e#3tiY5_bl>LXPq){+!><BuA=je|s(VZUhAuUiR}y!Bw;Y==OynH7u>)uI
zyL<%35Esh~aR+U$b}Kv(+(xjZw$GjLbuh{Rbm2zK+8Pa>fYMi;W1E?M@Q1f`XJ(}d
zfrfRa<nYRM3tFve<6GTuB4{;IqYUSGK;=a)UzbLp2)TivoC#txXd&DYi5q+JrQFcK
z;8tS`*z>4|tGUs_*FBl$$!$5y?hURMlqfvfR+HQ`xlCL+gN;f$|D6(38+-!&2Bn|T
z^(?XIFGc#h$=!R~L6ZRtE_mk?Jb6fNoYjQx&k+VX&e!7=bINW1&<S;k<#o`e55kc2
zjQGWXqks{q__r;EkGULJPykQd>8Ky}A07m&Glpp=;<K7LW0mRHfdwrMH5w!O>jFn6
zMty|>$D-?K>2kRrPd(blEC2m~h5*YZKrA%BqMHV8oinPExs)c<a#a>W#L)~Nh-=pC
z#4#F7#ApRn-JN3vnZdM+86kgiyT#z3yjt&YKPaBk`^Ge{l5C0KVQtVDRme1A@=V&k
zj3kq^;U|@|Y+7d4ay_f_J)=JmmrB9F2%@5;1_i$Ic%uuhSJNtL09IY%*o-rqp5Cp`
zD?(36t{d-@)fOO#@a;}%^(XTrOCz+~f@7sozx>|~d-SJp-SnoG#{X7h<+TD!mvwi)
zkt*Pz3%nNf{X{w5w)|#mLCIA-2%)w{W0vlh0|clModPzm*G2x-sCBgDz|JD?nJgwQ
zm1%ZO1W!42+3~_(2Q7;h35FLjmc1KwxwCrZckmD>i~r?_Djym3(H38(m@$|ZWNv>o
z)7mD6UU#yCPUyUib={=;ig=o1EH4+%V`In5cpz{`wd>&M9D{)RNR9qYad3BH38?f5
z-KSsgc<t>_3e|qv=;oU{FjHyKWg_;{lt0?A>5MDrvr&ud{Q3f}T498TqV0Z0=QQi!
z6=nOD@8x4tfQ>%q&th?FCI>*jwR1!nYr!ulefW#6*o^xo9?H*ZKL2FPLpj$-Fs5+Q
z6|uPgDowXPd2yoB<fc-tYlGIs-lDzdrNd4A8Rv9bGLHbKS#s#8MKbDj&2L?&mvD-t
zN^?F`?UHv7ob^OhiR$-(iiS|1XivPG9sTdL^_Lp1=Ns=546a5@x7eNTQRK*81u&-$
zVwOgH7IGUJI<Z@lpb6x-N8rg=_UYB@TF}}#k?$ryB?PF50;sa(nT9KvNV?~TCbyGY
zj7lSmja%gmYtt3?v}KUt_h{YGT4~9V5u>zKOmB+myX%~G$siDjM~%f~*RgYOOhF&p
z4Fx#aL+luXxXgb|%V3h&6GaFjowWVc!PLx2SaZ9wCGf>5PCeGKdriSSGp-Xn*)AYs
z2aS^cBe9Z&oCkh)j}U`k`rw)*sozB3i=X#%AAYJFqpwOk%<fEJ9^pHf@u$>CA-5E4
z<BT*R^%{#D{XiHP@IjA<cJdjgcaIj$uqY*So4oWpr$xCf<YxNgizJwrTc66i%kYj7
zF620otvqjE&kM}kTNfHPKoL~M3z|?_cDWoTLs@iO3#Q+|^b(`?ybyZSL*u6UeZh+e
zuY-evD_t<4;ZGKl#Tz)|%yhH3{v$*2PWK#zGAgU}-m>|HgGWb4oqH!v5|@SC81wYU
zu%fQzc+Jj(*eGS=%w^zOpwWEG;6Pa8yjogM)p?3rynX5MA2MN|3AtIeY-@qPWZaf2
z(7P;1VsCO|*r)v<S(oK(n~qwI!V4Fo#Tl2I-kt=SFF_Yy_}p3Wf3k)2KPpzYon{th
z+;&#|Fw)DMb}iFfj>{;`ru>rtNQ{rGtiTYxV`g-ag~p5Wg7>elZjrg}?TenwvTh}P
z46dMx!Z8M^wY(6Vux8ekM^dsE40a_1kvHBImjlzgyU*uaIp6=_boT0@&o>(Qxy6vP
z`O<`%irQ}Nn~yF3=e_8J7(#2oHznxxr90}oC~MIymavGcnyhh;6kEx=kDT~?NTofE
zw`2A$XmV?LBi^d&6@|jzXxRibfZUWs?@elvMs}Uii*qhXz?zAv!k>aXTBqw_|0nz`
zx?#fBMU0sRBGkVlDoELE1+OWJnS1fqWjCW=cR0jH{co*;p-w(*P+zcuVS#J4<JZDH
zU)BDd8-tNsl6%+e4;$Jf$Ws7|V=<}l{eQ~}f7RV#+clbcs)22b`#L01SCW<gl{x<U
z&c6CrDhcVFWhP>*yVU^U|HZ6;*42{pH49~KB~s_RjkDxbgcTS1()XVhati6!NoNT&
zv|jzG@cpO4e<jCY6pTM7$cw~#dmkBY{XYdI1A><NQY79lq#h;|R2ce4F)+u|zyhFZ
zXp^|4(SCn3AitLQ-roYF=afr3>9K5LoMEelo7bPp5*JWDd3Cy!9v^*w-|I#|M@af=
zbjwjI-rV;!zI%!;dh7eG%7PBM?m_A7qytt<%QZVoKNiWV73#<6M7oi#h7oLn*OUav
zytk??(7{vFZQIAlaOb~;pu<BSKyT_2VUf!pzh{%foqI^sqly($_moe~dfJP|8nNy(
zl=WHf=WJ)eN$RUGMY2lC`VX{S!e8sSB6y_47Km=vE`@$xT~~?7K4c+UN_iW3CnQ&}
zvvT30z-^e4X0P4w>WbN_jC0+E<%(xTn#SuuWX5wv%Qbb)X)pZTp6v9m!H6?R1bKa=
z+F78*0-yfga3kM5u`sbnIC=@M|06V+0b#+5?{AtDwoc$@C+^1)Ge4d#KS-=6t=nm{
zkvUycrvbg?_OTSXRFPC>CAd48v(3Zp5WYcO25~Qe?k&RE6MChDbUqBcS^h-F_0ir+
zp`9;lihtz9iZ+!CQ_SoAnvrU(aV?YyKU1bw)#`cf>^Zcs5uRXsk|0R5E&7={VS0Q;
z-6rN~4IkRG1>d{Py3;gXpfX4yK2VZSr3rgW%gKMXzSZr?nEh^uuYk21SH4tOX?d`t
za_OSL6=<TBf%v8&@`_nI9N&*nh%?A#5OXD|jc5Nn&T)$UKokc{XMy)J$GC1WX50N>
z>At12>mzgv6tMxz8rwltH|LXPhPwHT!MO!5)}>07Ein#f({C>{Y#e3=xyBB@`p&90
z>kuVo^F3CICwp=Q<3n`Y?0!RHdMpvA#7_-6Y+po^ifzMIhpk6sMvas^ROvz<J1|oL
z1<fbSoY2R20hjmOG(aPcF;Sg!1SVMjA2%^Ks9o!=kbJMOnvhmuWrwCjo~oQ*4vU86
zF3zMoGd9)UTMRglZ*GOB)>O2P#KPtCdwsab;a#h*)*RqRDI?$7$fakNXIYRDMHBb!
z7H&_uBf?T98@cP;;`Y{|gYcv3>QLu(iu1JB=-o}YdGNNT3p)#KE$1aLYa)~5aiBp)
z&J{as<>Fnxi><%qW9D+4PMYX&^*(2-SS+F?Y(C&Hx6XJ=Djem_u6V>Kal)nJO!vC!
zz`DRiiN;tHbyaya`)>QHvwj!8AX4FnP;$$~B4#t`IThR%lS@szZMz0*p+5lM?VWo+
zlttdi!w6G|EJ3{GGMd-<XRN)+oY7<i3%sNzZs>T&sWwwx&_-~e_Cq|;(btF>@zyJq
z6l2@LTH<l!+_XEg0bL0$N=EDk9tsxh=+Dw^+^Y#-RF4%O)UwEns!oYWyQ0;;aDAvD
zyT)b9DK=>GVjv}z5wUe!3t7$Yr_JaNBfBypD1NqjQuAbn5VxM=VtsPmK@n@n>ntW-
z>(qNB5P5O+NIF`phGXMgtMW@+SCW<Xg8#kvdBpD3a9!0xgZ1=w&CpdPZs~E6-iE*+
zht0ay6pW+xa=?vGR|!p4K*jyCMnPs~Hh^KLIo(Wv#>O5V!6@X4Ps>>E7uYhrd2;)u
z1I%kriJ9+$DUnvYBX9rJ1n1FP8uQJsVLXR9FODt?&o8b{PnJeVs&9_vT5U799Dg@6
zc`FnUt?l8zl)JNndvYJSshpnXY(VP=N45}fk!aX@@UJYg|KK}v-D%#Il9P9YG=nBp
z;{`t4aTQ;Qpav&dBeiK*Sa%~%#+?1k<ydiO*Hq&3ZN!FF>xeP3YtoB!aN#EMN*h~l
z<6D{#$F6>F8l#}hV&*Q(YLq1{hvkUW#W0Ri%e_l==G9^4p}StHOM+n!N@k>w;ZK~e
zlzD3TtvAh_tk-6*=07!kWI@(^{6RuoebqWOYq_v>KEhgH*N9*}T62}V`Odu@yo0Kv
zYWbjne6BuR(!e6EQ!Q||v-7+6j@a%Z3qfV(aa7pFDXgMV=<41sc<#iW7^%IpIT810
z-Q~!$n`jELQe+_L#<5#C*!g2?KxBrb^&GLg0zVw}(WZTtiXd;2I`V{{^0eR*>{-n)
z^A&rOP&qY(wS=v`Do7A2)Hp}Cp~?QxQnIY#kv6{!6R}2caPaC7<FFukSkjJ}YLLbZ
zP4JnMnNw;4V?VpP{qXri%T#aU6Fr(1<PGg&k&mQ0EfJojj6F7SVZ!_pI$d4W@B<m#
zC3QjQ*Hryi-L&8T_G)q7(OdBGw8hUB5pr8eHQu2(EO-I60XBtR9=v0-7mq7UwFcXr
zDvkE9u;%Ndt`_2Rcx)|Jc}tUQ&xD>xrXlWGlDIQP49c$r%wN8r(}ImFIKlUGFjtT#
zXk-W@0&bm=eCczi6L@?>S2;{`&$Mn*crlfH(`MOWTGEs!VN;!Dbz0u@nEDnMj5qz=
zrl-M(0t#(WiO0w1RXO{ovhlWy(ZhK{YpBKM@7(VO<V}P{WwKD44LvO;cO^()(dZJo
zDc?&xxR&LR%$sv%cYkbFz$bL4y|(rRzMXcX4{h^g=kDyK-~8Yzb;67AY=iLgZIj9)
zuAN8xAHA3?S{;<rWo7lh*zGWdzAyhsYt{ULBEtRE7T$@qOJ?kgK~<Yop4|q6Rg5Z0
z7sR{bE2#EaUvp?fi9l5k;Xp$4)z?|{k$D6y8v9zY@`S_6?5T9TFLs>&0vlHC+Rk_T
z=_C9T%(@hTnJJk-g?rXE$h&GsU&=N$k*<qE?r963wp-C_^Se$i?3TDfUCnSE9*r^P
zRQ0xD938XIBh3g8TB*v<1^d@5lU=rp8HmnL@BOH^C0y-H*4tDXiVK?ZS~a_HH{jFX
zCFu-IZj4=Z-W+BlkI!UMo|%adBM&#2`_!`cvpRfA_|V++p*jH*Hlw>Atq79H%J0()
z+sSI)v8#SZo{nn1)OUe;yl`^zy<S@Fy_L*%UZIlN{4&NCG81mZNwxxq@Vxw03G+{l
zAL)<mavl~1)@`bm_Dkl%2CPwFamGXQYohp;6RlTiZfWGm9`&8#^WK!9_je1%$d9S>
zXprWxyoN}=WII$^i((h=f&$s)sN~`WSPl0=@L)?d?|b$+3QLpb&{a#K){j?(pGH0^
z9EP5d)x53Y3R2fzEY|fr65ce%FU)_w3S+WHDci39=6E6+ccB}*$M2PI*TTbmguv=V
z4#YoH*2$T<J>{xSTOCoC*w%gpt3lsT;Mt|~xoTdJQ0I?lDjHlk<Zb<tA=aH!s99QR
zZH2li&J3Q8RlB(0e1fjsJ4<71x8Kyx%SE&2$&e(>C-H2?fxU^NKMsr?k&^zIQ&N9P
zI8Jffc(=kVL|9p14hxv*pK(dpy1A*+=*okL^Mp=mCK}`x8Jv}H2L(B>9%~sjxwEjy
z&4Skl#1uijjI`Zv;)I-4E=;t9s)i`>rlcZr#|HJLm)Hsg&m56l8}5!C7u+ES>drD2
z{OQA?Z|%JHJ$0Na=L%tL{Rmt7$%uNsM#DS1jeN08b)92~4bt;(Tt{ZYs(a|Fs&xIA
zMr4({{Xy6$Jew`){Rd62_zn<?o@YX7Ss(OnoWjd)%}<C#l(futv=!Qq7EejYiLyIj
zIosOqy^;T{peSoweHCH6i$vGXb`IWo+;cXdDipix34M(CM$?SY!+wWg=A?@;6W}|$
zfY0aNJM(m-nLxxH9LeXUjFwf^m`$ZGupJG~U&NW6ZY_3h4Zw7-@`GfM*?dAU!M0>U
zSI6?x+}JF#fi?@SOgPbq>gfd4Xcp=G+=@y6%p46Xk2*fGC&zDsWTx61JhEJR-n~2S
z{xrldIj)>r$S2F0;eF$a!Cjjlxr=<vw!OU$3N_E4ETke-_h*DcA5|ng$u10G8z`AC
z_DqyHw`WTv+@PX*%|sC%6O>7K9`Bamp2c#4y)ET1Wv*5gfVOPomGSRcfTrRMGh42F
zt~HngK~49v4S{8Li49GBN>jQC2e(4yupu@vK4Xq+HwRyv?YBxL+9~Ok^3JQ4t`57E
zJ#~|cQ;X)w*cM|k+ZwyPvL#w8)mI$+PWiB}EG=_meySu>f??_0OHE0ce5+~69YZX_
z#)}!|*yg8@b#=K6INitrQv1dTLdH|I7V<L{wj>@HQcXG;-E2-lm-AuF=c@xu>HJ(_
zYt~&Ra_sJ>bCYRa!__hO`n7xEWYYt|iFYTK10cv|5|g`$Ek&f7az){JHfWk^g~n}t
zV*VR>l3RVMSju}NW1D<yu!R#oEBN`U8SjGq?J27l*A18+?~>ab<K5EG8&hdt-f#Wg
z%zYW)k<1ZZ&|q%zMxcl`_kugxNt)|pfp@olbaeEl)8yhMd%Lix<A5ioTNY2zCSMz#
zyhnGT{-g^T;+tY~a<Xj63<DuY?x%+AJP&*!Ih8KsO}m4gFJh@lL|c75SJo*|Sf_S5
zt~D1%rLkDisdIi!U1GdQBipX<-EN=V0~(pKy8+4LWK-2`50mwg>ngrzZ}*~xj%)XI
zSjS0H;5hPQ%~6{>#88V7FXMe>eP_46=FbFs`n)Y^HxYdI<HhG)tn|JpmtbSL2@eKd
z!lNB&8S{eh9+MR~3Rd0QG17jAgjY<&yGHWwJJ1cunVTvwFsFK$bW+E4?$7Pl_6`hO
zUD+)j6IwAyQ3HeHXFe&BIX^MOBoRz8?&6;72_SMmJZ|V0&~Vr6H>OVMPR&G=+fB_T
z90#J8TJw^Us2#AS7tOrFMkE{^nHM(~+>|8^Q4u-8(h^$V4RyA`DFdnRaQMTad&aM=
z<FI;HHDP(gxqG8CtqRNL3DEMNJVSMDH#A5|7>VG?v+x4Dp^*qS%6($w*~*~7%I;TF
zi4#jUMt6^7o(!(4JlvY}Cd3UYogA`#K%pUTM)T3`p2fA7Ix3{p+(9oqi9CaAyqk69
zN+mA(1T%T1az0yBJFwo_0!xpr_l()&(N@$zC0YOvbb7c+Fxb{hpCZan$_&0^7w_0U
za_Co0sWf3OA+Nl98Kz#fsjzANX#FfuZ&$aoQs^1UD*E_t>!6fNPq!qf#FtX{+K(;J
z88*Wqqv3xi8U|0d$NTgNUImg_jI$zQQKr!%l#VQ?1nYSa$V;akEhiMUnSSWKHzLKF
ziS<IY2O7x(CaFZ<avwljB-{Klw8r2P8r)>Ff<(ut*d)cWO+WFs4p0L4WhZgH=Hf-k
zcP>eVog<$xXc;Xj4ZBZkHR-J@oIhc7Wpv)tndi-^dx^=lNgFAQFeFPnptPaY0w?n!
z+dd7n6ISfVzlfN>P;<b|i+1t;D#mWdYrpq6S-3tP(ISyyt)54Ll;3w|M*{7JM|^&N
zlNUMJAiWC?4v+ta<GMzg#c)6WLpW#lU%`(*etAg!kWMj6a?O|1C7Vd%FN#BKipp<8
z40KKiWYjIiogoEC|JXh9=!T|g7b7Dc#8m%Iz<pgsECvsW4XX3;@kCq~780yu6P~Am
zxMYUmvHmxDOg`te3+&3*Wm)<89iR!|hZ{!^1*l!Fu-d&rxAbsRHr95(pZ}b_xYwIy
ziuH0)x><lcDP_$RoMiA~`F&WB_)t|D`(vo&u9?<C(+)@D7%GIi$hh!p+u)T276Zd@
zM&`{Kv&NyL<u^E%bIZoEv)H5xL}~g>UQ&T?7rvR&D<w_oO^h{QNN|yqJpJxVbJ4yK
z6D7;%yZ2P7UluR2d1Xn0lJX|soUkv}`b*T<We4R<5<ApgV%)W#nRf$HjQv|4^%w}O
zFMsk{n_7*<%Zr}grjAWo+p{*{2&vgVdTE3pxP@>&XjH%JnxBtry+c50FhrG@)WiBY
zltDLx(u4rg|MYDYugwX$LH&%=3wIHwwZ~0OG#mwGGLoWlkrj>4UuQ(dtAr>DVfg#4
zRfy71;Tmi7X)hmE)fN)KcKDA5*m&N2dcC3h{;ki;qLfl)It3|j5_xxDvX!`%FXiV8
zV(i&z1;ltB@f>dJsG)8VS=m*$AWUJ&Y72HNGn3KgRU)hIBb@6q;fiQD0o0Qmt}E{!
zWqaYb6SIGhm$z#YB}e08^zq61T5m)?RsXh~by$=-Z03==nts-s$0iIRE7UBaQm-4d
zh(fUn^M;D?V#`UeU%zgg#$1Wml%Ny)7;=Z2o`O$7R@pdll;x9h#gkNewNF-RQ81w-
zi1S3?E0cq!Tb5}@ZT0Q1)#ACHXK>~!21XqgnPqU1oh_@%q4N&qT6q*6y;1qG_G<7E
zGUdQCZeLva^1gP<80W@BYH$u(LhP;tIQy?{Q>oDC3H`b`?lyaf^1E)_2)=jk&JA4B
z@ii~$YL?map>r<qHSJ-XZ2qLZp0W2aQd#}ypYtDXizEkR&Ym!yZ`vf86tTt2*<@?5
zoC{3q>!?7CG&R39taP{YSkPuzDTJeW7_)v^64^Sz_Ts=X(<l)r!i}&wHQKo3_0ZU#
zI;{5=TfJAd2d7%cd56K#{h)s<(`eF{OG7H!h3@HaAx6ny%F2sA=mv`W1<v~)b+?bD
zUaO7eTKX>?zn$$yqy*r5xV`Sw@Hco9fPZt^x@_>X*7DN}m}aI-0XL!cp%lHc(WK-o
z_Jr`vC%5#$wqwP{=AF(XcG7jl-dh-AeLoyJv``aww7p5T{FPtZ)pI$Aj`{ClX09JF
zki&#Zx&u=gbSc+$Hw9A?ars|sbi2-SMH$@rNoPRCw@x11PwW3QMlv()j^Vt>g8}Kn
z7kOzPzCJ%xea?fyksB8STYZJw^B{Mk{)p}<$I_sEfsQk@2{!OvNCt~4(r-^_{#D{U
z@maCkx{SOIW_~SuVcSj5S(m6D?<Vtuyw=v|VQfzC<&-ijoP}jl`KYa-`od&onu#s@
zC@mhtiC?zwj+1_J<CMkb>pDo6)8DQSEh2MMVFyoemxxfo?bQdKl(aZ&7}J=wybp}6
zE`Lu3%6Z*G*FuBIoY>mf;FT9~ey*lF+sLSC8_iS4_UD3e5uI(Dw1UMnMqfDSD$ZZf
z3|-yMo_bedv4|rK&V&^zj`pOqs+^^7zEaA8rfhFbm4^p8WY+GGqaLd*MBU_Tv}cR&
zlhf&pYbqpB4}wCy=Du-Q=+gyFO&mROTc~IEYA1UankS<tabOz^sl~hu)vB_e{!5}k
z1~I$|P1)m|&wNopsKE!%dZz5fuC!9FF;A;faX^XJRovaKPYc)Z9WO^deO|uP{3U-n
zJwvYZ^i#Jew}nU#bA;d4!QR}kEB#XGVxg^wSeg9j9%9ANz3_@Qgh%`FI+^etsUt_@
z&ET^`CXdwE*}@g6z8^Px!&fv@T<i}eezM?J{&2crlE3)s$Ghu6OV<_~JnZ;Pp8la#
z->D%Y8ftex;;f0TIR9ga-7VurC3yz9rJZ7bl5fO45Ufen{TJ#oPZl7v@^f+Bg4|8E
zy65>K<8`jg77ux9iDE{w3=$<;I5Z;eE`L2s?)BiR*v>-OV~6uVU>?GVNw<pWZ!M}7
z$J`D%Rz|}~hL{ESuZ+Z%#*oxEdrJ29o292L<eA?$3@5FyA>xad%HSlU7PIXT&zB@>
zjo}6RKgSTolATg<9wKBYhu8^8Nw^mqhH0a^`o{8a-iU+aQ!e$*jHSO7gc4kN*4Eyp
z^*X%$X_=E2+uc)Ym0wNPZe=<3{uYC}-9k5fx3JJ9g8`P(CtY~;QfOH@Ww+t;{Z+*M
z%(aTE;;oATS1Tlq<h#n$I`5$dVGn^O*^$V7Gvn`Hd5_i|Z^XaDGC~G@bV6Vbm@B+4
zU&Wy*jU>8Sh$%a1VLYQqUx=d0iZMxpaHXzXy!2Bl?iWfs3d{a*5}4m7fq&xJvvvE`
z_cMdc3%w~{laLfXHkSvha4W?Z!mnR{Mo@a%7C~0d^#`C$?n3LzmdnGTdrovEE-|$<
zO5da)kRAHO1G^RI4bwV_{x8r!e2|te=4yaE^|-3TjuDZ?07WL_82Sa|y3w*-wlJgZ
zdB#$UEWHxMaoldv3tbkTa+-doR7JZjvbXwU<9(D4K5J0T80&t6QxhIWwhvyc$kucJ
z%}Hyo5*!&6EFUlTm$M?sP1_46aR}Y}*mFxQ)l_Y%I~cNh-)s3KwDg#yj;J1De;&N!
zySE#KA?%glmPxbFoXv}-aKc+<M1g+uE|Rxo4_gB0v)P9tj#h<xHr`y&=-p|25S7w5
zdJ`)6_Fy7&!Rt>7w3jWVe@b;9DVua(yPAm*R()0f_$xvldwy+dhvc#ZO0h--k$EnF
zu@r+ruZpSn^x<Q(;I4|p0~|AjeA*1_`yTJ^-+F%k!_<AroKLYa8#W^KWR#ZyqN16j
z&lD0A<NuD9zK{R%eZ1r=!G1e+$z02Xg^r5zk!)10B?C(tezq&l9rW+Ux1WRG>cRR2
zg;_PKM)<S|cO*rlBM+~>GXK-J)FdIdCYtsm6mNvltY7(S{HY;uw@6~j-iMVCXSc<4
zMtK&z$S+_?|E0(4Z{5BAmh{nI(S>Op#gSCsdS2*BY5wz1QAKiDdBN;e{e3%b)kz3S
zv;5Pleo8*$PLB@4c@34kV%hp{MQPmEmcOeec?U!F$rH0BMsn>>kyM-;9h7X@e~9S+
zS+1m)QE<hf`{mY+Is<R$;idaz8~-Lk;4k0TUp|7(l!Qbh4eL@wMT>I&=Q{ki6cn4U
z?yNXeyVV4JFpxWP^e}lN+MO3te&Z6~!pPjB$-GEz*5(FO#L7pK`!3Uj!*X&}#e2)7
z$*0ujo5!EbrbCZn98{@f=uh-EAf#J+ysazQ73-SQjMJ{jY)5CSOM(5>Ci1^Tzdr_c
z!5|5VjJ|>%JfOJ~iEEfe`7QYmd3*2;UnB_x&adN%b2rEL3-zX$ZVTr~N;1J~s4*lj
z6Bf+~%CF?~xZfE)V~SThbxWh=Pxg=V8!VsjU?8YK_+ZA2kM2Al`{}rD^vO7r@jM*!
zqLF9Frx$Z$EV@@<ab3_8Wkj(=!dO7!#gp~^ZqI}X6Zsj0&*O(!3rW`|YoO{1x628k
z$Lk4tL<M3g?%%O=;;Zh-XKT~9eR2y&qazLUuJUC)qviQhOnE084=dX3Q|+aB-D^K|
z%0=uAnLUF_<%ny{!dTq&Ot!hbUsA^iinREUdm;V2oxib+;MbIinP|<Vbi}Vt%r__8
zyjQ@kw;o@~V(DXhfX@gHLYoOYW=wpW9526RQ+Z+lJALwljEfYCC8k2W&o(<)(A{gI
zbO!go&8#%a%DN>$Q`98R=&j(PK|i~4Sf7wZ`6w>;a&K^LZ0TnI!VTUE3yKyJH*Xq;
zhjFrJ21c6LSZUD2TNu%OLPP>NB3RN-on34Mc6J(S@iHTzhpF~=CL|4tw0H@W;Cr<K
zaAky|!-8uUS9Mpy?&(NZ>b`V1E?q9OG~?)YOZW7;RTnew%MXmYlV`6yiyc0)L2uT1
zSl@P%7owI6sJ$yJNH`V;p~2yyTngR(ln)($8%^iQl2Y#QkR*XUZJO<9oyU<=(-iO3
z19$%?n*<e|CwQjMbhisHg<^3R$3i>4Z4xaf2`FiJ_UB<S>@)Es=x!J2Kd?(~XIL#q
zib`<f2;8JU)M))*?7dZV98HrgYS}`IY{_C~W@d|-nOU;HVrEOSn3-EFi<z03nVF%*
ztk!9NGyj~qbLOr!_vyZzT>Vn3y1TM6Dl?<@-Vw1lUU9QqcDEMdm<=wf@Ra`(am*NK
z=k@kbb`zGjUl!@q!X8!ZnUx)jd&KU`<_y9gX`4N$!{$ot9;Y@+y9|VHP2TEwKS=L;
z{rP%SHaIPiB~p=Jy6!TqzKJ1gN+HCKxRV~g(ufgXL6D+)KAsXwu&W~l2x%Q$t}{X_
z`nao@L@*LZMb>23AEj1aYJ_q!2n;{0ez-WbK3Dfwm<nZq0YCO1HIrgZxlUV0rBFiC
z%EWo$1KRqu5>6y3aYX=hxDIIs2WKoED$d37TUZP|EaS|i5z?5BR{M6)P2*en#~(Vd
z)v*8s(9^biUKL4rBZG1S*_6@`k|fm+8N&*T(W#CLS-*OD6lKl_SFTW(eHd^j0np4Z
z287JnjJ2d^m#qA$RY~b5joQ*)P3d=o<wx_Ca4u{*SPIM0i1^9zC^B97Hqz7^yc3Cw
zAE>E)U&-FaqnOQ?f)O%bFb>{|W=k_Jc=RL-BeA&dgm+w`%)7SW&LoZo@;l}w)Bcp^
zI-nVY(iQ;_@f@fdCa{?_ecMkr-#fT)hiZFSusS%ox@DBnQx){(@l|X@ej0zT$(C!c
zS-ZR@qkd+mcmV7dLo1{xbvR3pJnL_nsYn%AS-|{8Bmaf-XnjO_54kdHzoUW;Sz$Jl
zeG#F(FQ0ied#oe#u{h=8;X^{deaLz*ZR1A7>SN&Z?%}oJ88kn^O8Vq||FoF_#)yeK
zdvRCcu!)%ylJPDwPSe-CY?){VELG4)c=0=fzT9vXT&65Fwe3gu&HMz%PiLetv?q#{
zV?VuKi5YGA!@inMFfEqT1eoCsWFL~YB+D+_ojf`(8b?T)ofr0rIftX|3hb=zZfjaI
zG!tkvF?v|4?>zVn5H1S7ZmFkj&+0r8y2FYeZ%GXMp~+yb0iHVgj~0uljFQR~R6<B=
z{i>>~jW;+1cCKE0lIV1$?=0Ci&Y{Vujt^>>HTio<Eu=CFC1i^K)4oe2{T#(wiRD*h
zYm!8w3D+p^_$<kK^_AnQ`QG1PQ`il9;0u8VTxTnDLj$_RHH}=0{J~)-{#S}l@-85A
z_d<Ww{4@+35eDb+O~TP*pVMme?m-2cP6>O`)2=p3lQ-TWvC>6~O_Xx2gU(f(6t7>+
z$H<IZu38{$v|eeb&n3mFI^MQm?nS4!nDfds;n4?ty~)sU&#=R8maQWZDl)$`?f2E+
zo283={5Sh2ELLaMPLMGbv<`nb%n25{nhU?iN$O_Mto58KsW@1Fmb%p#snC6~BQO~s
zmW6STW1cH1$77Yh<Z=$pUWEH`mOgzQaC)|J(OdcmDO6!?xHx~^#7Z00BlzHn;`a>K
z@vcKg%AaJ;f7pcKnjSA+iHeTVi`ps8Tk9~j%s(t>q%fVxAeOYVmn)j#RSaS3p2pGG
z3)U!Ii1ee{dlLBa{fSa`{v^bZv2Bw&FjuQ)pi>Hg_NlGu3wfTT#CKy8aY-I!6#TdD
z2UPQ#_hK=t*OrrM##tBXJ<zi88l0zWZrT_)_#j!b-G!5Ha}a%!qD?MhZ-PLZ(|GM;
z^7Y6b$UW%Od#kvK4kicvI#KrkzBJfR5e-bC*Zv-X%OB+T!M7uo2b{Mgjp^>D5|iJO
z(6XNU6#3Aflx$s>eg9A<Syf^PE{)jUG3Gz76crn)`<5-%E|?3JqIWM8OJCw^nJrkE
z!ScOgANdP&2imK`Oibod#KdxyZ1c!~Ym*7JESae5{VH?b@>Ly^ae>MWQvEo05}h!8
zgNO3KJq+3^MnnomUb0^jd!dv3Ssy%1>&i8I##XTNsBM~TanfGXKAQF!%EUDwI9xB7
zAX;k9Jc-H%)eLoK2t1_lPt;e%U@IPHQP3y{@lJnfvL*HgG3L7MGL1cZ;Wkpx^>C1%
zx+tV*8{<FuZ#5;T@4z92_4TZvw99OaGA5Ny6UIvz35@_P_h>7hR21ufitp$P?58DM
zf3Tq`D=+)O<&7~O*Q-oPW|P4Z6yxY7V3%j83nOGTM>u7UC|DEmI;qsbLLk*SxyU?l
zgvI}|SamUJ@Ll><>ok^jg^n$CNTwmVXKd!9^VDc#-e4M`-tSc91tkc<wsROiaEdA_
z>czp&ABl%)8BgY&&Cc97Q07B3K!>C@y#oq`PMY|TkDc-7lEqo^srz6bE|421nwtvY
ze>*G<c0(8SiCpF~c*)dj{OxDstaH39mJzFS?2zw|P^h+IT`)FH@*E@cC8W|A9&E{1
z$j-Uqt#OZdUSZI1rO<R$?Ny;14=`~gAtCI8BRUYju)p`@mXR!cRd>%dUZ0MQ?bCBI
z-)j`#l<|}`@{_)oPN}9H`mcag%vkAET@*eCs97uoceK`Vu!+@#ST&sHs@*oml;=l}
za0p{@P$EAmU4C?ACRgl3kL1`MAL77rlo$tF^u2d?u6jT!hYKwKtePVUQC!H-cci9h
zgWmI7eLsl|fx~F4c!<6vpI?&|7()^%+)H0vRx&kxK@s-FND%<Oco0Zf!%<gX`gP@0
zG4tGIw!OW6a)TZX3p*&cg3b&jaLBI*ou^bnh@_@NNcGES9wxYw4~)#r14Bb8RaH|Q
zmA``m4SxQ-xnQS;s7bhGz>zE@ul|t{azM6_t0FJ7P54|EgEicTm3*zv<xNL_`n$GO
z&f9Se5sfmz15-;iTakw1OjRlYg>VoRkR9Ayz*SQAoNpq<r_MqBOmBWa^9l0-UsBo%
zj#L|)qrUHOjBjJ?lhTXhgt~0}#W|%Zp`k_%U!HkXVeIdUpF<-0{Ns0@y)oyiAfe+v
zpQd@+ovI=B%D^YGdRSRoM8+!p$}gw=e*!f5m7e=3O$Y!HeF~miGO{GLG{sRuKR=8#
z>-vD#YuchuxW}`N{0kn`w3fGd=7_#>?gGM@!=BigR%398Ig_8@IImH){a3DwOG(5|
zUfck)Q@OUtB`Kvb5hGJZ**Ns~D1<lHubNqNClb3q2qpw(KYR{rOz(cR$D=ZZwO7m$
zA){2Fc7EuMxJ!xuJNPQvgwH$n^hqbfegpkX3MmRXj=pIknR~Zy8Tv4Eu)iZEnBhP0
z@p%(kcqo3Z7mLj50P(Ebj70j@<SIxES+a!@+YzVzr#CPg6f-$GD(`(rj-4CZa)&;P
z1{-gw_F|mnD!0#w#+8mNTFA<u;Pwc;<R2By9>qFN^|)tIF$1V85Uei!HeK~dnGG1y
zy{H-O6pY94(q`w5XtR)&i=5%su2Z7Lt<?`~dAn>koyaX;KDxjhb>NErk1(W#nh)1B
zUTr`W*VTCV;Ty*NA?32CWz<%p(xrpy=zS8Yo%&mh36a=#mze(^43a$n?o*7jL{(@_
z-W<eZsYpk!;@>RYj{H6@1sNQkG}kGvZJ8-Jv@x`EVSJI#u5`V2F8Xf~suJhH%5wbL
zb(@xkWOnz2UioT=X~nT;I`dJWcFOc6Tqpfn*boyGM7|N(DEbPMx3aRMzkd7JEVuR9
zS!h_;P!Y<0RBS90Pa{G0qIhOVv^;khsO|^ZYJ=@gTcvB(!q0y|lWc^_R-22yhVI~a
zpN+ZDp8-gxI^yq}+%?`yiqGZ1E}(GKUNJ8)tb)^#nxPtmbC;lR-vJC0$^Z&S<W7QG
zYi>ABy&uyd{Y*qxQ{gGwPiGrv@l+A9I$hA|B9wipV!H}d15$m7ch>oZS+u_;oHYl+
z(V7fw6g{y@JrE>|YV*8eT(_Q+@o-P-`SmtTTMwNz7XhVT{S{#M*`iS-&CoZJ1&;7L
zf#%od#;{)Z-~428Tp1r$E1O(_azUn%k&#U7?w)wRP2H8LUFZv(+dZh!;6hiB$2w?i
zAhuX5ER*(cbnR)hN5NPqZHQdI&EfNnW-KXGO@=_xw^(^&Mw-;tQ<dxM<+Gtl&P{Vs
zqKOBxfwkM^+D2N9dTP()S8Ywruh`gWcmBX%(|M>CN^Cl(p6d9iOs;ywOiWyDpX8{a
zsE5A=x{4@a8}4#OR0g-1EgzmXz1UpXQo;(Mi^Qdd_9U3dJy}C5Do($)fH2b7?Yn<2
zVe;FbMr&m@+Fpc>Q2K||+EIPBNB@nPbJUlL2SxxOp-i7?jSUwek?5b&#??21zuE~>
zrd_9rhqjKQe>q*KG`r5XuwHLV2Zy><ZM`hJ%Q5}~SA5wZz{Wqv7T?r;cjf}47c{XZ
z=wEUSiM;p@!{1vl|3N*#zz1w9iYquo$0*m)_f0{Nc!yR8Y*A4nF-mUx&)~B{io|ha
z#Pkdt#gq~v8Na0!Lux7eU_~k9{vsljQeZgf?|=OB*~0<*9sfFjeG(&0{f`5oj<4X0
zkXp{!nT-8`TUuVRf0>Z=(QAo`nKJm$;&MD8-u{wTR5Yns>HBDUSA!5Opa>2!;=5MH
z=CBmg(ZS_$eV^DSf%)*)kDUoDR;kcQOlHu(94!Gf+uuBQ;*<DwbU=)!HDn97%DrAx
zr%ETkZL}@cOCx*SJz{!$f11eP>tE4VkJA|1QK9^XfXf)cUcQ=BG}HUg!<AI|8v6M7
z$O>RMvM*dHw_*^B!W6HJ=0+RhWC>R+R+)YvQD3RM=;{?mPI)<3$Ku!jViZ_*Ki=br
zfC2`XAc?GuNNc|+P^-!Sp3$@$ej0Rb@$-5=Cm8mMK`3<SK<T_78Xl+vSd4BB`2Q$`
z%Hg$|X#9;4qEc?5B@sh5x?jUWz}gcVjw|?p$>oIr0Rck5Tnf)@ZD0nwYYNnf@0Jl%
z>=mnG@nYkYdby;8?e6W?sSZu|IDKWy%2;e>jA%4!IkM?U;Eql0S}!)B-kr>u@9Zf?
z;IahH6pUOOF6#YrO2*LCLbfuC;P}-`FodNRGZ-01I1^kqsdLNffFY&)?golTYzoi(
zaA-pKUs?b|9%#6~HjDw20O%k0N7V`W>G5rWETrV*mxtYaoby&6zArQHH~YRL$$tW%
z;Nks_uH@Js_5J{kAKE?Iv}OEocf#$sS1H`r*LV4NCF}(*UZLOEo&IqD-W)9AOkDKN
z6)IGmEpuG+E?H*Gk2lZ=-$71GOFMpgcf#d3F~~zTk@5q??E+i$EV<7hW3Q#5QDeNw
z-qX_)5*D_%=FT9ML<#q;f>XJvInwMM;5pl-HnlT{mY0}_2F_@BunOgP>1#(&59SHm
z{n1H|qH3$~0{)sza3~GDK|xs2;PmteZ@%KAV22eKV?94ZuXQ-aGn<Yow>W8zjnUeb
zY{t;2GeFqg9udi9KEIrE_Xus2k+70NTH#oMvuQCgGlP4}dhWTv{;uR?@jE!!%A3y{
zFEFTs&e$*voIScc<L>!z9LQEOzqN8#`h7bLHCt_bC4p8ij70oh=Eg%XTv<JWt%L{V
z8*bliv3|ApDSt;A6Na)fOZHYjY|AdK^&nx+k7+Ar_-Oa_>S505+?d#^^ES+AD*7V}
z_r{~SfJ-1#m+7-l$GJhdDgLbX$hEM&{u>pWBcD5&=jyNk*QVZvv6nz7_yL`oofXep
zXnW$@*P`I#<ICbh-dn2feXa50>$F`KmT@8l8w29+Lk?b9SuHfZy;-rJ&be7bkB*PQ
zGZQ)Hf{)GP`5DMtkujwPLuCrKM&UxmPYM~CaZYFMW72lU{$iyPOg_txon<cKNwXd5
z8as8>)%_b2SwB}fu7>T@O-zCi96o)PkN6(T1&#JoYUDw`yKTY+cuy+F3=T)>V5QF4
zofFmk<rB`%($LVrN=4#52uJ(g21UM1TW7MEXuB|x+iYQzmrzx{8c^ZPvY;$C8uun^
zrf3cv;t8h^I9AU$1+c43*;5XCdLD9o8mUVgL$<oF9^FM=pi7ZCRVw~m>C{yWq(!e>
z9=vDZF-TIf9!_hi*sQj^5p=PAPQ>CXH75RLvJzG4Bha&<TMRmXB4{;l=q61ki=#cA
zwjHRn2EBdZ;dmQSCzu}~)^(OFq)P?exZ%RD5WNVjxH`}V54QWxdg?g}xsa0f<*Bs4
zJqzbZJZqM#DK|!;f+OwBABTS3I-kqwczpyj7%BF6S67sYwygm|O1W|>@i8$@d5LvE
zDg}xXma^T>1QnR#kv|H#ax!C0IuOw;zm3be!LxqMpP)k$jN6C`M%RizL^nCVK)YUS
zj5sy>;}!|!biJ%;R_J#MSz9A`KAd+=SK9>be|Gq{A-5O_V|7L9ouz^0IxTRNXD-re
zjkZuy8eM#g3(WT!yQ+s@_NCaZ79ja#**w>?dBZym9(Y`@r11;w=9G10lkC0*7vz?O
z29lqUTny3;rfTLu8JnG0P=R8hiuT;QUsC(3f}s9r5*gg}+QyT#W{!X|%&NWFFB*bo
zB;)-6><H{-2yM8Sh+@7o&jD56z`->^gx3qoSZ2RKi`{7%%iB0az=P3Na%;|w4D>wn
z_bBdx#y6gsTKVhFXnwQMMV8k#`Y-XBA0?BTB3}K?h&q|w?J%GxxkE}$S)b=6GS4JZ
zc<S@}5>eMe7Mly-CD6Su1eRSLh{VBGNp5PjCi?R2^>ez4@}RY~b!cel_T8z*$)e-H
z>LKl<KJTZkBYl|TMOVUAKK3GQ@h=VRF2xImgY7Skp^=e9+~nBWIISEcNbC&_frV)c
z_x!M*eMAew5;tFMjPu$fp!nqcm`z8R-FGm?UM^_#+C7S$Q~mMH8*TWQI9Q6DM;mPQ
zZkFz0X3b^f;@!~qIQ82-LTi=tI66mbBFd&sG%5%OVZWssPrZ!Yl?qU*b+|<F-@JC4
zHh8b{X^)mr*XM7PDvu$}Iy2L6Uv8tI^YHaZS3=Oyq@vh+^K_nt7SykPz)n=Setm`Z
zd3{3uxFgu9qP;eNRN(IJh@zim9t;+&@s^E*6zI=%G(n9FYga9Cr@C{j)S9UM)Z?!n
zoZg7%+KpE5oO7b(KrsB-H|Ql$iBC}^yFZD6-Xx>h+f@Zjsk=w1{vdW|U+k4Wdm1NS
zgg83u^Jso+bq!%=50SCl5ThT(M|g)%rOCb@pX$uT>PByl@)xW(IZFYt(&lXK_n$Yl
z0(aCR_~~a|XQ)glV(UG&b!5hScQ3~D&!y)>Pq7x4u#G!*)p1-07`U<$VDst2ONioq
z@P_iRP?v9H0!&tZEn8`CaqURUEg>2XC!pvw8HtxJs4~Ib?LPG1EO|b#9VO=64HYBU
zsC}Icq|jMvhkOtgYXW67OdQ}Mh{$WdZA8n4O&7xTcH&5%N|6WZu6NInX*Z)McIYBf
z&U(=9!qgS|8&WPJ)0qx8z_(d|oSaLmTnaarrk#paaYZlDqRRBg&^Oips5)b{S~B+o
ze=9dc`F~O#sHMsO%ts-&yX)c7b}tYGJQe#Uz!6o61Xegh1%0J6Kg+hdB{C{;&M&;P
zy1>(%I0&9Vz*`FXEJmcWeDg`*qD8E(tX%*v&hzSRkwAG`0$@3sZ1{dI!aEo6NTurg
zY_@=^6TkYR1GhN#q8v3!W~k`+0d?>;x1l|(ibq@%*pbG<fZ}}H{{i7F(#?4;fCSkn
zCUpDSLcfPRp-T;-JL%`~>?Qvx|7xJT$jQBuQgIXsgS^+oQ?mUJ&Jp1I=|tJU{NvpS
znNks1oG?#|*VbT^si8$Dt<t<v-}P`G1Ae!y>wLC)@HEZ9*SlR};(f=nw_RL8IA-2w
zoXMBoA14MOPIN>TcyVZmX=uB-gLEhm!%fud6mmuSd^|g^@(v{P$-$K2(<YaPUNa5Q
z2i2~e9U#wzOz*5Z`~tqn;P<}6@)9GIq%|PHqUm+Xbf7PA;8{CVqVQ)*a|ujip{$9#
zhUxk0^voeB+qof%!x4$USL2kQ!5lwXP3jCM+HfR9PG!z_m~8V9Q(B&7x${+_PTQ|_
zb~8fPE&^7wr{O00Rp<0e9tPAD`BT%w=)8zZe;SL^n%#;@gWye1ur5t<6;O?|Ch5+n
z{Z0sde+-8yP7{{b>+wURSfS|6!k+|c{<E3*@MJFtShpkjc5XQh4UO!gBJtWnI#}3C
zn7E4}t+5==4~LVU(;eOzGBPq$x-GPFcbUy@S3T(uE#6BwiBi$%<JzB4kntbiDXLF)
zPERA1-+~gTl+jU*QCI5E12_BgxhcU;j;7Yl{Fr+agMMJ=dpj!-t&kH2`7H&%{qIsp
zp#yUVon2|=da>57`eWy|)h)}xbab|>nF$&?$O*WB(<%MCauPieypqrs!I@3)=ZUK(
zKSO3+5%bPM5WwxC46JE!WkA@la9VKtRSu{Q90m*C;&1^<O@pti<C!Q&X1r%4&iKrk
z=kAOTGV0B@F6F){zf`-tiZpD(58f308so<dL7*I?h2!CklqWCSH!JBr?+b3#^j!<n
zdrLD=?@feAd|TSGf07k4P--MYv&BCgvHAe!lR<GHGx1cGGvT0#H~1US?6Ioc18k7V
zN=mG<0IAKP8#F>zS5%;l%!xMNlZO~uVkzd$VjBn{r7iW6T=+<b2x$@kb3MNOJqs^u
z__BW(&Mc_LMDG7UybI$3MQ;=%C>^7kZFI3%PZ^>4D5l%@3L=~fOMT*lomBeA-CJx}
zKk+|Byg6`?-<PItW6Qo-0xm^;;Xx0w`p@zjat6IrUOTTY{-$Ye`9@9|oQcrCN>f??
z@a(ERDVx7KaTi%D82*;rg67BJ4&{?iR5|C#+#r89-WZC;?0m*YFOYSPV5g$8xeFVg
z<u{tT&Frgx2`i3#(`3rQ2snI=)T|_`t4eaZr)Y)IPPsq+Oh5QseLs6;-I_e-?yw4Q
z(4jX~^@uzdnQMr>J%5Lz!Cx>w+bT>sIt%|y+~#X|aX(6m2uod6sf9LQKFX^UAegwK
z5;0S>Jy!1Kc4j)iDEudr*H%@DGA2JkD*+A;sef*TT(|W^vA`HZ2K2;YEFjbNdl3rl
zE^{OYQiXsuf5OVPjbQB{`gi!#i@TC|QbdVj``)LD^)R3Ke5nOl3$x>K0Z^!47&U=x
zQS|m#GsM&JqEcYCd1hP?CDrV%v{+(iSC1keX7v#<ns`J}qO(#nT2f*)qDFThQSr0)
znrT}_%GRC=1et+CZ)yoc8`rx|?6AwsU9)*Xt#_N?AwNJ<XGK!&Cl+5JfAm7rHuoz$
zlBkAZ>g(6@mt>}#jx63kYauHGekOvM9;VIP`{^zXe!1UtDSV`Uk8U!})MF^S^n+9T
zez82U(g(JZ$BhYnFITIzyK1~WUI&zG-z(IJz^Rq%L3drD4mLS0N1IB6^PCT4VqzZE
z+Rs*ga5`CvR4ZSBxO}+kZ1Q|yxAJ+4wC&LA3ff#ixnw*hwON0jPoPxvFHd*9Q3QZ!
zAAMYc%-7x)v!MA+cMJ7XS*#$e)PC-4w6EfF#X0q+^n5dauxY0{P{?2~A2UoI1lWSG
zu(8ofI9Zf6b|S!T$0}4U7Vl6b7`w<;8?|0;fuQ7N5}F3P#G3z`a#1!#wE-O5#{bwM
zvDtAvhwAPKzC?&1;=e`laW%F6Ne9k-nBfE%oAl))mh+MI+cfnr4>v5`wH8Hn_!ZAD
z9~vbu)A+_|bD`B+U}>Bx&_VWVb<v*QG*Fy*uvn9;!c9+>+fZFCJ2sx*{2p(6+KO!&
z8D#QSLc%LC$Co<sM~(*@60fWGl*`^;{)*QP8aI=&08+v6)VKB0^Db@4yhF#^EHX1P
z>cdPj8GKp{3-044AMtKall?Ig9Q(b7RQCVLYgi1Vel=0-gj<ZVd-UPF0_#HB9tgfg
zO(aOhTb2G<r~zkF9(c#^|3Yv!`b$}Gu0);7!cwQjjWpP-?sbd1wejVWn*Ub}jrNjr
zJuf|CI0adB8pUHqi^$X|<Xo5o=R8}F=Yw2D@BqrOZ^CS&vuwEfP1g(O1MzOC&ryH>
zV6_g959a$HPGaDb1IZXPkCkZBm08)Q&TY|JLbwPD%3T$$8j6)FECz?1(JMBAQSCCu
z-KcM0pd8cL+O{wP3OYMG<_hMG)2JJ?FLS7F^?5396NK2GX4if0el1^-PoBaE;cPkj
z=Hj=kCv|zZ<cP;Btbuuh7diVvBsQK;1}c?A{b*7n3zgB&Z4}5#9FZonz1w-kJGD{0
zzo@K|s%+PA<8O-Ml2ns=i#xt<yxco*Fh@ze=Vi2Hwz2*9j8gBO%k%=!xaq_j?&cYh
zs$ee9l25#c-t9(Z#DpiNVbY>zQ^4us=2_EP9zIVivKX}YfoFp6@a_~thj&{x8=HBx
zGa+Xq!&~FiVVal(xwCzR9eky<qQ!Hu$tqY%KwtCTMMpeu&--GINAsXVp;l1j+zw0w
zvq}<cZO#E#sNyDWy5Lk%+l_42k3VID9@NV1eQz9dxnotW)@Iw1h*@a^D-XS5JE11>
z;Nr#1+|Gxl1z6TXzkOEEz~Lwd&z*X$WIFI$Bsva`@Z!bKjaNN|-8uB#NF4Pir=ClM
zN{l&7BIAtTcbF<MyuNl^>a(V`y;W*7C7S}>LDsr`cS&L-;8&)U6IaAIp^sciZnJU-
zsq;Z2YSdG;1A^|%<}~u;;!h4sEMRz(zUBbXI7>%%Bi8h-v+F_|ZkR#Czz|!`z-?sM
zo><=N{t9x6ChzAsirK;frmB6f_v+N%;x|eXB#KQ&(Svck(Z6(*&`hdvA&qpBU^`zy
z0-GhPgv5{ts5SvO7CZyIsgGdt2$}@3mA$ZV?(POVDs-lWd?AiFm+;)g@h&T)rJS~8
zT5ZWEJ*Vch4HJ^){p@HpMxy@(H~IR>%|C#+x~hS+m$TX=DAgXbJBO=%Ln}ZmkDQ6A
z;BD>?o6-#BNaqy5L6!ba*9Fw%-%-)4S=E49-57oK(t?-~y0DI+Olhrkc|3Q|`{evt
z9ANbUN-8n#&&}$xH(d&(KbQL!t2g;vPT4hXBd@QadjSLH)r}m2Ue@8<Zc(6U@J&M!
z*_pOe(Lttw=9`qK3S1*!vjP9NA|t({c|`}G@i!F!N3IfJIiiYhs7*CFR8sSIE~G5>
z>2CYAp^^|ys<9z%PpJVNT#Cu>dNA-(1kBaEK17oW#W{?KZ>d`FL1s$kYi4gjmLp>@
zQlvrO1bkGGu6MSjXt#cdmbrf#+nJH-SsKIj*GEaqX#u-#dj=B#PZ@$kEe(mtKTebJ
ziLnl8-a3XhzcrmG4XH$9^&PH`q`Oj*v=&xfUD?Akr2m4XV5OH3ZR?`iK?akvPKn*i
zEi>ILwBzs}CL86|FR!~8GHqB81Wnug>y+xHakRQe^Ev|pbD{X>Qai4fRM@0t*mYg^
zJ>(l}6v9!2#4EToj!=-6AK=1kqBO*HWE~v<T23aU)fnqoPv_GdvwHEETXAnFX0-6w
ztdt4|M|vbEg-GmynJ(rF00Cp2l25zlllh(RUl!J68h;?2s2f^@i^@P+FbvBOQZvVS
zcFLQrY!v0=(Ii&MVMLSj2ExW$Y8(qIQA`gGOk@msZvUu~Zx!UqxTJI}qy6@se|_mR
z^Pxy*rm<VlJpd1WuvXGSxZKAvg{$OKV@G>wEdxL7JR#PiNf(Aq3h0V#GZR@>&WSBB
zI4IYlZa{?ictry%W<URdjp0h~0c+#*!*JXJi`w?q;d?_+V&d`CGz5@M@A%n)8jj=g
zy0*|ZIO-3=Wc7wXK`*ua54J=qS)1y!({;#v>?rkwAA+bLL;I1TLR>+&1ge9=&l38M
z4&a&|zi{mcx`UkZ{6?-@N)@A;{T?FWoX)4AgePiy^bt*JGH)HG{;ozNVROS5_i<9P
zPHvnvsr{?>9wfDI@c!Ps?i=M$e5&(soDc9{nJwaEWKA#?2NJ6kV(Z`~%@RtqGMZkH
znRS7!#D$~(V9YVbaiJ{q`;`vQS~?5x=B}B~2Prtz3Y2$@btT{P)Z~^*6DY~PM^W$#
zB0EYus)W&Ah*GC2P0mM#b&RIA-+mZq7oVBY`Z%04AWL_}<p?~NY*+y}c37r4*@{zr
zg6oYt$KrEjjhqn(-$qP58ZBzp%RvsnPU`xuWT;z<Y_ncsm|~F=CuSQ-SI(qF9aEPm
zdJ~61MD|Cw5@7&(LB(P*OiB|8hLUo_2Kr{uIX{7@PxLoRVob)L!qQrqQ;ez7<ybj1
zx+#uwi9>u@$+olJJk}?@j~tWF2J42D<)dlY3Tev4y%Nt0^;6i<|1T8Zs9SESPe|pa
z753ekoT&1ru@TpN(fNd}J1Vu>uZd0#p)RTYG^M+tgSa#_-ZgFV;T52SRR^qj)5|vZ
z+e(X2B|KTTJu6lzG9@!_Mb)r-fNbwH&=dXbj&r<jAw{~VNvQ(kE%Tg-kyf&{g8oSN
zW_LTiA%3b6T=lVo1ykjk;NCO16DyRhVli_ebdb}F<<2LAzrxMNL$@pECRpRqJ<bWP
zG%$4+*6d!f_GdRXeZg?sw*-rYz(sSp8{&Oa=MVfoaI7b5A3ez^%TJXXg&bZ=fV<vu
z!r>i!e~c=Gn5l)sf7vuGnJZR0eDgW1P%Ko%iD2*`OQZpdifx0f32dj@Cl3ugsr2+8
zc05v}oQh5S1BpyexQ#0PWF8p4Bi;AV{NY;1<{dZ{atoSvdP+n-%v#*-ok(Piy{&S_
zpBRI~qpUCn?`mM}=RdG8(f`%4|6d*Z|1UcBvfZ!9%clR*u}l1wF4v7tY?eJ7*v9=Q
zK6O>)UwkUShQiKb-rxWb;?_7hHHHpF=1Fh(5kB>bK@Q9FeKd~XnhIZ1NGkP!N^{m?
z!j_eDe`IY}b5ldg&G%19go!;ccuddkTc$kw2*UtfO2bepYCMKL|2w(r-X|!s7KR;)
zMQV!*frYlU(ZzV5eKiQTIY+%4%2*S#?e?btdNAYn&GH|%(~H7zahqm9<D%Dl5s_6j
z_<9^cTuwH9tfR{x5Cji~0W1te_wj2}ezZnP(oDoh7JY!@idp29T6+}#dy|lYkI}=B
z0D-Y~MO6DuCES2No*7!TF#*Kg-|Aw^e(-pI5~h`}vhJvqVB8coB4vT!(KZJEYI~DV
z?C+cnd=Lfq%6^yN??3(XA=(71kpFccIK=U9&cVN(yawwM{*4<29|wAoT+nNGNkHGL
zSk1&D{lxil%oM6$Nh$!4VJ^^$rt(_J<45wC=Dl4Rnwb}OOV}n_Mp3&9x>^pYP^nFV
z?R1TBmR7gFH+_b=mq<~$7+#uwv!k~VS##9CFW2kI!Z`-0k{K!$!x)P_^fxD9rNx}S
z)*F89d}{L&$a*2eQtqi{J700lR_anR1GWWYlc_>i?zh^IDS3|)=cqu|c&^y_v=-&c
zlvYQaZu%qBlJ>mG*EsiojuIGt?6c22{}rgZo+E?39GTYex#t4cwEYEpqD?}kGswC@
ze5Qt+z{zYXTaUH4Y^!hWt94VNkN3Zmv6q`DB&krLBdPN0^yVt@HJsmS2N_jQi>dF8
zz0_0rW<76WSJmCna3+@S`(tM+d#6$bchj!C*6p6}2*%`H@vv?rrD<mv{s4!%COt{;
zQpU1<_)^<gvL<$66l7CvxB^-bQde-0ye77M+EZRVF~|AwB#q-=kp%`xrL|-?hrAX&
z5}YW1CHhFkSlZZPivjuZj#FPNC+B|hg7aoB!&oMuJ+nAh;hCd1UB{j>s`3Bn{u7H=
zC95x<S_cz^h{c?PmXj_%UHQ)F<E{db4{jV_e&eoL#rMnAP%rddM(t$@f3jX;j5YXo
zDjG-z<}OK3PG8xF6GP#BdKp;nICK1sqMVuTd4`S;uZF50xIA9j_fO|~SaoZ1sr3PA
z(^<Ifm@>KK{y4sPhobe*Dsmi!bj5m(FI%4*vOJ_RG9;#;2=FzM3i2ga(5TDK6gHN7
zvwX8qC<d?APB|Ctvs3y#r|S18Cn{ed8;>`ufo7~NfO%t)^NF7!Z!e4wb13BZVr|?f
z-LWuCLnj9GfP1pB2FQkE;hAN8Ld~Syz#VS$iB3`?rWEOS9l{b3&9m8ZlGbyG=eeW%
zuV&(%#!uBaknQw!^7#J{(1Kq+b291P;~jA}Qn91aI^3ojyxT>2d6VD#-UH`$oxYy;
z`v_0tnA=MdSM+D3FX;DITbtj_kg>(rUx#}>*Z$EKAwLvJyHp@XurxNL6zo}r+D}={
zSOe5}D33JSNNT>rTSrKxul>j(FkQ}V>^w~_mHa(aitCa3HeAz+@msl6X+mrtEEk;i
zlu~ofkWdjJ)^v6pE`icLT|2xyFdrHcaeMF40VcSjEvc7>oh-QE7XZ3TYWcn+bxhn{
zR<K%WWR&uU&RJ{093OCJ6_zHQHNb?$&6SmiTW>KY*_1@;?vPAazx~n&`G^ciw*AL*
z?2a6i{uz)#p3?j#WBK{_M@_lJgdye{p<*%uS&wts3KFXr#q7Bi)Nct#)d}FL7~A|q
zY4Pbu*QD`lip=&VT`32=OD*xMTtirnU{&-z%L*0c`n|A}KBu3n$iTGV+cg1Gjxqv|
z>*JUB_<8a*qs^q#xmRlz9@p22vqJgh>sI9HV~*JMdxa$fE8|e-S2!Qc_26lNCq=WP
zLnkUC7sG#Bkhb55Cluh}>a`+;VoSKlpgu>YAv8u$|CyGUSq)15Ch<qns&x_p`{RRb
zzB~{a>(~cS2#D?-))0qKDLCeI$Bx3ls2QPQjV~?+Vg+zJS(NVdO^@~!cuE`2`pXwJ
z91d5)b3OB#H!{UpuP{%Pf1^0O&3hOmU^@4M`$X=P=l0A;-+E3|tRU(7WOZnd-{1Gu
z;U`QmP%YbqZ8l<Y{qHn+68cwA2ksBY;Sb5jFHa2t^^e-keb6EQ(gKjdibhB<Z~iiP
zzx3T_v9*AOhZ~$53Cn-EmcZ23%)$67^xVzG#hPO0h*K7)t!HQvDXN2MXn%ZxWu^Dq
zY~0F-4#I(UasqERPA9RXe|GZ;CWh7?pDEo&(JH0$&T?S7g;u9M{YG=O`AJ3$B`LCX
z_NZSl3Mzm6gmgCz;jssCR^XuO#A_nnOtk=-6FPJ2a-MK!SGd{zkrJ7PBiF1Y+@y9D
z|A!D9Tw~t~v+CO@Gj?-V{tbAa()tgonLRdUtazh>A<}7lOF=DrGj}|qyga#l{+LJ3
z;OUT#ao8+}thK_c)&+fhcJqvImGu8Z+)0}_sb`B%E$*U&*2KAkq^1p_v=5g2PkTYV
zSc;Y|o|ygm#3#Al@KKDAqlMoKWb_WKb*y+=>Ib0Z0+CU|RP~->9fagcUNTU(d&QA_
zp>aU_8V`ni{e5{=XLBY`sNYPI<z4vINe`R<UnL;H_wpsIvKz$iCNUOEEXb`Zp?I@q
z!g?Y!Pv3Fa7l9|2ZVP{htF^eY%5pF9Zv{VQi>Vhu8X^iOI<o)a=$pOYrOcr^&d!;V
zm#PVP_T4B&TIg-t-anO6E!Sb8_2So1h)t+^LKXuZ?{#qX@6Nl2MPb}j3pwzpH+BK_
zicscr8eal?BsF6XCJfys;5`}#N&YR8#(D|A?bEFO7Clihfuq;C&@F-Kp~L5Yr<E72
zeVM3X0H(Dsh<bas>2n<a1k<Qr*zN6<s`zTxC?+NFbl3vMvf~*Tt+*2j29UQ7ib|Ve
zuknf}Tw-Ek;NLgHyv~B-AX_?m$2|qyd?k>^EiCPl60vN!V?9rb1~qDR0Krd<QaOHL
z%@|RRPt~V~cIA{R1B~7~W4E(A8iBVvTr9?tjdXi&0F&*A?OJr_P=o2a@l49RH6Wkx
z6~v_W=9LDEMLHUEi?@ohc|7}g(@(YVs*_~jt5*H9guhZ>=U{3Ez==vmvYf9)-@;Yl
zjc1?zS(-gsf<7|n5T=mXezZJd)_IfUdA?=3`;}GNdzSx2S+x}`$_z79up&zL$Zx~$
zA0~jVk`qwXHABfb*p~Cz*y(CwXkeaFBEF8rXic`>HY3J7DB(kCZoT1Yh)Nq-JY8dq
zXzLAi7H~Ln?|vttfbD5@ZgQk_wsvsAdnqtL%S6&NwbE2ANSgC>4qG;Ci4sRaBA_>{
zo+W9!#h$8(qx!nocr%)%q1B3*tq4apIcd8!2zVzX#J`oU@BewGke19rakcO6(!_Ak
z)msvw@l19euAQCH1{Gc&pX!>&Cv7%=u#f7Ad(M~20)nj<mmPHI{jwnDHTH0GV(+k`
z0`fBaHJZSNfbbF}X~pmr-av&Qd8Co6o&L$vv-i4=0EG3H=H;iU^TE7<ZZFvwd4?CL
zSz|py!E);G<5FjWlvF_4L&g_7N#XK($7OBZ)t*L-Ao-Z*_*+f<kXE}Lec{2jz3V~c
zeZfiJU4)f2I0y4pX(Z2XGOm0J(`I^2pV2zVb1f5OcIIy^GKA8Q>AQER6^vQS8?y?d
zZuc;!ykip5y44$C|C7ps*q+3FL@CWhVczttWcXVrhTJmuXCxV{$%~ZdTO6J=`ueau
z*p8mqyYS_mm(Oh3RW1vltdY<wD>0*^y9kHzOe%VTgSnu@$0VGws{8rskmm92L`O|u
zB2t{tOb9d&`mIy5#V7j(51T%&ssF-xy7x~zEQoRI;tbC5$xlfjIi+`|ar+{hZdf>K
zMP`g_nW4Q;Zg>w$s%HA)zGrxvo8h!}(ThR}hP6-khv-%t<c5kx#{Q{p{9zQ%w9tpb
z_Ea2-=*f`HWF)AN2TLtVi2h9!it4kqadIXdi{m6PI`zC?*Tvu-Y4hPUv5dvB=^-PP
z$MGQ5al-KkU2|BR;WeOD57b7_SZOOz&L4fa_Kf86vY^*UmGLDly0Mosi~uln2dwkz
zu!}z>bS*OGdMMk)S{D#mR=2%*Tz|N_IKf^MEV_=CZrsj`_H^75<cU?T@iPa3FhFmr
zs;wL99~cnu1}>JH&*_mbC7Uvglj$wRC4+rl&cdHA7u-4!<HzsCL0Ry=%^Ytmy|ljX
zUoV<$vHM@vy4pP__tw(Q6>OldN;@~@IuFSmUV;rj@??#7PDI<S0tqT!<o0g)LTc%k
z(<mmMVc?DF@NS%wXpFbf1qBNU+&8aY3n<t-CWD@?_i>uG_7D1L1loQppVky;NeTEw
zoKAR`X>w`bQZHscTk1CFLPb0D`irL%R4FzeuU(EF<19vvlaK5K`}9J|UX(wb*-UUZ
z{+=ONAE=CKE>ARO^P)%9@&Mx$%Mq*1)&u9P_4bu83U73?K<?;c*Lo$kud(P(tX*eI
zop3d?9VD83FBS`pSf-dYjl&1wr;}U1Y6LUv#>-!yUQ^fX-$X9{tR>FAKT|{zumxxf
zoQ+Ro07L<e4EuAX3p4MJt4+rdBq<L?7;alV;glWwa?o=8slH?3TSy-%8es}5^(QO{
z%877SllV~0!|8p01#j}FNXx&%Ic}`Q>jSI&#Oa^(dAlGTf(W{%CX4Ll(Z2iPMRkVh
z?|1aocY0^$mivy7sq1$$bZ`Tx%IgbPH!_@;<%@mxgnZs&M>jCmdip774|>Ft2BI5{
z**V_#)z`jqN6^^t|0XdXJGkPJE3CQ|q(4xjcXP5|moW3zrHy^6eZ0@FK1<~bc<5Qj
zVmBfTH=i&U7JZ5~@v_}^w)2RqeMSP=4N@e`-ELo6F&K|suQop}{O)t%jx1$p_TQnQ
zH$F-0!1Yn2iAMW)v2a`7mR>5~`8&cs`MMF_*5LH8awkr?lgRe9e$C+;azp14a&$Fg
zcu(One$#P3wt&}To`e>O2Z8gRdIFy{9cQv5jNth_thBNz=2K@=S~UM_1`9H-FwnQs
z<mbcJ2+XQLWQ>H^#!b@<E(0X>OdqDr2mUmgiq4e0cUO9OhMTmyO(B{|V@`8hddoX!
zM=DsaZf6WoWaVh-Fi-aW4WIJD7WYvH!=aALH@0ZduTX+A^RDSdySsgg>gySCP3R`?
zhwRN7ft%LNZ_I8xn@_X$FO0iMjZ0G#o54KT1};aNoS(27)e&oL^&_D&z~)#UG-o*<
zF;3Ov4@3odk(lH00!jt6hDP*(15;fH=x7lpkL;Sa*wyek$O5^CQ9NIDUPW%sUh0c}
z?5Ftpc<Vk#mxV8YE5d{fiG4or_GzUvR*T0Xq6?)>9Ue<Wn@jMXSd(8=V0~vZD@RgR
zt_gwC*YvnMiK;$zJFM7r9J~eoX;7urz7z<%ZnW%>xA#|n{R$k@6&01O8-6N%@){vU
zKlj4t&~y7x3h)l$s+asMgP%9>b8xVhKa|1K4u-`=C1jaFcDJ<z6K%7jr}sg2clF1q
z)kRGZ-bhMMG4De+vWj}8(L!mhVYK3{D}<5P)xkIPveMk^mnW}lZ~k_8EsO8*ElY98
z?!HeI5gT;y@hlnB0i9a`qV=Q1D?^VPGpAeSCKs*Ylx1OCcUXfE!u-3x%@1oT$c3&3
z<(c>61<zU+7dXAOeaAlZsWHE|%Trbq@4YlTYG}0wx^6s1%$zXNV9@ToWO-|Qd!s~>
z8Xrl%UX_8`9AD1cY8O7aegW5IPk(y%iDlrJQ)t*DEA(xJ&vO~h-pgC|Vl%K6+v70-
z@(1ON@^9rSg=2(nncfxZ18qb)UXUAgZYlIC)-lQ?U$i~(SysK)bG_a`2pzQL#MpV~
zH)Jb`EISHfZ<i?Y6Izn0br}rrH>9<-59XVKHapK5<8vIzN_x5@JEHn1R7b+m^fd{y
z>o&gkB`L!&r#tEqk)k1KI?vYY=@FMkS*@VPwR;;lz3D-(7DEb`V}k5K{9gMFuT-E5
z_W0Cybe^+1Hhr&Gs93d$=@lk40~;*XzqPgE2GG%<*ul|Vo+cMQgson0`uN9F`0`us
zNfM+hTMfbX2uo6yEqL8j>I7p*e4oCI6;-~-4I*V3aEu+^X|mxuT?&!6s|z?7T@Ta%
z7YMF;FhVN_3VGIB%gyheS3VGrj5IS;qrf8lI35aGd-bYu;mvH#;%Bo51ZdxLb6v44
zG91<7Gg&c~52VPR7=@>Bm_rRlZe(7V(XKLN_VYQX>ryaxfRkC2Kkz4)GH?ONFg7P%
zFQYq=<n;L6_pK;Pr1SKI6%D!8Z#=(P?^c@~8}K4aC;a%SvfW>mLLga(YEUGMR8(k*
z21x63wDySGtfhd_Vft+!dcaj-c$HyInbjM-nKhx;`=V5HT2Yq86Dnj?4O}0VbuV(*
zAw#yaS$G)pc1J;OSAwjY0-*!MefFHKhLko2o-Ft8kL1eie!d-5s}Hrz@Iv3)WygrY
z^OR%szDysMRLl45<FM)84?<xw+t8BLzKbZH7qlFhg6z%7Dc*O)E;@&*yzXatFPCr<
z29mBi`!#Vp9evf#(<aT8-}_rYi_Ausawf>nNznv<tnX;SF(1NoD4j|%|JZD$wV`IW
z2CD%WMVtC0ul1g`EU4+}_-qQJ>~u=de00N%>A>x(8(Xg!%*=PckMW|}L50=N6nt;o
zU0Qm{c#B&r(9Z9{n`MC5m87T^D?Z5!qvq+C^U}pP#PAZBSdQD8+m<o%+tq$Se>1yn
zx=IH6rJ*xu{M5hT#|5p=<1*-#w+eprU=2q<570>Rf&gFh*e*|1G5+W?B6?O=Kl)n9
z;&bbKxqzXZRLjCA{Dt9LZni7_zVssM&t0bIg?qZw5X{Z?TX7rx2ON;Y2Gv;ms}H*P
z2o;U~_+0D6UaT3870$u<Q&7CmwH0-vZtohERTXB-9bLB5fv(Qm2%gD<Km>f{8*1nC
z!8dYmbjzGKI)UhFmrk2<0Pq*^R5~#^VFv*yTJg&Wp0gdCJU$~1{eFD|^ITiI`RhlX
z>dg=WH(<fDV*mGt@}q_mQxLGE$iC&gYm&Y_G~Bl#P=NQHPT%_#Y8BUs*Z9S2;#9xV
za6Q+Oo@+-zqccQ(HHBhxfr*1yKL0VIa1^|*N(857OrP-_p_=)uI3;h(;j$!%>lFs<
zLJyyDrBuU2<;r*Uv-y?hkfV@RisM5ZiVp<HaEN6%aSI>5hg$(Nr0%QD?Z0<G%!ao=
z9CxoROP`|7_IDUgykZJ)Ju5t$V=}))9%cw+_AXtNXZ9*xb*6f;KXQ^^)FWb%e+StN
z+CNXakk^h&^^4oqdhW&VbEhPod|b*!e$2KL@L@NDBJir?$A?_{x%3bb&Sj`#D>P6b
zPQ3e4!=~4&2h)1*ZAQNuuq%ft>BIQ_L05k7u+^uxmB2^7EOIao71k}`wJObY78FeZ
zkG$<4e@{qr&qgqDwe%inyu`%dH;ml{q5w>Ecq15S@&LWnE_^sW)yGUX9`LuS?sC)}
zcAtW01yD;k5~_%Hwpz;dgU11bQEgyDRd!?j(RgHse|gW)2ez|e$sq+qzoH2&Um~$|
zUOaLijZ@X#{5oqs!8>3Jsax-+up6&GWNdK#QrQx5w@n#!YT$P=iBV$|9kBd!S)4Z1
ztxU7dZ>s6ju->bH&*e_)gE(+HS|R?X&RIs%*R0g%)2xf7Q=^Uhw{q>(V&iYO7rjA<
zrUH5j;7aDGE3@Xs^5E*h<2kkV31ZCP+~eRzYVqywo(XOeGn7N$z^U88<$&@P|IWX^
zO)`%VTmkTJixU$(h?ZL2Yb7S0DX1&zR0NO`6Q>IwKI1^83gnj5gpG|wuEK)rF6Q$w
zv()|phYL<SoWzTWm?&G>0_Kvw$DPDAP_rk*&(bB^tUCy<4uWeM&S;iUm;PB&0OgU*
zQ-p>L70!eBi|IZyujUvDyB7g|fV*O%@b@~png2Y2|D#@l3)22=q>=tI|J==2No*)^
zJ=wo4j&+5i7SEw&KQ1*flpS2BJa+GNX<+f6Zq6QS0Or8o6d*3rrvGK&hq&?xz8Usd
za8v~N2cREC75w1z`0Vxf_mV%Sot6n=QxhdsRZUAuiHM0U%1TO@nYfqP?<9$dYl`a|
z<t@Yg#|R3J!8y`uxc<vv{i`dV|ECu427gft+~ss}wJw8pYW6Z@)bqY+8Or1fE<uDO
z2~jE>OY0d+aH+cV(BW+D2V8$>>v8A>^|`53dB;1%xTwDdt{cGXv*+084gI8ReO#*J
z_$;8&G_6>evlVmdc6nw98FD$@DYv(RRUlbb77}8ORJa9O(ef_jg8Y3vn8SW%+*Yyv
zN?du9&_Z(7RFs><kz=Ci1+lQhjzauFb_e8qk(Kebg`n4RjB&fr;D-0bq;gZ<^aMP(
zl?8l(>+77xN`rvKr4x?FMFBk%i!xA0#Mk8OM`_#Z$EUpE9~w)?lhuvw-J=g#{c`jv
zHo^Am2^{VRuAX1BI6`p%Y2v?q^3h|R;)1+$j_*-@IF89KxSWxN=#r`ueB1~)_!>jf
zpdT6<ZDFH2{LS^#2H0Sn^JKgO@`=E9$D!+T5#Wm^d4a0q^U(I+Z8~e_aK9P}u%NoQ
z`J~+(*AJl0YrBB|PVO0jBQ0-y#O2}ZVr$+@e412cXF*g=z(7sBgL=G-p~W!v+*AK8
zNp-tk$N!`rP<xb~3msi*`=z*mP}zipOB-((OMpPa&AUn2iiw@Zc;-a<dkxm?ggJ#H
z=dRekBB<Ar`g(xb=Aleho9SyT{YbL+b~NL_cek(6Z^yJ1?pLGtmHq0Qgi7Lqg+l|3
zPZ8;lI4)1yP+6&}N}JVb_-CHW-}JJ)I6BuBplYyuE|l9|cZ@TdSJlb|8mwppTo2C1
z7(kDN^0GdW<`?b1mBsD`n7lbpDl1v;mQT5|wRtHW8U?~%^fS6Yb*`6R37xJKi#5K7
z-q?C2QOWBL>j^ThyKMh~2kzw*>FxFxW$oBv$QVc@LHNJ!&8Vk7_vv$<?{(Tu?p9vy
z%*tOc#*4GqMeE-jw(4#5Qz^SY7T#d3mfr97#;}-tJbd40%JKm@lM8q;sJ}WuJ|Q&;
z%N=GNR+zub2>&<(q`a=Fp5Z~l*4!=4HXl?B%cQ<i%dfeA>cn5hX)HMGS`TBQ&>h7?
zmfhb}F1$WESHG^sYng`{O<k4U+F1n{kAPz`op#;N){C|WwfxElb-U=0W%m2QS0KQ^
zA82sC$wJ^mZjJPPf5EC~-_pA9xn={|pEaC6D~zo;`htOb^9j^w#>!ltynC#JRYk3@
zv5^PK9gK`&@C2UmzWR=k?$BL1@71n1GvUZL=|uDsUGdE~{l{yL{RB-H9mO&o2e2Lo
z3-r#I(p8!A!OzgK9^k3WJr=`q_Dv28$Lu*T{)v2Mi%5Iqi~?}LVha<+Z?FFu`YmG<
zcP@Bl8TsnfT%ZoLw3DO^4GA4(`f!8`Vll<uG>h13lBPHG0ty|pb*4xhWJRpd!P^~i
zSVMY`YaRGJiiUSKK?hw7{&+wIy)1lOn2Lr=-W=2PG_QG_7k7U?N4w>}G^*fsCUx#?
zK8P}W$6LJGm`i^ALki%Fet~~?J%$iDXzxmJO^U4_o#X=c#Rh(uJyihNoddb*Hnq&;
zd;;HTk(f^wefLjxgLYmS172)>gC;F$rx_?5SI?C-P}ug)-03-VeEt`4ZyglZ)2$1W
zUjl?+!5xCTy9W(UaF;Mh@Zb(11h?SM1b26LmkByJfkA=?clb8RIp@B0&wEdOb^p0k
zQN;{<_ujpF$+Mnb-7ORlwz}3-0Jiu596s83Cr4v5bw)X4Hi+c6Hf(e#HiH=b2_nH-
zRl4n;?$EchpYqIfe|$(wzqf1A?q^OB<oE2bf5aSn4hx(MA}M4OkEADRg|?Mv(@X?H
zG=3<Yn%=Y1QwT;e9$T^;eK400^bLiW&o#CUGJ_$AWMgYRQaBrtLZ3g}bm>ag(>?4V
zFK$&I7~cMXExNfoJ-Dg6xNB?r1jtAXvoKDoWRdV6)*ioD?MSf@Eix^^h$Opc_X~Vy
z$RDfc=Su^%TZ}x&4sSdfy41G!uP3z@J4>@@JU>!C%|NX1PV37RCFy<0K~5I2paFyH
zX}uzr5`Lr~;q!P4rgs;4|JE2;w%Tv8xE|4nK5;?$M=)ay><alAPHVTd0-gPNj4Rbf
zx`uvB+-rw^&+4##Ep*)AcQT70zZGUEbTM#$y_S&Hcz<ml+Vn{2bt%Ya)k1#eDnjw;
zcU8ow!B~mbeF`G3R=_FgCOo=RKY&3_^A=M?kC6MlDt(T%Ml%||GEBuu_`2fz$Xk4x
zB0;Yye6<A8M_6_I=k}nEyW-AEBjB7ls2Uy}*xxD8yXq&STv?Bn2MFJ_yL`Vjp~vDH
z#&2vrGFec*Jv+3D0TV4fJQhldfcr$yx|)T8<_%$VGaLvAw|;X5PjI=~O^ymCZt=f7
zYDv~JPi(L+*1Dj(AX$kF3#_@W<%meB`8@0Z!slg5Ll=G7u>F#P;$gd|z0#Iciqmc*
z%nR>5YO>wEzy)N6H-sxYMj-}m!L_^T&bg!_<>ChK#fjGh<p@01n*s|~M+t<&wGuzk
zK|lE$Hutv(BZlo@0&6R;@u#uTz)1)VX6$(Qg2NsxqGundb|!M<hmkc<$-e(hG#x|2
z;MMk+iEQp>&m5{*ya!y+lE1{S%@^~V@xks7O<Kvo@yq%ral{Jd&#vb~+20b8V@87c
zbgTRsm^SxD*1N!{YAQQoZ)Co`eqO(b+pxum%UTxosAta%_Pr1`Jak3bpXq)V!TFi|
zxdb2lyWiUbh98EVDt<57c9;u7$vfV33<aykcbkcRtGksfZ@Toz^Z-(zhmo$v7cUWr
zo9(Bf?drc$gDaG%6biGdi+LnbD`$9o9IV<+kD<VJ?o|xM6pG*@!r>8y#iqo;Z=5E6
z(#|Cxb|&kbS3QZED|EV{6Z+CoL{dsEQREcse!lz2i{?m43HBR?gS$kMsgpAKGKeJ3
zgX5;=jp@#(oayRrN1Ewp4Fd#s(V*+SmJcsoa`Xn_&~%m^KlwL{RFn<)ex;82)``op
z9RT6Gk5Jk7Qnz<S!#-X`$8Ff->t{Fa@jkoa7P^!Q@LSXPeUC6QUUuJt>$I+23U5=Y
zqS@;1Nsd_12d+Zt_n!+(x*lk=uPX1l43jx-P^{iF<2;E-yS{(GX}#}MygRL-@Fey`
zg+4G<c~0rRk*iIJ_r~oE$F$|=HXcZ^i&(P2=BJ5U>u5_t^j-X^--Bi>*>LHuEUFzo
zh}(JO1Jo1PzqXVX13K8|ax~+esnM_-{Sd6*Ynj8#cE2L4aGU#T(0mT5ph|0&L*%BB
zsAm8?Ho@sT;53pgdZLZYQ8UExIk2=#u&Rs*w7E+b@_|0}mJ|$jC5J^X5H>gylGX1O
z=*iCy<CHe^%;k5UjIApd{iASb9AsMYooYeabq1F#tkPuul?lkrw1J#l<gOJ#fz@@P
ziB+kug^BeHjtKoiVg2<AgJx;i`u-1ax(oRDP#5{dyyswjd_~bmq3mCFBjqg{url{R
zyjA^Px6F}msS7AgiRUF+s^+fdE&jr6U_28Cq-mdGscYZOOLs5Zf$z4&TTGXojW2XZ
zS*Atu7xDX1N3wROEE;cTSohioU%2rlB1aSSHDW9$b6dlrSt-`>+INw$YMc~Y(RAJt
z1ihD*o~$kdz=@^Oli<qkoY5Hf?BMAZ>t0!pTpz;ty)|r*&>pA@NSA`w-5y2{AUL0f
zGCH>L3W)pt?A;S$#Q;=MADANU4<sagc{;5%OaUK)NhG6(1BLkA41``YdV=S{;4xCK
zAi5OM@ILObM<4m@aHFkF>R`u(7_C$2Xi{<;L%0Fj1APxNt;4v>l<u`wenOT)^wGnu
zJ?`C^DviE3^GYqeIw~<_qJ=O~(IZ7l<FlTUP6~BpPfYsB2>z6zXHp7lM_-i|>G%$G
zwNumHS7B2V#<$-2kGa969*xh!ck&ehO&_C3LGOPG9`l2u=OZPe=g^Wg8d)T9AwQRA
zf}PHglGxc#2v=Rm29R=UFpY>!yak;Q<fHimav*}y=W3#ql>@B&m7V_F2VUi=B8W|t
zmloQZ+~9WMK(|%aGUSl4Z4Y9hHItwt&LF#*B%9GLDM{}>EuXAQ68R(z7@BC}sUOjL
z%^cdk-<4~lchXl2aUk}{*V3p_rHpD4dk#CGM6sBhY&6AJq;;uPFw=tO?D;$@4hU8k
zK%f)dJE=OWE_L(NwySH_Xp@ho7;1JM83c8w^0wqo+umZMxSU4;${#HvkgCk?Zu1#E
zerF_{5qn{F@UOkE*ExOVwj!F*&6C($dl6n?aEaj8u?B8cYb6QJa7Gx|U#t2xzt^~y
z0)e@NF>lpvTT}~x@X+{8u=Sb}PdwZl&R4<Put6nak4bxePvxF$TD!F-NNR02?&<h_
z!wI;LRPgbPD~bdIG`mQqc5ntv)T0z$$J0K#BHH7ju3G>*mRpJ*U!B3~TtWj{anu?Q
zqLQ>T{qQY}oSy}|Jbnpe<gx2R%@@q+N2O(~PHqaH<t22e%R5cJHH$A5MmKiObfv(F
zVb<5$L$*aa5;<XAF~l`)K%#Y;&Sc*jT}Vc$Wv<hBlI5u8JwpD-O4FG0UgEon=DG|4
zX|W>_o4NOixrD$@nh0K*_b;JGZJ#?beFRTS)C|B}8)%ywk1fHl*6qgK8w+h!%){v<
zOswHN<Nc$nZL*8akrw4YiB3uJm66vC6Oghg+CH@ZI1>m;I}`<%t+q$WlV!Y9kx~>E
zKJx$1S^&YgfjUQ_bJR(A7oI4<-G-p^-(SLjO}HUPXa{`@DN|S4&$eiA@SQOmmK@Mp
z+^qcl|K?V)0fRH>3ltO?i3{yNvY=N)$!9G-L%*gSrg>#NCsP$L$Q&C8d%gy^n)Gxd
zHo@j03!)mD0{wbpdY2EOkQx-8>ZrUj(<)oCksFV=#)n`bVy3+$dl^k;Dam@7qFrR$
z`CFkAsKy52Z@G@04Ud_pR)Op^tLP~c<^R|WWOL3qsVt0tvrdDcf0q>h|IS4Jg$wu}
zv+Vze4LWhYeDOv9)5?*@?lGSGm45;M`fqT(_Beje?+-bR>(wRv$6rHb1^rxIT_>Yv
zW{S#oWNj6d^;GrpRua#eOaAL4FCu(OTGv`I$<Sw8M8_?Dtfq?~Mt-yPowGe?hfY&T
zd8@w>*!h*u%^5ZROPYhbd49d|G-;qID{Ie%*ae33`dp~Ne|>D`f1zsN&)gNVmXpGB
z&)vPow)Wc**n?tZa1EqgXJwY-_}F^uI$L1`NwG*z%1-^u$T&wybMOY-Wx~fN;zE~M
z=vin0prO-rz6Z4*w+j8sa%6lN9eacSYR#km&~-E%6D3GhoANJ-qbMP^W&XOTsLN#!
zY&Fo>n_Y!HEAxlSF`fF6Iy&~fvhbTBeA}KK9`>2}4pd&iWpsakzaKfi3?8J*lm<5X
zQRH+Tx{#VVJ$n{!XN#)!6)Cu<s5}T@iiYV2mr%CGZa*KxXxaAeQ#Q8o*sL}_(kOcn
zf>0>mMSSS$_HfUHW`X+SUe-O1D6BPiM`<oL01f5V=NB*+l>yqQ_v%T&diKf|KfY%v
zG+(k8my~#HR3U2D-w`=Foi_gJ9=TdRf&iybQ_al$<)wDGfLp}4a5vj!-5gePTL_np
z3=R8x)uOF6AN&!I=JhqO{&ZcIf%@Su_49vXvi?WyUFZg+WQvUW@&*5PDe|1xJ|FOE
zDR<qRts=HoHIDuGK?nS?$HAmsCr63L`%cQa-|HzT*5Cb6`uaD)WUf@t>q!PvwiR-}
zf9GvjcBCcqtNx}@qRGSHHj}{nBj+7@1beAr8-r9GaP+q5q_Yl247L|Aub{3aR{w@F
zDB67C4Ei#-r&PNt{Tg|T!|^KFeDlHM@<8A78i4Yq4zH{La?Up&Fh;7t2!HmL8DoWF
zYYM%v|C6G~;8m%u3ac5w%RYa4N7X`}M)hy>Y4U8?-KRFo2g!KU_$Yam(iD>k`_pdd
z#5u3U1m0<V3z2!nk5C!fL6Ihwn~wl3J9;32VTSiVsn?Di6E46D3dn}~NlK~?8h24W
zWXq`Wv~_2Td*Ymxw-~(tk(Ot~x--pQQ&TfEK2+Y(v!EHgeR_&4;KCxRqBo`1+`!Gq
z7!GV2fKfA1Yi}*FGduf9D)|#%di5zIKtjrr!>HP$1wSLinQ|uc9zE}m26vWTTEv2l
zItycRQiL`wBiJK|*@NJbx7R!jgQE!0-1h%f%i_mv%YNyJ$*Lf6S6RJjTU?k<oSs!w
z6w3!XWvQ5NV`twcoFNtv#Idt7P*`5R6*E9;Jbz+8I5q~$MrMV%b%@3R$E~VssY$9z
zPnqSNJ~3#y-#~CV+$q)9k|34CG-td^#paTU`^`-=1)=js^G!1M-<e|?+!#Cml-BLW
z<xZV(1_BRDkz6N>1a6kmGOog3QrD931_0TUWR-;0l<z74Qwr1JGSC!I{3CB_1daqP
zO-ae-7uHNs`A`{J`aiOm+IYH<LC4yGIPm2pfAbeW=!LG*vF0?PPYsv#(Mf(&n#7@^
zh?Pra1suIWNT115qq2YdiwqdWj@&wB%5HqF)8C%dvjNO%xs)|W-l;QuXh`n+R<edd
zQ9R(gZk3QX8M%xyPpU;N5?f>oC`>ML<pQl*?AyOOfu<es#2x3#SGvpHQD)%ExWG>i
zsbEE|;SCTg)5Uk~U#@Nf#z;;W&clH9?@WjRuFdm&3y?D?_`uD?U`_Y1?U6;~b|0qB
zB_+v|#5KfnyAf%Y?yX_?hg;1st>PmbiU&FvPxTzpW<Zu!X=B%#6}Io>*YhJw(D8Ry
zFgK&y)rWT+#*6;x9^;bbZEJE$DeeOIH|K~yOF754TaFSPCVRo0n}HThCnwf*zjdj`
z`1?(4?<$N4o`YOVWL>xc9vrDwIiD(^{5ur^y9t-mmhWKkOiAHOEjFKi>j*;re2=F8
za^1jzwiXXxnj(lvS$RMGd}BW58?4RL-@>^{!ONSJDSX1~rY331$q~w|a3{n$<nTU7
zA0wvrgTt9WOGfS+PT3PL-1p7xxreT@vh3H_@XSe!%;l_F`U<{cLf`H-;-vN)j=H{z
zlV7YJ8EaM;%E|^*Q^fjO-8zU~Zr5pCIuQZyTF!F}AwzFtp3#{9=v(g947hVDBm{}+
z>1k!W@V@L90a;s{;^aaVzPkFOC9IdzoY9V#2IwbKIZ<7wLgja-)b5!LJB+Lp^e}wP
zDKj;LxJZkL^ZSngR_N7XDo3gWfrWQ6W0c7Qi^^4l`T9Q$w0oJbY2USA_Z@M?rclMm
zpxS+Z*l{LK(&k!d)mKC<U;Li#5Gn<N)AzV`QSe>U@%3F=)Azbh(D&WZ0DxP|pND}k
zACI=LMjbFaybGFv2ry|mtE&&~(~Uk%8MD}QaX~}t*R}15H6a{Qi0#gHu@Q9+ZeE0k
zZ_`cR)zwy)sra&jI(+^VsRqZ#&65mVVa3)g)R>`_pC-J+!o%hqf-|l@cD0%h42_S|
z2-3DZpe^2fDNM{i$Y-qM7S40hJN26RtfTB(k@>al8|z{!#@T0zSDxn-v;ISPzBbl+
z-8dh**FHVz+$8_(y1+B0#7u&R5mXam#E4M)o^1coc$IG{RHxg1gB422gP)&0r)OZ=
z_#qMXv*TzKPR2BvyHvOCi^r*m@!b{DsHYzdFt&i=qz<WN(h#H7xE>Iq3H^L+-pU_I
zE>Ulh=6kPGb<%<h!TamF1pE|TexW?Qr?p-Se2y`59(5mfdAJ|dZCTlT%CTW<<0q0B
z?SX#I`&mtl7-x&fzOFu#p^=l-X#XgOF5R(mS$6mo*=nnE22!6pvGSH1a}ExUWbRvo
zd_^z#&jIKH>7Vybe&<}C&Mr<7aDAkUJM@Xz-L)e1*ngJD{D|;5?ZK5~JKcrc;_gC7
zPA>c!y8LK-u)tkplNe%S(hoO#<tdy4qvE+aa{%-&H?hwJWmebo#-X{Cy_a^TP)&{+
zcskcXq*n4pKjYY;-(4u;-h&`vxFZmy8|^0z#)g><Zm5$Ceb;Epa)5m^b}9oy$werK
zAhxeDV)(4PT)y<S(s`r+K`H}{v!A*h6{zIMkInP}BBLWQ7KCLFc2>Ppi5mV_L1F7_
z6P!I@$`piY`n+TS(Z*nN{JgEB+#QgToD8Ys<8!YnREC-gghp)drmH^9SO8Iq-8gdf
za_B`4vx21L<QEI(a-ug@IoMh^th^y=yaqfo-1F6zRDVKhl`)o|&#(iK#Ys{bXfq+;
zK~4uDD`A=QZGLxTF61=qu|;4JHTgf@m0)U%r=k6IMa#L%lVNu0eu)aO5FTa-AA}qx
z>=L?!SQD34;Ro{5=UEs5K6R3O(D@BJVcKpg;L$l6X+8(PlXbzk79kpPj)>D9$Wo$D
z_~W793)p;E=R0=E^UXW~Jh}rea#TPashI}#+1b2IKD!b{R%W!|EZ6rx7$Ch@Ccgp;
zd)h7@zy<9VRgE<5G&Q-!Az#u(p6oZd7n^(l(y@~N>}eW|-W2m$D)?4>U{12x9RuT7
z*xEtiyPcvr#KzASw2qIrc`qyc=Q?%4zG;Y>;$Hq;{$FFwtZR(wqLh|(VZWY#ARKaz
zeC~c+mlDh2dGRD({73u8wcex-x?v!EW0fNr3y<6|JennyEq3=7|IrWN+1ThmP@<wm
zBVii6?P&2*l2qd+4#aqner+Rz(FIf>d&@%uK8F`@r_gV~D!74(weAj1GymR?r8ka%
z4+Zu!{YG$<UVqd^6y>0%Uvl9j6F@I+`S#C9%-B7yZO16UwEs+2=fa2gb#>K{!eyRA
zZ=^x#lAlWf+1@$zg@ojiOW2xgKB8Ilb8c9@<G_eHGj<?Gv<AVs^8~@JK2lBb9lzC~
zOrZznb)KSND56FGK*k3HSDi;5F-b|xQpNqal&fRTEsxNMvWK7ev@yr}8LAA|+hG_O
zvJz3U3W_HVM!)!IM1bYOJisUm5AeAgdQ(kd_FMtb!=V!Z6Z!w4vk0q*9}zIUk^v;Y
zs$<O_rPn|MG}|a5NBkPX0&J`%K}T}+w^=2M!LxH2bBdPI8z&5m#~N+@C4^8v6TT}8
zswt{iTmmx1W5suW2O?K2-({dm8?yS>w3y4Wlrx|I^zfCx168Inr8)kAfP=}Bt~xN-
zPJU?S5=0TOLEZX^R0YTl^Ko?e3@ey^8_XyzNrgIN`}pDK5YdRLK}O_yZr9%cVNJBp
zjl@pWbF8*bHt<o=9Ph6dTHU@K2xM=Wef`R_sO*RIr^z=SF;C_S0`$ultiT!s%jp$G
zz$>jD$=7`|gYz0=K6b`D$puv#H2Ctye%#WVi)W_pTYgmPCzKApEqC!O6!VTp7IYzZ
z^a<@+m6W${2Kg-vI#)mgDh38)8+e&(=ay>E=3E#3mu@S9i4q=9xsz&s`H|Vy^8om2
z?y9*zxeUy*R}wSYOIJFftt<BzOAW}HCb=+c%MS*Fhh6q$&vP7-*gti;raP}ovb3zb
z#U~~@_MA67fr{h)GcBS7!MjRIg35!p<3bh`KqzWDNEE!jiVFl>ee7N4HGsz1dGF45
zn@`rlP}5rIDS!pO1*tsgEPFNFDNz9h)1v<+Nwj~OLtP@<fq#8gEM-h6|IiyUF`9Bq
zUZPo%O`+d)Mo__SwUNBF`QPEcd#gSq6TVcZCaAi4viXsl1PLeRObu)>E58)=;V#|)
z7je&HH%@glxFaPzBo`gTl<fW;p+8B?e3^$Sm2=T-<C5vSvybfZL2Rta$tkifi<Yjw
zQF&wX-Iu#7(DgM6flxf+q2HH}RNbd)nQK5Wn>$Oui@^@JNQ&&Icq?=qy_d67eSFWJ
za78=w7e2E8^gw{tX+vT$<Xj>JSV%5z6nMLgLsC;yn-{CJ<Bcn?`*2VKf4AO{A(|Na
zG?|UGueIqsZnn)Iv6=ox(|3O$yV^?2V|qMXR9uC_kR`BYj&eA*xqGJ!IsN3#YcMNe
z&8I3aW{&B?GxSgAH}XZNUHfs<0ur|^2vmPOmQ{3hY3y~(*kJP2Lu}o$8{1DvjKYpC
zMGWE6+xsN(0RV`kDZ4~YPycL29VP%EO6ESOtNWTsn~&`CQM=xF@&t&0$L8x7g%~cp
z)$ZQcr<h{-k!x3$&7}^%h0^dR;?<wx{E$rbkA@@7yUpf~V*o#$G%P-J2cd4#TSbQ0
zutYsW2k<mL$3G8gj=NO2i41f50<XentL}f0>^`N_*|}Y{b2pBGXAHlVzw6s4`nJ9J
z9Dqg)82~foR(>LZo0*v@QxYBd51bOkb5Uz)xnS3<`X@80^NJSYkVsKqWCIWc-?OAU
zQsEslue@ffgV>}+5}3FzBvZZdpu(xSt$ZzvZS50qAfy)X!l-dfa4xdAsR${+UtfF9
zWpOpjbcZ0(BAJ#`Mz9&Ep^_AqBo%xF`*ALRR9DTnm^H{7&df-*8SWU}{|;&j^_1r;
zjQlz)t!7^R`$YdUxkOO)z+ul7RQPd#XVIp|5OiU_Tk>dk?0qa!c5h_<3X0>}9O;_{
zWc<!{*6ljVOt_T#1o@4PA-fM6@kzG771Mfz8AJLh;uFgYDhoj_7xF~+Z^g`GsVIlK
zNn4JFpsU_}Iq1R?Ok2luSm+$5ZI5<0!{IW+d{F>q{ETHJybj%|p0zrc*ZRN5Jq4M*
z@u!gc=gJ~HDZ|5Zq<$wK+8=I8)OqA3d7g*ETmL3hN;+2o99^TfvX5#p{h&guDU}W#
z-LEk%`HqcNWMzxNp9f7_5Wme+RuRy0b6r~dGm2QupoNq`1W3(SZvg{MF>@&A|AdSJ
zdp_9R-Wu^*l1SwuSL4DOLpS(;>iAJVu=8o}(YM%y0ik7QJvPR)%K=4M^cH{ZQ?jzi
zJ(&@c&S<&dQTrcgtw!{{36P3}^bbF=d<Ppn`QMU~y%xkMv;DU@$#{KFJpiF(p0mAj
zQkA1jk&TU@Lf)G#%X6y`Db+cZxD&HJwkhp9r5_R>c_MqpZ4YMKPzH)9cv%tUlQV^@
zf6cUb6_?DA3wx>?E5Hk%dZ}VqKaw)-Tr}qk41EERjJCByq}nA3SNqnA=(DuFM)zJI
zPcV7K5l2NJi)%ja8H}ZzJUG^%KhWvFSk)8N@@YWyab^8F-ZaYv;LGHo^>%a>G`OdQ
zDE6J<I#v`o*yW7!E_DLAHa@6T$$7cCU%OpMZtDaMjI=N?I;!3AVbce31gF`JzPfRt
z0p~x?QnA(k+AJH8<k1hZ{_K)fR&CEpe{6x_hK0@MRqIexhxT#S%-Wfm44zr8gRdU%
zcxSXEB?)V0P10}POx55H97AOCVSL&q_-3zU=m9u8Jx_%^@$qZRQCk4;3yPanlWax<
z*$53P+{qB1f!4_oh0x6ao=Nt3;=;sRKl3E+{;pG|D1p5A69@zoz%GLhou0?NqK2cG
zuddk!6(ahJ1@VBZXV<A>x8d9~gZBVBLFqu<NHIx~{!yR(=?*yUfG*6MpwaJS1tV6E
zK&_VZ2Ssn9Zwt%{CWa^j@8-=&(%sj=>RP7A1%J>9@$<|`<)k`xKcysY1R=<;cOZ-y
zE`Slh4=5uU>b00M!`hR*kH_F80V-H9Wb-7Ax9~&!?F&Y-QviC{vWw;)E=UOwC9mj=
zofN!<i|W~Ang8QW*l{7xq0jaRR-;UHfi-wf=*xjvP1Imk+9A@<F;IX;WJb$J)#^`F
z&02sPV}Bj4!*S0SyMte9QTG5qJ5+6JcD~+L?R#4?c$+AP(Ee8UZ3g<Max$tw;(?zY
zKN}GsgkRd1XgLA251=x{fUborTCdUYb%6(hA+CPo<4@k$_yv@IK`Y9!^D$bl&`WqV
zgPbTQ6m9Bc91L0H*;zy@IMP|IXK4Web?mY8jAm!2%Ii7h;(rifA4nkp#LSLvWcNXw
zLZUpnJph1Xj7-NnRZl`YZ!PSoXLBGHB9h<5UL7sdS9qVH|L&;-PBv>n<cC97xY&<i
zv3z#p($J%%Ctz(JS}}CidS%hP4M4Po?p&T08xGEOPf|XSbjx_Tzpx5FEjjgt3gpVQ
zxit8RC7JZ^>*?yF6p1CE+$v#KKw(iy+aR+68H*1In>L?9a40EagCd^o`NOnJ5eY<q
z<K)xbzn4k@F#W*-%i|v*y%uG2VAw<b^ascjH+HId5R_y-sJ;6&j|os@pw54yo~xjX
z`!3T?`ON^eY?}BenMp4>%KDBcDngETs)rQsK*HhC^{);v|0Wf8(Del$4s!f6qgq@5
zV0xe707R#5f_BdbEXtJjrS4u&syeMO-SlssO;PWG3cy%#8jSD!XuT#uqu(CCjP|lH
z>Ba%yA~1b+_>HNTtZf}9aPF)I<ZH1TF1fSM-&u1AN&=F%iKn$^l6S$G{30P_8I>k;
zce(@BdCEixfZC=I8DN7PlkaxTHlxxGK3rPU><C2R)aS{w&#~0!rZGJ0C3Aa-5&QQw
z19FtVDV2<{?7d|&C#bf?@!)@udw?ZhB?9F^e+1iAqzv?rn9Sv>+#ys4owg{{4*-|0
z-~7t)F?KkXdVNF6FQoRl20|ajcWGwLHNP61G+*y|XsnX~kbeyW{fCVSG8Ux&({G4K
zN`GT-2#t$pWTZdVv~m$i7NDg9qYf~!Kp0r0K)%M%=Oq24lAL$I2qO)a?7k&@-tja<
z&p^Lh-HkSM(4p@rQviXJDsl7>qZ5-If->YDnoJ~fM?Rq#WBTQ(MLe^H104&^y(f6X
zx@aVp|E$&h2C!nF0#jh9KWDUgr<(l<9~&h^h91SGC>;B6oaYr#0)r+K+*A&4y$&?7
zu9u9zBzcmK`XPA9?m;)s5(WQ><OXa&ml#A?Iux;n|M(&$O16|%@x&S66ze7K;uz#4
zn^6XO2THkO=RJ<^Ti1QEw#B6C<PDX$W@dI@!?a_Uz~KM|+1tRzKG%y&lbN(cC6Ja1
zA~qRX>89GUY_>ssN{InUtW#=<=w?rt5ireNc}hbF8SWZsrh4OWuYU;w$xH39Nom*V
zx|$M*Cur{qIEIxSt?DCH69Gh6G3kKLM+!Rz&FLvg6%i9C<KZlU^)_(OU&2xq%#r{j
zCaOOSR%Ufr?78|F$1vb<TpBF9E0YflWPCftQ~wbvc^<R``eYU2%I@`WT?bF+Q%4tE
z@(72pF^)y8(`X-#XJlxClJR7%z@{K$Y*W_|fDqVW8&Hfey`e>a3)N_8pJ4|i%1C_T
zsA^CYC40B^hJs?JQyT>p>(O1-V70M`0ET(a)KBAtj1`VVee_B1pC=zUX$ItQbyMtN
zOadbg>$jlUDAPnO0TKN;0%i297@)NDF<d!`Tbs-xsZKI(f!;&qAZ}g-@B+C#OF&om
z0KFOE=%<O@>V32;bRIg@`?m9azj{(;R#UL{M*Bg;g7ahdCbNjE{-!`wiT=QMq$KEl
zMOI|n^1`)%Zo4qyte_vb#^V93Q%33pf}Da5?3AyAF6+*Z1W)yyHFoCmO{=M9O=&Jf
zE=qwwLWL5=-rIU5FnQ5BE9!cWp8AR3{e8{2_3^56-CmJ#l7y-OJOHg!Nx0YWNqv7>
zW_s_#j|<<ry;#~hg+BLxgO`5kmFam0|Mb5ozPp04VN-MS<G}!k<1W30O_Wu*bFy_O
zArP-*e|{Sr)ooDDm$!@Rm^Bp_8pJM2m<L&>zt^m}&3KRN-)j4E^MdAE-0H6?l)VXB
zO+~OaY7>9k)y0e+Q3CSDM%=R7Z8HqP@nq<bv-TLKXn(m(%6r_fbDf&#Caz<8xtuv_
z7(leVis7H`E#B0I1T<CyH5R{KtXdqO-?$jG(+ti(*cs$suyXSnhR(7BPcj!ye~-(r
zckp9Pz|{<pOm6tmhe^7Y(hg}30~5m+L@(>ER_qJQ_Bt-wVpBxnXyc_SlftozA4?0p
z9&I+Z`|@MwozhrT$bgv7@gKQhdHV&&xX2|h3Q031BAK^#jpM&e>uf9#m2bp{7EDzb
zJxZG?2|buPI(paB$=B2M*YQ0mYXM73X(*!A=7)hK%9Kp@;{$C;IHK_N7kV#szv#GE
z0r-actD`5EC(}n}3{XfTntCD}7X#k#&a>GPK|8tvL>}F#U&r|kRis^|SF8Ek*19W5
z=Kkk{EWe<?9->}up1o035zo!0@+D>>vf>yT8L|4`WD-A>Gv>+H#Z(GC{wopF@Mu$>
zWR|^a#zC$q@+~R$uD9Vw_dyHI57w)UhPfQR%aTkq8`D0T)9rpd7pEp_MNEdv)VnzV
zTP+=dKbGD^_Jpt*x^Wc1$Amf3QI>{wS0D2g{USf{jfUZjq;wdwPzFPjh}ewZctw*8
z_^qZ?@t3epl1Dw0_a@15R_b}f*{+-~VaMwSZyg2tEyM=QQy}qZ1`rL~xONZ?f0f~m
z2{ZYJA3l<Fq%(&wm=LQI6^f8@z6pHQn?3QQF0VqQiU~zm&Rn_V*l5vN2`ydQ^Ea2@
z(-?Az7ryI|zI2m(Q}9_viXCW2T=?cg>r0|y&Y_|ICYf()Kg@-f-qXx3ph2q`<p+4E
z(~<^Rh^&*Z29&4F96~)wd0tx`x2?X{gZdqKQERH<JbD+_^JU%eoOZwX&sqRTSo0-B
z+SkyAVWRllAX@}*_05e>lW*m$MJ)!ZstUfor+9oF7SHnX`p!4Q!iQK3$tFcE_ru+<
zCT@$0isox^aCcrn*|j0-48uTx`i%GV{LOHCz+;obS+oDlF_<=0J2g>RGDa4YXTu^Y
zqEc0ntK1pPJ}+cP!vOe7omW2!_1T^jMZ;~$SP7jX!7P&0-g8m9<fZu*X1FG=pwZNc
z9b24sZR&fwiYMs+7srIDQsCr$b@W=BBjiyJ92^?5`J*>K_!mC9wG7kl;*ai30Maq0
z>7^hk2Wcfn*~$s%wcytHHka<@#3&2^XzpcW7w+mUYMskHv|X!JhT4t|i}fF+!GF=5
zW2<gJBu~g6A7!m?7mvEnMCD7@R#Q|!*6U0yQ8|p$-4T+?M{;#7Eq05;+qCv>ij1EE
zJegMm$IuWxEmNzU8eq=sbBrMLilHbL_IX=}`XNRDu!tMy`Hwg;VH95!eJv}{IV2j_
z&fy}5;hkRX=9kT^L}_C4dbaM^vZ~6y;Y24YvU$=E*wh*W(#8gFa|h)Yet1cSun=`@
zjKQISyx7Swrs@_m?h=Wq3+D}D+qxFvP3t}UQTmTHq{l^hF}10>sX*^Vh>Vg_Uh)7d
zov!Ex0Yq9g_qMX{(pSRP;IZx~0f^e%xLBot8}WIx*$3Rnx>Rwqqz|?!jVzUF08ycz
z0LcI~ZX^$@mRi6b51oa+$pk+CJio%-x#g1Rj!{}(J4FTtIs*{gogzS?9zO-ny%arX
zudKY17w9`E>P#kHD$%vf-z(7(vFa|b%a|i1T7e3Y%-1y&o{hcZ$eCFK?83?Oy_(_N
zle5T~`H()UpFK0?H*XL43$uX{vrTTG<Ajlz=9?JbW2<+WzUa)4?f$40CgFdl_Y_X@
zDO1X3dXUUueJ1}o-t`OIDRsA|{ZBE)hl7L`7#8HOy52{;)3fJBw}zoJ>irdIgyC^(
z(|(#%E22cV9#uuXR!`mb=AkXwV_?!9xRBUWtN*tg$k+P|!H_Rs43|zTf<Ipoy)a&U
zcz!(+sl_X(<m$>Z&yTwDdbYmV@2&il>r}!*vj_HumOqd%bRf13^WMkjIQtrK)|h<#
zq9UG!pY=ZE?(QEU$d3Z$XEPXn&b#ycdoRDDEPFW@XdPYnImkCax%DxCd6$A_LIZI<
zYYyAm)Q?gaT{QFP60<o7h**Q2WlL~RMnnt#sNu2f5Ws(}UV0O;FA|{FMpDKwFg8f8
zsj;%}tvJ$>rC_45*(h9}mG7*vd{2TgIz+3hf-P#u7Kc)kT3w7Ht|MlW7rFN@f?W`p
zoh_*I?1g4(6wKW8Ioqh6%-9=XK0a}#-$DUC!=LEmA18Cvvv4T~P=!^a(gU`8_erl{
zzQ>3R)%7L?&lcHX6QcR0q<|%vKHQ;S&mdtD0Pa;PFp$`D5W{82YkeMsTB2EIywZw}
zFY5bG%?eo7*Y_FVoXt<-3v_@Y3PUhY-JyE{*cFYPbvP$lcy9f=do9W*g<fB4uIK`&
z>}cL8JHh}`);(y_`$oIdeWmpB3Ts6TYK@dcI~~$BIe7;Mj2OC7R%TO)IkF5-7Y*te
z4VB@MS+&M;keFt3d%2zfQAwBOhsZdr(O&7|q9Qu#<f)noP~DVS#(N(B)K{OSH^1-;
z7cuDk@lwj&QYF8Ze*(H%BBzNlI7+RnqompOS^95$!z^POcp)Bncobr+q-@2oz9*~r
zMzVhXt%n&x7s_HOn&RSAj8pB*;YEB!8R)=iQCB$Kn5Ig`C3tU60|kIPtL>iFIk$H!
z`D0nG2|lBqji0wYTmr~^f8qy+L>fPTmYpCqwgPyrbCFV?3ilX>^xjkjEDpYjQR$=Y
z$otkg?0&E-kzkZ?&?TO4=izN;NL>&wSqlZV%M%$0khJR)17sV`CH6FwlmR+5t7Z$e
zT5x<<-+Pc6S<pp2MgM(4fvUb&Oq7E`C!tXp(SGr|<vMJH!y0Ps6>3xC`vG%L)<@lJ
zzPI%wsvTX+1kEPU1x7nMBEa42swgO43w-ybJZ%TJEA1rJyhNyRz!EdJZ4$#`DaiLG
znFxz*hRw!TzzT7kt_tt?;H-wBDjHXcH75kix2hUv2Fv$P0$GNkj%ayzeElfJzE&p>
zyG-IPH#+FB-mx#c;)m5FcUvb-mif_3h}?YZyGG=(a`KsX_ae+JSUa6LyJDVc**VA`
z_;~F>UtS_{=fPqLJ1;IS$pOEp_Iy3OxA^P)IbmJVj`ia2jx>Y<Jxqw_G1JNHa}-i`
zuws%+$O3+2mo%81+44$czX~$HAx)u3%Gh6m1PiJTopraVn<CSG+}w^_fz%yU)Z3I>
zTP>0dU^*MrFBg-+J$HK;q7k*Q23+YxEwAB+1)>VBmd9h--FK8ZRdhh%Mffev^2}Bh
zspm#}E>xLH#|rwBenNhmAI+T|9rT^YB^mD&>Zuj%Zd|%2W~Bq6{I(qT-p)Qz$csQQ
z)1Ama{jS-E!~cqAyA1&ffY+a-lAMkq<{RItvL2B2dRWcjTS(-jqkVx;S+lz%`h!(>
zC@D(MEj@8K?Jb~k)KB9Cw4;~fG@H13+`Cw4*b%flIpgvuVzEcE#{)tf+~-c-7m-N2
zFH^*xuCzID7y$ETrcaXn(u4zU&sth>Ny`m(^ispskzw0@oEJReqYvBn_bX}kGPmG4
zs+M{G`bBT)OOx?rCrS0u<kKPx0b!iBRS(ZFf~l0gbR1X_oeEplcbOm0znaaPeXwxL
zpE`=p%*<$fmS|>P-vNgBnzs}*-?Z)Srk49wtdvBM><w=Wr<6aqH^F3AqM+Qs9u~Lj
zi`>_qDKYPr5QbEcN7x8=O`uTQcUrU!e*YjH#4jBhU@juv!6cJ3*qIp%PE6&nnbZc<
zYv<ZlG3_3c0uz|r55wY*#y)-{`;Y)bwhJQEPh|so=Ot(Wj%j~ea9%`xny;o?hjh<-
zh}fA8Zr88awhkrsj5z-Ndk`1f60|0jbnx=U_%0qfdGlQ#(u;V(j_s<q?>F98QbeCe
zm}Mb^O%N@4C)HiO8p&p{P^|Ll8eXa5kOMJGi?Ih)yk?GFIaruXGdagyL_qkb%v?-d
zcxV%641Ao<;wiyw^_@y{yic+Jkko=GCSI9$r%8_|)6RrDQ5|W4CUFJZI(UofD2mAN
zr0RIvy67QsFxOgOeQ`#3w$0Ey7g&2FU-y>YGlwXzk!LolT&cYM_#nP~xrKr!%397w
zG2d(}v85C{IT6N^=B-@NbMWX|$O5}mWqdoVY9koyS{iZ$qCffQue7IjB<cz;>do%2
zG2{39ej9RnJOwSgbTaR*G4*tJuO*@t%}=7Oq5L)()ikh>IF%U$Z-v(O4|cZ4m;D$~
zbxlo&d1@{8k3WnPS&jN7&{unuMIm-mRrR*n*w{JmRu}eA8C8%OGde}j*XBfwbdIzM
z@+`SsD^WP#e>M3kdr7(!!PU3RT(8)z+SPD^?roOVyDQ7Wsv&CLn_)_mIVBaX`)b*d
z#g4-j&Pc~zp^biXO4d_EG^<p;s4cY;<uzL>8>M2E>nF$#0=BHkY(h=ljUGi@`A&#E
zbnD_%xmL4GXVYgwrk<Bg*P2@W3llR#TFolmb&BodcGu-0wu^HwnRtz8%$0OF0>9xW
zMwS)QUpfmcJ=k-V4d1m@!1a}O))T3`3RBySJOT~T>3&zcoqk935!IZ7{|q0twid%o
zr!tbT9{FZZDSfXhjdqFyo+G%lSC!A7qE!p+x-Yo~VzJhJo$fu%-g-Cer0=qcN@vSm
zwTN3R8nW_JWJ3@Orw^}_C(Y#6yKmXVEWUq6yNhG=3#K<gDY_;Vc1gn^$46|;$6_<2
zbE>4IurD}u5j5Z_Df>c+b41Xl{`!>9Rai?F?`(lLO#wn^L9ec2j;hR$kKJKkF(-q5
zp}I`e8T!YAU=XP4J#&mK)Va5z#H-Y+tu%jzu6@ZVY33D-Hf0RUOp8`)^~zNadT4+}
zdlqe*2A7-|7z@mAy?7Or2P(1}7S2Fxc+`tLC+N`feuiC#J!K~&s9Af)A$^SFJS37J
zDBR!ELuvhb(v?P<p9^DH^F<WAn#`gDKlSC3nZxr(_nOgGlR>l|_q_}#n?e9<`yH!l
z%-MXdeOgqVEpit8kDMZovmnCSZaE7@^HG;Ngt|%!P3dqhV_c072=Wu7G7Fx}ZS0!%
zRkl@x@Q<mxUp-Za<x%DB6}*)2+OlXE^g!LdyaX*?=`B1Q4^xVshl!B|KlCNqN_)w4
zBJ+6r7s&aCy#9?DNvrwTl@FoBX9w%M&8KP$HVZV}^f#zAyB@_hcKymuR9NJ}*cgwF
zrFfBOYcjBW%e;2sS3@7yQtAYjtNW)=QBbq@vdT19^9S{9Jnzui@82JJRX>}BriXn_
zEt7eck2-0Gb_d!>PS9?&<`6y!dizG^&FkFqat~pngW&{Qh^>_lU9o5%2TdJZB8J@x
z9$jdHN~E-;18?bDg4Cjdvf1e;*D;T99wsMN$di@1aYC1RnzHreJPf$rzR!l|UWqM&
zmrKvx8v-+H6Z*uwW}IPoMS+^^sTM{(HJz3nH>xgguD5F+s?eNI*=_(DkgiBtsTJU*
zP3byIRQO+mj-dxP5lZ+omt%-rK0kgeadg8=fW+>xL7ZU8Z25NDC`eXup(>kNKK~59
z#S}c8LHeZm+;m~Eb>J}FdZxb6X~yg>r*xf`3}7P>XYbmz`wFrZhXjvWBE{2ZW0o#(
z3L}!I*9*?Awka|iJt4aN5l@5t3K;COwb74-ViT`S%(y7O7_?%TR}zD5bIYJQpq*(w
zo0QVmgn^3ZPr8pM-aD&I4W8-)E>}^5+BXf&EyE~W!qr5UzwX=3yHDp!Ct9~5No#(P
zPBl6BmcAi;J$H3lr|u_jI>}9Pe6UNpXUN)?C1RU>V?!(QJGun@_0-S|Z+pgMotIW`
zJ#(e44I|5M<*2eDE=4T)dLPAn^}2|}(YXanKmPh^t^;k1)qz-*+PA?M^z&i2H!$>K
z1)nmYAoEwc&=znIN(w0{=|R6vK$2b)aSaZEOI##+CaiH}O9>{>BqFF}SR~hsUM{(%
zdX^(30VQ$MpdQa<3GC$><(V}O_$Ha1SS2GtqWi&vX*jz@xv*WEU}iF_l=j8&#OPVR
zgS>sjjGhgVx;$B+H0UXU1je&N>o=U5B?))m4ssn<D{;79HohNQk5^_+{kqJY_Tv?K
zMqYdSi*pTaPf#gIYFul}VRh(0Ke!_AKb@o2rS_%gPNYkd<xoUEo4>iw=j8ttLF#Qm
z$o@Fz6%HrnTjTCbfxWdZHX4>SEllDjJoyc#&6h=(Oat!|^GO)jZ?(gO+P|P3sC5-T
z5OjFmi6yl0=*Tr;nt&A(fB$+;#L{2#Yof*eu$9H0R!WL`TAkIXK!Bm7xyD@aCa|+f
zyrI~xw9v3BtM3=Kkbz(@hG6jZViUQY2i4#^wY$B0?`v;^qgEU4$PYsoX?xxrV*^fP
z=W9bmew(ar32bgEcCGvmx7VoHhzct=*`FWBKc?j&a~Nqc7dqZiQo3I+MgNf4Vb;Bt
z(etelIOVnMMz(jj#@Vhh-7$g7e1OO=IWD4(rd`U*%^S1HRI=eOij-?%;dHR{S8!F7
zp`<CT%B<jZ7*s*(;Y#oJZzCN0$ZE#ch>m*}M^tx*)J2wE<u}(iT{@I6cVf#|R!7@y
zMkl{|#_lP)+34-rhbAuM)m0xm_Kkd#&z%}rCabV-est2Xh&C^F6aE72u#O55-hH3p
z<EkWj;Nf^E6)}H9?ks#CUQ4@e_@Yy%=LmLe&$3=ha->Xudc}*Uayww-`>?V1^*-?4
zwctY+6@#mwo2`cIn^sev0F;1Y@`3_yE$xrwmGeuy89i<tiMo`7zd_JL>WSv@oK|ca
zQjdWLDEc<6N{zP`KSR!9uXM1m#pbYeZdCWH^Q>uqg*6wdfA+@sttfqZYZ1vN3!?@S
zPbRg~b55TdQ-EyMCiPk;cU^Qre_LrRcJuod$Zg*j@-M9S%)sSYj?`aG{wm9x@GD-R
z**Mi)9I=B-bx~Z!y_OW|KvC$Q;(m8^b^3M8;nCq?(n-)r%LOFmlHXe0@ccI}oSUR*
zTodKN3eJo@AJ{&^R&4H~>ZS3PApI@aQ`_v)P@dg3l!CckPxV#p(Wd&lwfiq#8#v+^
zHnmdJ)yQMMxfFs17E%tgRvy5-4&1ZuppQ4!Z+2PIBn-4eq734SK4OlziU{)%M~fc6
z1S)#hn=A}BuV6~+QGQEbEnP`Qs)K`r-<3Nocp!iuCgK30(IR`XZ>^(pcD;ba?!;IW
zruOzr%X}}B4|XIb-*L_`b5>m|8`5{98qZaI#g+qwR68;Lj()9V2Z`E63oEAb_O!vb
z+S5E~NPBF~>ihll^AT}d|0CS9H$L%)<K140`!QM}g=ras)SN#A)_*YwXjqUhFGXdz
z4!2542GH?`R%H0($LPg)Epsu6JCF8i7h^IlIwg&%iKCX$zJuTi8JuD%L+^4KcNPfT
zJARUS1WxC|>Y;(2^&wl)zZ5cXEJ4zu!n3IKB#htVDH6MTYo(Ox%F=@Ja^8DmF4n4e
z8~l<!6z{EA9(DWgO=Z7&;hLluNANgLKsPzGITx7f(YB`WgK1!ss~J*j6Hk01<vLaA
z9N$rzEo(7W(LgiR^YlYWd+ggKeDVq!OYijSnU6utL~cSxQ4O~7)1bWYpGp+(l}h4v
zV)~69MO~BA9Drpo>y&i<M>vBTtwx`sTg8hhnrUkGMt#3hq<4yD6xLWb4d?yjnh%Sg
zkfm`wrJ5Qp!=|a?Vj{5|;u4n62L|nF*w&?z&IcKZ<;}O18hN<H9mLyQ^T)#|*lf3_
zK+B()QvM-7(Edqg@lS_XpB0|?XIt0ghEgXoJ)X%lQ*&-T+dAfLuosfXa&hwQ2xQ6W
zD5JEr?AgysiRg_hkh1ucx3}=M{8RQ8e@0te?68s?K4-SQ3@k5cz1u}@ee7C<`}goy
zDJHAt_x0U=`=TK+-@373@^6$?UtZ3O<qyH6eeCZtK0~&*ODaUSCk9A+2PF*h;?o^Z
zQh<8ums}d4eqObv$1XptP^x^HK|})>|9T||-)TIM*y*mzqogFeFx~x*?qc!sE$)5$
zXFa<X^35yn3GUVYe4GAT_{%{?Y(*2j@#qg)VsfF8`|25aot75%QBC77KY&uoTWq*~
zE3-6@xElL}F|aEl_W@d^i!HU8T4MKeejB{8F)>i(erz%>bgB<`W4i!Wp;U%71Ct2p
zr_wb#kN(8oKeFguh@F3u1JI3iJKc?eciEA-Aj1>4&C4F8^WQ;TBDReaKT^L;1Gklo
z%r;M~M}a(hup$BXiMn0u4#T*xAJ=mPn{nS;l4M73kzWEPj{yYL_ffzKlBNj$M=qZE
zMpj@#Lt*&%`g@7IhYtJzv5$8@>{JR`0}%orG!S*q2|o1C3EIhd0e7cHgVcCnf4u{a
z((42k=MH4}ueNT*;~Z8lr%Ptg4DDA~Egsp407g+=h~ln)zHDYYb+Tkulk9tcgN5`i
znPZa?MPfU{%?R}CTL#>(#R9U9`wQgoB&PhV52#b-3R$c9Y0ucU(vkTsH$K7z?XyLo
zi+D%Br|Tv2V>0O<wcKy)QK~vx@!aM{nfe*d`WUWG<-@bn@*y66yyKUGT?@>9dS-@t
zpNzv4U#&pV!5NkN_u9K7cIS8Rg1x8eYHK5s3_UWNn+0Y|b;hQ5;&zrxc)$5IH>bPI
zdbFO8?;+iuC_+z894}U^jey3?w^*-Gr)-oOGwhqUU~}<ff1N=#!^Ds>bZ0?TfTcUb
zYAC*Gdora=W=ESP5L-Kuvx<w^k*T?~lY?0jaf~Cc*jUOYcOh^EcM~6HGhw={IMTMF
zv@EZ%5FZSIEE)OcE3f+6RLdHLh07B(!#=e?uIa(iD0xRiL?3gTqM8$`1gx~mbF-_z
z{3o>KIc^CXR+?l<02UJEErXZP>gvWEx6;a4+wO>slpi?i+h%a}j$!*`pYNt{jMK^*
za@-)1*T(CDNVlho(6aiaL>z9$#;sx^_v0qs#<c}KItB)W6J@A3aauKjy<+}5!>mH3
zxvBDcnyJGL<9A`}x{Cq_@gCuzA!mvj8tJ4l5_xm)uS-##$ait~A5+msYE2doQ)v{Z
zv~RXCMQ(oikTyRe!I_Vxj^i2mB6Mc2;&DOOPWuc?fsDsL|M~|P+1p7snp8-`1GcU_
z*H}`e5`-%<`R+R3T8Q#OG`Tz5MC7sCgAT%Lpdq!{>cqOX;^5XlJKVC7R-TZs{L64A
zBY0qS;O_bqSi@({cQ9S!{xi$#L<w5X#bfq-g|+dWA-VUY&T68B=64q<nY9;!yQA1N
zeEcMB&rFvcPD}+bbeR{Mf;624wL+u@aY#7X6H`066tRuaxW(}#pp<kDiRSbfkBU>K
z!3V+Bi{)O97s+aT4%0DTDFtXVKgn5<#JrSSS_jc%EA&W0Gi3GF-7u%v)OP27@EyFS
zEl_7erL5B@{k2<tz_Z8+EQLF~>gb?t)NI}eD1S%dA>_36(97B}Zds)-@{1wQba=WV
zMflc>kVvBSp<mvn<p7O-^F-`l`=a4*wm8UQIux%WZ*H+$N~ctrs;|qNTo&^2H8pu^
z&PZzh+p(;A7s?G+?67>}cTB9x=D0Q4`KiNvcvZv0cEI|P)KtQGhe5V{h1*ooB<4K8
z(6B_klRiiU7Zicuml;adcMG%Y?WlpHUJ1ofLswn)q;1o0b?Ym$^95vs&m6Y`%He>;
zjhiR(kHcjRt1>R<C$(n4J5omRrQTl<bnR8NLQWyAuR6bOubTeo>_U3#!0zs*x`s=%
z?P7hTt<L|}rL00s1>_j{EPg0PmdsbFf?X!+<oe&Urmk@R{A$o58xSB)Gu_g5*5MVm
zL!8-`N*eRUW!C*{HosrD-Ch_rycSG4R%&kn_q5t0$VN1Na#EE`5p=nHVFIuKpRpqA
z2Bd|bC5!lQAQFF~3k;NcGOnOQz6hO~_D~<U-nD`3VnVNjCe}CFmBtSU6Lr+)qsiSr
zNP?#dl#N~m1V+p~8k>(hE|9M}GqaZb4BE3ZTe^QVdARdHTHQ=5&rufj&xsNa$%z(B
zRw*Dw?hMU|+DJ0m-pDBDv{1B|YQLYeoMXAVhbQ*vts1@K5xxDSMVMCo?8&fN<{od>
zyoFqMgK#M+RpXMS2Xr`U42(X}c)QZ-+2>(Tbcz}bn6$Qk!+cfp<;SnmA!5%pW6v`*
za=)Pr-kh<+Y7%uYLsi65mFc11{inqH)>tybTNjD&Nz3H?p$xa>e)w&pap1R~)yZ%D
z(CY!IvjFVVOG9+I+3rQwQ()<RyUZ(e(JKK5gc*#|;tE(G9(XHGSv1$E<5`5?FM41x
zs<OyA9Wow2y7d#5OEPlhh6tZB%*>25!pL~@HmXMua9MRm{W5(c((GHGcdSBkD@3*f
z(9_?tU+3?|yd##6j`VcAuj8fN7u~Fdohm^S2YC%7vR*eVJ7D3ZyU}ZCET^!82q7Yu
zRDj!c&8wm(dM)gEIYt65byZbY7gt1Zi>g=EnaSX`-W8O|MwR%F<YoMvE_I`q7TvU)
z0E_)xT`SDSIEk~qz^Vi@U-TSH-cOr1Baeb_rzpUkUH;sq!Wv@RTy+b-$iCBcG^?{+
z@3>R=TF@@*bPPgxDMF@yw7pj-k{&7Kq9<&PVB2$%rL%PI&A#gp>?k>pvf^ij1ZmT&
z%<8kog4vgD2OHtwGOKv(A^W98k2o6yN3F!Z^>`Lpr#R|<QxJt+*Q3HUbPW6d==!Rt
zxVCNE5ZoPthXi+bcXx-v-QC^YgG+FCcZc8>+%34f6|b`QIrrW7@zxiODq3T%IfwK<
z$LK@+Y8MB6sja&C&GcZvF7cn#>7k+ewshScl#F6Z$OaO;PbgtD?S1}$QRT8CXwc9L
zFYc}tJ%j=}bSCn;tsn^`=&yYyhKQ8!vu4W1AhW#ChzPOIM|AsLFC+Rx1C^P4-K2=D
z;f6H%pS)}&bkHgFTmXstjv|)x1j3t-U(e^AGmh`!t5_l|K$Ue0&k42Ttdkp5BATk_
z6Y$9Ij^_`2hqm8LlU{DL<5#QHm@1Ix8LT{7jkOk7zyQe?WuG}C#+N6({QRyXzQI+m
zsTU3ftm9e&s41SA!zFdP1Rt>kW5~gwA47CnShCdGC^(rrr=T54xM|Av&CnL6ymLCL
z$X@@0(m_C7()hz_7eDX+lZhx@`~*kNn<n$&JnU3%J5I6U1iA5}4KE{5rZjwNdr%O!
zWwbvkeltf+f3;Nc5n66Mom9M=w49Q?U;!CSRws+j)mu)k3hU~63h$4x+`K@{)$*Lo
zVRcpCY2x^q5)zB;Gv1E!EFLY5^nNhrw5Wg-U7L%bCE9mu(=Kc<j=g-GhyEom_rK3z
z(tFP~XMa5LKpK|~+}}im_;+s@QP;=}ftwU<%K!u4(-p5!9*W;vT{sSNN!=b2x1yTb
z)EngO)6t&wi|)_=)&d~c(nNt+H;kSwc}<UJs2MWexe|SG{sv4{%rvrJNHCL>n8y$;
zqlP|x3G>Y&VMps~7?3gp&vzQ^8Omueg~j@8IA214QA!u1#F}&z=sJ~_4@PU0ax%=O
z@PR<m&fh0N=HVmo5az#W#L{AQ;WxT44WYJHZ>}b4btOejL0MVWme?-FX1`m(pt5RR
zF<IFM2yR7|2pcU5O>01W2E>4fYwx~z`RCdOExq2^g?et0L$+My)maR(oQ|{hd>B0R
z0F0kc7<XdmQR|MWn4f95<^XDjV$tih#+GQxk2HT-7|?TV{6X&?`_qDtrs3J9*#g%*
zgT5(iI?RNXKP^+uvQ3}imngRGs8Jk$^hN@o`Du8$r1kjogjz5agDl=G7^+3#2@j`P
zL-!{kDeJWpl<c)g41Kp~b;ne4tXfI`yNa|JsN!_(BpJ%=^&AjDb0=ku$oYOzUyl7W
z@-G+)Is1T|Ms?;*tPPctf}EE?#3~T~M&V!^qePJ=cB^eKs@V3Yyob@`WJxCb;r<1)
zJ)0r}t;yK5Cay4FvJz=5iLxlr#H6Kr8v<BI!^I1lIWT%>ntmFo(%VQX6nIxAA_P@T
zslYw^?g2;;($~xvzBR@*U?#sYrpgG!x&EKGus_prb7m?k%L)#S5NV^X=33B9$C~~U
znStqCQ5i|CKGeDOXSkW3;}Y%U^wj;Kja-XIkKqf6#+TIGnJN5L#_Y9=RRvwmNE=}f
z6C5#BS2?;yf1-lX!qUbxTh)!lvg*W(5dEmig{7`)(V`&<VlI)xW~DDI3aU~4KhKh#
zTvdps#8{eOQ6#=<pbe^Pe}aLFf<IDIZ4W52!po>h=<oj|(F9;JYp(|S=l;a%CAxCc
z%GK2#qn1t(D$-VE7eXW!%9{zr8vW;`8U^jiGI4`Wd9nRmM9CZ|99pVX>JI{;Z&&>I
zKmT;Qi~;N09r9xUkrhZB+X`ep?~s_7KM*z?zR>sF@O&aC<d3}AVBfuL(b+1`w5Iso
z9hM#|VN7&XVR(#Xg^R~k*nJ-mBWNW2J#VIc+&uMY+0^y4Bi|G9An$9tt#kO44QW1m
zfDJ06aY;6_c1>TqVH#Aig^~1(P0|bI{ZVlUp@pGnQ}<uLoPuhg$_wfd?l6&a1K1eU
z*SE*Yiab{KTm*De?SvLrrv3|=3z$Lvh+uG+H0pVJKF;Ab#%=rYHT`bk(EF;7`x6Ka
z3YJFpqknh=gR1D`ecz!NfO#dLc6*-Z-vu-}EJQs${>pNE=zt}U>t}Yu`|jt5Q=Z$i
zJv^x@2oMCsT_J!Gw?td31r6xoQ=~u}C#krH#0SXE{`Ey!{uXf4TixLH-|obMWS&*;
z$e2&)IszcApoRP`W({URuADK$(MYy9UlIY78T{kY#XoP7G=Tq2)V&$5vy<QD`ENDO
z{03Ou-QPF}3Hj;rWH{Cbcf`+oHcfP}F?s?`v?zdQJ};^&hXL}={^5~Sb!TUb*a8&#
z+5`no+KL!6vVtk}>XV2N%PBD^KVMX%;{yx=%5BX1R%220R|s0jloc_fYXcI&nQewH
ztNv2!phtr2RS(_E7%`S~e!_A*M};)S)=gqcA`j+Fr`EXrnTMNMzPOQ5Hek1iLDQ@d
zVjvL)EK+aCyuMZ@U@jscYY~&O??gblI3Mnttk~j~*LE=j$XK2un@?k8TJI&OoDN-e
zq#-tt+M;0nR)U-_TiWHg-JJ=2A6oy=+H%+C4{ae8Z5>B@?SE_5J#~w<;g%nn1>RP5
z#I8t!Tp#HFiX^MMJDW<PWC^fHo3tQa1OvrJQ&;)&KFI)sbTyDyeQ*l2;K;o`^LxLN
zOCr{b|I{zGEyI+3RPQ=<@U@A{K8KVQk~f)p)`V0obvmhR=CTmF^*+A*{uPB>YT0ox
z;%uE-xJTiI`9^QrzR%Uh3H-{&3-(d34LigJLraBVc#Ehjfj4SVO<J&pAa=KwKxwV4
ztG@9)xvFu+)3ED!KH&+f_R-;WmY;PEe+G4_qu_epEO-35=i2USESTNnEp~jxZI5H;
zN6Z(`-I#S&Afj$3P#_XeCkn|O-JTtm>yfIS>l<wqx0xsemTwNh-gyO9(}VW-xH{75
zx#5e^toTilEjVF`Z<v|Bb7Wkee;9GZPTWGtDI&kC?N3hB3Y##u87<z?rUm;s{v%fs
zjU8v4wU8y+d~LmFb~3JPG#ytj90|rwp)e>C5nDPmogvM(RY{PCm<#2|=m`|P{=t0u
zoP+J_6%Y3%bkDLJqx6d`R59o}Ql?g?u(pnN)}UBMH0eu>=VH%xz)|b+0&V)(rw4qs
zk-|}GjhY%U5m@bLjsSpHiN^*#ME_fmJW*Fti?5_CQA%X4&BJo&b5imAj9A`zMvaH*
zy3>T^DHtV%^V$Uk(pq(-2;wTebf!hw<RYF`LEI4uwemWSPiEa?-RtaD>YoXrUM{`M
zSkYrYH1(M3-3o3ohqqE@5Bol~Ebc!7?XUt6D;E=f_B$y(%sVN{oCgmPmCaxfq8(Wy
zCfxLgqttOb$)|cD!qt1fZQhox_;#C<kamyu^8H3~dpD9&nVfFe8!0ObDU9M6{Y)Nz
z#5p`43FG+eb(DqyCVy4!l5+<p=6TJZzD_?;*7IqZ0L+V~ZQ{MmXw8>em)hLrgFJ*<
zCdV}yTiDLsgz534^G-o|zU7$PF^&B7!9$O)yS4T`r&XLvZsNo1)A|0pm3B96D;MZH
zR88<p`X^XQk&Q0Rhddy&6S}9wIk1hANpEH**xGE47qTD1Qhqv}24C}@XwRppy`CWy
z`9mLZ?sanM;!OP#&JL&gEhZvpqg`jqTfCK%47E~sF?`nC@XKe>x?>LL-}h0;`srU+
zpNiX?fIWt~w4MchkseJJaihh+!WWEa8oeZs8QKoTl^&mCd&@sHyFooZ3&r&(y<Ip;
z@0{!lCZ1ogt(~7X)>-e|$gH^Q9(%u?nDzV;u3@de)Ff|kq7UIO;UDF{^hgRpy|U@#
zHv`ync|B0~Y4ByI4sQ&tML{`DbuBpwOe-ai=N8?yjkn#GfVaL5pKAbnF09vl(Af3f
zz}B+85KZKBh70b=ui~`BuC^*_cC$^2&aP9hvy|MpQ+Z!#V?G5CtQgJcbi4DsZ~$iF
zz^A$c6FO|g9NdZZc>TzceH#6rmZ0;kL2|UV(3^NZ@OsCA{et37eb3~KovFspmDo7!
z7npy7z0Vvb$MHLFOw{b05C%NcXkMK0jfm3wwxx5o`vFuij@)sov3t86{4Qjluj@+(
z+Ro~fpWaucJ#5NCD7fM?2{)o74|S%^R7)Hl^*pa9A63s9F7@H8%x?MtEjKSUvOn()
zwiwkJJs-g^jz9J?)h|ugy}-mal9o-`dpaO!0k6Qtqa%$rYO^h0uva9S!i%uf*2jy(
zCkNRZm-~6ME%?@_eV=1Jh4Hh;i-U{99%9$$q*XOF1fzY(Lx&?a-UQaI+dg!+>$7M}
z85d|e_a{fsDQ(fMb5gsH14CWSHcoLpPgZh-vV03*$%Of8dX6&ve&}QQo~}N`^6P3U
zN97K$kT(9{BBt!b>$Y!>CQJ0Z{0eAn!w>I|)sO3Gb>G51xvkvIhPWLfKkfi9Fe2@B
zKcWr0j%3(BWpCWo{O|9>AB<F<T_q2=3yyx4Ejod7Rq}u4ZsQC(E~s33WcDK*;;t5$
zz6<N=g!g#)pG2TP=?lVSqHOsv2DM9j&dLhOt^o1b-`ELzb}fn*M)c@I0@m!tZ>Fn_
zUv3z%&^>nczPCA~(z>6$+C_X6Vd2GW&rF)$%=x%P&`15Y;Wz}2N36Rb$-i3$HuE0x
z+7nv=pXt@sls(=j%PMDVp5D>P-d)K$Y*hT86x~ix4$d0AkWFRNg22MJ^<zQ9fW(l>
zzVUqYfD-iy@#DVgf|~v4_m=#^YivHBT_PUfeXbm@l$$H(>y}R2v_9Nv{yQ*^p!IF%
zR^vXd!QC)6fMPZ7l#nlyQ(bS&$|Yznms~d2E6Hb#Wpn-QLMhPV(xbzqYc7ArC-wGu
zoD-V4w<XKY>`hXE#&!po5rOXjy%*}+59#JD(nWjZ`isBKEc21$QV)KGp6i15E+}Bt
zNM5ez%K8CMC8Eh1w}!`^-EKlNCcAjEhxbvI+OZmM<s)OcKvw0BR`PXGZ<gdB6H9Tk
z1VYaspK?RJ6!c?o+=yJv`%vmFrls>%{x?uhv1Fx0Lq}zeLc#0ySn^Hx&x~4rp!fAF
zrtF-LJ*lW_U*o}AV1=+pE?Q)HAjTuzAltdd#<dIC={&BG!?y*p)1*pqX{KkmrpC4O
zeFc^kIvlV!-^@uk_3cNO%{4VqFh3IpTpY|dzD%1J@gvd-N-9b3(-t-^7t+F7MhD%j
z)H}M*y)1&~B9DhIqT3qHkggSU^R)LLPmHkP8_d^_PF9b4W_xtsf0?dw_gQZ-;s!k~
zCy?sNnyN+#$A4X>{*?ti{b#?S`k+UY+-V>rDDA<ogvoJ2!}rLGiyQ$l@N7IGH74)1
z@RY;nH|+YGi<=zhtG;I%v&Y@8w1>kc71{eMhOMU?EZf(paZs7R<y7mwqHk>GDPENB
zL4^D`r|EvRiVbUI67=N$DD2h{8AJ&8*`$9i|G_KSryqjkI@6Lv=xxsv1Dx+E$dsJN
zxUnlN4UobZ=ly9FNaSxfLs>j8Xu5N8+x6%z(bZ-uIE^0h$acIDN%Vf9svSAQ#P0(#
z?S~jZAP_C3+mFC(3o~24_}3iMnAqB!*ABQ2(+kP))KTBBJ=X#W7^z2|RHql2gOmoO
zz2A6SBYt-#_$#k#zuCrrchByKoon{*j!f_EGgoiZzQWKEw7HDof^GoKu9lLdo}Vts
z9p^|N8;qayIE*wJf=mMW@}Z#to|xRU9>L>syovBcInxi=dIQ84uqK=#(mDH)^YnX7
zLvTUzouNkX{C^f1N1U#|-%@N8QVdkEh2$J8@HpLHXL(MJ2aB)ws&-5q21v&m+)d^x
zc!PL&Rbr-xl5)st$9qxaE5M!%Vb_siPVS*|PSd&kd5Sd71S2;7M8@HW{jQ|hRc}7A
z4udB<9P@)Hs0lHw^<e1I9w9LCA_%%*>N$2x_R6lC0DST3i|>Y$OxhI}^2a$#bJR-}
z93^U9sWlt5l_h0)sZ4t{ZYGg4MTlN^(kgNcrwmZcWF#*$|I>--z)H6ToHEwL!6f(P
zZW4cXEX`-_T9Zr2H;xiwHc3p(jyjNJc6XNDC#p;$Kg1DC@7@?Q!g0~Kw?MTWAQHtL
z=ZWXk`6HrRju*z^n-v!LR9l)46@Ht^%GY*UZ+~gIsME)t%d|HiV&Sj{aj-XSM5C*E
zN|_JkX8W8%z82>swm5d<&O_}vYTkTrzbS4%abF@otb!>Z_2ojUG8Qk%`#WZ#>o5rx
z!fN_?pg)DlE3wbB#Z9z`9atM<7{C+ty{99au^@JbzD9&&|7L!9HMM*5KIZXvD!GQI
zXNw#TVhxe)%)H!7KVk&u`R@2L9IJJdMwgN@gEKr1BIOD7?^+t}qE0N8Iveiu=iPB>
zS;IB9zVg7}_w&95;`N{Cl~ldv47Id)$4Qh-Bp|zvq+&pXXH6?NlfD@q-{-?1w=+u=
zwnRH?9*3ENn8wO?B2O<j@=;bfgzl|b2}TSspvJ%?=S!=KkpsXH*CLoDmYq(qvdD5<
zj!qy3L(HR5lox`=gL;dmUmm2q_}!%KZ!%wK>}>K|aqCth7Zy9)xM^-RpS9f!kxgoB
zlvh;pJ;HZC>47J_<fcFDF<F{+jues-e{0%ex>e7#-H<|cW&I#<<9zgf;x_1r2x0Ci
zD9(r8U_u~T9J716Y#d?{i7vbidw%|L?cFg18QtY>m(uyfp$veJqcAwS$h>(kB+7zz
zE#l`!zQ10;Bf9cRk{k$hbKl)T*3dWhokd^vh2XAo&xB3-Ai>w2D0J%yv<a)P`>fA&
zxTl_`xgoMQhx1n37+5}r07o)D2e&v@<NmtmQHiv4J>SyvQ{A;h#=q!PBY?_N9W(C(
zNcPcs$F-@IRjk)M*ZmSlbOp4l2(L^Zd9Cq_SO=*xqlG&EpncfH<MYdj^Fu~0OYd9D
zt<ldU4#Hn*CGi;)>u7j1ZSc4svQQCsR`dO!sd<};1Jxcolf^B5q&+;hRGQB*9uy;N
z5cejl>zTURe6Ki^-;Zib?}U)Sl6g+{sQAu8lQB`rkNbQ*|CruGHgV#?`~)Hn%HdYZ
zyUWfyu-+|f_WK3cS;jo?iiH59l^;68LwhB&%fsDAr*1r{`1rdAsl}*53R;?yf+q1p
z)4CH!%yfG{hQV9C@8lpD(jVWgJ<q&&xLxRf{v4@}<}uc08JB6C!$vx+-B4q?F7PPi
z0-Q`_^ThPV@7yKB`M9m4I=zr!4eH@4_FXkh8{JyO-2%~COa&hS4~6zGhjN-G%Apru
z^vCdOZck4b{x0XXZMK2(ec5T6%Cr-R+fx~#!2gKIr&CKR+(Hwso9g_|H;Am<U1U76
zV_j*EKv+-fvL$0sXTHM|zkFEP{1_Mg*je-AwurcPlFs_Mr^UnKB$tJi)@ad8S;J6B
z`Y~0BJER8NW~jCbJiMRa%c37rQV$?$Mqacfd%10iX4BIPsbZ2ry2m>US}#+!puDKc
z&1bJ|{10riNuDK~=iJp#OSop+f*MKw(ceoXa!h-FO|Uj%p~4*PdzSfVqYHIWC;iU=
z(be0bRCQKJ8kiJFw1<{3cY;6@usgAN2M5(37&wXd7KnK;H1lHA3d(oZlAG@7>rA76
zLn><#fa&v-YHy^kD_SH3e84H{?vemIgn45Bu882GSV?v8w_c{KnabjwH=QrV0$A4i
zeX9Y<Y@x7`WHUBb*e{^@7PNHNj|T0RyCWoSJWK<o{qLR4dqXc@vGd0lC-j=sF6wRa
z^fP^yZ(63^>t&-_GwNvY0PMTX1%2aZV&6oeomOLB8B28_s{&(^KbmW9C>}C!I{7L4
zyI&^_-%=+pQu2+>9*&+7Yo;O|SQVu#W~ovt9cv2uK8m~gK0Z~+w`V{OVPZnC@kcpK
z=Mrv^E1qn{LCMth#pX;lGuR}ck<h9s*V9x{ExbusXp>=m4wyWlzdU$IoX7DvD99qx
z7;9`9zJ20mEhBt9H`lB1CB5&XLfhMXqM)ZQTH<rNe#^Tk1cV%m{$hFgl?W%LMqfa7
zMo5%rI%FwDJtlzzCc-$>$7N}`cIs<uph*_GqsxyzANj}OA{f}H=9u1dbHh)xJ*a5r
zG*ZB8p7n}K&jTdUV>P~rqN{hLr)xj?1bkf9OM5DTl)z9mn7qUGxF5lFwtTu=)3aYE
zU7J@=AIp+NcKGP+ah&3%-_zsEp8n8~0Sr)OXlu^+)O=rgNp*8C<mys;S(o%ycH|QF
zk`Y_eHF$a2+KokKxN6PhC|T=Rf4OoCUZ*mqcik8oNruMeMAuRjvalyzV715r7vaP_
zI5_i}q&_3$)ujr|Er!ab%WB>dKI)KsbKi78IOmO;v%yWjz6?n-1chPA;>q`d5U+01
zuDNe8Sg8V&j+V+99U-sd)dnxW`8jNt*^(o(aX9SIkgJ=~FB~+L<Q#-)U8*S_98G0)
zkRVpLWxL3`SH%*R(CiY^$<sn(cBS`xkDYYd`tuM{CKM7$nUjr2S*kR;BISwe#o{z6
zy+d$|4T_VO;4rPJ?}-`OI{#AfqCfM$8u)pIFA*y!`p=r{XDU)#BqEHyG={1WJnA<I
z$j&y9dhD4vj+20*%Ya4F-4YYJZ*C0c`xy;}DoPzmcPVK@uN^uYrnPilDaUo0sg3iA
z6bxAL`TiISs4R3Gf;B9E94^c36LI!emF{ntDMj>ab3SQ2WNmwj#<C<kzPfAIhCU#w
z+6*mgsL{p7<Q2C5oiLO6G3s@$6|tH$0Kjot{$BcgsMmIP=(&7GGYml2s3;d%A;fPe
znS5K#!)MKBXWjxthy3&|={kCtoFCjZUcLv7WL41pW)QLW1Xy*`raJMHaBqz(F}SzH
zHH$Htut7JntwHjAFz*O1tJgOmHj+kN)smkT`|;a{F&1yDEo^%j+VNU;$zkqo{>z7x
z(yVJ^4b7>TMQP3;X*!pcT8-%@e5%v^X_TaQ*SAuMxe<_h&`Uop#bdy{q_>LNk6O=7
zDw=lkoEhDra#qshRH>gq7iIUGxr=Ceq<ED4*K^s}w~b1pY~Stvv^yaiPk}_|&!XTh
zX+`X<<bbD|7+oH`E%G%na?Z4B3yb--+Jbq#ns`>=&F9{Bv}R*_>I?@C0?BokO~?(i
z6VH>hl?c1NL2QO&Pot7PoJjBFWYeIL>ENJwDrsZrw;M<mwX=Nc*QtO*`>icq6N4;H
z-G|jEz;j}U&Ui6kx|~%s8ADRSmeY&%z9RMNq1DNqX%w#XZhSr3^$4%{%^5a~z=Z-*
z<}l!yY^L8M(L(&=m-{p|_;PpEp;KY8!2;FU?%bbK%z~m<c*|nh-RbWSyXG#^SaLq$
zFNHIRizi%*5YS5HyX!*vX)(}`ByVehSf>CzcX=O=KpRa7y_1^6JIb_BQIenzYm!j_
zTjD;Q6|QTgu4+=60XpkcqD633@{MJ0m_?ymY7G75FH>}iThcQ-<Z7e@sBD4sIEi2O
zo8c8qqM^n<TEbLvg<4etlK(lg8?T8i%%j9UkquL&F-)J$%R^!Wl)0xf@~QN{D-;;M
zc(aAlGFpcSDDKwQ|3x~%;eXOF^xINo3Y>0ps;QM=MgVHcwX%4Aihp1PKv-v=akR^9
zy{^B@Z_%|=gQ%2Ke^f^=yx-t#_7b}LiE-U?r+M+1I<HXR8)i)44e+dUTA{rHF7neE
z3@V_Yu(I%;bv!?uxM0e#H~O{hc(VnTkUO-C8Y0~GtX>;uzB^;-E#79z>;xeR5QpD4
z>?<gE3C?lZe!I-ci7kwf8G6~R@A|RF;o?sJCRAj2y2o)EPHVmb)>pR)HBJRXftDbL
zWyLwJ_F&jS>;v;cz3e^6hhV*c|Mi%2S8G_;9R&|tz+INs>h4H{wQN$$T2El@<tq}Q
zLS&8kr!f2`ykWQbCtic@lH1#*`BIK6=ZACca22U9?%QAF*7I1Z_#SR*o(*@J@!fV~
zRm`c1v}5*<s{Y(QCl{3=xBvNOI$>>iSP*9{kdV9U3thLQukJy_+q{_`fKwyssWrF6
z_FaS`uXA0zV!);t*x2j{>8gKM)#5m}XhLBMUZKWrKna&$)Lm*j0j91q+06XW*TeVr
zy^o&a?)=cZ=a?~zrIH&MxOwKgOlZzOWvqC%3hP~zSwA1K<Y;+G?_o7oo<_>Xu`lt!
z%D4NTyLY)~-1Y5^=NXTUYu{eVOs-$EpNeAh0l%7iYX6yg_|~R>LVC{Z5n%Ch0-w^>
zF&QG0S=Mk%>@^DjD>4*!JtFGr{$nSTZdtb!AztSZ5eai=P@_C$7<W<CSkV=luIyJh
z&G(9$#k!JEQFKe97xouAbRVuc@TC^7B&Ba0enleC2><EN$89a`21~oC=MP{`AEkcS
z56=eb->_FGRUW(EvlIh4g9ngtB=TmC*v_m$BLxIJO-tQ;lDOp=326;+j&IeeW|Ij$
zgJS8^SdQT>k0g^Oo*cV>ro@vgS)%b84lXJ^2jYqqBq(iSE7T$~|HTZ{8G~#xpNG2t
z!3=_SGq4!148l+;76oFbu{F$^xr_0UgVAECvWx#X^&80lumQ&!9;<b}bplRgl#tm^
z6SSCSh&j&SALb~Gkf_268p*g%C0&2*qmh7JQ*a{DLaVKbOj(LSmbzW7<p5S+`kmiH
z#_<w|^upKn9C&JN>>PdW2@@H1F-b;{mC;)by6w!-o`|mi4kWp~hwQ{OJhurJ{G#vG
z?Tel^ojW}HuzyX+Y<&8(x8;ptcG2jMt(!A+5>j(}*9gpVJfTarZY1x3>^7atf3hlO
zHtW|QV<8+~{^*=k_Tvv`rQhtUfM?cI_c{<?|G1<t{o+D2E$bfBAy3qs+kicL<Gi;2
zI7)Og^00J$q$jSBBZqbBM#gu`x2lMI^EQv{xHybRW7Xu9KH+tr+lkAUyq4pg3c4xi
z6-)Y<3?_<BW<#fKqGzi(q&M1YAl!NWSfAYK?CU}|O*;Fv#&Bx@ypEmBWAFJjKFv2(
z#9e9d@aB1xBSz!}d%5L>z4g!)44vbX4Nd>$m)qk9(Iu_yqv7y&sycAgYG>ff>%J9_
zJ@9Mvk6FihcCRd7$Pw!#N)!c8tuuMqt?QLSq1cb5foQ_tH-%r7{ixIym8w;98G(J8
zcRky%WHRpQ+K(E24e~O^A=z#8<!jl4$HHE<D~fJ6cTtx&W5I47CjAg}xcP=lK4SxW
z-T5OpdmcOKuN-}kNN&8hh;j%-qr)Sydu`Cej=N+H9#@xfS6!!`U(1(oXAIu>u7d_s
zVJ%j<nat3b)vNShlJ&A+tB*#3<V3O`IUNqyK6au99;vWKaYZFu{=A_Jw+qScErvmQ
zdTmK9P0FpWqu3tXHLuDlM6td#pgpVN0dzqx@w}1I^E<-7j^;jjh+6dou~nG)4xQQ4
zZpnObuBvNu$<NK6f3Xu8_Ub-AjLL3#Kp*DkN<FXf2rU7Xilx7QXN)o}ejSIZtw?7(
zQ15plzm{#6uv#SQbh!+AV>~k@^t)!gAjH}3>L5G}lX&r5V$T=9>}~^<#L7iRN|l!B
zcFVb_sJWO;X1pLJn!nF_ja-PFd{_C<O0Dg&)W_kD*$f@h{<v%XZ!JJWD!Qi8)jW64
zQ1{wR?c^0^nfL4N`f~TVxGf=d%Yi{A<5Mr6H>WMuLeFB|RugyK{+gwyjouKsn~c%;
z0GrWX9^Q2i&N$kb-^VIXGpFfSCvrL|PCf7E@&J=F-%%9H4~-c5(xHbIXmx1+dOp(N
z3dEG@8q*{LUW!ZY#IM5jd{uS#v)~jf6cPu$j{Oz)5WIW$=90y~a1Q}SH?Cxy<xnYg
z(+k|!EBqx*R7U?6+4NB^-5r!?ckfMEtX-dd&|0e2#BL9D;A(6-!MD@Drzfam)eq=r
zuK^A7FiLqCO^kHg{VXc2y`0B_E3Ei#h8nEg9j;w<IPAIH-rJ$=-mP%NqXXZeXb$(I
zoQw?lt^>Giy=Zz<v|lyrZh>!4e|Y}*wldhPJiX3TE2CFifoOwR@dYQV<@ZG5iR`1h
z%an_rDbpS+H^Ya_p6f$-)>9pIP>(_VA9l&)h7T9F+EHq3){d64fwrevycOy%AFWll
z=K}>eubS^KlX)v-BwcacnbNIER@}2DG_NMdFkBKu#3<F7C8gWjnYo4~)8Y=}B~{QV
zH@^sfPmb6x)kU=)$3_@WSpQapc-%elL)>c^{}{T9bt*slMA8-ehW$a<<kA0PWc7Ud
zc3wY{mIQuDw&X&1P&GP%PO~8-i7p{Li$SyTt$sLM)>+3}6f}u%4^3}Mz0go3<5blf
z&NC?h&Bf^!6I5E@DdkZmFchA4JdLfcJDc_P*EiSp@D84C!&|ZhXVl8zm4*Kc7%3rB
zb~KpO!-QZxn@Q{fWpKzc)A#My5!dLx`|CB;S|2tvfE+VJCV&gx8%0o11fox1E@Pr;
zri_{xQlmHq#dYF*uHM?1u4*)y4eN6mms%HA!T9h-*r)+o;$N^B8H0K8-k1Ucivrh_
zfcZp=rJL*JTeL?U<+jV{fmXW#iQiB(SUtWtOV;L${%46r-;ZE?AXK5(d!J407%qO~
z)<O|Yf@Mw~-iqUP!kWe!Ob|>LwbWcTz+m`s1|jiB0vmG8bkt-SKpM)O9+2eSZFvXF
z_QoSMjU!w}nY4urjMm=}xrR2-v6)|kaII2EL#@K;50Ndupfan~fGXI-+uELka9>Vf
zfTe30+PajWrcgC&zc*088aLmR)eDdss1HrPu_4xl)(eQ-H0L^1E)ewEJ(XE3Va0#c
zhZjYq^c=QpAxT<G`3tq<GX^K@X_<GFZDgdkmANm?G=8v!QX2MIcxS{AvsiDCp-5;Y
zwPA6&P(o;=d|LB({&bNsfk>n7Wxw=;>a%joRSUzYOegYr^1n#iaRlx$$Lbgqx01~>
zD3FokT!xBGUtTA;AC-oA*U&#QJiPgUa+`qN4Lw2&&_#sbWKx#e1I}Yiwjkczgr_sp
zCJD1V145?2*B}#_mhfQb#zGe*tvn;aX!7nXwNis&Z6?+bi2|IpML1TWCRvDac(gGq
zzLCWA3-9X#z^Ta3O8?=7gk|6ZN=*>10;3RA3apZ%lCcD6@rBNx31C$v<LNcyQj8s^
zb33yokwley8`n(kZ_7Yy=5|S>#0)Uu&fOMiW>uUW;0n+;TxpsG9h(s5G7%UA_NzEL
z1<{Mnj?~ZA1Cj=Yp)pwG=@E~42{(YZzjpc$y+^y@mmM>=a0}{Tb^f|IhQs4Gvcl7o
z2YLO=_w0vE=Ya&7tvM$T({4J}O$b7ODyU{cls4T8w5#TpNHclnXa$Uk@#GD4bctG<
zH9y&lioZzE)tIAojf&ilgVGRUKF5laRFQlSrXr!pe{m&bu|a<6H__>oeH&@#6&Xj0
z40OyEUO~sV$b)?{6|PG`bqTxylyDHR6aZJIU<sxD3>i@mLPG%9fEZLp)W9^+35Ke5
zxVP`U0zWCxc&&G-tvTDRi-Eb6?UmeWt&h{IvDl~JqDdMFbVqcj|CC(Ke%@5p%hAWh
zisX+mnb^weC&_-bY?m|*)HY8-tx&(FK0-9LUL*Q#uCtP?q)V&7m=WE07)4+6gc(f+
zE~*NmfuPmHB!Xh|snUqSY4GwW|7Bp6exw<|6PrZl(2nBKC-IjSZA_7b?W)&K{6)zb
zrbZc`Wlu%iG)Fjaqz!f-*U}=TDE9X!qRsxr$YQ?%i_uz4vIDMY^M^2?o{NC|z**zQ
zR<ed7U@izCKSuxG)eP0>i}C!onS<x=iL0HwOZi3~5@9s@JCX3MG5;<}rX@=a!{<wM
zgRvOy{c^KfA!@mm3}wv=sb^Bc1L&*~oCXKX821AowogzjW>7Oo=8g&(6bmI1h(U=V
zijsb?Y<%I-N@C|VlZB|(>bZ;~hgwgwwl>&XWQ;A$TekUgV!y+&^P!+GQJN6xZ+%6D
zc>Jf5_rH1JC+WCih6wGXbZKQr%3hW%ea!@g@c=)qlaEoOM6c;qqY$r;%5(QRKKn&u
z&lDNtzfYWdCu_QgkhBMr&4x40XUPi_Ai_nxEvH{zDC!(KS-K|$sL3!-thAl7sI!Mj
zpp`G{?;0>=4TGHvF<@WUggcRx;G*NfGGbIhzDw(5|D`PQB`3loQ2seuF{z`pN&nbO
z(yT<EO>VqJd5D2jqg)J~m5~OUk_FORQ2A`@YT-<(@u&`bb~~EVvdB084SawayTHGf
zTvB-80V*V(MukIOZAGsPpbU59yIZCGDc~<*vHf88&nl4POgkk_bM$erl#>1yt1Nee
zF790NnZ%Zi7l9Z1YEI+7fx5Y_iJGroysvuv>(6|~gC_vSnplZn`a_-V%hy)r!juP5
zUQ*wPzc+t?TF#8NMpE@&_Tat|2OT(BYA6#J9^{KWukX$Iv=5%vddnet7DOl+2VpSc
zppA*$NASygdkrnoV?>~`8Qlz>;`D$d4?ATpo|T*TR{!b&%v!Ceu~?w8kz|~8LIXqv
z22m)gNtGMQYM3>Y?G)AUq|8U$vlDA<-af9Eny86C%{S*;F=fNHn=FUZq$RaHx3|uk
zs2+A#yc)TTb?u<}5g~QiGlW)?`+~+gRK9l+mW>9#u5^8Hi9EO%H`;xpCo`*f{HFrx
zXxBYyf~T)J`(Eb2N7~(ELL8sp7eY%x^q#U#{~PF66qPjLKSo8~f>zYTZBrEN9C?q&
zsQJjz_D76L9N(T$DG!|=muNIZ3kBl{wv5K5yun!2><mo6HlWoDy)6YXd5uYuT~5!{
z7HEm(O+B{I8h=LC611fPTR$(9492>cI37gT=qZAH&CtHIufFVGnFM7VH|{pTUQH?v
zqoU7wI9-LtQE2Z{L<+rV#GjYwNE`&I#<{Pus83t_{1jVO5|spiY#pC~U{@*I$LdfN
zeKB%MF%HYo-{;E^zQQ~3r8eDkpdM!be2&GBMKU+r5Bg)w{US!9W{u`fJIOJPor`Ib
zOcj%oyRtE<QB%={WQ-K$t$0W~NS=S5dWcJPM)_KsHIJW`_JpOo1x%~6lBR`%<O(?9
zKP=!=Y)OBEG*MD)^GYW#jMB%%aGkvcS%)TNsDIDkMK3!vo0NFBE0S*1Q`#74!HDV~
zt5p)L*H^EZ{%ziNI>nCcWn1f>s^dM+T(7=f8joz;0yIlvXP?qh6Qs)FU@~h^z=%T_
z0Ja}V#h6`P9PeZ7N}SI(7f_T?V7VJ6K>a@h4uTu;<{?^{HBp~vAe7M45*80!Uwc-5
zzi1817>Txruh5l~aTm#}IxE*&gC?_Fh<twdcjpoQu?X#-P%Qnk_)ea`da-}UXP|j;
z%nL(>96;7F+4TLc3ii~l82L@mBGK@}>4X@(NkDp({t&)ASlIK7W4uwB&u6wY(RRfc
z#Is9?L$!cb7V9lF_Rq@HG02(hv@PUc$y%)5?wRtLntvef&{30oK{ceyh6EE-UM9<j
z_s$@ghYmm9Kf&9QJ6`P?HxLK^_$1~WSS)UxjF?3}kFB!i4JgF;l47*OwiZ7H(tJo5
zUex<#jQek&F5e2JPkE<OUn9g&$R^2u8utjN0c?7;HjST2|KMW5a@u`h%Azr5JVK7W
zojVdSyHMwCE}k&Dj7yU4YB4b<$AIzx0ZTL|+EUT+Rfw^-<<K8D$MEHnCP^9n^$Bwc
zLpIQBu7pyuONr^umDFb5??N^uqzwfB*)EtCP_eKwjapb<EAxg)h%ASY^*0O{7&TTw
zj$M%qmwPZnF3|K8-L?JGvy@9q7#f<5I;fM`qxxcthCJppbHS>~B~iFFO>8<7kRU;<
z#)qACmvwR7x9&L70&^+QiM(NoFp!oC{9kJWQOL{9F<L*-9B7RYp|tWsccU7N*}gnU
zzyIAZgiP4`X0<pRwuHz*giP9$1v~_n9xUp^U25m4141*AN>D@f$>+lqSqu32QAYF7
zNe%8+lgZkMU1g=%82()Cp8W6!O{TTk?$L8xzb;TrEh4aDVjU`Eq?t*ck}miPc_gc5
z{Y?eMf0zs=4AQsf|Jl6?Vh9muyjmkl8RrclYkfCOy}Z?j({K3~^^v{S!d%ELADOZ?
zwZ^7j{%#(VQd0I@iPX5Yv$T@VKB((Ny%At%++QWGl+JBo)que7rE`nbLZA__6bwN9
zVKdA#()IoIP(_O_F18QUuL9eQm{GIBgcaL;pw1dW064@%I>tzTTD2R!Bh_NkE+45g
zj!au1R$j4}5WkNAb(F_8QM>9aOFTPQp?4#I`0jd?{<1Y2=$6Vd?a~YxPBx(TWQt6L
zP4oNC|JWizX6d<R5~a0}!QZ@pjtsxq=oAW^&)mA+VlGd>YVm&^+zR4Pyw(BsfvR9>
zVr;GBmVaGNph=*LMF;78$xrrXKH^ChwP5X9<MNENWIk0jD)Tu^srJr}N}--4!tF)j
z^2JLLq2$_waP*Zn_0Vg@<LO_1yaSMHP3H%Jc5BkDA7fn<)&(>9Ck#N~QOucUW3v`q
z`?)<v*m?Y_T-EqD3Vde-^^JEldRg~O&=l$jqZS&u@{*)#;l(-5ml`krU*AOBkX~Qk
zqgS16O8lwTvTj)(V{y|MA}~a~oF;j(8>;B*oOi01t_NwwXN|Hmsw*CE*Z+Obkdg9e
zu%e$vSXJOH<=~Qzf+`4^uCT5CaSxOKx(C_t22*3IiZFyidC5A@r$DL%1rpb+S@U9V
zO9v~a`BD8$e|uwxwLV&_6SAAXvO8B4k!=1Su9tMgAu2-H5M^`3cT}Pf3FUWWT@p#f
zFo9q5VPF*7RgPsbj(sIyNrF+hNE$y0l^(yZ`ugcO>Lf}#3PK><dgbt>u4SkDjIVEY
zvol|s?<2U-)}*d>S0*z2(QmhwJImaxP65tY+;f5yb_IkIgT;IuzNb^cCZfm4w=mR&
z1-pkBS5aQem-G2+mZ<p9o*PeI)Zir+{#?RQ#F$9`dB2+K=hW<^vUY|IJ9A3v<hpVu
zasB~?w`8o<p|0^zcUQ`C1AnYs?SYBbRIia#MkQL1q4@N|yQ9|>yf5^Om0hMjI0jxv
zLW~3aGjntK{9aDWU%0AVW<YBDlJjj-Ebqq^`rB?p4s)~GFaJny)z$gpNRX5Z0iJPP
zh0JtacD!p$p866}^h$ZreK=uqi#3HZzeLT*z?0Kim=YG$>*4$Mf*{pQ_{#%1hwGtc
zE)jyx+B<I)h;W<7BGKv0RCs#R(~*1RNVW&*SuGLnUGp<;M73|h02ylzX9R6U6ctv=
zCcGvztFM_0qm3=mom;v8kTUU|z8}yqo<v)$PF52XOodaCHdv{dG{JKHcEw?5T;f<M
z(vj}pV5Dys$+i$7ovh#jtT;1$i78INjABjynisRAX`I^BP@ZJ+TCc@MZd@0VwanfH
zn17-kjc+)suMY?oc@BX}2VGrBiaG5PdBq4B2F_+Zk-uli2q*Rl>5cZwDM5Ag*h-+0
zkW&^{$ta<J9AOwAAISCn=2%%d!<PIEInQOPEygtYz7?wYF>!&Z2}0Yf<=As2I@!d!
z75zik3!4;9uUY0)Kc-gH=&-BHj#;MumRQcomI9w(lna<T^rSGJ^a-81F1Jg{M3d&G
z26a{kcL^d`&bNZNLR5J;nj%+j{q|C@&LY`LK5DyJsCEK@vy{zG6DCXNjtDweke67F
zqO7I_)u$s2dp8{unMxtzZnw&uJ@oTpX9Z*15v^4x12<_?-rNOTVdT+=abeXg_$|>n
zidzhx&zfjp_?9!ZGBD!mBxxcO%7Jds-cn1Rb_wjySR?G-)4M@=8V_8fReVJ9<-<9f
z^PJU5_Ehr$2ErYR9kmk$%$Zl$D`NJ61c>CeMXG~phSV;Frh?!t$j=N;7GDp<s*K$M
z$oS8pxx7AK7%x%kB8zAu+&f=s`8Gd{mMen>DbSv^rcHf|coE(yqvJQ=+g$evN8w0v
zk-j>+J4JFx>clECy$Awg45Wt@jyze0D#p%m*#pmES&z7^VJ_9Fg7JNGe5eoW>8==|
z1RhE)-m_LSQOBVYMlSj6*vch|5A0$qwM4cvyN(|()>_GeYu#p@)pBBMcLKI@5(!MN
zO@gE+a_SSuM<Gj>yl9BnYy72mRgtRRQZRi-S<>q>)Ud-qGlT)rN?@x~I#LTC_a?)N
z*qb;kIh%-5JCz;d$LF_K&+n0(41VSO>8lRE&ITxom~YqE+Ls{>Y4&6XS9QHzmS67C
z=I(<!54aee70fKLn!f*8C0?Y{=}%ywEl2Z7XRl@`nfAJtn|I_8g{pJ7K=AEKF`hq!
z`}w-RMWK-&Ie7p^7@T7?uyk%sL8)BmD@^jSvd;Rs^p{=*f9{=)q^4VVXMK|B?UDoE
zuyJPWm?B8|v$!;KV&j8We`@v9Hw?_8HSb~nG)nLG<6_F0<n^+JpI^<`pp$^r1=Z_G
z^jg_w%XgX1Zw?5nZQz<tlb<rm5i~inTJ6GWFPhbdeI0fK+Nw%?n+LoGak;h#2L`t;
zgUqzMfpvu9VSZCUiHLpzEQW>|ODKA{{yaluF~oC;A8(fV)fZ+((@L@Y-tWyaUbCHN
zMB|Xtu%e3b=f=0fnRL2Vt7rpqA&Pb^MDrZx)}FP}LqC}dE!aC;5xBq;rF^*((<L<l
zooq=7GRi9@_s%%F$}OZ4w3&Taf6nTm8VHoeGsF~Ba89&z>6?5sNsU-m30n^ayN}N;
zkLdwOOUA3Ca1If0uJrbZxs?<o<i`n^^Q`9}T47Tn5$k4|cLAE=G`YN{D7$jy-9=ca
z?<Z?upoeU+Zq3)8&+{fW_fa&|U!s2|=E^-!M*arYNRRP-ojlVuSQ(isnEORvD1YF>
zfR;qDcN1ANI$`0T-oS-B##$-3?7*K7@+xStAq23xEdGS={D-wp$YjX$!o6-?M_lG)
z*pZJ#4K3e)4Oy^zqCESM&$f7(6=(mFp9ZU<Fo!XG4p+2pCycp7=1p(sMu3dJZAWc#
z`%Dz4GldyNm*3Ns{UdDsc)5vC7qfl7KnA6PEteTG&0o2REV<n={8kdA{^tw~wDovo
zuG)gW%l7@0YKwlHHiRKG+C~>N>?d%uh<bO#n@HQ<9DQ-aR!mq@ETbuoG;t&r$Jm1c
zs6nohCfnogA=f)c+yib(BBW)a=@%!65;M)D&M>)@?!rh^t5oS`jr#@+4u#o2J)*BO
zf39aH&0x!Wnw-~(kY;Vi<o|WS5mL1~-(9eRnv(k{7E_|OtR(hmIdVnHUdCnktqNZ1
zE9S%-zJECiB$^vTkso<zO}BIm>iqLp2TY?^*WLN-QI^wZzM*=bjO6P|_Rwi<@w%4|
zRUNr_%0(bNR4T{hW6&D2{S=NAB7PtD#Vo|LUY_}+mb>KFHnkGZI+V|WhV~XLX#qoW
zOkI9>p0X=ZK4G(s)H$98((lYIMuEy|zREjgNTxgCaZfJ_&TLE4$I#V?I85D$t9txJ
z>W{kK*mqFiWX^|G$y+TdkW|Y1i$Y=#7sC_1fzI!>e4Obfne(5R#a;GySxT!8o?z$A
zByX%oYYi}4nQGVpUUB<wtIUNqCoCE`Zbm4#BX{|ir6D|}%(309*_CY69=}ThGWkbr
zO&ySDq4(UhWDzgf6~RtgER|VDi9XgeF0l#A#2W4zQnsClF+4kXVkJ1#Z;A_x5m>1>
zze~y`Q>y#N-}afS9vpF0VmjbK%@(bV&~yT_4Z2Q^0G@rfA`s~{C^<R06Hk_Gne4!+
zIQW!X*Jn7kCDrJkO5;apO5($J%bcs}4-_nM#wUv0r4uIBg1PmVMJCymtFxyv1=^ms
z62<rRs}Q_YP1ba&krubk*=@Rxm2?9Y*#&@%dK_y51qG5MgfdqN+6s2FR8{ST(Rv?E
z+H@N;c+NUI&kn5@>D<ccS&3pPrg#+Uf<)bYiQ+&yMMiSaTy{LkXz6si3dM<+Px3BO
zvrBVwi)X-gVlc^3sCa=)G-J!882a}=l@5P19LdiGib6`#IAZu!39BE7Y%#`KJ^v;-
zXZxVonni#pGBVoQIVDf+`oluy8ml{?ZY9?ESSZ%<&X#92jT%D7Tf%*t(0c%FMl6T)
zC_|{*yINw*2<bK202shcLM^!t$0gn>E_h>d6Tl#r^~b)Kcem-qc}f1yShGnMEq`?S
z_Y9O~3rKQhvA1}gE88owLm&E|kP1HvV_OJD+%ERy5(A!Q_%+&$iSk}13c$k3X-n^o
zu`}NZ<FmYxw>C!d>e)qAKS2e4tc%U;k)T~dJMMHt>*l0W#LHok&gG)FP%AX#gC{Dp
zTBaZjUs~%#+A@W#(d(}@XFuKDY+tQzP<~fPf9i8j_5W_>kytp8)&nNH**^Fn3&yi}
z63)>RYlAH{Q|n5+|2aK3=@Wt*ERSmdjLo-4a5+a_(Eac$J?f9F-i@CP>u&V%WqwM@
zgWW1_e0VC!15SVJpAt}2NX>u$it5#KvuBl)miZ-z6x<#2xb`5D!#CAr=u&n;yr)ry
zRb>0@z$MjJI&a{7l^>qU+|J!|eO@a0<~wb!`Y~~qMlRiR+~%<RRlOi_2JhF4C#5H+
zs$IZiP<G{QmvkauN<~lAUaOH2Zi+(D-Spns%Pm*ksG<&^7iPAZ@49Y6+ju!Uo-#L(
z!k5xX{YPuk+uM+HvtFF|YzV6J16>Z}ZHYHFPOH}rLL8!gG|y<Yk)leu?(mqiM8um5
z-j4GLOr9oR;t|X>d~cqo4csVI<WgzCPBML-@gn_AT6xiRgV5Un^E#zwgi;2NN~zYT
zo{a#E3SAs87mH0_=47W-^iRB8T~IB7qE`yy_NMpdVl?m!AKN5PkM6vOC0+RlxD3hK
zEw(occapy=mi(`c$eH!+<q<;9f}lZBOjW)l*8<(y9Dkuy31m)04eE#XB=c#-8)vJG
zN70nu(>3*!Gk*%JnXISu^0@>nD$XodNJh?@y1UTsW;I)LMT<d3lxU}c{$2tO^ldQ}
zT-DI_GDodu`U*!}<5k<OJJ+VWRJK`vD)LujDJVm<1#=Sc&Yy2KOmNo`V*AM>INVJl
z-dO?08}qa>EPsyc$+9P2il5lJa+S|PMkSf@YE*1(kgu-m>8j}^j;Lth!1gSf!f>8M
zxt0cCEBZK1tf$Xh>FTeKD-thK?26|*$P(YNZ46$b?k2nKXT4{ZO>GL{`LVfkj^|fL
zMQp}|69dPUy}8?kDw!f6DRR0V$)}v5I1E6<MTRRyI;_0LNNyE)c(JrtJwq6e<z<7`
zOOz(S#p0TL*iI&bAXV4NE`W`aJ2&#YfI8c!`$=h9WfIXzNXU_V9ycA@O*vw$!sw+e
zCXS)Z#`kF`Trgom8lI^!Sr>~mOPT!R&p^fx`yVF?FYWYEN?|;VXw6O-M8H1+dF{gK
zOs*Wn1&1hU@m)m5*vLADL})o#o+8puNg6u5>odj<bOY>>v*Ce+J|}i%V&GEER(uP|
zRzSklLN6T|0MysEy`2lWq=+^1`23v8#8&S))NgXTM60>03vei!d7lly#@+KNC`PcZ
zVx;xjV*yhNVXqKx-O-qS!Qg6lEtcZ-*O{bnb(%W#KRRuzzvS?Ea(P;N_wP|)M|O-}
z1(&>kQiz6%=F}m2{d%_!dZ&|wtahxW!u!{f!6lKUvi-pGxMyo;Ot|HMtQM5=@x?+`
zG<3`;qlCMNl22_6_b016Jx6RS@9U-T*9VQ#dY$kud1d9hzw7b76k4V~z(<Ij%|B~K
zaEuHsyLr4$Mz;2NAbuPNa7>g+hV1SnNAitSQ$R*9EpvGh1KN@G7jFVdLh+6FB31F@
zn)_q|{eoeb^oYyVD@JQk-)Hge@OfR+fbXG7XED3Mo9*d7CIx|&P=FKM9`|{%1FD$l
zMBJ;PQ^mE>KTOT~zj5apGXdOURbZ3{tQGaE?!5IU7Hujla+c25To{nQU71E_M{#t|
zr8-I|GX<f7C_5?@tr*t8FhCziYYC5K$TX>D)2yW~P(^e8qRT{o1?fQ-_1s0Q;>Q@5
zlYV!&E?&Y8p%HY<+UyL85HtBoJms&JSx+`^?KZ(xbdq_pcIPYC^m-Z=$ToVXU^#;;
zE9u;r2L6;9GAwD+pl6JO5SmOY)5umiDs%kd2?A)$ZT|tu^u_X=Yk2Nxl(&nSHLmd%
zr>kRGdlCzwCa|0@d$)L)_NCGv*OM^0?>Gh3gT31C*Xc)BGP07kh{wwkJEn!~=h_&=
z=8wG560J*?GTrl5jEB%lhT#!zeH)^o4Bx-*XbEZr-~YE3pp%J^5xX^0a_zdVjwI*W
zU}ouca$Z+<d49$fmU%2t$laeFd6lg==*7l1TSq4PbE357iTZ;5^Rno-WRZ(po?k0`
z1r+KMqT7hC*6;e!v0sPFcrIM^sf@!)QsL{C3TDk5rosy*SB+x>xVia_ruH@`zAT3M
z!%DYRMv;=SMFaT2H8B%`d|w?-_GR0bP6huDb8j6KSJV9uq5*;h3-0djF2N;8aM$4O
zG6^KOyAvFOyF0;QaCdjN0S0!SJn#G4-THn1*xIVC+FLVq@67G#>8?Ka^f{kn+l1&y
zi}xSkkq%(8rHJoLMo4d*nU>=*)M=;AEJ>3MYU}d4+yx2j?)CN;^a9?jOBaXec5OgI
zjN(6FhCr7tG1MIUpj9k8Jv|Ug$>>zc6KwQZBo|<&Wc1$D6hTl^5r1UZ2^L=D5jv-K
zo?+B$_lAs|XXg~Y#mVg0IkLrsM=0iyWe0axJSF)ecfvJ3iT6%S6Wluj9(d$EU=^I~
z_~M#*0ji<7W@0hv__}(Gbf2=|w1K$jttRH4#=H?@TrrX$Z&1u`?W7Rc^|WLCjrmc_
zYl*WKj-HQ?Z+ml7Rzsrzq-`z*M?#X#GpB_;BOrA{&@~&!?wiE#9mOIZQjqM*6JN?*
z^pC2cxR)dH)lyS4<(FjbwU~`zLYf*YI|F~8?eXEKB3lk6AR=D9bRF@SEk}d2#=Yje
zxvsv7neq!|+Cts3#D4*uKZKu`4$P_4RW#~<Nc%WPEK*}*ZllWX$0<@ePf5qeQ(rGK
zTKYrPDVIL!E)S=#8S$EnrIg6Tt2J`;aOIVb+<R^Ua0O+e&I01PzryMKv|qANf9hIK
z=1xmnWpvYtG#^RFohc@o6(9*#*md`5STKLplU3%n*4~DZff!DV7Uy}+^qqz&Da*Ka
zomu6wJllt>G}AbA7<KCfP+1&UO7`pqf~c&1dtRuNcITwF8skQ1y_@QngrO&OKWW2o
zdU=|$OAXG*MB(~eWq=&MtguUe%_2#Inj39vx$rqu)H6|mTC_mxtanktMu;Im_N{Sm
zIHB-!(UhJHFFKJ1M?AL<6!j{47j4v6NK(cZWtoigT6q%!G(06-N7hp+90weN&%>`D
zn@9-kuY;}+;ba`Y?Dw&7Urv@dS4<|M;W)VTzlj7hO$g^?+f!YO<2BubyIX0;K?S}R
zL=aQ7sC9vJ%6+1{DkVR5zBBNZYm628eT;I}rbFRF2_b2B>9e$0(dP(Y8vl!M`2P3Z
zX4!2w4u&uLV77c>*X^dUDl2FBZ6MLM;uP9#i5{ZwQdoRNn=0!$n~Y=ovYf@~NS9=i
zZwS8yhV`hofpapI`4<xX2(OuP4`&UAFC$+I)3?`Ay(nW8vw3x|Rn2H8a?s>b7G;XG
zgM6rnMMoqv0(qIWUX;~;-61r;1G%h0nNP8nKkESRZhEjC^<zrv4rD*)@%z$*`zXmf
z-Swj0e%t*Vwa#fdS&>J`ASpCeBZoKcgY>E-6$=XgHI+J#h99LOn)WUqIw~v5HXIv?
zN?lWhO$oI@1s|XD5Ov?IR-PlJ2EJn=_OGOoq~blESI#5uxQxrTHY*U7PhdZyE389}
zL7JAhH78<mOVMEWP8~1O5?}2sR#&r%GZlgs&J5RrGaXFg|HE?Y!&)<=%txfR&2VO~
zBZ!7IWFy&A6J|;vJeXY|;;7cAj#%AYe(qm!{V6wf-jqQlNU`F4kM?zn@3;MZL}cLl
zSNUWM1&^g-@J1td+Wa|AvOklsP1K9TQ)0fZ%%cAu_ZqD_MU^MkdUdT*kEnPU|H#wb
zLy1TLciDb)zQ;CoWxuUcV~Uu!#HNurHeq$T<8nvb9&Dul()n!}&d5N8RcOZ@qb;ob
zbe)!g{(G*x&ORhRN4<Mm;+_nvTK*bTPOS^majlB56|RW0CXTlrsW84F6;Yx;`Oh)s
z8|^{f{t8!{)AqG!O{l9^g54WmXlq{TJ~rzm!G9*f+5|-HelSul9_!OEjj6WlWHt0p
zt~R+*4j|Bm>w=HqCke3+_}shLX3Sy*DW9{|YNW$e&UFy*6fOJ^rIX{EjdxK87?vmD
zB9N?-Cy?L)8lUY1E9zep>ZK?br}?EZs;J%i?*fPQbbDdI>hoCy&7J-{D+wD1Ctuo@
zUS`<dKZ3jWk%PzXnk;29z{yK@)9ZDKhm=g|bvf+@0MoSrcR#~t7EwS~wwB;PeX(iK
z$PW@^vWe~aLgBW!9M+EEO?W~bz8db|ga_VKf`#Se+?b4Cj28oqbVQ4BSqArOY1r0Q
z?Y__x%tvlDznNtmY<&&#M+y(<rGG1<hc1gYE(25C1XQB(_s#8Qz-7fqh?8&IK{dr!
zI<fR?d=7h!u!xxW?6N4&<G4N&8LXn+<RYqKIJk0;ynja|-~~T*q)7TMNuI_XsfbA!
z^+R1BS3G@MQ~%_jlS#g`#(r6){@jR#LV7b~=`40hh?dEItO#xBvA{)4D;fVmkQQ~>
zi#Q%8o+%D5J9X>JPJyyIPY|;rh4C!@xChj<ok@JB!|%-GGX)!bYFf%P{_1~K%#_%=
zeo+Dxsex2OBW#ZMNY3wW5|yLu$XJ%YX<Es@m{~t)WU1XL-P!wy7AFJNVyS-a{zxR1
zu9qHy^~o|Np$^bl<hQoFS6Du(U3%z);5#a{COKn@f9W<zh~N$aqoXkhKb+I=x(A@<
zXj1XoaMSgt*=w<FT+KG%*Z94UB4!>$bjviD&PZ#Mp0Ut6W`|vvzc&m0l%_61>cX(M
z)*x!hwv8S^Ghh6g@AL+=zJ2Dr1KUWWHPTt3SnL!FtF1Gcd2P&MAwl|x2pGaXVna`Q
zdr-mJFNk*w0*mx5T_l`8hT*&M$6W*ZSvn7sfB%q}1sOg1?6Tr3x}LT*5^+ZO<z(eF
z0Dd2hGy6?>BAZhqzmIu+Osq`i>6Z1Hv?)TUP}b9M0Ujbif$=}0;-wdrkgw)&8-eO*
zg8FqbXArK<y1I)muwKojdFx==);D^aJ5&9-7_c_<mUpHMiyqc8uJ=ENe2m$iG-ZUL
zAEp`zab_T!eHkyJ`cZAW&gP+$oUm%`paf7yW%Q_@a!fNo=eP}89L;#N+$};m!<U%3
zSMi@D@<Gs<y8Dz+Ob|5^vY8P8U3HEY5<t+Co0Cn#p);Iaix<Y%kVtO?lz$j6IOwe<
ziG-Q8K-eM<_)!`cK6eB4ZWM_1?Vbx6;Z~VZrZy=c?q^O?Dy-r~K=;c!USpcGFp~nF
z*KSuL{i{Mny5!{rIS!MW&_aNqfMDB)*T*SQo4y%FQD^7I3r3L2V*8cnfS*8O_45Oi
zcAF3KOjq{U-H8@wqPv@0|J1N)#gDvAu$(sx?z;?h_h%;3iub{>x3ad%)v-;Xlr;}7
z$+<nc5DJz9u+-Jgk3jF6l^#@d6vcNML`g>}7pu%PHh5IbH57tRhr;~prZ?0e)e@=j
zKd}pE-IAOQFN3z0X1zKKx-2iIib~gz2j5U*d!mp0O~-+0CZ)CxRCCE4GQQjA=gQ{h
zyT}j4+;(RXP$CP*GgNO%`-%<r+M~W+{0??rvgYOmN*2r)_Q`{!Suwj4H6hl~xVGBg
z1P4jBh1)ZgY8NFEUU*ASeMI}N*7JpR_+A|YC5S-I`LIYx{A1tDzB6y=uwDzwk$K_E
zG9U;sKJ1K&$i47+z%LlCUKGQWEzUS?YwBj7jV6K{PeT}nm|tf2<l)kmE-AVu2mPP;
zot>{<+FjW1PPhvIUAca%U4-xYL^C|&fQ+OnB%<ERYMsl72ClRc3#-E?1!c^kWa?zG
z^!HmaejCz*=iWxwqaZwt*>*R`cGr5XvQx6)8nDbb5}u@h&*=km0$7^Z8AMOJJDUX%
z8NY{v`7TEG;f0sY#cIW=)y{Xx1u;85(}bZ$%ov$s$nR%pWccQ&bxwyJ`@by_A*anW
zj3o;rSj_Dl|ENg-YOd|M)M2`yca|H@-@EP-5QGf+jSAz>|9tQ7KmOBFjLgg7pRs@V
z_XFevM8z=w&yfCh)k0o7`WjO5IhR8cA*P=(2bWx{iVe{7ASIQ~W9N7iASiM?iyAc$
zjTJDc-F`cWvXWCWM-Yti^rO|CAT~2|Z2pXJsm&1=3If+flJIA9Sd3g9PDy@bO#|*R
zrWiIymo6?X&HM^5({23vXJEX`>0Un;q@VGyGE?Jkb$WWrAFz!$3NZX3f_uy`$|3A~
zo3AtT@#`!Bj7rXK@h8z=a}fDJg!j-!ZiR;!pUa7lSkxxT*8NNAtQ)9Aa6G+n_de@$
z5kQz<61<vc>(IuF^mo!jB<%4ZQt?7HPUjc%d3)_oG3%r*7wf`LcZ4WnVY~{{9k!%2
zN|5So<Q?8+=GM9$4*|hE>$XejrjFQFo3Vz9S+D&5K6k~kad}Yx!B3|1tz;S<^ni~w
z396+UtQs;3npKNp9RjFy8qJ7gX)(C0_cUv5_ogGWS12UQ8ES<i)8#s&D0i+wmCWf)
zc|LOlkp!Hn;*!so(o@@hlSO91Pc7mL8mntUhl^YJiYEsj4G?Y#<>wgY()dplEGN=!
z8Uh?9xp~(!{-p}@7(|XY%0xO<O#9l8fVZ8)JAv254%mz11}HkiayVWG{XN4);q9Fr
zM8w<T{tQQGwy&E`t?p;2Vs|#&OP<E)NJvO8;0Jq{Aea)>ie%901>jW7ankj6(ZoDS
zv4%Iii^$@8ZqDt_iH;E_BqP?o*WEEUKmMlUG&gxREW*R4L0^HS!wjU<cNFsq&j%cw
zPx|^yv??Ig0w)Zzhof})w^zwWaE#Fm(WrfEYg^k)fwOvNHg{A;E-xD%%D!uh(!#2j
zBj#T^j1{IBdWqTGI+xRMD**XRnNv+nc-Pd`(e57OgyXRG5IRDlxec}2ZD;pie%3*q
zZghoE%Dg_*N0lJD62@U*czOA3Zf=GK1yQQ1##sZsy*kOxI53Hc?eDyN1f`@!k~o`=
zS}jg|lpl#XyQ)5S!r-zRK)K{pLM1V1=E~;govyser0+mR^xjcxU+xi$COT)V=uR;0
z1>}~Qbpz9)@^`51hF_1BOl~4Qyeu=l$RUqTAkzo&eE?k409t;}*MOYXBDwr2r#Ept
z1oU%@D;35iNX{0ds~RHVdt9idiyxRCZ`q~gS;W%$*Y&9RB#>W0USw<humpl_0E4Pb
z({Z%Y>jNGGX6vbT9OVgbewW$X&)F+(U&>}7HSFX6DENO)tUqwcsLaj=4P7MVpk~Zp
zUwu2Lqq{wtBOUT@?Noj!S|G%sZe=!?wq<2Z*vz4fM|NyFl*sB$6KXAypLU;MMJdax
zDdle)p#)jmnPu8x>t5URX^j?74uNzU5{I-ZgzbM@)T<}gE~XUh9sVg_dPLCEWId>B
z+~Z6fEoFhQk4s0&z_B+(fvk^7Pe%e&Iy_)UHoOwexs0bf0(RriDy?pgGPRmADHFn+
zjk$AqYQpX<Or>mxsE2MvyA0OAVZ7U56#I5NMUU!Obxo7W6VBvO_|_t|7PT*}o@e9b
z7oGB)4ID|Uzigj9NHK_9(#jSB>zGmq-I6Tu-x6q>-HwF9!jN8CU6GR*wMIX)@E$%1
ztYsM5Y7~Ce;Cye?MN7Ao65v6FJJNKh*g>H=zblU!zvYO={Fc2@W%;5!6e^rVpt)Ui
zLB9>jdxa$0!zyyZZ)W=wrDRB}5HfeKIL)9j^SIbp`j>S&AD@?)Qc{2zP_8S_K{OeS
z`U}r2E@aVDLWWqLNw?%4&4ieXLcM+VDapyd7Zga@XjFv(x{*kP+R?jTVcU+D3u!ZW
z-r_5xXm@XJYrpnIobXD>Dk_qRkZ1d48}7%!1N}gu^{Jirzb~m?*b5bs*t;HX>shQE
zCUJgg*K9}P-{Et1rj6|k#*`-yqqa8MuRy1?vvAo@ulm{D1aG81f>OD@Lt5WK@^sGL
zR+<G=(Y+6!O3l@WeC6KC+c9!#Pb~LEMGvN`I1^QC#wMms$zrZB<1_dQqe$A~<Cg6I
z&#m(T9MnxuenO=LzCJ1k&C0!{iU`4|XVPcA95EAiy@OVSJxCs0naxR>7<yq9vvKM0
zsH-BoePe~+6A2sQx7>xDb_oOSZ%z8!CHonU%vH6_7US8mTS=6zesi=9sL-_9I7_@{
z_E%8B_rC6Sx5OOjw~!G!ta1*gDB~`bk&wm^4YchEv5D{xo)^~Xkm^TIDFlB2+XFP;
zoy28kuv^Rd2GS~Ss#c9_?h21!!Oy}IPI*2;r6*nWKeBzZkJzu_<h$Phvx}2`*nQtG
zyASxW(j>`FfJ4A*6RumhAM_yTv~NcS)#R{I;Pb^%-@st%D;HPEMk)lEhbgivheyVS
z*_@>pUH5<R&&<s9-ig}wS|}M#<18LOSPqy(YS5M3kye5Zo1DyG{j^Yyh;lpFCT$;%
z!x){Aj|JIZC=Mfs(OQ(WJbBS+RMNi#Ra~3BZ+z1K;kxVof-{{nzHX1zIBUM{FuxQY
zJoGz0W}djA3b=;zMx^}G9B*A*Imk6wQHIMJ&+>o#OH8|5-D5h$sCxwSWT(xfQ##Tl
z|DRZcp&h_yXXQe>%7c}6m%k^oNGt-i8$g-#-Ef(|xpQZeBr{cDKC2hq;JS^r<yeD7
zeqG$cHoIlW4)SsWO_}%?EG8e(W!D7)NjhX|KP@Cr8LSU*scI>u)kYJgPDPQJ1(3HI
zlIo@?4tNHrbS@JPfIAZK*m$YC$H<V$+IFxT!&RQ6EoHO~SFdTXh%+)>rp4Seh$b8=
z_Ys=w@6Jl6>`~?%$4$ikaTmfH73}j>RRy4R-6(tcrbxjrYL&>fguG_@7>`LA;tYMV
z<~+ud&wdUTUlZhT$Vi?yd-|+8rU_voJY>?4ts4*JU1!cScVBR{$>QXcK5ENYJE#tt
z?{-0aolZBC6!#@EOS*5#wHV~RX9}g;v5<V2O2^}%JNkx3{7WiKjY+RPcz4%avqER0
zVx=gg0f#Y#!}1nx{;f7^Fou-lWTh1UzSb9~8P_9b&K6*~oT#(7va;j*g7|!&hWTfg
z#{lB>Ce;J;^Ktve+B*8-^hULEhMN(xy+GswKVe&jzTn8-QAW}4-=WL(y59eHfBD!p
z!u8t=dE;&=#^FC!NrB1_PFLhgT)vm63SvN=z)E_zk%RC8q5Wzg9@>vJN}ca|;s=P1
zy0Ly7Le(zNX8qP^2&<IqVy!vj2`#nu_*Mte=9b>5p1i0B=8E#L@yP3_>$@-6$X}r~
zs7rV32e1A-Hz$~X`^P8=7k<oXw0Zcs0lp#o)U<vBHXi44%|Ej;sDu7@D;gf+t1F>+
zOv2|~F_zVf(Tr@4)#^MkA04PjPb5B<WLi1t*e@j-^63r7(x1esN7H7tCQncneX$E;
zPjD)UGe!?1?x_edCm(bE?By?Gui=IJ-i=6Qt&a#(VgscN=^H<~zt1r_s5dr6{orc{
zA3?+rTaqlsIKTl9BR(HWb|c!Kv^g4y$IaH~oIf@6n|oBd!BQvKRUsLa`nEuL%cQfP
zu&>P!r;6dne^z(Ec<E}qdnk?{eFl*|f>8=$pWO^PJow8NSekTsnvQJbOif|zm$^B+
zfKjc6oqpd{q|t_)gqn`hGcJ_gs3(HUa;#g+nRiQX(Hu7(BfcQ<Ck%hpm^`}uco8LA
z3nx#Zd!TunHXX@vZZqliS<Ic!DysNbKYZ<imcopsmA1!e4L@SC{_$k>q;(_0i5gn-
z_A!x?w%hTpwy-CxhYRi`cHMlflp#7g(a8OvmE=aE8OQI`4!*R?NPY&5NIYyL`UGz?
zeDmRN&_UwTwV|FCavW7aptjNIQiD-#i!Ey~@F+xY7yrIeZ!8&cGV5k<I~M(l#pT_C
zd>GuT6Ef_v;$D)$>M$XxoW}2rM48MbNB<>AnX3;4GH_{sm6csnI|IEmSEAD8Y9?|S
z0GEm+c#v<l@a@s^2k<pgRm*g<;`LF{&8w)0swvpbuE2?NI^&)>{6qaSi8R%!EjP`^
zQA6qtEIoUFf7|9cg=8v5tP`^#eoQLz>UhD~<Dxbu@R9BC1iWuuMRRHm$$WrsAs2)B
zNvd9WZ<RPU^pkj0nXjR#!zZ(9O(Pd7qfRR2H;$h{jA!(pZRykpQT8Wd(=uiGqTcr6
z>aE{Iy!rn0X1uHQLE##Z#yHR>(Bd|RDrm=M)(YJv)bcJLuTO`}4a!uh2y%jm5LRL?
zzvcQcaru1M`Ja0m8?6rl6-e-P3dv)9<&N8TlmZ&wC&AJEpE&pZacpMkdWUEs48Zg_
z(16c_Kne>Tslacx;zGLn>LfMAiNL{yV^XZcgPG2THLiH54JD21hd^bTfh76sswzv;
zORQl7vKedXRmmeccqN%uC0Qa(+L3ro$m#R2?7aE#XX<2Rt4j4E5JI9`Vm0GxVDc9V
ze!wev_}r7jEa^4ujtE^)T>&)<N3yw`#fW8DKZe^i#h-QS;2nI?N~?qd9dDxUVT3u*
zFL&!qDpZgSn(_2dGWJO8-)U0}VgD=Tn^9f+@NPxj0GvVm(Kht#GCEzaBy)pRmUFAl
zv&!xLNnWTE_n34lh%bzxrm&hfN^QKge&1?XSF!>cB$k@*P->b2EbPVPeC~foD14Wm
z_2m10VLytfAal8&W~Xe|H#XO%ee=b3n`hkgxneAzje46*6zqf@b1qsNaD%pg$NVQq
zp=nrPmB(rD0t%p&)qf4t-E{bpjH0!@1x>2CQ3Xt4d^HA_-yeET>@0kSRSRIeOJcic
z(v?qr&<I#>&Pdu}#H_W04?rqvG!2S&rRR^IDXxrNf-~S8=mPooP`p<1N8x06uvL}8
z`tDb52IBpJ%$$epFLqP8?&0A<E|g$TYWL?acEb*oqxc61KrA;K^_*wC$)akR@tbB^
zU%W>ulTh2Y`EAQ-3c@B3)QyHZ=4&h9<$MeGhHvbMrJpt-p#)_E0Ua^}Q9-W?wL)h8
zg9D1G>Iq!~V_UN~gx@|Q!nMQ#2xP*@I0+5YSl#~lmtC7zb@8H2(cm8=>scIU#cT{4
z@1$9UKB?U&!NK&{j)_L)_q*x*9S>aKYUHl+O;}l~+B1(W4}3Tj1TT0w2|ca-`(#2o
z$EOYi&#ctES&Tx|AVb1_*?;N!-`m-Q|6TCEC_|5{<bNLNe<6qe9e;>>JP-{w&&j#I
zThF(+(d~C283!Jy-_s^!(r*M1<<wV+Ln{e2fi>%lk3`PR7rAtLJA6b%h!=yeNie4t
z&}&V5FqMVmyYTCOsHdT!5Kbqhe<G3%_%Jk4c(drt&$DJ|g{fS)!s#Z9Yx8kDf_)nk
zL37+hsXITV9YN=PJmpVD-oig^%=G@Y(CSTwgWtkyJ5p|xR(d~n)ykIavNfvUb*G=$
zgm-X8ZmkjAB$r9uj`x)tHOESNa-NH2m5RnXRn4bN1ud(w=P1t3fy-}o2ChP$ZkZPk
z(baW|n{;Q&v}BHx;y|`fVw&*9jw=7fUc6dD<Hp`FkJJ5X4{6^mFe-l!1Pz;Q3A>k8
zMt;q&HZ!FaITpq53WUYGcOWmgwcjn3tJ*^Ksy2l(XuI1Fu}#8%a>ml1!L9$FyqL8L
z8Lf<>M0NywDr;`fm*dz8^S@pWlN}2P1MXZScLxNqv^eX0-NUizBHIjp$G?-9zt5iu
zxtJo~yXd<jL<Fy-VCBBkpl)ODY{DJ1azDsF2Ww;Ne(wp=jc4tMs=Y+;wwbZo6_k4A
zNUdCZs(DmK6~UjxZo0K!JVqB|Squ&{aw7v?wfHSp<sh=b|A%g>s32-St4VWz`qUae
zw=Jr8T=LEj4tPebKK8G?GNfNsF&(SlJ|j~9*6igssLo?i4GO>NJQc-?UdQX(gAMW0
z?tEu49c8U>OeNvLY7UO`rDF8S&O{@dt>F8VIn6`Y=9}Bv8bmyJ9#>9v(|z$Fg-%R-
zLF<<-y>q7SEjyStpl^cl>PXs{+4-0Ji6zymBkKYxrZR}ws~y1kEP?eIWh+yVKvtu(
zcUPfGt>_hMxPtEIo&u5R9b%S9X5FANmR2(#Xr{rWOtd@ty}c;K#jE4v(WXT<l|^OL
zU&aoZ=OqWmjKv%LdWIn>Fus!iH&y^=y1x+#ur)SbOp!@5fFRb{-IH8IfW{*Hw}hz%
zwl1!xK2>N#s0@{s=k)+QRt6>(em-SbO;w;R36h%%G6NDh(W`KSx0O7Xy~I^Uu?}$x
zPcys7A~41^yR*r+j)K~ZwfZ3LEWx4)7*?cqlo>T*&|FkB(|l@IPRk;#;<2Xh;;5MM
zn|JYf)E^t$^aYo5P4uo@@zrJTGlJu`@)Le}+7oQzr2@oLOEPHrXY+?&#irojvRax>
ztXVpCcL**R49PRGc=Ivvwq=`zU42(~8#RxBK>JUr|Mdm%9O4Vp`d?J--44^I)Dn~V
zE)}Rdh^dpTiXHI_;sbA<l;kz*Hb!(pCyi~cq3Ii_xOI=b*l15H(jmmx?!oI>7fMWB
zJaUV-96EWYhcqlcmO2A<qjRDyvmdojdO2`p@Hl8rL|o5!g+ZxDUG1&_g~V^Ii90so
zo>KC7#A>%z8&`UFQR83+b#=rFSs`<kYwy;rTyVriu-{NDX&~LaC({M)M^cl2SsYAH
z*-tNtacYPVZobr;6(4EG6-(|PIrU97K3l*rK90?}I@#(SrHP=-l}Rx=-mYuVlUc~l
zS!x*6F|U{77#u?mD4RMUPDfG6|4((*$n*HzOT!z{@R9Oxb`;3`rEL`q^1T-w(jlN6
zuH)}}#@)NDuXH<p!NBt1pE5Jodtdn0zjTZ)7p2=e@Vz3WIU!cD{}1zNhh{v(UKVF%
z+drsokE^)4<NFM&`aaHujjz<#4cVjn&Ztw`{LfE|;+Nai#asOwpw>c}WFR}l+xkl9
z2?=NB0M2`2!8>60#pg|bPzwvg{1y4fMq~iFd$uVR0|kMVr>7!Vy?1JjSV<A?2;m@c
z$SKc2$XVs8{dE7ktqZp5@R7?vYhs~zez=$HxA-A&0s?<oV!l2(V-D1CR61<&G>-#5
z=Yr7?pKb~&Zsnfe{C(Z*aOe-cHIG^E=8T}GX=(R(vrj&L^P~qGMK!w`6G4{lN4gpT
z*SNl{LgHmnyCdu1RTlM-@S~5z%g5-EaZ*xkTU(YUfKNRoFIK(Y-^F5WRaNs=BrNOi
zpFByosc_dFrhW>fjc-Cc6i+gZ@HGGErY2(i?*JB^e=TfA-2Xzblr3t&@k@)RM%zX+
z2i~Sy;WVT?`2|^bGjFRKKtf*#GY`H<J~Ln0-_T~aMNx{-MXX}@=9xl2X3&_RWK>V(
z_<J!PVXhU>7jNWI=YIzDTi>$Jq>9bdWAok-30SkdYT8k0RIv%JXd$F-I(7rUSOqLK
zhg3lHtZSJs98@fcnHg-(uZRp*rUzQdDYr|*?ELK)9kTuDV}S2=3z{OHkwQYA>8Xtu
zGxeAF_cER0qeT|Y&Zf{;?`2sEuL3x~yB=KRq6+`<ZewrPI?<}knN@pT^Be+LU}@cb
zV<6qL#ooO-iul3!)0*!WLK3E^)hA=P=zskYGDrz#5`9gFBukZzIN07u{e(~GRI*Jr
z;!hVeUlkx)>HKdZTtG%2)~L3UL87N<me}4e$26Z!M<&|+q8f{jN`&VdTjEo#Tnr#l
zk9Drk1p%<~pVlm80<RTcy-b^X!V-oR&!@BdTs^LuwP|&eTPJGvoZqrk%^+(hsG5|g
zI!@<jB?R)kkcmg$({n5Gnnio*n`U)NiA4dpeg!=&uGK&iwf+Z(1M<AF{r-`&iJLPj
zG<L*VYN@eXHl59*Z?Ta!_;G`oKjn{QZS7LmK;0oFd2ajU1?TWNbGn;N<VC0C>TFS4
zEme=`{lg74_YJt`Xbp544LkP?82lm5%rEMWtKw83-{pvJc*_=145U3YWb%O*>uovz
zAidz-pI1Z7@3@gTWu%<95cSH$4~VU5Blh!w9{w4;^KqK)vfh3)h>Dj0?J4pd#tq)g
zGu7446;9_TxK_iX(dmfRS&3#Z-rP%&y?($RrYt0;!EnUt0Dox8|Kblt;Fx|Oxf`-b
zSG3t~xjjm?!lq+a4rr?z7Q1`vOc~|EB?o_J-bvCo7*+Ij_%K&tiA$H}X+S)AOjI7?
zCZ%WJief9V*^l&cb%{8-k89=CMQw-YC^OyXda82?JGg^Qr4r$C6?M2?$N^6`+HUl&
zNY-q(r}8RN7dO+n^_=mC0jROwjejJtyWSV@yUZ=W%2WK5(I2>cUn;Z1_hNvqxu~<q
zfxH*l)WiWWfDQ&UW@kHK)_A@wiZ~K$-NqiIz2qJ&&pT?1dI=d-9;#$7mc2BX^7xXp
z6Bq?R>`-$SzNNo4T*fl;1#mG<kKDlJ|5sGeLo}Z5vPWp&XQM|&J%Xk%E3BnH?2jO(
z^>P=2`};C4CmWo)gSP=@=0zNP<u?<5YmHubaK5_TRoZCf${t?xCh|J-Zn({ufc`>^
z$-tgx8gJqInDhN&mjI)ps70Bi9xP|QxsW~fERcsZBwIEfkQCj(n$H1WIKR{6_PUM=
zhHv(lN!o|#N?GsBiT^3)$NJtkdG+|_s=(&-NH}Y!HL;^0#3SFsBu&POXKSY}Y7<V7
zKzUWZEVQCu^H_E~@SOwcwaNap*hrM_@MS9r-!-bJ?-QHpI=Q;3h=LBpXbyH&IrkF@
zCw_>MonTIDZD;R<?b>9m5*Z`ZN}W0A@G7?E&!h-i<nw&jWvBq7#GZ~upmOo9&}n{c
z@AlsN@znX(^GiKXMx!7~6!-JGEZ5PYP7L%0O1`x<Z61rANl*Koex$;MmTx#W@jxhv
z5`7wNyn^pXHpf2ev2ztGy`_8_gAmj$u>8;1K46{Wp8h<%$iT14fof_qIyd3;?JpJ{
zQG`8>p|x&!+}|hWI%HeDL%RzEum$)thkZ%({8R)dcW;>M!!{%(Ko2E{as7AxqF1A5
z>9=P~k@094nHyKcbxj6ThBfOs_jJUd`_YL+m+Jf%718*&6IDB&+iir1*W0<oHaC^4
zhvD9}x^or&WQE>_|3=FkCwA1Qq~A|BF5^0yIHrNJ;neq^<BG-}wj9Pm)%U2Heyz#h
zxYQRl5-WAnWB^fnv-#$cr&c>TXQ^sULZUgM8TT@`Fw9<W6=aPscu72$Y7oU=#cXnd
zcqrZW-K2)aQ14d%c(!D@OS}<4a2P8K#`87gA}U~(H5TD0Z(=rhSGnRHJbxWOo-i4I
za{gLLm|Mm9r|a=P{YFKxTn5>Wbu&=2H@rS(mCM(?rgA<LpXg6XIjyh(#;1aNPT}%L
z4*)H*v3PPRz)DV1j}O&>rK0Y1_9jyPBF2}2C-?H(mW{7AGhoZ*^JhL?@ED`ci3JW0
z=mgDTwOcc>*0+DD8-Y*$q4v=ap1djbXUxMJ9?uCGd$?5Rd|jH6HM->fYM#!BzvC6W
z@Nr<&p`ahs_=uOOA6|Fkr<+B5q6pK%HP(fk3F!$yFvQpwfp<}Dp}$Z+m<U(-Dw3rV
z0Mr(mdeeJKuPbDb$};M!&$Z=9RPXiVthjJ+ZMpn4r--hbRnx<@hsFlZhXoc5B1;1I
za5_L#YpQ33KT!y53U7}tj^<yV6_;!4E#A++h+{UPO_;p&@E05`y+BiixO7|LA^34%
zDE*_P#zNvltlYU0ZMB1{cL+l#u6bFJ279C70Nmg9*r^Y%_v~oUMMqw$eAq>6V8C73
zQdSp1WA_hvYlq^yqFm9PMnZXC4=zBKVvNd4%M;fa`Js;<(0`il&DZIPe`AszxKr9(
zz==Rg*1+`<YRI*uzutRjlGqG1SKje~tZ;l1kxb_nUH89rm+E548!QdxQ9*HA2mr*J
z+6B{=9a*=2iWr|JhPk!#WZI`$@93w9?}(Cl&msC`YN|dYIO4DEaZqX+@HS}8$LVmk
zvTsyUV_Dth-u3L1XKf_Vs)}-^FZtCz)q<c!qnMV2l1kre6b)4jN1lRz#CPm-9Q8dB
zz1)BJEggifeM)6?OFHgf<)Qdu!*w=+I&RFlyPdY^iQpq<F!a-xGk9_*7nga^udk%?
z0Pp_hCl|+J(pxI9wdHz6%ixi*lLA~6y|ZHr`$$eEk}skrzD~%Ut=n|K=5vpavL|9W
zvKS_%NCd2;{dO9yzUU{C1^7N>j<ffqT#zs$Zi%woL;UbDGIN#asNjpj=OHlr42_>u
zs+FF|vn9t4E3@VD&`%+j>8PrryWFc>q|-2_<gm_@)XQNrb*Q&t+!y>}^Fx)eiHb3;
z(Mr)h?aC4tH=_CQ=DVOn7qwiMuBFH`gPghz(qdT}e`m9gX%}asnz<U8!6kAh_^Q3%
zhZF>L+KrhH^2FmUsOa6%$|R(`s3xd|r@noPEzLdkz1VTH`*@HrU0Q%Xa8aKwzV29i
zzKmM%Hw-9;KbKtpO{8BRlHdlo@=2lv@5ODDZ#Z8Bb@fHZcP8<u>r@5{#0C^8x?LHD
ztxAqeU!ApUGCk`ub_&}WBYJ^H5BD$|>Bnft5=xW&cB&cd*F?iv8)MP+(09>})zP6)
zOY_K({+^ruVKT>vWGL}0X~}*1j(?5N?Pa3zIcis*H38^{=xFgf#hvP59|d1GNHF5*
zW>4p5_*&OC=MuKL<vl2!^ibjJgMfy!&`=GW)^APLiM{;q{fr<cH%9pk)tt}Qw<##;
zAH!Y2Drq7`=nFD0QbT(9D;EAuOnWcI?b}#U|0=rewToYhRR8Eb7G+?Vq8bdTMz2T7
z5W4>S7J-h0z8d7H4YNE{2WOx@lmf(&^ByzFVILE93Nfb+`v)g~pi6bm*~X5<DCQ?}
zit(xtS-bleB_BmM+YhDrVXxaWJc~gx41e*?(PjN1(0VE8H<f$)8DFO>sb@S&f5>ak
z2=z1KoK@#XV6F|ajquVR%Ps^e+KoQX2j`MgB~_en-#0~@FmCz6`k%k+H(z{Dv7&ij
zkU~uui7~izci?WCkl*Zg&maJNX_hmdJz^8^QtcnbU(4Ef^q8dzQ0cPzD8_R?XRtcB
zPB`^-r?T#0!E7kWR*gxC;T`v02G@5=!p9qBnB_|`4`OeL!ea}?D`x@!0vOb<*Ynhk
zj_)^XG-dih?sjdT1A`lo)8-2aE-;;TnN;H4@OF8xD)+y=-B;*`D^lI>2Sf*(^H>at
zmAsKx4%&ouoeidSVYPUDW#!$859=Tq+M`ox7uvPE8~?gtb*KWQ!1ZzSL3MzS*vyUI
z96O$h)cz=z7v;}xzwe8rrJ{1}CE((?hUfzjO1BTY;3)EBCSr2}zfiyD0f*{>Zeoj#
zg<BgdBL}|93d&z-WboWkE&?tE@M#T>|Mx(g<jOdq5@BOR3s}wS1)&BF3c#8)UzUI=
zLzxfO1p(UQ#Y>WH&2azvDll%g0`Y$iN%B^EF|F93b?SLzV&S$?*C@=@|Hs;Je~_K{
z$DPbRhjV#dlmk4rV&N*x$fxmpbj8!NW^WfZKAyy7pB2!H5<7RGfO7;4Tfr&OnSvfJ
zCE!+gx8uok7Ee!a#C(h`(s$7o7{*QI`nLG~<5{y*o~~KL8i0^Jp8g-tA90p_35nDH
zdnk;Iuh93Yl3z1N%<F`4=17TB^%E6`oQ3!nt8>4uetkQ3njlaS4?{Mus!A>zpQt`v
zoH<JVKSN>M&Egp=C#E2EPeq7MS_rEX+P)Q~HY8JD`*>}BZWI+Ed@3SJQ2leNB$t{e
zW~0XQPbf?*M-=<aaD0W@$7dZvR6O<hq(3Bj-MlRRM*<%FlEmj&m(LuUFBr<fD3biu
zRqQl@crvWh`yDlXYimip7h@KE&!ysR1j_uBdQ&nUSKZY2<Xii<XS%&P{oBV|(!pGT
zYKGSW(ikLZGe3ExBc)+|{C~fp;6>8wtQd&_d}vxw{>S(cU^{EkHP;QeIdSZPgP|e3
zSv_MhfSrhVi)h_F5nV>Ju=$v(r!xXndTWJ}*@g2gQ_Oe$Ae^_I&z#IDx9hkX9j^6e
zd}MZ_dn5rd^i1Pk1O|Nl{hP1hH29N0f;@mP={v}S(`=X@Q!OJFS-q-~_%*^I14efk
zUTYAMBt#FX8<N0ob<LW?nGjX&c$6V*l=cm{?jItfN*h1~0G`t<)vw+Dz_cmJmAxQ_
z!zp;5=M{LTycfWboxLY?vNSQ%XZTqh1DOo*eRwE^>_x{<v9Cu<x3Q-a7csG^Vsz<+
zhyI4ZKFSGY(8M`YT@I-6+q6RS$O*|cFSFT6j?7f&{JTtMWbJ1)3Wxl=qZrp(*G`d%
z%Pi3u?=Qn-WQ)*8^yb;u9ywdj7DaWIUoi6p>iezTil){r+Oy3xpQ81Ma^Vgv;=gEO
zbN)o#D1d^#tu*a2v&=G!15o}{#K4FXt#&=r1D(J->BP{S>ORTijK2d=zOk&nGzAoh
zzInbn%J6WtrwyY&z7-kZlMCZb%}|lo3HQC5H3e&hTp52@uEE7PDM~`CerIf%kaa*d
zYx13vq`O<E3CCnfj{)3VMaN1T5{R16a#rdn|NJHSCV#Lc<#M)mvnL4tq$+)+n~Y8%
zv%D|?H29K&R3aQ3_U0E_gT#A%ADy5H#<{4Xrh>5w;7MvT|Co@G(6^5N;Pi$YQmU_I
z^TA^p<fV^qj=)1Xi!0BHY1B(eynE`tMgIF5S_!vOA0by6*~?Zc<R(BEEZw;!rPp+`
zgp8GDiCVnZ5OXzo2D=2B&7Lugc;*zwk?sVf0+M3<E_#yE!YaPteScTzZ>A)Fpnz~$
zQ0+3(QJx8dM}F&nsg$<>DaL}PN66{)nTv75(0RH+U;N5LvmD)QtXq8Xw9Jb&_cX8p
zbM3%!b-|ssN=P80|NY!ma(c(%h)TP*W}UU=&IoERhK9ArC05m5Y?kW}?*zv^aDokV
z#huC<PdeyCy9Hc@LgInrF@LEWNXXactbET{88Z`bP~oiaQ8~!S%<avBYgv7h0xVli
z>okh(^uZsjJpbdQ=ZdM-p(+q0^)vQpc$k9s7ltxnp%FP{>avpU=X%FC{0HC8l9uw&
z(9jnfX=4PR*^S=m3R)nCew6={fYTzgcDcx+B;jO>if^8sX8Ai~k^`?A^ym)=Jfk{A
zNo;{%eb>hOEBuoHubw2(l#cnHsnF7J2CYA<eL(9*0p@L3+70tc3%Rf*XI92l?)-p&
zL!g_8H%qV!jdw<JZAA~A!=VP2XrHupgzBoFJLjntlZN$~y_hWCt0uDa7mKTc*i6-g
zdHa(Oo4C>m(EeZD=8vI}x!(y5&3K~aH4=xra1JwzU}&iL04E+_VMLhUIe*H;+W5s+
zNi-i7uT;jbO@Dz?w{tM}1C>Z+qxHLXIT`_Kdlb8U=9lc4v};ZUEIoD`MZsP_JHDMN
z3okzy(MlnoV|0TD==n<4f}6|Ses~auKHx(~dU94fD?78m%wc_w+}wm)XVEj?pz{ZU
z<58VKYyP#nTfNb}jbKq>5S5wU4`cU(tr7Zuvj)@5Bi(YgYjBqe0Z0U}6JuA&8(2e}
zcUiZP_q<8+XlDTYehr-HUeJk&HY3>$))l?llh^WAvJ+d$y=B(v4<yFv8l=rxaP}zI
zmbp!mbgDEOF!VeU3DR2|k<4H9dl_4?D^F}^nmt-i>fKY2W6?WRHoto^6);+gpkvhT
zTb?TF2?H*4#3Ypo-4bv{(x4Fr1BiX1+R{i=t-OuK_2;XW<+DV<h>O*E_4-x<6T>-u
z{BOQ}M_o5v+g=v$n<|X;vc&c0=sv&-x-ZvLjKEmE1VCFpz1J+b+dYn!E7v{{DCAjF
zG#LMFW{>Y;K?#FON+Gb?D+wT$jhZ=q@Z&VKnFIHsso-Ppk_mGc>OLdJL{jkbt|(Ar
zVqlamx2)E=sbFHnA?LR8%X6nu{5`h0-~T_pvbqZ)_S2G*Vxd29>6#LjgIxVMUUS6e
z0OnQy`p^b$Qd(uCpm1S1^#Hs_eh+NTK9_@h?94h5K2n?z_;c~r+P+Ez6BLN_{{6dv
zHS;#e0IaOkv_H!lI!x#+%>L8iM3rk7ZC04XKL60@c<DVMGX=#qYAbD6=un~ZxWy-_
ze~x}zY>xl;S6nLlI**_gRu7E7ok_8j<OTL_v{%^tuRbSyl`Qj{X;26Seoxo(yIR#+
zT~yxqf5rHFv~*7>C|O24YVu_%Lv8QqWncR&aTG%m`roJ<;r?wAw?SLAU~b6%m5q5@
z54PHUg@)h{H?;9}87s`?LL1E#U8P*%-SKScXyDJA4g>7}cH6F-p!1O^B3xcDOcN#J
z)2E-<I5@TLD@F2EI5;@d6rJ2!C<LeDc@WM4IfjtfRWW8mqp6tsbvl`t`sJbyWli%a
z+I^U+=FEA*ZPiHFL_w$d*O%Jb+C!~(Wupsv)lMSx^z@5o9*qtwKXP)iY-M8dKl$0-
zpReV2rvFO|hWk!%CJov{6T?AFxKOXJ9z;Fgn}tcD3k$r@v<;Ed=t~EoE^q48H8es;
z_e?=Rg);pn(?d4_g{IPG^nd38^1s#{a%<7ITWbvacvWGIvC%4IERd!AbW0+pp}_@3
zPe05AGQnWcvi7N5ENHY_BF)0!NTprx2;mW-?f6_9#_O2V|H5_iLbTZQF)Jj-O6sDK
zEA;)3c5F-@R+IJOoNA`hZ#QnUHv@>_`M}VVmfw1e$H54j9>nH@zrDv&uW;I2etYxG
zTPk|Fb5K%hUT;Ue8OwEgjxhZ*MHhA|DjE~KcO)^zeoHlp8fw$i>`E6j&{aRiq@9&Q
zV;prvhEz;UtaB8LXNGeen&F?r(&eFwDSs?3wkkef8tAiVfm$J}x^rM<wbIB8c%-RI
zo<x*jrujK6xadrEk>aEkFJ^NE68MVB()HH0Iw$gDr&MsUodKS+9I2w!2nbGTAUn-P
zNcF9TV`{($tzy$~Ee;EMu8yznx^`^ZaS^|f0MTR2?*P)*voQy}N%-RSEqg{P&hEsd
z@8dmd-ObRT8`5X?N7}6C@_61}p7rd8-#Y$SVqoy&&ToD=_14+-p6EO;{3CB1OA2ZM
zb+sY1QCvT3scnl`q^+FwoZY{Q78xR?;T-g=w%V(EyDo}!AQ(T?CAb|zA%C2J-3%9(
z46QIofqctmb*?yHVWgy?feo4P3|%Es)OPx1Z-k0(zIF-|C08I@L`H$5;bu-9nhW`P
z+<b5l{uB>3=aKsBRa4WFD&nTXS{&<T4xuimr4((aw>SS!++R!(;k=IBld~W?Dv>mM
z_q$ed{Qf(pEw`>`?(+-&NF*)4aev&y4jc%Jf_Oim2R|U2-dQ2b(zPxYmJUgnry!x!
z0Y($4<-TkHB8>^|x-j2xa%w1Ab|r8>OT7**+09?4kJTDmH|SPtGo=>kSRjHc+67uq
zceRYlxp3sN7F(g1wE56eMt_d(F`#Eyj9V!f<rs<l879pU7t`i@ZI)9}D7&UHukc3&
z0-lJCIz35=VNkotY&Prs1P%m60-T^s0>+!2uX)EZz#>@bk1)n%zQU~juaKs$tY@%M
z>M_So+tuG_nZx?_c=vXQ^sm`-{O+hliRh@<&Mggd_>+*L?2T=EDjZo&myMQ_MZzw_
za{E$4yk4Vp#xn0vbGjZr#zdaT*P~W9SZ&Y#eDU>SW_p|kt$RZ%E@i*dBpi3lo=9=+
z-2Yx_VIRaiO9CQr-4Ez<l{BSeE){iuULD@48Z+NNbxZ~Iv<U@_?#<qa-U&fn+RJT_
zaI=T=vY+(j$ivcnqs>Y}4xpO5%@xn!`H{7_TD_3JkdwXHrM}PceB<qRIgPct*zmCv
z=fT>s`<tMl<wzv_*z2V~Nn0*w+<XGM9eDxBiALlOdPdZsdklSjFK5SBZRTP3PD*OG
z9r5eHH}N}J?MwT@Z`ORe9H&5Zw*6XTW!HmdsPZ4d{6ix{LSR^B&IsnR=;>-#R~T0F
zDJiLM@9s>)%8Wu%ONOp3*j3~D=c*)wd}<7ZleHxGkFY-)s>KihBXYH3sMy#JiRQTw
zQPKOLj!^=lJw=|<mva1i0i?~}c}xmPL!Kv7+8^eig-pQsyv@)e--%m1+yr658!wk;
z|CnQ+na|IDD!{MN_Xgug>Gd6PpA&5R>6fRAB)NMR^Yl7j7>pL#Vd<S939(h8qh=K*
zEm{sRhybiO904`ak+%(F8SD{v)+CoybspykWBUGZ=+N~oM;k&yjkKydwvQg`xJ;t^
z1>h1H@7;9iMWGOg8I1wC$;xb-#u_A}_+|r(f1nZd^~35>l@JKf7uIxUdX=feBupfA
z((`cBPb}=Dd1c#!i6P@3@}1V3wylmK$96cHx5Z+2FVgE)VOp_UE#dpaTgbDt8wHas
z)~Kc(Id3g;{_8zvf{%3aD;_(MTkDyTVtYG0c}ts469{p_(CiSy0CZyFD3Co!+Lka%
zxWw1&K~KmjVJ&!yLDJPC{AJe%1LKN;uqMkFqjg7bzUYhBvO`qC+AopWJ7zM<9SR;v
zZlWJQu@lmq_s=QLcm0V_?WGK!@gY`JkipGzw<r{#!xmGo$)2HVTqxD;8-$PI@wj0l
zchOh$5OFyneinfGkQmLh(xmbxe`EPdV!(SZ{dCuoi9nhrWoUSgKVQFzg47evI`Iu=
zzREz{CI7zu+=VhmDv|Bzf>YKFx5oBfkm(3S1rAvqc?@NH`r*sRcEj8$qL#kuvY@h;
z->}x)2G$<fz*E_|7ss{-1feGvX?X{68;D-d0|+n!F7R}te14>aw8$>MU~K>dL*N-7
z608E#TEgJ#rjZW$5*x`&?H+9ejA$~9;SyTT{a@QC6ATy^TniSv2@=2UbRc|PDdlVs
z1;;iRO_1^0L8b6Exq8hN``w#~80YWnZ16KW+pl2B(`>ZgsjM$*!*q%!TyLJ$d(Ib<
zdyM?o7a%{`g1$1r<~*v~7zUb?wJrRWkEUqQ;FV;Nm2lMEo*3KC=jU@y>ZmI3<2>nL
z9WbVN^p4W{{wCuT@oaRG1OrcJ<0j`h+oWZ*ACYv3@(oOw^)iA+Abw#hGu=&_MGagV
zR$w$p6^X)o=(UYJ5{`GsDc@O9ysL)n42~~^Gc+s-Q8NjQv)E5+WhY;_6jsJwCv^*~
zvY*^$mW>es=lcp0;)o3tM5%HcH-7?^3ehFNHj_m_F#)c~enY=Vr3lNLomZht$3H_?
z<HL*FMTVn3aC?qB89K;|S++1DQvDAH*DT{<wFj=oe~9+01m$bEBda%=qO-gn@jt92
zL3gaEvyO$d2Qg|lZ(5<@z!XK4zc^7yGCOHx2}tes4o^({VM7TIk4|A_q@(NKx$^Sg
zB(0h?pGXs|^Q+GON03-(q=Zrk(3VnFC3iPHaam#ZbcVcDX&YG}q7p=;m<qeoOF|eE
z_VxT?<M8Zzz1jDGNvs}ZmF;uI#GOuU7w}-|kmW|`x$Z9t?0BJyS@k95#FW2`YD@n<
zt~|@OUupUj`DOQ=yYb;3YE2Q#E_kVpu8V3+BOvt&Nic%)kiDK%H5=>)dKE&;>5M|t
zAuPV^CT_Z^Lf^05|CN!-6NLZPozZ>;WamQSll+pICb_+zg*{I))=}lxbGj6fdNT#<
zb_*W?_+Yhsd%8*_r&tjCxfN`UY4+4uEPiPy;_pZCAS@7dHfKZNkZ)Kv|HCP>Levjf
zgY_(s{fN48;bInM_sK63UazBw>-Kx*-A3KOmnV2m$nFct)YTBc++3bUx@&JSBM!*R
zGYv%>KM<3kDKerYSP(9>uLuqGiZjY8npNIVl2~UQg&{yO78_slYb*UG#u;?0{?3mR
z5e@Z^jd`7G&vX0pI@7((U6HylX}7dp)0SIx<<?A-;Vu|w(0b{NqZhUMht!8-!a!j&
zB+{-Mw9)JI=|*R3b$#ECSCo^}K}cmA@4LPn_Lcj>!oF_A_mur(WRx3lda$iVQ{jO*
z8wYa>>t+>GafZwi3VOg)YV0;J5}!fJ2aLFzU2S;+nFRIWp(hLJm`EmE$aRN+42>7P
z`T0^?#6N;KM3#m+y`SbGV@Zi9CG8x|?r3weu-Y1#Fa@p~C<?RJ+Wm2Fa#+!zFMnO9
zqB^a><^m37jn?=h6(mJb>D9+rFk(9E^_F0r2u<bmQ`v)H=J(UTW#o^3tUW5oD1N@A
z=v?t2!g9JW=+EmI<R|3x6lLs89m9IiAC2-99nQ=G{V??4e28}Nc(Spl483m>0dB~6
z_5udo3?B!j&iyxuc|J<s33jDY0dAO7RE*?pq>Ki@8?G;&BX;Y6eTS!on<|$FOG7m8
zZx|mGyLBozyMKwHydQG;lA8C&EiUP7fQyJPi1`r?Zqv+bXku*FEo~mr4bzU3Ezs8$
zNH~*rJ>gc=&KZU9^vRg~+b=N)aujznD4|h-=YmG9I*&K!RKI<l{oU@-lG-|2R-$&A
zuYqDFkaJ9K`M!Z_-+S}X1T%)<M=-p}Cb|2W)tGiYs#aJ?dm{EV3i3x-KZ)Ke72O{6
zl^HsQVe*+Tk$+78kLtcMD6S@I6GDIx0t5(d0fGj1Cj@r_3GN!)-ICyL!DSLOgy0!m
zgS+c65C(S{Y#3y3-n`$pyR}<eTf4PC_EycEsXKkT`}R5AxBGccpNmePQGAe{SnY-n
z;fZE(J+L;>7fLcCW}{sdGTgEBMd`w%vFGk#F#T*<<9jDMyZ~cu#Uqory3X)voO~s-
zo(uzT)~J=#PUfUr8FG-gZ;px`cmYp}eEW3jpOMZZV=sfQZ^u$?vrKbneaVvejwZr0
zU}!%K8nNeC@QjA)z?%N!@0%WewAKH%;LHbY3;0Cyl5gP5k?&KP0pgRbxue);{PHdM
zb?^7<g8BC%H?(qn2J?uX_A3X7Ylo^D46j9!A^u`4j)Ad_VIu8-vf}%&MEUjtJGt_#
zP7Cr{MSv1BfNtQHNKj!-#dbPnw08{jyRtSUGRj^RQqe^!ZplSR!~A>P$hjI`xW1*R
z{G1z7=;~nsqr^b6wlLKd2XDre$Ukkn<#+P;kPsGb^oi`oU&qWL9T;;Vfc-Sj@Lk{Z
zWgZ<`Yq0I4*6{p>&V}v9a-8AA6J)(Bx{~wOVxQJx43Xt8CnM7Vs^XHYNv=^ka-C%s
zd9tf=a+<J^V?{tf5}(-^rxpH!>%k-J>cmD)WOwVtrxEL~4GpA(*mn~r9?lf<p&-;Y
zHOf+KS6{Z!@Cc2>B(;es3(;HwL!>(wyJu9?X^B%@`|+Fv6RsJH=^pu`$R}ON;A~1l
z=H-zDlZdIZJy65JDdk0lZhvw)(|1!GCR!=P`b}2$x5!A6ZW-Cng6ZsKBTukhVOv`<
zwpqsIBWJ)<|4kA%$}?gj*p^M-j>jZe8E+AM;4;{Bu;^6?Xct%;-`wm!%iE67t4mlZ
zz`%j|Y?hKJswr-EMjVOXM$0`d4_Alf`5(bf7nyk4zyef|xt?7`dhY5o47<=vi<@sg
z0ldWUQTe?AZ;vhYxw_jT+wWl95NC2Vs<o%^<*d%O<oCeqS5<S=-(jBr=AnN-)h4Qg
zx1;*jw<!B#fgC#}F`>FKHG<JJD}%bD%DgsDD5Hl&lEU<)Yfit($TWrctrM-Cc@`rh
zhCud#j4nJ8lpbNL8&!d?<yTFH+CBXUx$&!Z+GctRbh-+`o8aY2uxL($pHI&rHos8V
zTN>Hv%n)B*S*NjyhVMYaR|_EbJVJ>KIchp*jEi<|rf@kP6+z5;r_L}=cE3x;-EJvI
z@bzSE5|R2MV;$v*Molm#GMe`1J9*fkT=Y3M!%tW>wpWd(33qrcZjx`d9@tIzr4EP9
z3@*v~ftiWl%)w_Ie<AL#sa<8x3QzD+iI&CepW;u@rph&odx}zYzL|Ka6TtSi$E#!?
z5(6=c-h#FA+$N36&P7+GVw)7ZLn_Fhh<dHOK0Q^wFF$u)3W?``9Z7Lz!??^JMd3e9
zSA|gMy{yneM8x4MWzg@Xw`J9lcgt<1Bqt{n$*G55y3|}kY+EE9AH(aclXH_4u>@XA
zhq$K35!hofEUnVf58>!mWkj*%ojNnN>tAoRr<hor(58%6JvAgF^Wi$ii|Z7$LN^)l
ziSxET=$NoTVgIDO;!Dq*r2u-XSu;(eCBwlMK_B_l1_&?R9xJwa<jmAf7Te{@ftHac
zYM)5I&h5O<Oixb*pe!TgVB5u?!nq<|MQRR4yK~NwQ#+PN%TN?U?)NST`#<JqJGD7~
zyZ;A&cvq(5Q^33t5O~YnKPHNdwlReZ*AFfWn%sX8GtG1TO*7Rq@d@K>cQ!s=ylMQK
z8gElvMn`H~2=n|YYURk18g8dY0|I0?H*LBnuYS5Y2dVa^mgyUU9sfXvkC0K*T`%<o
z>dX|l^t^20a-_wizn-XvT6J%-Z6Kk-Of%M5>r^VgwrY%j+RwzGibKW=Z7G_bkoLvt
z)ORXAmQ)K2p#dgBPQN%P<Sv^grX43Uu7l+DYU%M;7(=!V+qugj0)<X7ol7o8G<FDb
zmjF)5Q3Kf;%x@E^od@>#(C2yK{IsrJ)bYN%<0a~1o>`vxR;|Sz<N<_p9?`vh$B9ir
zxGM)DN)@#fI-Ywn$U2-y3E$-Rf(po{SqZ$x*1EzV1Hv0-mD$sQ5m<ZE*>#S{iFSMY
ztoq%aR10Ub_d^;>m^Sd!>=pMPq)M8&ZY_$EO?5kR2}9%>CB7!TOD_Czx3#+b8!N+V
z{atKgubosR{lHH0&DQu2<$juWG*IjqO~tP&n)l=|ydd66{tPSBN>KZG#Q(tyhhnnu
zHZ``{_kna%Xwos%4L5g5e?c?BJ})pKICk&V$zYhnm;m>$%Jm6B<KGv{cMir?X>X_G
z;MvPor-jvgN+#V2ScrE{B=ZQ=<$yy84EY1A)xj6h!k*1qmvNVM&CkYqVyv#|b7Lxq
zj9#Yif;HL0bF)rHPK2xSx+znVe^UK02Issh3$~ug%Jtdhr}sXwlvv4lhq$w;lyBy6
zoyR>g4UU&QZ#I%8xp!pK%M5K+!)%hXsS2`xEWyuF;Gb^&?8s>F;w@90sK8gtzQ-3f
z*`}51kob?3hSj-z-dL!ffIbC3LgizyD(0dNU0tpsv**1IPN4UM&Ad<SJlm7X_H3%{
zgBjBj!+*Yq$xntK6sCS?H6v-dK3FR`82E-08)>MpYDTO3BqV>WXMH`*`h~oUhOer%
zpPY8lIh3J2P{O2A&8)_BHQ*1J2R%v;O4AS_O$33cBqfn7s&+#UHjg|zKs+>K8GaWZ
zus$eWPuloy_l)UgQ@<|DyS1gs?W=P(-lQ2D*{H${$d0vo4SF=(1xL6{yb<eZ&g8xI
z=PAb_6)@uhQ{^_?U5`E_Ix@ZJQy$=fFB~t({}{Vuy2~=yCiAm90A;qPCQvuVY)K&E
zTN%K%GmUsg*%2x2_V`nIZ4o*;Y0wO~9vmUcCYqtH0ZrqJKEvdV>#39&J$r}w#fzk=
z{)zR`u%K?@dia;cX%Es5ioKI~8P#`>dcMZl8cRMgL5p_=^~Ox4CF?$wtBt2BHK~a%
zHF5aiV&UoTGFl*ZeW<fv+skWurCVV~s4$r<=)2#jS3=d_?@<nm!(=+S*4b0QbC7|=
zAAH+NAHJ?Mh8^Lx_iWY(XdOxi+%5&S+|0<G=8I0$_gM)|X>-AQ6mR?$m3D-)g?|Jg
zX^jzHOo!nir2Ied-XLviOm%uV(-fCC1%0kg1QAX;wA_x@lO<ZxV$JQpH~JWBzkjz@
zw?@shU3dnBb<y*Hov-N?S`j5?rv>GkBq;{Tu{NS-7TQor9(eUElv-|XBxmLY=1({i
zL2_%HIi0*&@?uDa&g4Z%jDQy=a?IEl=?{y!od#4P-%T|2kgLfkFxtKw&bGqB>Pt#_
z%wDk-FY09RDvqA*&X3=g@!6q4&*CQ^Ij9G(v_58HN}8;f6xRG}EbLLbTN%}Y9<q2|
z!Q5ejj$!M)%at`do-|R$yHxw;@RYpIgRaWVX7LU@JkSr>Auma)h9*GSjLTghjOq1b
zSkFEy3V^i<#;pFn5MTB+k&y`s3+;Y!aVXhe{dxM-s!vmMq51wfR+J)u)!=KDRm_Q^
z19Lms$**V)h8*EIRI&h)o@&fV!Q8*&L156#0nGm{yzo&TJ$6gX%hD_lyh7O1y#xr*
zn4yk^3lR)tKv!Sc<ft!)$_jwNw+^T+=hdbvoAo-aEZ#O&T)Gku>ngc{<<v>=h3}&u
z2O+1EjmrnvYCR#Fr>FtIUU0X;J*y!@jyYfK3;^#vl{bSef-{#e(%+N~R%3oQr+vW}
zdNVw%oUivCpH#lm7(8F=6ZW7u((su;HW3XCh4vmN{<t0Z_nJkQHT+No%b3FG!sB8e
z+Jnt05!i-D59Aqa>1&`@BN2X;C4fsMlpge2`}OOP0kuIG46oYat6YHAY1)Wo&xA7V
zX>|X6K7eag>$6#It-D^m=RpCGEul|nuKr^C%h}sti`>gZ79dB>K*oh;V%J0Ihs3qW
zvh?{tYGsc@F-kpg5IspVDIFb2<m=);pnqgPjiHy96GAN0>ha^pCq7~s#oiG+Z~FgI
z2#65Tv}CWrnpn0uU*TC_vMc$&{KlOii)Hjb;*oRA|C3+u0SK3wmAPeJ_US(mJ_4$t
z`nR}9pSXVu{y+M)IUt5D8I0`V`1H5(=<nWYTxHk4``^tS<L+NdAtWX$y5k>sASG$z
z!E?6mC=iIV*w&4WVZ^>q^WW_HX>z*oWg>Y=?;qFNTp=Mqkf=46hrZ{!|CQdd<M5v#
zeJDuT5os2({cPpKahF!(-UO!tKc`nCYi(G)RlnyP_ZK5VyN3qMDv}*_sqm|_+OYkB
z*6zptxcgv#u7EQIKd_y`+o$W)(1FDx3G3?{oWka^TAPqBZR#hh_nyyvXJrm^>SF8;
z)czr=Vh9LQxSpUT^l7#2>ngFb*zN!-3!W=ugy&biDVUSK*+L-6W?J!scADoK)}G3e
zH0v^Pzix7!s~vOEYWMlXQ&;V`p?^U#SJ*X^;<Fir#V7t|>TqfmRU#8kHFdOmT$ZO#
zDuw3juxY;8=EWQLV{79XYqelg9#h^u)7+&)tazX(h2SA$-$FDhVcrI!xrxv&=bk4r
zQo&RAk&DoA<9yE*d+e)E56)|qWjOMZ2?Tq37#g7Mp(^zdX;)V)28QKw>Nl#JvZm$Y
zIsS*+(r;(STFxuC5OyXU>BhNVq*N-o&*Fb3-rZWL1X!U9Gn&S&o?@<;nj@18Ar`m^
zoP!PX=;DHDO-~vFDMudE=-zI&iZvfU??a{khEp$b$tLZ$(i`cl&0}RV(8Ez08TocV
z&N3U{P|qK;cFXzem1dJGdFM|uPi%g{mR~yl>h3hveUt7kY>-VhSVz&tTRoXOruo0H
z|Cj%O{dZ=*lqULiA|_$q@%heGw~&HmxEZsHbH~Fm^;3M#wCZXBN&LP~`H#tr5z78c
zWqE5A_mt-S*qprIFYv7;eMFCrMB>X2&s&a<u=s|rvzQKpqQJhXmv;6+^ms;Q$5ZJh
zr&D=PMyZR~9tu;DhDQu{MKG`Aie_%qmb~Ev6E`-h`AG`pD&__%n@}9HxnDcLMj%Yw
zk~p7W6~C|d!Y7LK*l6osYkG68#o#TQcjk%ZhqrVa)c<5_MX@*OQ?8Y-z6moEYc8Tm
zP|uVplcsUGY^6!wMh$3kIr_=8<9=gL-HMQOU`7qF8}}VHA%)cAc;;%KYI@bUEsF+J
znabOeN+86`R}v&}0$iDbhJQLM1CW1ab5v#e{@Ne~?EO?R$80Xr#e(5SkBbwjXa=t9
z#1)OY)!27omFx?2NbQi96YY-?p~DOpen-2jq?Cr(N^eXTC97{HY|x6vu!+FMr+deV
znN^>BX<7!Bs4A3?J3j&R?2up`XNW=J$w7%hKW*ZCeEL+gs`RhGgp?+CZWGRBx#F#T
zq%dc!#xF_^9-gsdv~p9Dmlt3g(;+V0iji^gS27$8|I5MBDA9|ey4thxU{>_cCn~Po
zpBC4*6Q|Yh#mA3ZT&yWzR7d>?i*<%X$e9FV@G+4|fI!L|HMM&4@nk|*;I{HIau+49
z>MoXI2?f*<Zz$SCg(_=s<*;kc6Ya%gze_h6t6R}>_c*_N^^Dvb$5nzuTNO0e)WYgy
zM9hTKw9-*XA_0Ti99mdz`8~`%netBg=_+nZP2t*gv{iR^5{i6~vF>>PseZ*TH9_Y^
z^--T~z)hENd^TekvTb9H40}EmFO6K<_jtgcY-xJ1t;jtC3AK(UH|#XIbH#(^Vl;}j
zTVHQUy7uD~+w+<Pi^UaTj)I9N5;g_Jx>n>pyIt2YH;0Y-sk2-Vj$>~39T{37)EKDe
zuy1Dk1JK$K>C~W5A0fUyHMv;QZWBqxjyNgPA&BoTD7ZLS8XHslzGGKfg6}XGQ(er9
zUiC()zGkL1JmT(-Nu)<#xXBZz`EfS)>G!l$&?0HlStC-Gnsg@YIA;V1{)Lz4ht`0Y
zkSEjBQY{7;`b>ssuU7KJvo3W?38&u<p8PsJR<#bjLn=Yu)B|A75`XEH7#)druGa^8
zmX;tEku1vt_3qi{xDib@z!NM-$DW6xho6>*=ljk5?ae-)-85+lePO@?xS;PJATJLJ
z5Z`H>>Z+<{0I0XjHj3^Eou}BD+j650uq5#HZ7eaFsAmMzv6Hq@k@{`W3OE~%%!)WR
z{#X;Db|ZE@3gH#{&0#*b@2xutSG>k+Og+IjJHxtkG2Ju>2rT5I-KYQ!%G)=)dLyf2
z+qv_44?>t1?=WcCR4Y$+-VfB(H{K`Zo*f0F-!|cz->hJAZ*G&fWnT)L1hs#(2rF@V
z*I@N{Og(1xXwKX6xclC%M^%2l&5wH}h(Eo^zs5!DS0~8k*w>Y+;&A4v_pi$U0e2jR
z4-76eD=mm8aJ)*3jb%2j0KGR?0%JHwGIKsALDvWaYij;Tn%NL?VFNurcMSg}Q=zfd
zk-FZ=I#tyleLBaT?Z)eU0abSy-M8Ln429Z(4`MBHa%$1g(72Bi(+y;&ET_8HB&w&s
z4Sd)Oe`+uOOGo`KtX^QtjQp!d^Cdg=Hg|Nj_}0l)z5}e1RL!E@{31v!3Mr}lg;Z4a
z{)}}j?uS;J0m!<5Y)&{f8G3Zm-$j$6>+p0E{>Hey9)MNsM(2(k#UseA@bRmA>I#bd
z33>5|(7fn!7#t9`EXZ2r4+WGXKgYYb)<<uN?Jk<)q|D@9(5GKa+A?^aJG2@4e>U$R
zUjDRv>o>_Kf}+0Z)ds5nkjp`65K`9II^`;0Jy-ZHge#hmgnO?{wFq1|`;^?X`BNUd
z9ieVOs3*2ftyn3F@_V7t91o?JJhzdJ`)=2s4l18b@Z|;AP4Co^{k)ySqc50#qOKCV
z*m?-zH+Iz2x({s)uxV*%ME0$nTz5zs<75H>MZUW=z7&mdgw&xtrCA{WX#I-=k-VB^
zU~YFX0yEUWlL+7(6T79!^WE*?#Zc{{{?Kk_y6J2_h!$)!+PP-x{0nDH#oD8w^NGW$
zu(LB~=de-F8Clu3ST(jZC#L#fz%r<{tR<7lnpINeHdLzIxu|bED1!kj;O-A;P*Iww
zr!ZLOjPQZf5Bro5r=K@Of29xSUBB@9>2Z^Jk9_e_OMo9ff8Nt|V`b%kZQ_dF+U%7t
zdn7rLKgU&Z4P(i>cA?TMX`~h}HCXs8_SseNCcB+4iecKRiwh+h>(N=)m#STyu`s5v
zTTHj-byOCNY8`jCj|H5N$u`tiuro-`nwAB96?*wv!0`)Ci-Ee9$yavPHFgtjJpNC<
z>ctdau}LTtG-$BpLD>w_6u41jDMdcVM${zQ7J2OrMOHN^&i@SiHBOq38oy6F08L?Z
zjl<%tOU}R01l)McimVOM9$y426=P}iw-teEkGjj!64Scn8EZV>bSgp+1O()<U>DAq
z_M7CTaVJC3VocS#;NIC!%p!&hBwMp&Ew{eZo*2tAD|O(7*7c`SW@c9+r_8#iSVuP+
z2~ulK_%w}SRs+O#9%PE`k?aB78@z7zc(6qYss;E&f@MS~;qOJcG)%S$qlWwfPJ2nv
z@C8f=BaZ475{g8eWMGOhG&tTpy!sISoFobRKv!vzWr(N7aBD+%t4Mtl0HRs%k)4HT
zFBqtp@9#GxIT-}%I6PVTvJV!E`Vh>$=&6ZS^_t^1d*byvt@(W+m@YI%eb>@VbQY_|
zY2_0A-!Q7XdqueFY)s9Q>jF^inLLWst0MmJ3M}nzbgneU-QEzVLR$mLC4Z9Y_eUpM
z3El)<)T(f`+nuRqJofy+-#(8clHsG{g58D3+vJ<=_2GykOpUTz1t;VX=)EWmwfBg0
zY{>q!Y-v!_{so@+g-sTblj$tPxtftBy&o0N?Wlu!RQM#fPGRBZW|O`p@CLVH$5ouL
zIlhZ+)bi*QXx>8yueTE{yqtn~3AVJ)xsHeB@jRZs=jN*A>HnVCG?K&SCWe6<f!56M
z;Z-o&60lIs<(NsYu<w*BnBasTZVy&Ap@m@m{6a$pXxk$6O<DNBD$V!pzHJkbaR}s1
z)xL$-dhS^kLnxQLKyy1(F^!^M;RQ=Ox*0C^dNc4!q_+Z=O+rrOg~d(JyFYyl8|T6-
zrP!=q)s-k_K-2k%9)o(-J5dpqeGaOiZR`*2hEle+@Z$?$%Vnf2#STx-vIx*PF!Zqq
z;D|Mf>YcqINP`hxKF;Qp2#?w_Kc^zXZ+tbX+;4aXpX6=J^UyrLp${E)D;|hqZT@b;
z(f_=5yc_nU%l6~st~BA4h4}+(L~ftbfmFc`!NX$Puh#7o9>`Oypy8Vh;yuXwhdTAA
z=u_Q`KFsv`V_WBOh<6xr^o2yyy@q|Mt&5s3$3H>92}B_E)tJg)Q*UdcI01G~GM}w-
z4_t|kPjkyw;Gu`Spe}m}SX|bDFT8lOyZ&2*<H!YTy!BV>EeXC8?^=uN_RNbw9!Bk5
zu;}HY@*11e^f0uuWq>gA-s=U<8e|G_S{=K6PC|W3xq5M5@x|?oe?Wbyk6WF|u9yF7
zxD}P+hM*5NSYFNgv_S|r*o)+Hc!+V%!u+8qR^6-9sHg8AM!>2vo^5Stt`9H>jy+UH
zLG?mAE%WPBJ%z(hG8kS2oIe0LmEMFxht=t1C3%2{`Y5?v18+=Wiv0OWrSjNn$RmhA
zOrvOxdh4a0G#2*Yi?26kUvL1n$CrUo_vVrFd`f(r#iObZ>Kc!PU)COzN`;2$_b+*y
zy9n4n8vWvcYwceZI`e!{GQ44rX@U#|Ev7M|m73zKS!ctARoe0-9_L!wdEmCh4d)q$
zn&rslO3k5yEmo{4Q>U!(`Yvigq~Sxrzing0YRHbO>vhf*0%4wIoywovo+?LklKel=
z2|c0<RqS~5KVIHK!amEffc!iTH89JN%>IOKT&VOdG;8ubYuVKq-V*xiZ3UviO?B+3
zRtrP=5uJiKCGoD2zRn}2CW?HweF=<*d?^un7XG|$8vehG_A)PLZ<m4~AYZ3z?{}Cg
zC{wc41^fr1#v@hBp3F3AosYiAjXYxWQL@MUD)!vKah7mmykl+*5AFEmoZZMeE?;l$
zn-WQmZI+KpRVGz43d%E2MH#8LTt6f}pBHk+oc6nC>;AICcQ>b2Gmv4=XBEQ*K+oT+
zEFgGifpipylGRZYx=Qe#yVqyZhjSIu?}>E4q9^`ojKmh@!TfWc2^_&q<`3)E2PNW;
zY2!w+aW#_L<JhqnbnU!Kyi-09z7&2BX(pt7R_zYQjrUJpXca_D0CQ6<hNgnt72Yd^
zz29fFMG6?|mcDtJSO^}{Yy3kxRBUKeXMYw~EIFfKU!x$9mU$J{COi9_E?@eaP+^!E
z9uwnq`>zv+hw`$7h9}iYB=w?2D(@V;ciYB}8hy%Df(zXz!1?wYbf0%}>dJ6wM1!m)
z5JVuY#l3Nhc_JAHP)|CA=J)*-C!t?1#DyuY`AG@*#LBAntOFd6>_uZgg5#^#;ob<-
z#V6V&&yq4TV{BQd7zD(JjM@?s*T^i19}vGRyy=dpyv-h{yaPUM9Yd8PX7!?>Ts9J9
znX(^fXeXo^>VigWj@k#$z!(Qe@8`SSfdia881iyFI{*~mhA%`Z6)F^Ra#^3w3BRl-
zggxn96^cMr2}Tc7;q=|yx&Mqg%!_+tVSNHG0o9Z-C%2^-uVo@>)|0l3O&xOLe#}fE
zL^^TgxDG0tqvEB|9dgf6;ah5EcT#w7Zk=spq)j@W=g*ZJPE9B5r)nV_R-Y8JD|YHT
zzYxUx{%#{;SJ9-aZwxvZDtbQ(F{xx~jQ$v;#<8V7RZ=572TCI}UW?nxgWWaL0N`v}
zR~MQEm!UnvZ%0b(1JeO>DRoGPTJUCdJ5;IO1y6BL$9>wdXd<J;7nX<VvmU0?*y_lI
zfgvHml<e|`hh>49jT^0TZ#CG(aSw%gakQ8U{rC1zcd&R*;HCJ`(AbJx%Mquf$#AUa
z52Y%C<qK`<`#$KB50rh0f5#8z$UwR9Giv?2-6JS66M0dx&mR2+DeeqkY|n#zjWGV5
zItQ{)a8y8?uv;H6V~pVwk6cA}<>`jst?^U0`x9J>-?3g^#uW;=3h<^Cn`!=v4|AV?
z_v{tYAaCs>h4b$w1JEXDPM~y}?~6;<6KjWl#^ai(o2~XS_myts6|#MKZ6o+5B}!+u
z{M4NXpaNC}CCvww>nE2Un-(Ch1T#-(BgFWg=by>v6j2xC-9>sY-w76&D_;`KBb-}K
zE<BbS%3c;t%=<%f^@~~S%FI``;D#+a#gdba+xin=w^HMmGwUb6xy9RKDNGZJ{PjAP
zGTib_Zc2a9u7=KcMY=3jVRTQHs*5^^3c6IyzgCbD%3ET4T&`vZ-j;=AIPlbp{ic!o
zHpW@dt)Gi8R68}m)0q+!Y4H(2t-IoTh-J!$FviQJp3nb!gzc4-w1KMp=mf2D?R4|&
zJe$BiY7nVx7^R@{N;`Qqf4@+o!VHzFjLe-7pL%h6fS3jA3j5vWFe*HB4U5<3^n}i-
z$@O8b=tXZ@a7G;5*k<sor!ez3#Dk6STE>+6E(ec<sz)mzR(Pu2rXvLH4{9$d<{g?e
z=gs)d2a_hC<ulvVNcfn9dElkLt@jA~nc>AlNlR_qq&)hUSDXEnq9w5IOtGL9sqk1*
zsY);Q?WKMiUct=Jjj2r0HH$Qcbm}g57YVJcy48x8*;9qSMrjLQe74@+ohzYu#~vsL
z)K>s;!{X~D%R5yqL^KMtReuy}YSx5tF5hP{)<5~;RBJtbH5zSJd<xCx)bxh2pE*u`
z938#=k$I1bb;~%u)qO^r!NL}_<IHuz81A*#S2YyCth6!|O~!e$Je*rXRSh=X!W26-
zC76q)mP#OY+}=K-MfO{_<(_j-wJ$2j?J!HOI|by*=PB9Tc<M~FK~Nmf<ri+DdjU5S
zlwLVL$;NKS?s>kw38GHqN_}O01i|mwV>a((+LNHHEjtl<$4k)l__nY&tsDggN5tzT
z`{sxUP98@!SScDiD&-g*d)bGjvok`;*D9yHngi^|iFuwd*A~53*7^crUrQ~CQ-d)6
z!uhZLE~4O<Ft3u&rO^l9=P!N5Nh(u!5<EDXv^~lVzt1W0r>-X&>_<Q`8rZu%8lu(s
zrB7s3e^(eYMX&02+0byTzDG#@z>xa-^>d+>rgy*0b(oLBO6_NaBu)N9g~h6z>6ew8
z#V5X$i%k)H=`k(lfFsWDVa0-<NeNOKy3Bb$%8Od*qP?m;TpcT#cGd27byPM#^0VD>
z;L!`kCgytx5IxAVoDFObe~F=DYR)ORFwm@b0S%v&I=vyEY*8bJ=vdpvtKc^>{{=18
z!{S!~bYD?X`SN<ZMoy)?$r!S>!YKaa=K76!@Sc|q;eYHhI4;x3{o`Iuk|jA39$U~G
zetC5_-dM*A);u~D-AR^+Q=c_@{B=~xvc&ZX?sd{m452WRD-cL;@}|=ng!B3zzy5Us
z?T)tch;Iw|w0B!gQTPhFk?1<sMDFw^4}-u>Q|%MnLAn(mSm;O+Myz}K`od?fl^_1p
zXTQ3duUb&cvv2VGXHUR-vRA-;0^3-bY_7X%rrgdMLuQ4tX($zaj`c`@E^>qJLdPQd
zJ$}-zod#!G!?kB*R5Y6jF(Hwn;jIYYH<G;>3tzChH9%f;&sHcqI6#%OKIbUzM<IAp
zaC0Hoe;9>!M$oM!yYS_VI40r{dO2$18id1}8@CeZU9C(@=O*O~X5?jHAOrj$<Hmfm
zYdnYQi2lOZM}woI3`42XQekar=;&dVjc)y;5=bC)P&nY?I_sE?3b>z#P3?&7U8|L(
zTwQ6W{->ZwT5|8i`deVVvhiopLaC~@p{taoldy4~^~c}M?6Q{EVVnO7ksD;G-A=d%
zu;2R&&C36=!6O*OnC8l+^A`euRS1a4M!*)m@5uN7<i$|bn(|H3#Gh>j0FmfSBK_}v
zhzEZu_rvi64zpnM2mJQ4bgVpCv*nQF%p@r}IS~}V5uD3<SSTm{sitO1Ca*W+!a_yu
z{(1e$`FX)}$x3}>6~f2U;l)3<our)CT(~aiY~MZo-QT!4@f2Rm8!*poZl4}c-RuRm
zLs_ifd-OS;5!sWI`HU#H{iG%26J=pZ@mqVEpt}<1Q(!;IpH`QD`}P>(zUYgcX$3f%
zD6B}Jv9cqB2Iv3}^*{+cY#*k7iH-h7(IZExIlyln&>`Rx@aT_Q`_yyEe{!J<*4S!g
zgq!~-We~P;KJo9KlJ(&9{~NC3|3}$_fP)6PIMODMLz$SXO~Byergl&|HU=4Y#%Tds
zd2}$fOxW#g8^QXQzlk(7{WAy@3wrC;%HdRy@qeO*Hf!rUWif`EeZFrUuGx@;BZfIg
zmFJ)Q!|lP&Z~xLx3NtO_JjlzvF30+%P&3kvj|AV&yssE6({AV1PL4-EUm~1N2%L$~
zHU1^C8pnS~#V7W)R2SfPMewZlQm~?{ba8R10`4dTDpTDDUVwY(;2aCmqFVR;N(DQE
zlc1>A;i;S}%JDz;H)f9{{A+r=a3#?2-R(7(*D!x-RwsG5l%gV*goK2QtSmk$>7!T1
z#?)kFWPtsf)h@6)@&c(WZEXBo<+T3o2(fk%!{q$t4d<I!scEU`!^g)iFc_=~ascp|
ztgPlMZGnZw#c7x$H4@qNP&YzI-O=yu35yx_tiNoVq3KNCFUzxUNxJ2;N~$JMC&8~@
zzw$XRQ#M26AqN#_eRFf^)+1R!T|Yt&dd;g%t91u2x&5XUoO81OGl$2S{PxpdY!aMO
zuXVDDqk7E02Hjq7e5{4-X^4#Dy=wJ4SF`1@C&du=_b9NABcEaUkHR0$JkHD&^=5P4
z)xQ8Ru&0!iDjFIZi06_WEFrf(V$=^FJa~kQ%Ym0~r7~6Mz7;<s%KLYmYW)43h{vE?
zu(Bqt#++vOdogcm!?07m&i4T}gA%KltKDb7T;<Qf@yQP7MvF<{;&X9DxY=*7=Arb|
zR^!>vb^GmBLxWkP+Ll?2VEdWxYJh+LpJScwo3?6k7k+?}yIxGsYhz<$-*K_Vv>FF-
zlzND&lM@GVOwpv<6rZcmr!p<Re=G9{sLab*1??ZD!((Gi3=Bm9-Sez?4%LZSSxSKZ
z0FeMmE4BLEe;cd`NN%*S@D7L;TmFKPF*zv-Rl}BgxaQv4$|@-%LzkLSz2d~9@%wW9
ze<OfLC1OZT`BK0eotc%D4v1QwpPzr4HCXdO@9o>}wm>8^a5%FXT=*@l;4w11D|!ES
zG;za!`_j@0+EgwkL>~U8)Y%G9#(QX!Cqki?NIn$|IrwQe6McQYmwpNTF)uc2UR~vg
zjQ?+2FKn2oOdBnS=SqF8H?GvAT|&DId~+UMF!*5JL11^LOg@ECRjm}AUo{1Y>aO$O
z6-zDd7i%>XjKK_QDm3c~myws($?7dMHyP$BwuPPeM8?M#1D6}1ho^JF`gJ+<@(J4i
zo&19U2{`r_50T{leg(VPA9^fYc}phnbzgqKN`V3Y1rJY+SVr2xzda$y<U1A5eS52@
zU-`AzZ=su+NGwwGFGJk#QWCS+DxxW{Jl__P8u(WWhdYEA?Zn-8kv5;KFoQ|dcAH`*
zM4H}=`}NAbEL83=GqbavV|k~}_5S(dhh(F|EtPCi7XK8secxA4axO3PE-$)}c`L}C
zk!;_!k@_01gGCQ-Z%Nm3#oPPq_CE2T03cMT02B(fwX++faBj0AAw)qjP1V;iPj;u#
zo|>3Q3PfI5d3n{jN^ZXPHsW}etylxJ!p$L+SNPHl+?|Yqf})G6TJCtzr>x?!Gg;E;
zxu=c$<j91Jg9LuO+I0g<Zy(%QxvA^cB%iHx9t}ZG$!<MFLHWINx3^Z4;Ey~LUAW)f
z^F10q0tqo9&*^Iu?r#tMZEEgk=HM4Q-bx(kC@3F@s*2r}$M$O@0^K=V#<Qg*Z=^2T
zZrs|$$3f2GmxjsfqwAI&_qR$CO)j)Y_p1qwUI(>BSJy8T?d=T?Ri@J%f`Dq~{j^L%
zw7;@^fP%tSncruHih^==&&UIOG0XkAs1e%_RO}0B5*7-|D{eZV9X^=LFam--kt)DB
z8b1>_KcoMDE>P>l!nD$8q0`jVq*dxsJXy`6sF~f6tAC(f5pObZb(LCl;|J6vZ6Rxv
zUA(r4>EMW>|M=K`VScu4yTM<}TdO>8Xy#<7C_V9ot)t^mZq#D(Fb)bzM?eofyyLj@
z3C^J!4@pu%0cia?ZcM8Ts+RngHG2{aW|EfX<fl8UETAvF+i@7MdhyQ<50$^Sl%USo
zDzo7g5vbX|`q~K<<_h3a<Pi}_hR@V|W%<({X*$&;_h*+ld=KF3rG#TohAlbR)bm7=
zEIEXbNDL)*%s)CDpI)2|YU!4dyd4;unp^^;YvIP*?xt6!xKtuJM@P#ko~nCpx4rG;
zAXRmB8*6LE)>g>r&E^Oh6|%6~E&0XXoZwdH?T$GdD6y)6PBc^0dw;OE?xJzUG{_ON
zHYl{NsF8tvgnglTD|H_VA0)Jp>yvYH-gOeF14Bjt-Rky4%UJ8^cqdzWc&r-rXJ&G`
zpH4^hPRw_9rf<fTN<!x5Ow1L5w*B#e?$T15HCHitPf!AMxq#SR=*13XO>J!EnPcOU
zzg@UC{F6$;imujzgL-f7Gu!%hl0}>=_U&PfYtMj=1@NzKV05d|h2HMT)k#?UdO^Z{
zi=hcNpavdRf=qB!r5Ei>^_8$6s!M8)unR4;+B=6p4nRs9MAv6!4>l<Ea8R0?%`2hK
z6i4h4#*9vY!6n=zK!P%@q}<`Xxvj%iO7g7x+4-gd`S=Z>aP`}kyZx)H83JX%lugl}
zMGY&1?#f-qHpYJ+I^Wy?=U(w_oj%TVT>>DNmtRW3<+najQN_i@HG#;OodamvNwDF-
z8L%n?nY0L{#gO!EitCg*46f4Lvnif-VjkJJovKA`yiokN7mrat0=fx)51l)3U0+|n
z27zElEPG?}^1`j0mT$}_Y{D_T1s}M3IJ_vZpl3*%eEzSY^s6L~-T9W|X93!+ao?(V
zF;F0%KrWh{I#}#L<HIc};vuxM&_+LCXqs1<#}1Cg_|qS&T4p_*b~4$;ZG%@{g-4hS
z0cw}+gJw5n+np~Z-{RJS!R+3QcFH`0z|Fzg6)k7aFL4ShD<xBvY*?x88!>COn^R9t
z%9QVtY5wMy#>b<R^{2z@8p~F20T%T^=AS_z@qcF!fIHI&@<>leqXh!Rp(x6#$yB^H
H{q$b|)9}od

literal 0
HcmV?d00001

diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png
new file mode 100644
index 0000000000000000000000000000000000000000..b81265268c84cc78a4902c353c5f0468fc761b0b
GIT binary patch
literal 128982
zcmc$_bx>Sy*CmQ1AwdJdA!u-ScXxMphu|)O5S)hK?(Xgy++7=YcegqDeeXN<*8OIt
zZr%Cgc6A-=a~|FM*=wz{J49Yq3;`A!76JkSK|)+u5ds1_2?7FA>f;CCiZ-7(6|j5f
zC@7))5%_q0G!BM<Ab^k%7EpFeJzjBDRu;qQ+*m{BFUnT$3Z>DnC@l1&>031nV<08X
z$JDZ}YWRlT^1$4OM_fhaQZ@M=Et;q>MCbTDg@5eI%WI}E5p|g1%(nN~qNBcD(qfCF
z*_o%=X?XWo{cl9VpPvOk0-J1z!m`p*Jy*PcoeMrok?XmB_@8H<;!za;zP0l|j|+jj
zdQ#+aCZkeQg*7#?In%<wko^3-Ihrd^E?+X6n20Kxr`UFS{E@K7H~w9cAYFv$pBS<W
z6m3|-pKe<RPMnHLN)l31e?~?Gp=5wdGPy0K6I2`=5>V1Wv+U5)WW^jDrjEvbeHMH+
zlZc|YmXwn6T+#U3>Ps1)4xpx+Xac2ulCnhL%Btw)6Hs{t2&m|9uYe6~`2YSmyHi6`
zlhLb(zPnrKBOH>!eXv0Vm(<^K7<oKzGR?+ME4XlgQ(eE27z$YBaa|rv-earMP;~~Q
zK5A+jYAgl^Odd}svx`j<>*e|!{waG0%MoysV<nYU!q%mYRs)mcu4_+kFPgZA;KvKS
z-)dh|C>}+bjrzig$@hhS<ntN!(DS|;e}-^zaiP|%&E>zN1Nt+o$j&)KcfK)iZ8Q8C
z14GWs%S+(wF%J_9%fQ;YCx$Gfg2WpR4({>pEG*1Qs#vW8w)5f2cl~51pyf$)b8D+e
zw~aCb;UQLmxW6@?`&Gx<I$YqW&Sw7CU<|3DN>3<D$$YixXmcsV_|(*I5Z`Msh!3mh
z=7=qk<*Fs2o#5i?j*xu+-ExDCukB)=%qfJhsOV(H84Mk&IW`v7#S79}mG7EQYip|>
zWyLSc<#Gg@rCNiL{VM)PcV_bme$@)y;ge<8*J$omo8zG+12ZczdHIQ>vCz+Nl#hoC
zW;gqb&;@-F=Bwbm&S||C)2|Q#9}v7YUbHkcFtqc5DZ?!7)M6}As~8$m8P;g`LOaFr
zq1#{Sh`mG`+B%nY_VRvlduG4ImuZnokPXLU`h9=@4!pv~V0Q`yQLIuS`u6I*|0aO%
z^Xg8b=XF7Wj*k9jzN$M1cITU_F>{?O*Xhp=luCy?+}zw$uQmU)Tz{s2e{Nt6-X5zj
zTgGBC1;Z6sn3)aV+AQCED2a?jd~Ub@1NT0;uTS*)crk5VsX&h%^e|f~;GLS5V)CL_
zWhlan_54Yz-rCnhz_iI>r?R2q8uWhZeVItuF1P#TA*r?+Wn3(kUb+|v4;drHHO;`n
zq6-H4!)Hv)o}{QKwRk#0T^6Ck1?l%Id381|tP6{a)ilJNY1}46Hp_JzQF|LuGGc)9
zlqh8in40<>?Cf0iy-$R|cxx3$rlQiUHGc(tNY-g~GJFiD7)fh6Z`wk^^}@bG=wNa=
zChv><dIQ=nAmHHSoB(?Nczcks*DHP<Vcr*x_qU6Sje}{uQa(hFqSsX8Yugkt)tWFO
zE_&WK9L`6xqiRtW)`rq&t7l5hPFUz8dQmJJO`2tWv$KJ&xT^wriuN~$EQs!SyMr-5
zaqp({WpEDXN`~iXw182NoO{|Ciu*G=8nM|Mh71_7zCHo+2J*O#orOh6S=m=SJiLde
zi3fdC)4r#(JHv#2+5rENnHlBNwGKJK?v&Xuq2Pon!(NA_TAQ?!wm(6U=Zj_;80MTV
zCMT6NM#Gr`_*FK`k)<gC%k?Mv6Pci3Z`}S-EjGP}Ghm$vPEgYq*sX!wjUAkZvut=z
z%YM&{fIaip4<!TmjVK5!$;j{FnDgdv-Z$^TZ8qC(mDz2ju+R}gT|@Jdk`^sHdu(I<
zTz2k_$I~T&pvJFo*3#qVFfb|U!Et!0Z8@@7rNrTWf-s#|CST=f?)rE(W^JxQtYp?y
zYkqbV;c4i0{3It)hQZ_ZaB!AN?Sj(<{%I)AVy&HLP%h?S3&dAlcC^1Q?%=?fK&wl;
zfb@X!`*(V^^YGk!8Ui8gOn6d_dX1?~{oSR~-qCcu4$kgaT0mZ&$(-lK#Rav`F4oA&
za(#{AjsvTW%eV&}Eo~&Q8c7`Ge->=bg8eq&r3E!2{broG_!hu>pksVfdmM?yMR|lJ
z<M;DERm*2pI67JZVqtL!+sl=M31S3XpXuyYp)|K9D;rUhK1u!YE0;6i5ET@9?c5D^
zYrA_UR138hO7+f54ZaD;#6b#x!5bQFsRNEX9RDI62#cm(<3d6r6)z0f!>%;BQh~HD
zt=nTuo>YRq+8knpsFb|?=jnV|GS0^eIBpmin0(n3;ghAh5RhD_(Vpz?xL(h6fgEI^
zY8kdtzHGK?nI?H0EUjL<U_&`iwI)G{a#43&2?k`N&kHAwR^w!ol-W=$#h)b>D+yWI
zG0CHq+q2)XiNfmUm}kyzbVuG&Qc}3MxaYUG8^?>{5L3(+t#7YS%EihdVHk9#Wm+vR
zHpQxC-D7E7SnS{R>&KT04Tu#L6&Kn(*(@w9v^#v#rt+k=W^xA|`v<$ae!yYSX3kp5
zlcQemF9sNjgefk}paSv8$%%PyJgvaAEIF1^1>1>}R=0V8P)-ggsODCwMpXuz)jBvX
zjs%3?kAjIg@Zh*tlQ)}Zl~CGocd{a;tc(gY6$I2{WMB{}3)kNoY0paJKWWtWeR}{|
zP`1D|L4^{H*~KB-<%BaaCFS?$48MXs!gB2<!P#OJi(N3hm6g@h)Kug54XAV&o|||W
z!dHt)wro9(qm6!i-<~WXv4wUUu1PjW+dOz!PJyyy=N}_`l{N>HHDZtTD8{gaJvaw>
z0V54Gog>$B?~}{RX&YPYrdq}TXIU#Yx^pFyP3;^ks_F`OVCP`j?FsS!8gia7(c)_7
zlgJYW#E$hd-_&O3BYMX<r%*Jip{cxKi2dmTq_sEt7=#X+^`Nso`9gU@JYJ7?oqvLm
zG%EFxUC&nkbc0hFj5;><cHVNFOI-Gynm`?Ou4_L2a_^Ojl_mNj@Q44d&<%3F1U&rL
z3w2-l_<Vo)u)yP_Y<e+ye48y%GwbvNL8v!de?r3JUJo1Z*tT$Bbg8e`fF$j#vzos@
zo~DBkmym$u&yvqprmWt{(QWgHrPTO+b2P7%Cpl|9e0+QiOr&<Z6U9;6(R_JKeEhGp
zG#%9_4WN2$ZJqm-m%CB|_GO=;_|YZW={Twcdl#3!g#~gdc50R4Z@t!`8}0*4#2xZQ
ziX`3L-ND>AflW<Vwq@W#^(rDCpZ0fne6k@ZB<2U3g3{9Pkgt#j8AU!kn)TKp85Q^q
zXW%T$xFM%ga1s!$Y(?LktB#zHG1bbo-%n|2poU(@&(xTWJFpT#)hz{!VXa-QwasTi
z$5E+~(x0>c9X;?!DiA&lZEa=uXmviq!EHtD5zbh$Nal@DlB{x9RJR-xjuXS<U$6j^
zN59YZ4FDN{KU*x<vxH&1Tu&Xq0l<nymvcb7?hs>yX5;|eM4ZOu%50u;fA5ye)zW4?
z#c>GEBNi1EeOSr|0@v|s+g;ptfo5H?Hhaf<-0_o){Z^k0;92mxYk*(iu)*e+%<_qp
zsWQDTGaN6p2WZszKy)rI!x()r`sMRNay0)Ys;G#v)dw=|zx^tmbone30918*x|nd&
zAz5bF8@hu^r<>||ce;~&`{M<sM)QK2nmUQohEXI;^J-rK-l#uf_x5BN{^8hhYKj>G
z-0mIb+)<w89=3b`@Tib2{0RyKvzdXc{yqbCto|)FHg-?*lk3X~M?X;XWVQ($s|`4@
z42?dfNyOuB@#jx6jWdfnO_VP&)$v8MmYgof!N9ECovn@A`%yVMGSTw5|2}E^`STqr
z?0ZvF)7)I{51n0;(F+UgwxVWqV!(~S@+I0=#n|6F8^=Uw1{m7TQr(eqp?Wkd8YRj)
zzMo=Iw)@p?D!aY^`ueqz0~2R*XdI<NiRq}dfT^}NH(;{^k9<rJ9gcg5^A&4ur!UeZ
zQgJ=NP`*6fI^G^H9uG^#^A{<9-+FYmMVFr!BGe63Thw871Rfacnww+QVp~iN$7BfK
zApXVR*ylRFBLP5ylr6xIn;bFdz57sI&Q^y{b$-3KtZ<Nr*Td%v2pGBC8CGf+<mh(9
zRNi(Tw8rvL5x6h;zS;AMR4(28{83g0o9U6pQ?yz!PZE_v@tq#uoAue#<Nd|Mp3rwE
zCj!!4`^Y2X>N=V~Y&l|+jrK+W;0=}&KSQ@MFvwyX@S5ulkMBkyk-P+^3-GeN^{xQG
z8Tt7;?U}I=ZjNSq$LB$TaOg}1n+@!9-?#79*lNt~(yev$5hjbBsk;CCX>#1NjT}bP
zs8TtlsYbwI`NqN$!DKeJ-5e>HHPM13j(>5J=DJEqL?mbj_kCompBxny7LApJgru#Y
zd#k@nxlkU`514L4LqkCTd{|87O4PrQk)n?T*VUU?Lsn}FWH_I#dXHuB$@R;AEqax8
z78Lr^_&5R~F4#(;YvQUQj>Mc}C(2~E3R2h5U^IFx#hp)KbVlLvywx9wqRUMw1tRJO
z;56VmD<p_%GwBVd@8WZB6=7K`x>U;INc3_rLEmo<>(t^i;4oe@HE%56!Qil>{Q@w#
z?Mm~@(B%~+?j`p~EJe)zVhPN0{b7bunOOxM#Jl(HIx8k<SPHT2nWQyOduuRFgJ7Q*
zyCZQK8I$MxPv90$B(ptJ>11v~y@vs5;w#Zm!DyxQ>bDLcAVlKvh_3mxB{7;1>G{5p
z@OWPDzP>!|Uw+(&pe`#dl+S_!U{?-MzeWa({(bPqF}Nz`zVX^`5e(+0@&f`(Vlw)e
zM_;3A*^;_?BGX~YaSr(%5Zq$O<Tj7Cq`bVKc71V_2f$$5G}-=`aP%?2h>T24MV0Z!
zuPqs&>}HwD!muMqOQbAK6SVpG^k`q*DVFPtiVn)^9^37Nj6b|_d^H0eJ=JNcs;SA7
zU1<hTbHH!{Z4F?^39@Rz{@2#7i)swT)VXhwZuK1Dfq^FFN9yY8n+NXde;J<}9O^(P
z-}r~*@z=NfV)-oY8=M)>9Y|8Ygao#i#~W5R$pj#JS9#v0ct5|=0^kRTNQ~~6!v6lU
z+aCSP<)vSNt{9IV);***TxP_(M`U10>$H0%H8!$qGP|0NGwGD1rLYl`kOTq^iiwKi
z7xaRnN#-&;LWcvusAQgGTq3tSwokhcgt`{SgI030ndUnLM*!H!q_6^zH)}E%hFK<=
zRU}Ul85=vkZWXZnBqmSVBi|PUJw7{5*VCTES*u`B*u19#Ow?!m@k5o8nl>}NMLY})
zjJdbw^nQ>L0}IVh*@7IyJV|b^`_F#WCc{~(B_U(`F3s-Kq{@^kbG*_rqx;JhNI~34
zju)F55W;JX0wkWEGnUS(pVf;DMNU`S5@u!Qt9}vRovw_|dEbci^zo7cT|()Vav<6_
zjy%fE&4n2uB@NUij~GEe3`L{-jD?l7#W^|2782P$*c*lcL;xldNz}bloj;oOf%jzG
z%R2R$&4ar=gGCHs7<;Qaw>=?W;PG#7sHF5h5(;-wR8mN<#`9lgz|%v5*{nAMUS9x~
z)xixt`ig)3XQ~_O4&f07*5eC}X6?HI(g=XJVZA*1oNIpuVAUXCL+q}nxM7!WySp+`
ziHYJ~UfgBNjT>iYVoujGKB-I~ET)2s^9|zX7wAHz2E+{STME9H+Sr9~4pa<U?UCHU
zFK&<56sxQ4`%awU5fL?_Urtt9Fy<?C_PPRKl#7zR&r@4m&y0+Wgr08C9QLCOTn~ML
zQh7Xi?jQE@8e86EFHlG@xo&ZwpaTGG2)SNEn1O<aJ_c~<nZk`=$-E)hiSBM9%;y9B
zcI-zq!U8#^!BxCFgwyc|+7v8yQ%aR$R0swJhTOb7WSkU10K$!pjeR2_{hj(83m{he
zyHg%oJ=qMy?TfAc#oK6(0eLSk+>nqEh*VBzSQs%FPUq8}gZ1f!Wwq|PF+@<>!FVu0
zr2$-G^85nAxfMCgnmzpZkv+1c1a6Rm0>CK95u#x-7n?r=^ZELde*YfI2|_Ab%f$Qi
z>4IEE5?~7sPw@sAORlHj-OUUPi|KlVU361$n<tVHu~9m=1OYEEB)~YDT<;J$zsA;4
zg~=8WQxxepAHpig>pHt?3}CX%jj>vt<BN&GkeYD+VzAnE1xP+Js*^vkCIhftc6SI>
zFqlpI$NQuxo{4Y}Xm5ex%pd$BMWvKK!iTLd_^3~pG+uV-#OdR@mbm5d!nfa_$UvOL
zY4YLX!fsFaG{gJxJq}yb)l(lrI1U%DRVWHj)$TJpPM}~kOX$IHC<s&_20GoIEvW={
zi}_Cjpo3{s`ok0jr{jg_onhaul^54^ZujoW4WS3)^L}uXcZ$Wd>1E549vjkJsfHAQ
zvGjZ%IJ}>3NGK>m0$>n<^&^;$7k>z_74>GPPk}OUUjWt#%v4Co!3uwa&9ZD*{Mg8&
zZGM-)?!(pI!CV=cQh}^#@6gV-Z`=m+<vJrNDZC4@Nl6qonhk~vl@-8r?~a`;Q|mq}
zsaie!fQHd%^FR>#1uvS1-JKVfuyEy1a{%CP2?^OOl_S+cWy*5hrlE~LL5|0~sVOi>
zc$GFss@f~s?j5dln_FMl-Oek1fB^2{uW8fMROp}dx;rx%1K5*dgRPF`Y_Wi(BqdN|
zYFOxyCC5sOE8khYo!A}TiiEV6p#1u$fB<O-B#;iX)m-f34UWF0r6ho^`k|pF%$;V+
zv|s>6P^(G9zyMmP@kFw>x7&N5d)0Xj;k?yAL_EuFI9v-J!v^o2XAwgjuQa5HgvD37
zO`>Gy*yUGH3H;@alc<r1H*n7z_-t$#fG&dIgLsjl*xHC7D%uAIpgz9bKUxbGQ|Lk?
zJD|1LZ*;#W@J9RtL>_$;i$QP`+-f8G`ocn@R~bO>2U`Ikzfgo6hECfxHS~|b^hJOS
zi^s$IhjWbcUxCb>&(O@Q#I<dIKP4QCXKwvKr6=X&<<2upo^r9(;_4r*$nwqUE5MRF
zSG`+8+L0qvkf}sLcquo>Cd)21iEL+LhWP!4YIBj1UpaBO$E)MwZlrdk07w+(P9l&$
zkQ5mB9<a#(z@KJ|^IYRvzi%J`f|dPR<w1mX*N9zI(!mx8hQV-~9s-?4n@DIhECGOh
zeHeN^KMD%SknJXdCj^82Cjst#Y<;p&Z{ryW(*7IA_ERPwu<ynE|HdhvZv&_vZRSxF
z!U9$km4q~!%zM6XPxusr6ct=tg24@be`UuD4?rrt{!O3+G;LY(zn+V&;DY|QIQjaw
zlz*Kl=>IK|0yT6#?L8n}60L3D0X@>i|HK%mYw7$$Hjfez$DWD*<0`Pg@7PuXdPhU3
zU{+^O?)iVHq>4q#iAfsz#>U^efEf;EO9t*382HG<1gA_ndo&jLkD9875=|B-8CX>G
z@XwQf71K=`0-FC9+G#f!EO^(<^j{Jy@YI@sPEYau(OAHLsmX%DzMl?gss5LO@qdcP
z|9>4noB2!Eln;N>n}@UNJsJ!7{ENYo_miA2zO1NdwXd+Vas`)=U1|5s{XIrx;7=61
zW{~~O?B8poMr`Omt+%(T-;ykWzz9gqAqHwV@o5i>R@gG(u+z4a3cHQT+jWpDYJp}g
z^sJV=VVRu=%q&nQ2awj!S43*%yjPFYX-HC3U5zwh#E1;-E{F*;hpw1A?mwv1=o}t~
z-j4<18f@LQ6`CejjHfaMB6!bd7-;l&b5JWQnC#0&`p(1WK#5DXn)caf;KnPgUJBV^
zP0Fp9Gp@pju1A6H$!6`)Pg1oQte3rOA7qg$k2|Y_`GOyByhA%6+0=Bm0ok#XMCcc~
zfzjQEnd0dm90k*`>_6VHd2Sk#aNvkuM|54yTE{9L{gCEGb{dbTk`^1Wu_ljOwzQi)
zqN&tg*T)A4xP4#ZZ+G4T>kg%6&;ax8>G&a_ws=^~Qq_Ul<(|gFQnEroM7gu0B+JoD
zosg_tv77knfE)Z|BSf1Q!@*w4s!}|YZ_!}_woe~=?o!E%6ASKOusN3e^OLJ*&N)vb
znvGz{OC(lAQo-N69Q=FzGEVBk)cWO`vqdz+S=+NUh0ZGfP4DPxZIQlF*27!Zk-P;@
z&&(!c38-m+D}rn@1~zkR^$dSQzW2vcc}9)MbW&4|$M3Z#p1;24R)cjuU7p)$r1Cpw
z3|X%S5=I2o4F3?8z=Eb|aPXU1yW-RYW@DagiAc<CY~oeRqSG-lTFD~LOm`uDx$w9<
z*Qd~M0=Ic(%>-pAN=kU`kcKzeK4!*0CcnsDA$i>@_N6pP3N4Y0O3oO3o@%j4n#cO7
zI$?Y(7Hb>c(dXZE>mydAjt<#yEx69aj4CY|SjkI8K$YN81*_k&v=!KNPS1ms$Qqbh
z>tW>$SN4^BmcH=2DU%C$?lEQl!b&pmx8FG(S=|s47yf7_>#@n(N_cQLd^G^d#*_(q
z@i+TU9=-AEHgXmgpz%m#vM6B9QS*x;$JcPHT<G1SjlQvw6!g?P6$^}Z4R1dsGvbe2
z?SW^_s@)4wLJ*0{=Hoy0kQ@%JF|){Ss}84^u%1*5mR-1US_4AD;rm>NnK@Mk7D}2)
zjS#<@8k#nU=a7zYpLR`HQg#NT*MMs5Ud?^f8<JjLA>C+?Mcr94EAy|qiSIo}bL&LD
zik_Z#^L2*F=yB}Y#|ZjjL6R%y;jGzR5i&D|PxsH!_thCc@<t>x-BhxzN_pyQxf57<
zd!65{4fo_9kf^GZ6Hl)oea1u=HBO|%gX7K2cNci~lXS+_nP{VP+&Zirl%n*AQAW)b
zJSxz#(0IpAD7MFB+ea!Z{I1eA)7!)6ijtV{$~^9ZrEnE%jCYNKS=G#ktY4kg0EMdI
zxSMOAzT^Xk{D7ZPW=6Y%e8f1o?R<qbc1hJH33#v4akd-oD4x+erschtpZ*L%UTQ(_
z#>)le&w*o)l2JBou1A^^m8hIO9ed*z`16bVE+$T2ivlH6NoY3n*LHuQ0>O_+d?9P6
z98OdPL!L>i&4NEv0tidlu}2oa<FkV7G$3e}G^Z35r;d)5X);MjauDStrn6;+)#FqB
z(I;|Esih{LXR#}$qvPX6H{0Y{tvP;_J2+EryC<CY9!X8RK347Xe>NkAI!|PZi|fB*
zYTngz?j56}G)a96+^;-_$9Y7PTT?aoWz>PcaOj&nFz^Le^MNEH%=A=6B&q((_d8w*
zbvOEgRyL+0X9m;{GiZ;8ihpClnxI{j#qllAkBtHj#=#KFfR#@dX|ixnkk9DHUBSr}
z9VhZCr3@#@s5^7BIJwxB?Fu?%p|&sY_B_(mQI<oZy^Avi|IF&~_4YR5ILh&Mc}jAn
zrquQ9)I@+M{7J1pwP`jo=<mEgb@vLes)=WBiQMDY-qoE|Cdc@5`D5i^;?>H_QqIJI
z3<tg~p2>11<U`h%eQ-8MgqClBSS_N-f$ekSvA3d{cd*iE-}U2rUJdrx=01r0TI^RE
z7FqZLkuneF?@zHJuXpL6CLD)BP$l(W)EBs-Gg{d4O=IL1wG7|Ebri>;Wm1jcQaD?n
z<2$)0;C19O=&O@SQeKHGnT+?prGy>T;U8#rAj<GA$rM%9U>V!-KhPHq51>sKI-A0N
zJ)Fz;DcP`YFBX9$m%7_-;h<?^KH;&Pw;U~0Vo7>6@`a`qg;Z89FE`mrXmhVPA%{8&
zU*GyAni*zrH!#QEBD*W@MGn`}vI!oE<CP-5YV6AD2+u4YBD*3}<k5deW5tsB=Z?*S
z%?>-w8a3*$|C*Jy(W@>k1;f`wemI_;%XPbD3yWlqJYqPdZ@SEa$C4GNyZtwDBHMOa
zf?X0@abQW!?=S71=LjBxMhzb{Fsfl=w5;(K0z~eXra0|cZFrZYl4#2)Du!CZ_w%R&
z1DcSGJY2Iz#ahTOZuT0JV(u6w8l=2;2u`4=9$Th1U-EwTdoYgGk&MxJ)Uc04EvvX^
zG;n03JPzgkR^&0ga`dG+f@zj7$!9uy!xT=HgiMsT+g8lyOgGeC_Ly<N>K%M!N}O$b
zC&{l;hrf0!x05gyQKYh*RK8VzA!hhE%I!UTJ%>h$fXRABtZd~uU1@9PBV8&H0M+zE
zfj`{FVx=Cj7)PziV*P8M*L*^8u@|=)s>v-vUy%z=-;0G@4$3d)6v|4cl%CLvu&O;r
zHp|)5fztiE#Je&obcn-8FV;L3Hq&;gHq8k0$vaO(T{*(>W}@*&Eg&r1yG}e=r8rna
z$!N*04+M_F+b;Mcd%haa%bQuw9t>p%xB8%~D1W`=Dj0kB#ep>O3!m$s-Nl*kL#ESp
z2|>pAj9XkWp#V*Y2>YkiFr}`ppZIV1w3AXvjg%DxggTnrc&zDO!kU-PUS4zx&Hg%&
zPBpXNZx$d0Gax7u*uUSiMt~0s8rCtZZ)R6Y!H#Lh{5Y<0R!9=$dXfLm1;`REDQ9kK
zOmFg}jV_ef?fbFDo@*UxHG2)VWY$;6heeY@7ftw{rc_XIp$4-HzRbyw)MEOL_}sU8
zG-#fYy5)Meh3aY{kv9?$g*);?$aOMv$M#<1G@-~(r_VKBE4i5R>%OJ0{|;PRV^S&M
z1*ohMCcd{$q=-9ZaMrnHV)7UwEFo=Mm(m=C*5Us9yAZ#o7@V65&-0Qso+)M!N1H8G
zbYwaEGNwax>Bdl1fG{akh}ow$bCCxJ^batv4|%mVzrwsRQ+yCeRAYv|R@}IOErpLn
z-4mcj^8%im$-=qhn9aY8)mZ6$%PUbPswham%JwKA87&iJ$GiMl16d%?(P9eDg|Hbx
z$Tq_NzGccisaAfmt;&2?YE52DpBcWN<0;(vN`QAnaHEK+P*fjF_uyc*FdPT%eaUN=
z!N*qjc$HI`<;+I*s?G#j!T2)qyL&|m=2K%9q%-gWm36E0w;uZg0fLM*<`G*)j!#Kn
zB9uAvzO;3rd~YPtAu3)vm&kTNczuU<0>#Z7TCpXKh3!VrQ@zwT3&T$u9TC$X_zt4P
zUS7IUQP0|cZgr8dfAI)TLNvQKcr-1?xu3B2Ig&C-GOeveG70ni_Gw9&)*AfNH=B?m
zX%k$AaG{01>BEXHv*Zosv(n3B#%75FX+CKVr_{ZgKD7(`+cpUKS&aMF^~I!~FCgcC
zenV^ua_+MoxlI#;p;Ce^QT&c@C`zb=R&@3?Z-@)}pq{*<Q+C+o&H!H18yP`=<~uxB
zySJ&m<~u%L_EeiYM!H-S_t+2acQw)^`Yv*P_#WNU_v)K52>2)>DWB!M`c(KGBq=GK
z1;Y8WiC^taYx3jo8{NXoN*R>+e?zL_E^#$9rkoIyldD!^ibe{3=VK(;$`%nJyh6QA
zqVyAv9K#aXvHNhfRsJbfqNOvvX^nAZOH$Oz*7kuRKiJv8u)N1u=VKnXhj?oqOA_el
zKru#q#9CWYhD63B8Tsd4I%#j1k<voQMGGPWqmhz|!Ph&w<Q=RTti=WSZ6C~r3@UL+
z>M-?ew`)H!tbS39r>GzckxJU^pF!^U^SM0*SiTnGGP7B#ZO!qnfhr26zws{!2)70-
zft{#KG!Z(v_>|{H5%pYf*B8-=oM;+TNqKbIQ2PN{9<qEw<%O2o+>u3@ROyL}YbOZ8
z-9PqaMWp+9nUk52%odu!*GUtBGY%HbJpsARN#dI++9R_f3#BsMjld;2jH_P$3)$J#
z?Smszg@Z;oO7HI`Z>rsgAIag?<O;Rq2)+wa(<5SH5hLQfzL<_A-?SeiE||g?t+y#7
zU#z=c{OY9f8d75zIGLMhr}fmxWkU5Y?s<`zrlxt?$DxIqy^L|cwB6jnO<$P5eQSRH
z{<}cpqK8*va6VJ@p^OeK^xE-iGA5jkWd|8)3qf4LLgZpIKi1~@OAx0?X$5_swmp;*
z+W9rJl-SEiVFhWmh57rL`N-<)<-unc){2j;75`cb2VPL<cQCiou&W%GczIz@dgs-C
zRhliRJR+?Q5eMK6&P2zb`*Ag#<?7}3d^16kbf)N8Y5DUt;KS2k``UJ65ZE^=cKif>
zk%`=)C2{V+L8CBJJ;ac_5tf|7QYp5!vHu(P{X(&9iBN)#&R3)}p6!rvIVWrnKQa#M
zoTiih>Pa7JCDiWn7iOQ78xk7C@D20o_UGJlcG6E)I990Ike!X@4Ah(DpRM?H9i^t9
zUcK?aYr~~3(;r9nR1^;bV0zFS@@iqrO{s7-H;uL?(CV@ZQShwz4OGGn57lM+4<Qh+
z%dm4w&1B$=EPrRj(|qMjBf2}&Jc}R4fYz~wuOdZUNTgbiMvN7yqDb!B>L0JS&P~WT
zPD!4)PI-SlJ7&m_BbS{aIEXao*hBK9sab{|M~OcwF3F|Yteh`jCUKvdk@y;~*=sUy
z`P`_n_RBps8puJ&!_EmmrhrXRWY_DbFEGlK)7@D&+4f%L^|jrN#vc_r<zde9!Lo`4
zkK%FX@oc~T8GgRiU_;Lsr(l;Quv~WaYCqvp7O}i|xMcBKej?yW&=bfRwpnCpa}F#v
zg}2WasT_E2m!_$rcO#hRK0HgvbjR)wfI-qDFC4P-E~3T|DwS{!O{O3af$0;WFwOdQ
zb?Yx$B9J%cbzAp2Kk2<D&Ts&X9D7XxJ~S(MctbQgQmpGJiP@Y76RqH2VV3$WANq;+
z_2`bFVeQMyO#{I7FU~UGhEy~{v1h*ohfC&~Bfv24Wy8aY!^<oU^t_81NvJ}m?A05N
z9j9et5Pd1ehn(dhBo!43w7lhTQkl7ACq;C88jAIxrB*XoZpS~1XAo2={q({azZ<Le
zkq!^as>#)u&Fm1#w6TOH5Dj()-Na&HF|OEh3MS{fl}rRmp#0$!;OCiAvYQrjXg0PF
z62vn{?D;1!6IrDUk~N3dM{D6h?d{q_M~4b>$;n|b3yu|NdI%Qc_Qdj-XjzIik<3&X
zcNp>L%_(gmCs?m0#GyDprb>xy%PjR_dtlrh^S#tQaAJs+Q3}3*JQTKC=^*dwGMh&0
z%;9jYma+wZIEU4<YituQP4ez4Xk!(tjO~HhnqrYpMj^at=d<oQm(+`9Vx6$~6Br9F
z5Pcr!^BF+FRJuu&s^hy#Ax%x6Ky+_|Ck343+7Y&CR&OT{Vl<O#b_&(9JkT()P$q-B
zjjA03n~^Mqs<S^VRjeisTjY;5>vOYLD@1&;Ci}GaL?u-$RoFgA7p;_Y)IYG(Ir4sZ
zJfMN0+vy$CYI~UESugDWRP4>2Ja%hJ&d{B2tCbw5B5;W1a>kb5AIv*Lo(*L}XkFYg
z)o#$ol;k2?Yo`b)RR?8b$ylUGBO#|WaiEjmQ9hx4-bGjR>5Nk&n_nc!buI6;!?ynO
zOFzLC_;_*e>qu;1(bAK5vPs%4c6J50uU-|Q6fKi-Hrd6Q5lNot6;C%7pZ&M&?Jl{3
zfo3!MS$$bZ9+dpzbhZ(X^{8^D3<-&hl%^tzMN$W-=_P$z<6q(JF+e)zkUhSYzefcP
zv2Muz;&{g&C$qDWFs7B5-ItK@1+6ZFp^mX!J#Od0N$Os2nD%E?yYK4weOv0c=ee?V
zmmn2fJ}ker!`EjPv!+NG7`3V&pmTQnRQ|Olr^=C5dD*S*K}^m!Z2rV?Ys+`CrjO;R
zr(QU+o}OGrVs46-J)%(KzZ@PHDBCTP7&Iv;OOKF@H&*$(i31kd+L>X<Xub2%7#g1U
zgL$rba_W;AX0}j~1xgN{&&fnz=tlg|-}6}HzYG><DRC%yQhEw?hp^Wrm<Syz%|x+p
zT6}~H8u?beDvg->iMYp#;^ky^AL68}Od9u0ZU+nIV;K8TcAvrsW=r}oHb2InuDlZQ
zXMN~&ypD?iC2j?zEBm;3^r8G6gP9c9@EC!1>zC$VKgM@=6-Ajb)Oj9ZUai~Ttp$HZ
zl%@pDH(DIG-l<VcXfO5BrRQO}vPWfh21vWGLj6A1<OG$Ry>xf!;4C(7GL6uRMtc(>
z(loeI8%At0-DX4(SP!prr-PLBPmTpgar)Uk6k_T?DPo}SU8{lddDq?yz@k<FS*q!j
z#5#Oe<9TJ+Ohx;h1|Lmute>B+ZD&2Nb-}%ak5ALq4u3o$Wyb3|g>D16f04HeOI7ph
zdF=Xw9>bX`4*FLf8RMUPcvp{``sr0$f;;ASC!DQ9LLuz!p?9`)n=NH*(^^6|)YDpO
zxv8du`=h9DE>xa8tPBNRUudzXg5GFy?l8@1D^0;fr!E@9A?L&+MIK2pNg(sgoyS`e
z>pHy1{w|tl&aTLmJ;rg~uT^5E=R2DB`ehg!(FGUF%z?6KGE>9B-KmFdrqw5IAEP(K
z67}d}E%-c4>!NmFJ%6jc(EL?ixyX;Lsa~GSIbRw2YIWUG$8(ymUWbkzJnHv5qVWk=
zg&oqL&5CdsMy;?v>A4u{rU%S_`b(lk22mIOCGir%N(;bOP^Rbf^c5k!q*^<KZ%&uv
z8Pti*NO3njpvxyJlsplDhjyLb)q*e9I(OIm>1N9s35t%jF=uMfcR8r1NixjtLWQ)W
ze<1-y1EpSmTQLdzm*$F!`Ja;Oe@L817>PIv!Sh{(58t?7yxFm^249h95pW^Z{tB3a
z!SlnF1k=?_e4a8nAqoadG@L`Y^Lu8$z2ci+-?h@|Y!A(Lbc|KK)bznS@%5%7pFOkS
zXBHC$G<>MBGG_^wLek&Lz-V%~k)zcM{WjxE1;<w|h5SC#CrBY3<F$TVJl>i5SrG;j
z;vXe*&_s{27=C5&;w<^1BE|HyV*rpr|9~GVop{fx_GyS8i*RK6o;p9`US6O&6|Ye*
zaR4u4>YwZeKNdQq|I^%$&;ioUv&jp3q3f+<>B+OUpONFTU0-UWIBMPdqYq~-FHc)P
zqIi={<~9@0mdxhg9e%NXw*PX7Bs$TQiz2VTa%;s)(VoCzMVC8{oapfTU<^^&z2MV|
zX=>hMVj#Sod1}?2F=9li+>K=<Rz)-X@>>O-AdrCh&v36|e|VQ98Oo(f!f}XuA%go|
zUfBND0MF?C0dsEtx0uva!D3N3O@zV0gSP?;0unDY$F|~&**ye$mh!ItKWXeW-zk2`
zRlE49<_N@~^vC7kEV?#fs+4G$nW)Aj|E}r?_r_ir$@#xk8Gl|s-1>90I<QhToanD9
z$g#><1eFPtslb+cloA-O%wMP1L(1v#$)<tF&X*|pL!5Ku9xUV_HWaenourNXVVfG?
zUbB>g(-yhBK8AeU7?F?z2eEx?v!MY!lZQ?^Ezr4r2tvU+1@%9-vnS@!DaL>8iD$A(
zWPBuJJ>?Y6T>Bu(TF*=%BOm9okunRz?#$|6xutbqZbiaq_i4K~SJ0F6*&|BH?9WG@
zDv(OX+}J_|>~j6q;`&!<V`KVut^CO%!9Lwt7A(ho`Y%UjUiAMTRmMp)mH&mx$YR9k
zma{9(a~yFug}0!JH=v1+|NL^tSY_d%l~JrMmfwO;Ku;Y$K(EJ*?!_;2<-b2&maRN&
zK)r^~uWtOYAo691ZL~}Q0ya$3tJWCf2l9q+>e6sE9k#JE@%U<)wnPyU+vi&)uJB1c
z(d!H{KM4{}84Zw{ID52NWR*cHPF^))bGxI!KL*umbNwNy&vxw#rcW|)Oll$PLfYrG
zgW5{`PP;C=@WKZa48LaeR*aXCx;s$@%NcTy-U`##_9qT$v#g$KQ7ui?;JwGXg@jW^
zbLIJvY%RX7CS9`l9v4I749dcZ?>F;u_V%ZJ;262{^eMzWQyTjRYht$A%uiZ^73j9`
z>h3>0@z&OtN=e4bw>Um0G^w$m4fR%f>AP~)zF}u9DJ6jiKM4JKmm`{H{+aW~7)|nY
z;|-ge@R5A{X&-2KmCSiIh<(;tx<YR~CQzuz3SM8bWMfTntLMAsOtBbrgPg{;FQ~(G
zet?D#wsc8W-{4Hx=X5nOS%%ldE(DqSxmZ<oUNkU?IFEL8Gl2GNYAb>H1N@P&gbAKS
z@$tjGucLk2EwRqgeAb{?3k8b{YrruAIX<Z~R+Axi-I#Qi(8|(`9ZTw{S{*rr$w9go
zTLDQzew)~dW*L@qG3m7LvE2KB(6rE@**fdzYPPewuOj+s$X?)yk4_B7c#GI(^Mkk{
zNG1lZYN;trQ)U+59?i&r8IxDpiFx=^gh%fmUxz)h@sv`V!WJRR3M+nN<bi{s-M%z7
z8rH#BXd;!G#&x-JF%u3I)wd(Fbud?p$C83zpf`v-f^#`0#phd8%pIJ8UcY<mzsg*$
zkbw@ZhVq~s2=xU!T)R_El?!uUIp|m0TqaJXpFPb8{F0rmiSV1dp<r9IRMMeasJ+dR
z!mtS{+0nSZ>K)1=WoGKw-*<ul-oBm0G0w+L;h&EG!tP+e6o6B&-;>U_$TE|p>D*jR
zzPUq+FtZBo0!IX5(Ko`k_&%peS&UON7xyQ6_j913bcd{YMmHOvguP^#QZwhz;_?ZO
zy({SOXS;M)`9nK6O>|dzu}wVnyJBn0Gh_<w7*?Mi4M7d`mEihQltTz~klpk^8E+u`
z%HyG}>S>cKV`fClP+gFGwu)M^w)QxfCqaDXo8wle9j+p4Kg*Wm|Fte9`e~3xMkNl>
zsgAGfGEf&RJr{M~uL_19-dxI7P9NPqY}VN~ck$~TmUW;*WB!D};l=JR+zB3xc%0|C
zpFP8~NbXP7ZHN;WQ%kjh|Fp)U&EXO?AWU#UorO_Gt~b`b-pSVyTR-}}3dv}?BCE$z
zv1zLg52O`gzCwPcnAzkMrFZw!elO&MO}D$tNm#B^oaDamAqO2LrR%=`%SA?#@3-Uv
z&aV<|&m3-tkebdc+FI(H4F*iU+>@8rhqgX9Gn?SzUj{L|hZMw3it~9=W=x3G4}mdA
zQxiSEs(h|E4jU}P512}Ld}&+1%4Gw8i2>sAu|r2Wvx`yv88@eTlA?N?zm+^2Y*Mkf
z_Zhj$DwcSIh<n}ZHc1>`B#h&k5EGQp+pV;T=DT4&+@W2qLGF++5(*{=m3%vlb0IlW
z+|iGm&PCt2>8Z(<e!6WkVT=7%QdB6qVt|z@ck1CAv!0tl!N&kq#j%*eiZf;sihAy$
zyVmGPQT>OmljE%Rf7W$ii#)E3q>+!hd$dCaEg59pucO?gj;;mbAapEILa-35bMt@a
zGmd`jc9e_R?5(0W?zz_q!c3|vDz1!t!Wg}TKMc3FCU@WqUmo}N{y)h&BPl4@ib~Ff
zDi!5NdELe2s)Hc6s3?2mI*{AvoP2R)IMi=D6M}CTCRL*F>Gb}15!MV!{?*?V!i8M0
z(a(3<)vP7eukPn;(qFx!yHTu$+3~nXxQm>)J<c(Q4@KZT__^*FvxA}$NJ7!`Hjq3m
zl9NiKu?F{$jLLuh3_rVn`1i6M;m{E;!_ntfAbOly4+05#UfjeH9%H%0y#_Q~?yKAx
zPUoS#okJqw?Kt%oZ5?d2fSYvA177waL~Ns@WfO)4-}g$Q3U#UQODLpd=l1fDPIemQ
zP9IK~XsPx8@kDapy!w*%3vXQlaoODVsmi(*e;75e(uyx)&D2{W4BCi2xs;BNf;&>8
zd#Mlmy&42PttNa}BUKM})I50Vy4^Pe=I)NMWQ7?@>1uVnMiHNzpuUkNPvtv{R%Q_i
zFDs&s0!}F9M%4#Y)n4-a$Q`Fr#EHzwVum4)xmx;s(g%xznXG9Fhqv+@+XpX(iQc}?
zR-1kiO;C6T{2Hh!*%sVBxNp*aNxDAOc9w$EcIXpoTw#zl+#x=&Bz)@Q$O*?*K(4KF
z@pJgklAW$L%ur<t83VzP@%Tk{!%b>(4P}H}NZ8ONR6<_THm+t?8E8sp(ca9=N{fx>
zI*2`|^xXf{JzjoIT<!V)1907N4muoE;<H6>-Vx=XP-y;v9Bm>GfcmW_V`3a05+czz
zjOi@Etay<A`AbfgAj=bOGo__F?w6n@Zxcx#jQEmDn>CQ@FlH9z+)tmcQjSAZKQWMg
z)PcFGQ<!dGn835~-LUU1!>XB&k0n)DGU@+Jma(u%q6!vC5woZS&~k(nXk57c?*)bu
zLiPW>z>x6!|5ji?o%)x+z&h%=Vz#3wTFVA~-lQG03T<VSr>Hb#0--aM+Q)TY;UcUv
zLcAHOmLED>^Pmi5jCXGh`#L-oA;PNVXzeZero0MCUC(O8mMV>RLgqm*YlAz2sAM|y
zjj6O?DNqw*?XzW|abhhn&Tl;hhauaFEQ>pHy~udI)MWhbG^YGw_pQJs%5Y*#osC2`
znku7W376VqF*8iZt9H^LWbZ-+;rBy=3(Br}-hWWu(n37`;U=#_*Lqt?%KcT_?}^Hb
zzZa@RhMCcI7-KB@>kBRi7H|M$ehaN{7c`94*=vd7bENvc<qu_K27ITT^IK`OkU)Px
zK*>U<m|H5lZ04CZr@H9}I16odETKI;=#N)PG7+7F(reCgb{K=L=5}^w#~<Y+BNoKh
z7v*K~wR+iTm_(^W0-axeP=j&A-Hhp<`Vw~6d-BF>iFV`hzg7jco6V>){qjg9A~I)5
z!+-55d<%?rh0aZ9o_;l+ohV8z;)!b`#L9_7ERs_YGHfp(q{d~88Sr4@_)Z%Bxgzhn
zK`jTmwxOQUzLhV|43~g<lROMtjKS#GgVqW{2OcJ&oaiC|!Oi2j4@veycxUgStyZ3u
z1}SH?)hHGI(&T8K1s*=vfr2<0t`zSD+Lu+&-%j`=3~5}y6`0v&^{E8aoc3fBV|*%{
z3s+ozU4WDe2U5a~Car(=&Szu2Ji=Q00?QO5M|?OwKYp1Dy-M@~>uFr{bG^yA-uT2}
z)`KI0kQn|S+iO+XbOgfA7b#1OxlH0DB{;Ea>UOe@H2A&i+j06=Z|0gdl&J<dSF@}P
z;<b~t(Rh^%1Lp@&$BtMAcr2#i-S}Imd&5%Y{=Nkf@$*IEJO+$ofGhQXQ6eH(u4PF(
z{^jlEp~N{j(3QKg>#CmnOP*NA%iYeuh|`50aog-aw*wp0M1M?O6>hPR2qpYSj>T=v
z-U1z-Zc9*Mf}8CXO(uPg>YYGi+~~na^QNtiAER9$y<#nU0ma28`a&}rhr_NSDc<o@
zw4lbz$EVQ0Z$bc6)E9GF{XaQ&xKqO4q?EruDCl3qBpoJ)b2uf2+~ld1xk(icU2Pm1
z-NSrvJbjj{WgBy65sA+Cx_Ux}3W%((RilXYt3D>E|2dMQLc84Rjf!f)i0k^MPedeJ
zbucaYkQlk`te|iZcJgl2_O+o%8(#mo&p#@{E7b_&B(*i7zyCYzQ6%;GWf$K!f4Gjj
zf>^NPvl_i^i(k|zG{w~~uM9g)AD~^WSh|m90{_n0QNpzZ$M+hXdZ}yrc(3~Wn;-8y
zZR!E3Jz@qzYd2=<b5)fa%jV@(uV2`bU3EGwcpPg`ZRZk@Xm~L9!J!rPs|?oPblV=>
zFSf3R$fYJWN?yOwSjwFwBOKIR$|U;lBV5Yi<C|ddE^Uv7lLi*CoI-etDzniSswixw
z@El_)q;=Ey5)7<V`YB-4Bq)^A*r)7^TuPa~bR6_Xwh%sfCp8N?+QK-_rMeOCmi}U+
z;{!%`6@E&X;xzy@F)<~p)iZ|cmmJi?t-_N05NSM>nvpSQO6tG`vK`?lf-mcu+e*{@
za7sKrFfDc;pihS>DVChrk6QghI6cEv0&vOS>CdDV1+`u1E<rC3L2Dds1$4aWlCrWu
z1+t`J;B~E8k(SXM(mMoUyh7?)KMo<IWmdo8f|zhL*zI`mJQ2TJzrEe()^orLIh2<F
zX%ORiu$}lEf5IES7V_nu_AodCioQs=fa2%^_7mCV2m@=lYmTz1(vNI%nV^dGiK5Tl
zf8;hBJP}uh^5{mW_yUWaww`Qwe~SLHe_X)sYm6T;|3RPKd%Sg=!k3IcXJgvo3y}`j
zqM)1RnoK_O{rC=A>qYJhmb<?YRY$J9LO|qy&k)I&RFg1J2m{3*6VVf;1}k}L+=@V#
zGPzjIIdg0rd6+y`<jw@)e0(bU+Gp&9#`FKo*+KOyzNN2!#M^3+D^bWk@@j<wQe%>3
zJcqe2iz>n){yQy)EG(q|PO|#Sg*80@pMaHq4|BiXmQ8oSLnvc${-DV1C5M8HHB>}g
zf;HbP-QLVutSmWU>G+X$r0`|%?HoRYfN_Fn3v+)Q^txpveH7S*tILrRx9n1RR!Ejo
zQ2U2<e3=V&1V?T?^A1-NLj?ksIz?uua{jJSV^2kPh8ep7PA?-4zLriZBLlRF|2=#b
znkw^e&d+;Q9@WoPr&b<v%YFqF_yw}IX2L;q7w0LV(`%Py#XQ(@<C8PWdpBvATdZ`!
zU)OHUu9tY+VBR?lS;3CVKsa-7jx7o53uAVrhaKphEWQp&mg0C1$$3J31i_M+pLu<l
zp&w>vLsMtL><-Q8N=3LcxVn!=Wh+IQ^z?F|OTfx#>ejD^q1&v1bX;(mN$H&SDSfKk
z1pc?FYR4hJJn8d@4v4<?hwF0E>XrTLv?G0SEli$4NQB6QsT>C(Pv^gk>tFWLO+9p)
zufj%XhyR^j^LErSmZgnYk=9<{ef-tK_bk#?91}UK{aE*sSB0_t^MA{?+T8KzDcHN&
zufK5%!Zn+osd_#$r#C~C&CiR2nwdRlF#po;KmHlZ9rkQ=`oPlecX|T%ks`ZBW!b-T
z0eJR8s^FMfz0Uc*b_LRmyT}0^N(5S?2U0cWpZDK*6c%btevIpqGBe8PHS~B=U#yHK
zdOYk`5dn&1M1pHn5w(a?khy8=e4=T_lf1zKkm~_m<Rfjj<v*<UW_H$^lg+vM;TgR0
zK3Agdu3SN(3XU?<A3=*bJ~-KMgzh$e!SgsIq_0O<M!CmUSV4dql_K;S#S;>TNL=aj
zLd(+&BqjEOj>vTTQ)<oLH`=?gV=lX-%druGQ{Ck;F`X7eyS0Q0Az1#jvFM_eD%aHU
zqGR(p1c#p0v1kLFFX;t2pGXntIo{CDT5e6x@8qy*9vzbpn#(CmB;^tuo;jBS$4*+#
zyId8x6>#*qoQdI5bl0iOw5)OSk>@-<4S!G({xE<Osec>v{ux}s!%B0Ebv_GOzTG--
zMp4Im`OE8aR2v&cE~`Wa=aIT2Y<NkeQIijD)!~p$wdyG>>)It<)O?u23tV4GrRtFc
zwUf4cF)U2g%In&lFQON}axl8I7@2rDVH~%nHz<c+yuh#onX-H9Rr!dk;Q&dWIXYv9
zWp~S!!&RGm5~Zim;ytXU6JFPj#!qi6xpOp(x!6H=_Ey?s^P4Kpn4quJOdNv@%&JG)
z>&O}Dq5}*@plf_QhUFCUyOGqrN?UV8J_Jj-t4JdbO?%j*zU9oIfwB`L`%3(Q<Vv!8
zIzWssr$Wp)*{z5Dj5>f9cs`10rpaa%c2sPvJvWjCYKjbSO5&igIf`=UODgdFEx=_x
zn}P{0hyHULzm+3VuKe4g9OUvqUZ}&ACX)j*SuigQrAckvUQ!n?fyM$FuP~aM6dlo8
z7Zic>Y}cOpvF=WFAvGVLkpInE#kbk%YtYl^^6^6}&aI2ASM>{eb|h!^{8$|8q~rd4
z9@9yS+@8EJv%R2Ea(nHCWM}K3XW|?3D2qY@tHMNK29HI_uMPA0ka8n%6Xj6hWtU-m
zZHR$~nigjSk4zpSLI#qlvC4<)$9^R81;$Xs(PgG>vwP!}cbW&#A8Zn9UEnX*eofV@
z@Tu-G7es{6a%M{KCSO-$lIk32^`~6WB05>~`H8%OYAb#fPknlIM+mCeb6nozVojZ5
zkikK7^=7NwP-c8k^D%qabu^B5KTwIm8z^KpCmdetzsM7^;`H8>%8NvBmOf$5Ufy10
z=Hg4DWv#EZ#~yYSpb+utuzvmYTAGmVIztfKZ@)pBugu-mV_VN`H=WT$rug|Czb**m
zs~%vqY5AenR-&Iltnhh9lDD{EIM&a!iE6we>#Zk78Aluc&7e))z5?TA`4Ae`VYB{H
zWIU4DZewIb90#2aU(`9x+d{$xYWu0Cvx-W#M(%Q(1VbKO4>GTxp2kDo(i@h7CcRKe
zuG&}tRaUBCGRw<E8)G!LuZzPv_*qWxkc5zs@Zt^e1Q5+hAw3c8iPgTnwDKVjS<Vz+
zqwgMH5wq_);v=(wo<UzsSFm8xp!oRlx|SP0r<X%rinlu_Xp2xi-ZAxgzKs9OqeNyh
zTBy1sDr>3h|HzN3fTOO|BH%oN_K>U7$}ebHg(pOD6RlG7CrcOJvtBHQ0zK-u0eal?
zWPi0>doqBCZTvne3VOTei}z@_CW{Ol%;&s#i=Qu@c*bX1L1JE{*_VV}%SbVXXToqc
zJRDugr_fyAcjoJG{|8;?7@bM9t?P8sVW)$RZTpLD+qP|+9ox2Tr_-@*+cv+Oz4tkH
z?0e3>^GE%uKQ(HswQA1!yzi{GM|6}IuGVeAYimU0D7$lo>;}#!hl8;2l9uS&k06*g
zn+d0}h{+#AYfs+@DRKJ;?`kcq%X=Cw8eudzR^rYsCT9w{lw@h^$B2Sp;Izvsq<_w<
z2VLB4pGU#oE`Sri;gDY2TVpEC>8QIWOs(MIj+6c#d%w11^Bqm5fjatA?N*;8``mYh
z4Zj%<D`b;(L;4CG>x*-h@ML~8pYEWMGe+XkX9YK(I$(<{S<B6wv(T$<+@Yx?ii2p2
zqu-$V%iWLi3^fe?6aUnJCY_amZ{}4}=9#8nMwj0(!$T_~oJ_WaMLyxOBPuH;J6A+n
zW>-2siL}wxN<9CFc9Qqkh%86=TiAX+e^_Mr2E_EuD%_%*Hks)7UULg)cl{(AOCpi&
ze9~mG=?$A*mKH<8Fb-tsFkOTlpK2F!Kii`X%(nk8xng^&69#7<dopUu%wbiYqwXth
zC!htb>PIwU9AP}JBj}c!_Ep%|1~`ha^@7;__<?=Xqw~n=!hGt_fYaVYdK1e@P$mI$
z>CrIv);;;AEQ}~s!ICROA~+wD(25Wz*1ZUD_Ij%DNGk>{kb!lYG?>zW-<=hfD@Jl1
z&!LitWj*fm^Eg^*oQ&ykCuCQB+(Xm=8=_5`X~~+b3*~K54cY=dzvpXMS6-Ly?Az;T
z5%)<QuDXZ4+?*O(ABEz_h&ftJ(30>Dmq?Q-JTi~BSS(4N)Ndf>oOzT|_YyW|sI>Bs
z^Wc(CKx_?n@5NDXGyTC>>B@LE^vo;$EH3sH?;SI^YYVc&KJQla$+ABF*e{yPBW06g
z#Ahq!$ObIx>?UgIC#}DVB=&r6sYKO})fH!E<D03XXHV4m78yyeX2qq9uAkdE8<I5u
z=BKEW??$72+gqu?1=7FaCLWR%F}b#3>YGFgcxb_v3q%TYC|}-v!dN&yo5_Z2as|0u
z5dyk%>CmF2G;@()7?F9imT$UCgex$wsZd7@@nD#6mHals!WCSXTU7dZX>zy`x9Ww(
z+(>@uqGcF~wpP`1(6XliS`OJs+H!shHurFfAP)>J^u!+~uXoXMp9M_yW16|%{Poxm
zZ_<W~B{EFSvtal14L;*CIQL&po-l$7I0n5Bf^PKH#E%LC-BYHryM_^;#mtwN{jr~0
z0kHE%rd*oka&cKnQQc|agP{8sXW)n0hue8V-D+l|@CgOO6qd?P^N7l~+_=c9^v*0d
z3{NkO?t+;6-J+jJ{&3Qkcdhbpb)I<nvt`mkxa*$R^_!zo46F%p$?+=laFnwOvvLa{
z2({%#!8&vHZkY~Lvq<a*Qn&0T#Q2Q#Lri-FQ$FDwdjw_aR-$B1bCM5pMwh0@wp?-j
z+=|Dpok8mPC23qU8r6Kkh-*+9Hoti+aPeL<7Zqg{4;dWG2F$0y)ZMA6_qimzmF7t;
zX6JD80J8@J?3p^uQLl5n#t%E}O3FHemJ?Q}o|}cak)O~K(~^8D-JpveBj1UE?(V88
zd7z6SIH}IdDP_VyQdXtA>vRT#b-KutJ^y!QU!ueK>OkBwA(T+U{8AyIs8S_@6e>RX
zpCw@p=vyu9Nn_BZ2c&9eIbKnMJ`%M^+SB_~$QNqJ$CJn94swI_tHw~g+P*t45|R3V
zKESbmvRl57)H4qrZbuY}b+3MPH?gg^hfV0VsH))iTj=M}?3hO$%C-IUps(oHom@kw
z4Zu%~e=QNILWP-2*5RkGEe;3+iJ8~a3vMz;Rc&yBC$d<e@~x2C(_j6$&Wkntlp>LC
z={=4I*?o8irc1=yvU4Zh1Mn<`4`kh#SHp9b;YfqH(*HQ;Oe0xLmH+_in;^NJ&5es=
z(_e$gYY<y6q};o<DT?FbP592rQHR}%i1H^1xyKSEl41Cuq0}@o60)+xVB{!-W2wS1
zwf{^H%e8pdPHpKfFV@J4bHvMvc+jFQqCz1z`*#<i6sxo9aumr;<U}McpbsuZq$ARs
z(C-;ABB0=?Vb?w%JVj6{1;7S_e$FeZ^6YCJJ14I${q<X3!fZ`a%0bgjCdK<!5v~HY
z4r-*Pp_xBEiZA**Bt`jR>aRU1_DafF=zvWodQ;SyF?*$0L^KzWF$wcQ@&Tz0<qonq
z$EnzJQ_yE4QSz#KgQC<Uu1{6ih<UxS1v*!yOlQ$m8TAB%kn})0HZB<En<C>}KL79Z
z#zdy<?^b`D1D<jqEN%}^jK0RjXefp1DdElm@GdGcbn+Ft2=UmPM69;|6q5Qnl)rqt
zv(L0kw2C??cW<?1igHP6`XtHyB|maN2fxpB;!hcI?}Ye+D&ol6K;O9Rj!&-BHyO_~
z^FTBYd%=_DulEX?(@pk>xqQQA7$suc?n?H913Jd%O7d53kvr-kX2EY<uAIz2IM%KE
za7|DKA5%YWjF?vgi;Yrcy4&siU0F9xSiu<EBw&s(U{mj}0N<a^DeOg;p1vUcIVg8E
zzs?)t=<~|gdK$BvBHwx>oatk#M1AVh`B34SyT5=_f0294>zUmr@hwN}F}lOOQ{J$?
zCtWF%Hz_NbjWF8+eCV$T>xlpi{cwIIs;8VU;TNxnEr-Q5RxXnN_*KmFum<R_VlM^=
zp8muY7@Efitx4Gd^$#GA{!$TqQ1qFZ&_b%SS7LF_R#?wukDuZkFVwLdpn#SKaKR{1
zI^-PoK<yXJi#oHW`eD&vaI}M)IDjW%uOI6&g97a?M!1Vo(gb5m@R~$q2b!{>0sH96
zb$KO@j-!@XePxR57w*|2cvHE$+=fQS`WvGd9heSsI)lJ-r1tioMR{?4{4}Z}4@wB<
zcrm|*dlJMXw6W4L!Csw@XR3BAD`(4w#isri>UdN39L@`kaO4xO(tR(`vAHkHiy3ca
zAmV8xqM?sHvdHxj@Mssi5P6^{e=O89i`3ubuHGCM5|RNQ@@G@_Qcqe)`x1dN=Sow}
z{eqaaxV`%k{<GEjgMehI1VQ>XPO)kU%0p#A&}JbH(YwN~mrlWRv>>0fPgQDQ)R5&4
zZF0x-fUFXGt<~yxve^uxG%|6&UC{_s2!hD;isSyhYr#U5*>3jfA}PsT(48q^*~NMw
zCd{8!lCCTZ<ddTCL`Bh1iw}wfoC<w%C~_&w>E;}wpD6e`aNAZkq8={fT$yDSQ`wEQ
zcle5sUDSwi{n|(;7wbQcRC&CQat`g)D~iC~69}l)IB-jTRY&|vu(7XEv9zLzQ11}o
zcKh2lhd7VR6c3l|fUN96zup#a(<?w<T&C!nu1x(~s;V%TPbe#8Ofjh$Abh#rDa)K;
zq6URuvyPLJ%)w$JL!MnSj?VHSn4U4lZzE!uLdzuQ=Qe>=lV}r(x0DRyfq$H)xKvH&
z(zH)*$hxz5H+8Xa_u;HX-WT55UB~dZ&r(a83Zxf#jh}YjcVwo!jgBVCb%$y+9}<%x
z_vDBQJ*z8DJpvW*#)s0a#gd8%Y))t({zot=JZ_jQ!Qb75QF=K85*_n+##`tX8RSG7
zOci09EvFD%Xk$N+GPv>POB?#yjJQ*fW{y^_l82@keF=-D%4}qzfhJs*R}b4AbBM(K
z;5%(DY*%T>-rCiqv<)pgcsSBp!>Arx!04K%E$?m*MGNo#F{`Y)fQqaoBy_Z}r%sJ$
z@1{^e3XXBc6piBaaYf1JT~_p$47@sM#LSHbkR=WXj&YreR$n_*-E(>RLGIY)Rs^`o
zraq}6h}+g$8%kai_(5*!<j}yJydFykst=fsR)b2&vq_eNvpvz}mIKCd8?70RS~vf6
zr5u`bBiQUCL8zZvf_PO#y8;r6h|Fo-V`<G>snFSIp`0yAKIT}dkAhNlRy$ggHgCai
z-pvTVP{&uQ@Dv0gb{D!Txt09WM5FEWuHaOhCh;#fsYZ;!k5)P<!(Ffh#KfSCm0MCe
zG%b=~i~vS8P4t=$-i>3TBL}rkuh#ISq<SP10!IzcwaqA2+?bI%y+ICZsSO7(;G;q=
z6CeKP@>HqQ`P3!!7K@0|rHp%_;*2B*f7xg2X%Rfuf;wB(6qGoc#luR)cxqFNmOSfT
zp0D1!t*Mj4#HSt<oPqedGVJ^Z6dlk}F{HcWsKu@{92@Ms0S}Ci3i^*e(H@uj${A!@
zbLqa752~lRDI`QZ;zTb#w>i8gZC6|ivNg@zg1=o$>TYsSG&(yYnuf~j@##Z?j-_Fn
zk*6ymDRJMsQ{DAxUP$pH8#Fy)u|0wVR8tTng`$PeW-2)`C9DM4hD?-uO)m%Ym4zmZ
zNpZBMd?H5NUe68RGEdjLN()>SOdU*SfND955qR%}VPCSnQ=X(Bb8v~OD*$~0c^Xs)
zrut){HT$YMWWN9_T+)<j9f~yLR#l}5!J4a=GCiiZPWW2asV7)e;CA}+?N(<uU6Q=@
zv&efO7+XU=qzMg~!?hKNe~)Z_(XRFjjI>8?8Bh9_#k>V!MM%l@#e3j7%3UbX9Jhm-
zwBc`6wNuGIQigtCs63CRcHb8jNcXNO_SO=XE!Xs5-LxmUkEc_jo68wjE%EDh>dz%x
z_8sHR<I+0f_L?6%cf1fcy@$jnJR)JPewikW(e)J*Hm}jk{Ii;>0CpB#oCD1jE05|>
zpQtd3Fd%9??mv=hvExZjPEI9(-5e>OW0ys;Mw5pTMk{Oub-?#9U%L9yM)QKHxG2cY
zO^^mHZ;sW4K_NImL^G@%6Cu~VGXRhH6G_Yi|EoeJxCwbLs8`%yz<D;S{YgsVRWjMp
zAE)cprXFIQ0fhKe2FT5qJOMrCY74uVPNfJR+Z-Q1d7UmUPlVUWdSc$TRK8&>;)F2d
z2Res=X&qE4T0OiM?0aVbP1=Ac@4g8!r?hJ!&Ym4tiK@kCDY^}H$%y48WkOeJ6RO|X
zfwVwkc^8Qpuz!5%prNhbX-?{Y{d)kV3#s}4b@N}>u$B;}VQM4~Cv}X!dB6qls0uy_
z0htXT&i?x7WR1OkOHhA@;MR*K;Zt;R`98ts&j4^dtBBo{Z-XRW6fa<5z7T_8EQlS}
zP^h*J+_ylY&9a{PW2#NStw$s;cK_|<)#e=(s`twxonP)S8|~F=>}a~tlj<nnF5N<)
zFSTzT>^;ZSo{$`fJ~T9T&TQ-cO@B|L^ryGBSV8wYa)-Z82=lX34zDD~CkklFoZepo
zf$ruvQ>Ry^5kC5%$ASfHHms2W-oH0nE%7_jKVs@w&)>jOY_#`G>ZY2I6y2tV!)*7e
zyYH{2cv6~S3p<+uB%@y|Vy^2teHOj1nu_fxk7T(UBHZQf<|+HHr)}+>M&~nUg%7vv
z;TiE9aLlQY`u1fhH&1$BI;6qn2r*!f4(-)HWnWJ$0nw8E7wXsmo9`pFU0!>%L%j0&
z-*KFhux{ib@SF#)_58vP3rRltgl@?v1Y|tf_qM=FOog7HH#14T+Clr*7;HAA!6Gc^
z_vMza5n=V1ULM;93^^`It<D=d>v$9uqp94V)F)=46RMkTNvPYvhxa~%Wvrzm?U%9o
zk)x>h171XBO8=h9z2T;o);f(^ljrEtl#5?-C3wc^hN_u|uU(%>{P7#znww(qPEFF_
z6UBH3=i!s+T}7wK;oXc|LvHltL2m_33M!hh3wq<52rNGvXEA{=leB#U-B<~5T+|;B
z0X@?!Tcp5)%LSmI(LDAIP6qGj;Tkk;tG2Rym9y-sW}+ZDhk!_DeV9KO>-9MdN0Wp&
zzkfQNCaZBXey$mFf?)==`hq))=`BAEYAlfTlQ66Y^2P<h(-yeV6zf*9&x?P$&3gXe
zXt)MR=UZgP5^dX4Ie9aag%NKx<`u(C-Ge%ms{O>I+ef4}Yr2E^%A+NfqvD?${roNF
ziVSJX5kp^=nVY=eaQJ}Q5^L!D?-}BGj44~qMF7jCw@+&!O=<aX_s-Dbi>P^z83~H+
zhelTLQLD}PEgi^wsc_N$9PuV45W}}@lK67Dx2FU3moMv;0(>Or9*fvOudLv+C?0`|
z2*&XWtf`Q(F6v8RSC(fzu&BAr-L1xKf(r=J?Awst^&8&tcAS3^woKK^MIEoC>FC+}
z@%Q-i#1G)M9PKkrZo@ZxwHfo-sZ6LCQUVsJDcg{{Yz99+@i+G8=bHSEA`qy=7R_Pt
zo&z>@^3uDPZ+}@I2hUfgb#-Fs;BpMT>E>90N#Td%TsuQ~+B`v`xF#>ERBV_S;(wk#
z$TPQN^=E9TvA)>T2T{7CXisld8UrZ4EkoFczo{MGT4*>}cP|~AAAV2LJtc7W;kKMx
zt(MNOH3BhHjWt$dD&(?g)bFqQoADb|R0P3$|C86USPr1TZ16fp6QRq8p~C<-J|khU
zsR7sRdr^;^LsR^FC)aH_&kH!Ag%bJQ-49?DA9!gtP`bOGy2K8(7zyvq1cIvh;=oPr
zTJkn->3qxp-d4cSKr9rx|86agi4`%M*Y))e+&hura>KQx4;zk5;*?iADn&?VIM`f^
zha&+`bZV@(7kBRE-2!xPe+UB>91<pyu#^(QW`^jD&^LTN_IuS|or?_)Z{MPyGxz%+
zN0!x5DKhdIh`QJM(yqyW{i5COab*BI?V5J!ZG{$0@!ZD45Y%$Q7hUw_3(P-JlzyOy
zIG0HAN3`bI3N_V3w}+n5VrxpOX;-DmoLD#;|C{jnZ0nU{@gRDq$p^yEFPgS?vZ7TA
z(XrsF7p4osk7%#8smk>snXr+}oFen*{6jZ%jU_HG!o`8`ni}md9H1>2Te{htYnv=z
z=G;VAjLnpF%HWd4*MJC~zD$`NWRw|w_!jJ&5LrKh{h_J}hsvxpPXL3oXr-R7+;?c`
zqnnL)@CzE}mnh8D@3G3~qbayPLS#XEEf<bf(h+UCQJ;JXUYpoAuNYi#;0TU%M@jhP
zC2<jq$^z>vs0remfgmhb9pY!3a7xpp5D7B(^}eA;$w=!H-s2=O)|o6W#j=t#cWL#b
zY>)LjyO+Aq;uA#N@2cy4mUClm*^ekN4@7_AFNWUMopF;Krs^cr_qT3u$ByT8@M}IO
zAp3gu7+aLF*)C+w`qi7G$^*3mCqdDfF?wA$k3wU93_30duzVpP5l434O&|Ga9$t|;
zN1@=qrp%{BndOs?*Vphwq%4^~K0VWxHYASFi=p{@XakpUceMntcYdSIb}7VdT7=tP
z)$)+s9eyf!dVhNOmd&UpQo7OrrqQ?d=ii=H-vb3hyRly-B(e|LbT}L=Vm2dvrwL4&
z83*-8paTNHu7SpE%uZ@*v*dvQx%Lf<6V=qFod}w4AyOfPR!_Jw7vYAhg41C)<|-|b
z19{G{m2HLlN)z8)U0(z$UwC`~ZG34hlADxG1c7k_(!|3IF_^T+HA}2~TMic764$b$
z`dfJBAv&Gj1$~xo4CJpQ1j%!EIv>ofYyroH+^u%S?=Lh(9p;k7pO>O?wRoO`tlqe?
zn_>{Rn6Pimejh+frPlh&(x|m)zDF+&;6ai}9#?e1TU^If;N3tq6n*JN1pAtID*~S2
z{fnU$#v15_WvIq#e=cqH50`B;3`v1`43|lV{QCE_cNWAJU+B3d>!Vy-e1fSD*A=Tf
z=jl%lcj40tt`{#pUyt^SK8Hbo$RaK7BMQ^0sqAXGKHI8u{u#P!bvUTWq@x-u)9)OJ
zrV{s|I_xU8VCOySX~BuTyR%g1M#MYRR=JtK*>ovR_->mL@3Tq7xV(cCa9z5vq!v$q
z+9c?8{8xep4u)zSXJ~hS;37WXVZ!My*`KJz+MgWdwO+(B<Zd{VvP}|qR#9b5fd7BM
zM<9AbHi34g-I`Y#^3=)K!wqcOqi(8CfeQ(~X#~k!@>2~3YhBVO#jKrvOE<zV7=?^b
zpCt`B(Y8KedSpuCV4CN~$w$V3QkgK<A&DD4zW<t0oiCWS8mHJ(7rvnjThwyLB%mon
z5f7hRvOk!u4ts7S>DXb9UBMLGw3p813OagcdCYr5ya2H@<f}%fvVJBEY<|VB85-iP
z>}9ZL2GeLM+)E`=`g9<{TSx!{MfvJSN(2){TG>iQG<&DDGKY*Cd`P%|gs-cy1o&`6
z(qCD~s!Vt#H|OD#*-+`;pNrk0PL4-5>fhYzE2YREGojiTNDLrJotsGBv3#U?5`y#d
zNqRTt?N(nwuw+V*0!Oc?x4bTk+LI~4_`k{xsI5r*V&{hD)@q4C;|c87)E{zo$phTj
zcIdvb9ZSu3@=MjrYflGfvAf*Y@#m<+Pp1A~Uw)IE{Sirt!V#MV<M}v3XR{-TjAQou
zv)Q!Ajgmcg(W)61em=Uf6bx@Pgtb8w#;0$v%az5xIZtxKShpjrj^@~0!PP9*#|`ha
zw3cW)7FE(b{}~#ZWgX7WlLlZ+I;u=R^;&o|o&SMc`)R(mt4=4)>MIxT)p#pnoi97V
zq3mYIjfnInoA#pbSZ}*dSfiqCVIgns-qb#?LhSIt?+r1T$`=#f(&n@DHDhd?sRVY!
zLZRi*&}N-HcVHMJ^1_U7_kpQ=sY3aYiLDoXh=eC7n=^1JS^d6B^>V<q+$q3Ur*G%%
zW&QCb`e#WzbIp8rxVY-;;*CjX1Q^a5yj~oTXu7cB3zc?SU@FIWOZ-OVem=F}UR9na
zDYu-F6t?8ioX%R4^fa)Xi>B>M*-KDr)v4ePF&C*(hNOP-4d|+(I%CvM<EZ@R5Os5*
zy?Au-Cb@BX2lsAlZg!8Nv0p6?k-m#Xxa9kR{+rguik88VPY|09B~Ei~XjhLnmRVo+
zT6a63OIsD2XKljTTBKMWq7$h@**tO&qA{&AoZ)?Nd-3A<Nt%bHnS<ocGE85@DT6D+
z<cMr;U@)0Q#_)xf96YXm?E-6ruL9Rhpurk6*KBw??g4t)C(<YjQ%W#Wl&{yj6D=xN
zG9tMVtNrK0aFbL6BZxDHXtB%CraezdeStdbFrp`?Xo$7cc9HHwI{?A9!S=F+3%fhg
z{t82J%9<kQhOwbpyTI*ALS-RI-o<yj`)W1f7FL7dAw_suh$dII0=4myC9SJPiNlIy
zW}XycS!QGSZ!y~Q=n5*<Z}Xrgoxk<`C^_(#$X5#_-hCyVSF<ri;<Qp2iy-dmR(H%Z
zxEo3sncSE{?U?<ZWY;fy+}NBbQw%C!tf&=-cI>~k0RPU7{xkBTf*k(ejH>k80*-EH
zbz@OWAO@(zY3qHi!Zt%d4l+tfr}Xtz-nt6U&ghAuP~kB-qB4wl3!dZCqqjr6jl<Ol
z_hn&*p>bZWLCZI%&gMX7ouv`PyVi?~=$cB#XcC>qCrZK=??<~^AD+>DkoRAsiWS8a
zpy@_>0-i(3#2%Ns??iF$g$1oSVzf#kz483KAqW^KpQB`nTk9~U6A}sj<Nb-ZT%>Pd
znDqU|*7#_Drx4$}s1AjHlGZ#ychGgZ*&e4~wqJO9D7Fzf+(p7ev-8Pt%`A<F?}P0+
z<28E@#J&p&Jv{&V9YZ2l#J`dMTH2c7_It?HHsPH<PV)p~y(=fCEeSCk!W&)giYsIB
z#hz7`_-NFJOTcn_xd;H@t5P9itr72AO-2vJ(Beev>oQnCL6X__=Eidqn7`qJ;ozLs
z`bNHYv+fZu`6Uaam<zk-l2({_osS0-$wEKQ9LR3M?JtVRl_I-L<yB3@Uy{S~UOT~#
zaQhmj8g{Memxb$>e$S@swa18XrMn#pd@yh|Or{0n&k|ndfuGzQ#@E&6tKZTG#ak-o
zXVxyslc?9Uo=UW7;lpq$EY-I8H>hZCRwvCYdqo_V>724w_SEK1mEqZfr)Og9pP!Bc
z_h7Kxz@08t=V#P|<F;uj`s8xZIR6*w&7XUCvjr~ZSxV?YFrWpGbYL?Kb@f##eN{+5
zFi;zghf~&}hi|0MFUw8G9hIKx8BF@t-RN_$TYxBlM<m4I)*(r$1@A8;?L_VP7|GN$
zlpqbFJUvrk<}HOg>BR9vFW<RE*|0ZENJxkVL|O<s#(rFeu0P8M<lbsCz`adY9vvge
znl7Fr!I4+yupx%mVEMT1e9XmYA=$jqyBeZR>w!~5C|t~A9Qx}G=~xEHAnYx7Q20Sg
z@TCn_6<Sf6O{=RbbG9!=nB<6p#wfFEZFc>}&vF=SJSl>aHx?W4cqla>jP>LVxu#mN
zHLjOW+a9>A6(zrmhl1*qNm^Zqvy8O0)xjG8lKHBaBQU+dTsY7ve;r2|DiSe!SKp%m
zel4~wX~RqpRLDQ=j|~L2F9p}#DB}^^62Rn(3Z*-Pq%467$i0mgV5dp|p%1pOABbVT
z;vBx>fNA2s`V|ubkt`8_+GUvMwjqwCx<_P69^r~F+FRdcY?ac@{USprA#9oMmc&t?
ziH<4+Nco$nS}S4L6YKfmP>ka;y(xT)&Mi1hIvgH<l_DqG=k>rEa@FhH(sIU?FDy|J
zNdM3hn>(P|ilQ%E<^IYv^651PT2h(NWU$uoN?60y66n=afqoS+RRt<%iinmZwy?SY
zoc$PEeKIO<7#XEJO)YgC9z~_FRma7k5YEDngM7m61Vj|Zv;`BKu<BNp9`H&Kb#xBg
z^}@NQu)C4R(V?c__U)IV1*mKcEu9e}y|L-pGr^grz<l?@dPQ|;5l*B;5Jr?&^4AC^
zAB`IWucTDZTXMq2Em;pgr7Fo3=NXE0a?Fcq$i|TR_VQwZ?9gU{F)aOGXpmSC#hk*t
z)B@xbw)5yGasT#0{ldO!kws>eBJT((mZ4N6_%_9-<mS-DsRx`B^%EC*sJLg^adR-$
zlulyC&1=S`Zo+z|X-1t83{3V2q>;+Sv(qH<rmgBvLyTcqnwc1`do2p(d>Emx2PDiF
zQ7VreLm8%2`m<UK)&TbgXgan%2(iG`VHDw$9=(!$u3t48e7DP7SX>dhQlA`OFwLII
zEUT{{rnNwJb|GCkz|x}yLtd~;XN$P;&QNU2^wY2jX!;bt2T^~4Q9C0+lKXp~QT!Te
z-$P#<19_{Op*T+R<#bR^ht2)pU^dHDJ;kVnLoR)z8(eAR$?aMpxN)tR{Hw_sk^iem
zjhrq`z+cbgznC&}<0)d<3C#F}G~zG~ckJ+Zsa$U;<^{|4nT8SuKOWK!mxu$OVTQRG
z61U@c6s|q@McS_~e5Y~01^D@o>SuJDiYb4Rj7+uvkDSQ91llU->xPP9Y=&@kGF0W{
z#6ej;_NzJMOXUWC?2`Vv)9{3MIlEhh!^jBZA2}dq#&0J*Mi{H3M8UL#0`+|jUrE#(
zQyH`mS;EV^r8x#Sn2n6eLxIFa`GChIUg<+0ksIA&byM&>IXXOU&Bsw+A&q7@nj&es
z9Fbc4Raq%4-V|;mivlsOiNTdS`xv^8;Bs73-lr7z7w};en8rc3gNy}HiWkX=Zh_z3
z%4L9Qge|AMMz&9xY4X7OJJXH@>>==8*s)u6E)S)BMx~QNp4lRvRRcA+5>@Gf&wE*Q
zZ#OvQq?8*C#*Be%*0IAUr(9wTv;4~DFu6FMf-JFnbg93Vt(&t3Tu`a2u!f6~h|3F9
zF`(q8HvLuT8!_qb+8D^(1A;*B@8g>?TcLQ@ZEvGawc=<ZKYy`b-;C{{a$8!C;|<yY
zX|mS>vzbw7Xv{ly$+NOYl%`TUCCM1#_*rsCC%kc6k|gSeeSywqbkZjL;FjEc&;jg=
z$qw~^dL4&mi=@*eI3XU4lQuOqO?*2f5N}B;sRkP!UT<lYCf*-IX?8}sv_z;K_6GAT
z)l}b<xY*nyTg$pmX4)wyRX!`(fu~->nnH33$?<~;em`4ft`Eh{eM?jnQ?bgZFpcm{
z;<5=06gIzOsFxzpGc(d;dLxdXbp4G8&eC!IkT6(;GrE7|EP~)rw&1#fFP^D)cMq~W
z**7kVPyQIqRO>ZVz#~4R|M6DMkUMv8i&3o+q8Wp<?hcbAa=D!tXoB&>?{r5{0T0(W
zZH!Pr(!s`^^+tyi{Hh5Mi3NMGmgV@o%o=+T7raQ*Q0|um3lKt}uBscJ#8)KI+cbr<
z?AX%(TWcP~Ma{SA_Dj@7g@&5(jGzoWsZ6EqxYxj}JSP7^YP}^o_mt{JEy+F=S|$R@
zBT$SGq#m>H*+ZTYbP(1=%L*btA1ne4wFl6kRoYM_em~_>ku`hKd|s+-F<(=dX<jeA
z_YHG1DNUxh*HbM6>RRk4K(dl1$;b#<SDJ#Kr(8-wF$dv*8MGyfqJ{)7%32{-=GD+}
zGy^$_lyPAEUcE*xkawCm2k;Ctv7g{{$AfaVI2g<878yzDY-t#~FCL!^Lb2J!pFf-C
z!F*sR|Gi6NzACwQB11z3Q%QVX3@}&}jZ)t*Qu-aqVyS6Y#%ec5#c3?4+z+$~du46a
z^@}1WPmWp?Czwy8OB#N=UHH<EB$Y*)V%X(N2vw6ipbD@@X4BwUE=V%R{B@<jD!|EA
z^_S7LF`m2U!G3e&jmiGFu^gh8HjB8iRly6MIP%TunJ3KY8P~PA{mQRDO9X4e5vH-X
zHkmD$LRCoe<HvL#T``TXQJ)k3QQ?0b)!E9~;mHns&;Z9uYTbFYB4qw*@>97V=$PDN
z>(iS($X7WBLl~wn^5miqIuUldkKo#!rVg(w=RmAw>yw8WYB1@<1(t)K5RA872rM#P
zz(b^5I^|<-9!<t?XBP#>4M!ZZN+I{31femyuSCoiO}YF}I<gSK=rbO(TG+IggpC8R
z-KW@toqtSkq(zc^Y@FKa6FyaSqP4)w%8XP>MNrt+DM?DplqmOam!M=unQ)6Y{(Lm}
zd+7>zG|-}bnl(<e_&w?prOrC{zs<8I>RT{I@=wqrA>>~)5|hmM5THLe6v+PcHX4k=
zxXHsY_xIOA`z9<MQj;2<G-P#1m)SQpDyzocd~+u~aymcfCfuTTKFhC`$s^M`s0gk5
zA&heTI$(erV^+L3(?+QvgF{gMP$K108Ip&eOJBvm<`d1N)cKqdc~32Mx=>O-nE;Y*
zbp5{oEv<e9BOA{eis_L~jn^yS#Se8)X|Tcb4X-hcDW+GNW_pRWM22Q8B`YGAZ|e_8
zV1CTkxRRrJ&?xj4llypKui5U-Xnx6%u&{3!tkn*{GE7)3hFaYpStiN@mYZ%xPKNKT
z%}Uc?{8O3jF5Yz&%5HLzP1f-3OpScHas-Dc_~kjb_vUqt!B4M@^$92rUFG+fGe3px
z@a-k0Sy@Ef+@dPX!SPcKIERB@r?4&l6R<U_jsdtJ*>LMxkLlcd`Qo6B(koM-V;ZKq
z##FE}BE~89+T+XAoL?xE@Df%Ccw?q^k-+B<*fibBST!V)T|pq(6_5yuw)~N*&W#Vm
z`lt}u)*Vkvq|U((;QA<K_MohOkcuT3Dh>b1ot2@eV_9Ar!XiKDK)MY3J6oC@@_6Yg
zOftcgSKw<i3aNX6`{9eqZh?SttH<e1i|P`93DM?UldMce$xlehsjc1I#I_4z-yI1*
z#`wACBxQ1a(11~)B8~4ML_@0T{UO^ZtF#sC(=RxF+$SC?h<K<(nLzIuN(r2^(mnR4
z#NfShONV_6eN2WKZ9yLxZf?1L?9#D{E&IKpMJEG%ocYl~El@l?^oI{V7<S*|75(^(
z0FBRNBc!{_s!TDDi&W*oKAQ#Z_j$v!?yR$kkW3ZNoZ4-Yr94MI3)9&-V;448CG;Rb
z5EJeLq~qx5IbyxdJ;#D&q85Qqr;U@ACdXZf#)G0pG^M*)i7`2_+|R2B#@L2d;vvGL
z%LjHYC>b3X^6>KZez2Ad&+#IuKCxrPvDar%VvwQ2^a?}cu;e%RtYRY3B0VoFCW}_K
zQK}QB>DXVWxn8k=srl7awn+4+?X3Ri?x)-HeT2^X{WG`OKl7GGl)iN#VpHNXOGx2#
zb$T9sx<)X@=4ZrvOENks`rLdO=LBW4V6lpV9De@f*ujb8(T9nLx`+2>X8lSr0nU1e
z+~gciPi2d<K`2A9NQ`*9LkbzC-2D02ADJ51Vr2}j(Q=7`SKG6C<ZpA)b84Gs@W~T8
zgPCpojhY-OxGGa{F;@Mxan3hX`cq|qS13_O4~CZrm#<ZwW{;EE&P?SJ6%o$aaw%U{
zM6=*zefA%vCBhr84;of?*127{yV{dvO$OS0#Ce(>39Syem#mEwG!-NF+LMhRgHqR>
zeCush_mXRW8u1Ls`C=dnRO$29Sq`n*1pEPU+K#^Xp7SuIjpQ7r;#tu-OW>6A%65lp
z`)5UtFsRG-IHS2PNzS-jWtVvSV-#eiT*j<<H#0(+D}V2+lfp5I{s)h@=9Y;9$i;c-
zF-X=t8Qk4$y?C#wQ6nXgpFfrkd*A!*zm3#*;a(qyv9v|3uQH_BckJ{{`1F%K-+BK&
zd%unV-k}(|_f4@U#{MZ93(ko+>M1_cWaE>fw-Jib7d%!FT_O;r^}$+lsCb%s#@?K`
z)aB`WUd20}e^Ash9t#Q<YEm1X8CKh+#XcCauX6VhvoiK1{oEB4@}ky<6d|(G9k)f(
z9j?YF#k^_w2om*V=)0w7RDHYq&J5qxeN+-KbAHG3XOnx2QSCkONcC44BYVTKZ>8+n
z0K89Jzc9A3bIxe+9AEmWV(diUzUmqvZ9j1wP(%@-`c(fY2X2DP{@1^YQ*DMlu+@{!
zllkUV--ky&xJD+#fp-4)%i}7hhDg&6)(t$|_INmMYE$NLZ^O6mpFCm7FgWKbSXccl
zlKh?Hix^a`tM1(X_Hk}g6~SAo5p0RKgnyE#@tD&}lCKAB>2Fzi4Uh=gI!wP+JHs|s
z8<<%kIir@Sj+53NP)57q=q;UVaJgNIGQWUD%~Ax`fVl5LyM4s*oxf(IqrC)|I&)7$
zCf@KeT0d}me4q+sZYf}bPZ(Zyr_|8Jr70DfOh}}nPUR@@?k?}rvFn^jdKvUBGoM5A
zO21qtok_yhmZ~J2stj;`r;K-*)aN&n?1qjcy*Gud_U2BYp_`b5LDyKyHBn}~*LCPQ
zIBwzzm-KZ5)YTzQo)Na*5AlC4$-#Lf)!_lTv-#0N;Wqj*57E?lY?uj(iYq(A`3_vb
zFgBMUvf$7~A|}IAULGp0+@^u7lSA1C%6(Wt+*@Q7geTh`kD5}0bEbG}M@mPR4IRZ_
zg|ME$9)Tn~!Y^@wbBgY|D3h5}q)s-XeQASKQl^0x!2FTzU5YJXPW_uC|5PL;v!z^b
zX{zWKgl-(}QflmH?Rp&Nxs;X5<uuGtBIinDd`3Qd)jVZ0*Gjhr-FI+Vqg%gf2#&4Q
zo3#13E<&On80%2;tfc$_YA6=E*{>(b9|7xBF?F_Db?76Ei`M-Xe^D>Xj*KxllLpZ*
z)HyB2uo&oUnsNJZLv+4&i($fA&GodEZkUQ4u~?w)%9OYqWEVYA9x$~YHK3xfHEzSa
zAWD>ep9|Yeq1Hw}dVt&EGSJn<q-XqHQ#GsL;FJiPy*A>a;mnTg@@C9l17jjvnqj$`
zTX4CJ?@`vOxa%sH9|90TJFaudx4)Z|=~GC^xvzPcWic2)@--9<jEIvJ0{XWducm;X
zJLX8cy`*@pcDSn&Y@83)OKo<(nz!;g@PpF_g=f#r3!CAMhb9w$#w_DMN`#Ing(jL`
zSP;rpD>OZ}#Anjo$x;e3XETx*Y?;l)sa`J*_c|m7V2^5`eQ~O&uSR8i=fppBZ4b{}
z@&o!c`FidEpgoL7XShf=9{0^A<(n*^$$~Avru%+$$im+=!<i>cBaX0;d|D5eGnmA{
z3r_v)dszFv!C_Gon2!_jj(YR_Lv?ZRqlrO9V3&8SqgnI*q-_TqPxR4n+19q5W(WAg
z;q=3njx)n5@5m_U=m##4Jt*9(b^&Q=?uv1BkEZB55YlbTaIqz*6LhjbYnam|^>``s
zaoTn!n)Ifpjzs9R|I>Nce7PFDtb=9eE(S+W;(bG`nc}9VuRqyE8SL4-BU&BxOFH4p
z8^7`Ch#*xb_GCQrItSeN`Y{kY)h%tMep3n4AL>b6&+%BeVJz>-?hjzWs<EpHwc7_q
z>3hSSJ=>d1IjKA);mua-?9)|sNI!47Z-@101?TmQ9+t$Yko=MM?l4{VdLnAUr>2qn
zO>o!JmUe_|pkCxeZj2oz1FwXz!?es}NYCa1!mnRIDB_Nfqva}&z-#WF#ODQH%Hl(v
z{cBk?;HAd<-gG7{)jz~1|2J+h-x=qON&YDz`>)Gql31V=bl4JK?W^B~J(j(<CYeD`
zP-Z)jbGR)j%efo>Z9;z9q}RN&gq7xQ=1?PU$zXnw@q2KH<IOCDhdGzub4{XuKUUsS
z_R0_#JDOMM0+@5Fg|NUsV;6{1!#s>kt^IQIZo^YnG-epWgi)7Fq+h2Md1pEWidLRd
z4>n(VrvNHDp8K-ZDyUR*2MBQW5i@T1w2EF>L`;6Bax=BgzZ!pHz>O@weRZThC5vmV
zSr*m$)GQy{3JE8^dU$txwYE|CZykuIyB|4e{T>n-2mEt#C@WjfyY`8H{)X3kSIPC}
z*(*+O`VMFQb6rieYD*#p`$Vzl4s#Jhh_<TT<enfUT3L0a2z>YJiz_J6UTY@8-x)mK
zl7fXFUCIAL$MN@mAnAK}`n`7h@7!m%-6<TSh1l1D%TdZMDVWKId{<SE>UPPenXa;;
zGjc`xyn|8{w@g@qM+Z>(Ph4sYr5p!il$d{rpTERRywOX?#$#pNZp2lzt#_XBk2Yob
zD{S2#^&DhFF2%-A16pUd%wxQzuScN4F!z`XQN%GD#9~8!;_q|r9#M)Npsf!zOUft|
zXmEQdAICY4e183wL=BapTwX{C5YBzoOH5v)zT@x_o(2RUU*`d8b>3B<?eSbWk<Hr}
z<LBE*BMl_}e~Trke=j;^qe~UITVkxKEg=@954m2&>6?YuRX<Hbizoqnhj)bWX67ct
z;Fm~d>{mE=d}TF$B*p$Co@?^n@aJ+-@ZcKupQGmrd9RXA_ZlCud!{~PF?!s0@UTb0
zd%&GoV&{ej(kKZots+K<ulPYSo;C`dZ6PT;X9?n#eDPXL@>)H4I*v7El#kfmo_`}E
zVNHSqyT;FKf<efwOzk<$7_zcuTh3-oJ}E#^n*{N=+bdyrmRT9q>a6L80t49VZ19`H
zs}#`ZF9$L&c(g)e2wvYAnj@|G)t3mrBVi3%u}PUpAv4JHyV>FjCzu+;3^L)=1$^)$
z5))?*x!$2Q`uZ@|`mMb6AhcK$3Zh-?3vH{@2H_Yv{P4z<;gC8muckXKUP^xXEJ<A|
zw(}O#8Sp>R>}o^66O|g~>Bf~yL5tulY6?5tBB;1Qe9QMS?v4C;&T}q#ypknlt=nz3
z&=<;*W82S2AK4mYMw_`hs=84@2pI|aE;JvuasC7P==@N9eB)5oYX2K)6QxEDeQCs5
z0M4`UU_63zNLE8;sn#G*(IEi55~uj??1nG@mq8f!)qw2Y8k$ZiwHmUH(OFC4Wid_K
zYX=^Gug^IKkkD93=S>kV#COQlrh?6GHD@}s!3s+mvQ2N|&qGPL0*|gt3QA?x3(GdS
z<0{H$L8XE1A|$SUaTVNZQK|UWzllIfp8;8!7LyIjCwMXf0&M<os5=^(Jyrk^<Yq-S
zCl<fj=kGF|@wAp)dPw$fDfHeOE^x09zZ~2MHmJ;9k#12Fmhs#mp6a4X*|xFX1Hhne
zHN|UgSA}!cA#9_4KKLu&x&4M)#q$5kY%{c3=SiP9o9u}DzO#1AHoX?S(BS*!<`#@!
zC>iN8ztu1IWlX1{|1to*d3Pb6kp9jmb1{=~1JBVv?lQ<m&CV}p2lCkiOV{~FZ6-6V
zn=EauefZn4vypiy84@Ongjzw3n_waXF7?*A<b4&gLc(O7vn={SdZ*}5cD>m!ok#ea
zb%%hCwwSj4x~RFq$$RrM5Org0&lNlSr<$O`!#Lbes>_|GlLIZ;r+d{Tm?o`aPXzfQ
zJA;pw^B>*gUGtFd_EwOa;!WnO$65Q?lK&JEioHi2FY_YMUtNmi+<UtT?RVW~1&Dl{
zi)%8&igw62;p|N+%jcv!mtSvt5RyLT0Pgw@jka2ab*kFuy~-dB#W-8w>3Mc1(<<}h
zD)O0gXpSc@in!~V%tcdn#%{zZ$EB49ar?-I{5P#5Am}}4j!(Xm#fZp1qy2BwC%OGp
zE{dYBdXV%y=xd_||Cvp~il^iQm$Ou-LuiubWLz53#N$9m=+eouk$?C{F+<T`M3Lr}
zBH^`esdY@j;_~Z`Tba9O<9rmI98UeYe7dpAdy@+*QK^V7{+cW*>-?kX8cEYt*PQ4h
z9Fis3%zb@R)9kNbsY=6RFZew7Bl~sY;sI+RhWZy^%{Jnr4Ws2=#*)00YFhOqEs$`0
zqU;qZb#(`aKe^q3rX)5AT4lsw-@)re3A`8w(-tRIciSm3QkWf&4QW9@J=D9$k30O9
zS*lap;Pw8PFn_#t{sslJDzP!rpZno;U=<P7$Mjc&PJbmgoP$E=#5%uB>KpjejSf=)
zEse&k%`wY7(Gp-{5@h}aJ8c!mbLb^=G}>eXU-bL}8>5-QKc(MrHmTdW6XR-^Z|D(B
zZ664g#E~SJ&_368W${->{6(oG+h`<!JTqCQK=5U>l{Q^GD$sEmA+6#7?LYZFOVUTn
zVGqxgwcEN&S!t}=87~AJQENV9S8oBsAaWu;Lw_bWo(*&z!piEypHAbucN8~WPljfR
z(TZU$bDg&d{y%0~$fjYC&3TrnV-|OoiAmYwh$tHC%)wi2ISGAEv`k}rcu4F)y#33j
z3$OVms>es~7mmVG{fET$WyT2qEGu&x)@Z||;#wCir2WwKRUTBxH~&g#&j27O+WAHM
z?)8d|jivPEm*wYwsuHRbkM7Nv8+q8#ki?Mrb*gBaP{Oo)<#PNPNv8{Tt*f_~OJr~u
zzpG21E_#heVSzWIvj^7U{1ofV7J2Y!3SZUmOe;_HEL3A1YJSa-hJiYiHdDAEwMQ%R
zRQy+t@@aX@GMu=eH+|eJ)PYC6Gl|K3(!I9qegbVVzfZhLtUf<9EGMH=9e?^L`242`
zBiX%e9|Kcg&5A^^*1^PS%E-mN|2BWCT0jXyp-zXpJQZqxGlt+@!bM*q=N3NN-E?QU
z<Y$PVjwD)pnT!MV>&o2!Fme8P!l%%9D5<Gq-2$SENPG*8sj<H`!k%hpEr&#Od(kCp
z!H>%g%v)c)vB7Q9h+6L?{b{LbfNx@Vp#}S-1R}Bwf6o8d?d;ZXN=S+KtMh}N;!&oN
zd@&I9-;I;zl>L_7nO;UQl4}lrpjc>-L5yUf6d>+_Jg}v%+0tk4tr=wTj>f#WdCXtt
z&^9&0<Z06OLf6CKy^A*xL=<>~J$JPxmIY%!j)+=s+{~^x{_gfKBHH(zr&>DD0>C#h
z$0<&1x^dug>TR<*dboK3nX0aiuh^LH%WK%V1e8)M|HZ%<g5yay+pg&ud5@!p>)=0J
zdY!_H2$?o7Rb3>_lo%Fn1k^r<?+|QO7?{%>x(=r=^zo+3Qq}s-5Z#pl>X!RG(R^KE
zbUt38oRr88<t~7;-eC&WMD5CCG3JJAK_ede0!K6cxGmx?M(8#nde?{W<;8EQFc7IK
zfosKw1-vMgzrXo|n8~?+Q^TzUfUxI%)20k^O1+!^t4yOq-PGXWzqJ6boLuX|4Y1o2
z){6gwP#)JOsdQfUxzwP?=Y*Ex>h50GeJ^J!jYu{EsY*PhYFrKYf0(qhM0z*94RiJY
zSiCwgiZ0Cp0rn?FiI+sSIHQL*Jwk`Zmv<*1FOMK#9Dyj1%i)e{x)`XZwWdN!_e23h
zRFMCz`w^i0#I@p93d$&}jc;V^s$<Empp)biK_)+D$-G7f)T9+ih<)aLoaCe~FR<M1
z>FDsgx3FDC@*L3l^VPMs>is1>UJ-`r8OHpG8#RdQ$r>JIkQYdZQ`Zl}q7+MtU+enx
z7MPEJUY&nsdAqT7cg;0Q>w1{Yel(tz#>n_j0e5@8VtuktS1&B>&Zt&Oz@u##m**|@
zRd^^z;5-u|m>@>)7{}cAY1<yqz((R(2R!@|1)yyyT5SS`Egcwn;4<3@JZV(ML>`{C
zypXoh-Z=YtS29fKI>(W~di5m}bLZa*+DD_-PpM~3u+ql)%xN8BM#U(BY!uwHm1Vsf
z!pIUl=4|=9_nKfSDo%gIo*ctqX+YlZWP0ZT5(D}YH+!PdHS0fBrjKvXUp`P(`gp;~
zQVo>5Ak!CBlKzg?_JM{jMKIWR#S=5Sz1>QBz_+fi@o5ZJgRo?*K9g~UdFg1bkz3fu
z@^Tr+w=8Mqg@=(#jEwT5QT32$1Es5$zZgY0uY;R#bAPu@P(2!3#*mkTpnUlkDFP&v
z2o%Zrrb2$Hs4%H}grKrp7n(}FPTZxEZ>Y_*K%N=D+?FgzC>S)cD&!dx>S?$lFc!n+
z8KW>F^D+D&!VNmfPAT=l>6;6BS}!a05#B~b(_!}!UDqPBIdk|EHIDql5yO6JuO3pF
zayNS@j}jigZ~QOpjxjY|1C~M-x@hJssANQC-fl^}KP3&#l1!4sm+uWJd$>p*LYN>a
zVvJ1Q`PNK@Z6ZJN_N$RIY1BLNW@d?*)`U}FDqWbPtsZHN&)6uy`y6C5Sue-*91aU4
zTmkjVz5r3FamIIBrGGS@`d&Ua>sCb`;<Ikw-NFfXD-oFnYi?d6U-30Bob`)o!mU9t
z8Dha;PEv*dn3XHM91tow@2s~}-)AZ?dUR#yylrdr`0vcI(u`V@<RiSr5?R3im8iU*
zP2;jcAF{z-iI2u1en+lnDo`oA1xLpa+VYhM8*N5+$Wk39*Iq#lJWdcg>X(A}`C<~w
zZd$BEXv<Y|XuOT<gV6?gA3kTW3dbUQIk{pRbF1)k7sqsxdrh!~WkTFVtj~Gf*$KK2
zU}z{#t&=?K;C9UbnSSzQufvRZqzs6x_-QoJt?qSpI1s-rWMHTW#m@bG$b0I?&p-2&
z%%`qA$ZcmH{{7ZjW(vIEkinb{4XT#PbUFxcyRZ=)Q$xCfOwTqMUTpQZfofbmEZIb_
zjHF!O<Yywmvwuu`Z2ksBquD<#zj^EWbfn21zrs;FY6!QymxP4MpF5oowTHr65erLq
z>%I`Nbo`$AnATQM3UPYd_-%XVB_5?ggOB_ON~!$KIv>2tB2sHQ=2`Hl7L)ULHtwFi
zN4arojRYYNe}Dh@cMS1=P)XJa9c!hy%+#ROQ3xsw;!yllO~WcNVlhpn>I7IGL<{C%
z7!{?wUq<A}u^ok_Uu#3q>vW=+V$<qZxP0}Q*CQ>aB-T-x*7(HpRJrBmD(1AoEha<-
z>dx{^l4wodKC5TzH0@Q(Jo0@yVZMaF&SkchU?lA3tAc*_u7;!uaxdzBQAe%Onwf%X
zlu@0lSM^3j%oSqMxlj^}Ln}dmjxc44^!De+_xW<OOJS_Jws>a16}nOYbaPUbJ2Gxj
z0xx)MQd5zZ7XlX0C*~XJ;QYswNHR0qR8Smb+g%KAk@~-i{CxbzL5KSKE;}pxC~ncq
zQ*1B4VH#Cd0}T#9WivEPMzR-YE`Z;Z+bs_Qq4u0D(#Bqt4I$n(rlb?b+JmXEvJP7*
z&4^r?d~R0mP(%jaj^_>P&Aj0_es@qEN3kj~uY@gOH3{1Ag1j0MuqVORSX1R0o?=fF
zLYFyJy5468VzkV3E|zhceEfs5|6WSy!BVG31+45j)2U?lI_E@v;5&vxq{P=~$`X#$
z6FbZTx1pacLY{-NXF)zL<yMPVS?nL3+<Sved9Aom9;iw-D}l)zTSV8NP$7fp#k@O@
zA3{R=$Sqe9g3vf2-_i&&IZ9-E!U9XJ2_V%Oth#GUEE9eW1H9B1JE*ca4&F`x={T(6
zfFF91WiwRyKp&}a7-STW>6T#qP5&TD{}gfKQuzl%95w^KD!gO>mpc*T;gsQF-K>=6
zJnz|c5;k%ZhU;+DUIJz}b3?-4B+1@oms2r!a6PRY8#vob9I5Veez5@_SX*W6;Pn6z
zA_%#+Vzh3$#wz(U{6Kh-KlyKfNnI_$tzR!WrGx}L&<T{v6v}_@lQ<aCOA9TSZ2k{p
zZxs|-yKUPR4uyN+6cq06?vS`U6eRBM?(XjHu7wru?(XjHaQN5SJMKPruN!fB$Oj_G
z0Agn5{6-tS^{WLIYz@O4REXswJpfHG!W^wUT&jkIQBepdPvoL?s0`j`T)~cVsnN%S
z`w%??1L5|DWmcz(zdroSLs{~pB!=Vn>uaJWma;wRT=Z;|`=JC4#}Oj2zje}NX{p~^
zCu!zXzb-rQQ`WI{4zThL)D(AKgg{@AmzNvr!H<z>`_BGjrZTX?JNQywlON}b6ZW)9
zFl9g1GOMrmb7Gkr74%fBe{3?l`qZaic<IO;<qnO_Q9y9Of|Vh@MsB*V8E!mfuF0Jk
z=;cHUa%!pkd&Z<2oD}Pa-xvf}^!Du8($~2;6LqtKL0ah|xXAY&V)L1Z&D%x)D*gad
zck|tYr2@IzJ*um%j6CJ4-{-5U4HIDa1fjwP2mJW1x{*PUx074X<UG23GczB^^+!~=
z+FzaPK$QsRBg|g>NB0E|mWD{~EnK^vmVcB#<W!Nuh7c`Up~m&B3Z`FGAgYZ8d(Q>L
zo2wA`+%Fxqp(VcUbiQ?%Xt<u&DJ?e@#;HocHLVq9oavN!v=ptrwZc+D^YX_ox8TY6
zF2IHzS#`3;6p+6bFT@A2bKYCQDW6eVEMt3ig`d<UL%0)4JKRzYqs0@YEX!GU@f#@?
znKwg=B_)mY+wm`MchRxgly*Lb+FzLaZb(2Rt|Z-}k1)jyPA8vrCaP=l9c7(VDj|*r
zj)<UgT4bB$@O-}c1<sOK?`JTmcJ6ClCit&_%UIV|X!M~|kZPR4+!k39qSr(k$Dk{9
zk^OnJF1sFwZ(&s8Cbk^5o_Z7Le#IvKS!oDIlaKDD6L7V)>&bl4SxrPF{`RGeOe~eB
zH@FNo6DGW6=ugq2I=dy}W5aQ~C|1f8@Y(gNAFA&7v`z`D7G72tae~ey-kGovBvk^2
zQi(jYl)G!DG}Li<f>+e$CXC=ihwAv_Awu#1y@>{~+sdCHHui(sy1H5!@{e4N<w&gs
zb4H`_+t+`1?<``bWo#qG_+GdDv=3u(2EcbY3G~K1XqW+;vDs`1gIaIe+Hr{S*X$a6
znz;A4m*{n0RLOGMjMDX?+u#Z^%A_ri8U*e-DReCdpAL6WTPBU&x3D=Wv{XOYXwsYU
z1o-ME_3Ce95m|}Y-KzXztD-Kd#Lw{>UWS-uSGB{Y-3Gz^k<decx(GBbC<)nM3vcbd
zS3gG&`%H3LQ|C@Re`Z2p{)rmXAv+L|$Jr6wSmZIj{pR|N&1U`2^Zf|!s=Sg{srs+c
zEH6QT9gqqWpE#w-IB`{0IPz>T=n;muA!pNs^ibvWS}HkEYr%_iq%FnafGwI~4V&3V
znlqX)Jjm-*#HF%c&vr1I{as;2_}9<tR>I|jPf!kE=W=)J1?CZ>0|CQj8;I6_&1ZEZ
z2Ve|aBO^3%l5Do}vp&drM~)bv4lc<ZqKl30N|vnYX)ZGlA{Iz8qXRQeobE$-YOpXV
zLK0)1B4R9VyP|Xyjk4N?d~;LJmiOK+x`F?dD*U{hZjXCz%{A$<Xg-IV`#Pbt5G<pR
zu2&b~Fj}O+{}yLT2Q@}dK%}kN-Ma^^7Wvl%@xLBi2tL%mCer`oD|8b3xE<nud;=yl
zI_N;4C=Wq#eS)cNnyfuSTX4sKsCuXdFZt>kac^K8-eI2Z$=pu_mXx5y=W{>Y0$1)k
z79ka19C3HKiSE$m+bvR!39s)vudlGM*8Y@p;^w7U%qNT;<>w)La&qIsbHl3E*Fgx?
zBgT64l+*b^HX&Nr>rUg-uRNLzBsMl9{V8xR=<_=obCx^u;cz2w{KMPY3GvsQ{rXvP
zFA)&9j?0}vrcj?_TjE9L1-m*~Gc)6N%tyd6@5SxAxs!B>_hvqaEDg;Hw}IMIgdg<h
zGxA4&mOMhkMSW1tSWlPHk{x~Tm<(gPviksDq(E`K6!XGi@BZy@Ok&P!OKw5ssbmMI
z^pA$~4fi$2*H53%CJ#g458EOCz;XCeuJzPeYs8QUoZIzFC>!{Yt%>tD-q{$s;EEk3
zes(q@Zg%EorhSJ767^74z`A|xR64Sjqxxj?J;1S@?p|m#L9zA_*NMFq)$J8S^=8RG
z<In7R%k37zW4-r<%Vd%5ggwi!7+C5?_|aM!&u(<b)OZxh&5f_!;z;n*rIwN~SGDnM
ze{r@%x|h{`>_3y?w^&hclutxtdU^)YhcgBSk=FQIdod#+ige)%zK~?le7~>IR=&)B
z?WPxo^tz0R=teYJ<6w=E2FHZ=V%iHHhE4JK?<5ax(Y9NRiX&cY5+0q3B6t4-c6=6t
zHEUE81%SIFZwp|KeAjyC?G-L5E0l)6iZag`Ay*|*!$UqFg9R@M`OdmYAQVx!|F&Ev
z1HrTOm8T**VX~6<p9?mdj}wj&sMeVBm-dmrO1G`=A(n*#GG{T(^^oUkX(_r+Ir#Rg
zHkp^#IAvWB5nRfxvco6(wc3Hca&pqUb$9o4BG*>El=Oy@&xUc2&|LL=d(YIEHuE)8
z{vP0vuCF?0d?2EV5slkhq<DDUX$Mj5$Ww#-&41)BqYdhD%Z5mZw$?fbtkAB=5Q0hr
zuoSjBuh-KHcE#J6(TQHiJExNUd;X<vFNG{ORv%n@WmxGoZkegWtwH@@aCu%)?awLw
zp@)a9_G)t2_j4f84@L7Kg{T*BWGq*RW=jK8v%*zuFh7z=vFZc5P5vqo@GVydUhPps
zmO?#^WaQJ#t7vGlof9n9_hN>m<!F|R`qV3Ju)0sW{J9#>0L!BY-sRG~pIoV2KrpDx
zwX4UC!Aa?Hq;IYr*SPn8`Zg}j<nkuX);xKxZFNOenP~3k3W&e?vCs@yceBtZ4A~IK
zRN(`p4Zd+S^)_#B+xwL|4K!#Tg+*7B;cG$}Yr91wM|v*}NmPF$A`)tK(}$YnN^q_I
z>Wt8W{JP5)sA0GleUCD?0gwH7tq10`@}}+Q%LX_4W^8^<^anq7&O}rZCeH!tmF0q<
zq|(OQJGB`IDxidV3wHR2>&aVsrP8u!OVZ9gqxLwx<q5`91en*?9eq*TO+(Wa#Dsbq
z)>O!CUca~AJX_pc?OC?iQQM;T3m&=C_RE{wH_)`Si{->}E2Zyj)f`j1j1Yh$*~Qma
z_lIS#S{gXt!oJ_BIe>qL(1U7w8<<2k-zEapRy+rTW;?$cX7_JW=h+unCz_-|ZU+pO
z+!$iax3h4wrjvI5a3DwCP-xNBZ!SAA4}vXTckJ3lY2W?j8%o#ir9`*9C%fl7M9Anr
zJb=B~IQvyBdMK0dusT{*BRrGsT6aF=iS1}!{H`snG1WK^D`VxnZ@WTeb+OqmvMb|I
zT`m0_CPzw%|BAc6^h}r+_gx25g^FodT$YT7Co=+Y9S?OL_-c)0p~2vq4W%FJtMy`!
zEfp11*BD(pa0vWa3@BDVdxR#W=8h@H4}LE6cWlxbp;$GAeB}oHs>kg+9rAEnF*<el
zpdoh~f1bbm#kVk28Vkt<0%y_2Xx<E~S{;b&wokp<RW7!`nM=y`%#Y@na&j^e3PuYK
z$yICkqA&ptwfn3|CppTmlM4m=z_m;8Pu(ph*`kLK9xBNB2TtUBOWwAyjEg&p4Gqd7
z_i^cq2gd_6FBhbo45VBHCu;O=M<E@sL4+}k6X4j^SESxma~^_<pFG(W3Phr}qz|LP
z1Pz6I+}fhMUBbH|J@34FF}yED7Q<w8J-3Q#bKO2<jz%B>qK$k1bJ%_3n&KTwNX!!%
z7o$E~NJ!#y`OWnKg$wWjSYtR?h_%@cx_TJ15wA8CDwpF^Ka7Gqau<7D@Ke2VXo({L
z&s859%uFY9B4b;RP5dNS09Alu-ASvv&vO=Hl{bD%?O6&S@Mxy>2UoCjk>f0@M+a>H
zS|bR&_r_4WhHC0Y=}*U1X`-BIK@3l2P%Oe~-hfmgrsbJ(3dhsNyvaL*x6BvPc8Uhx
zo0A9)o^(17vY93;gFkexfJ5cmW7GIq`JvL6z%YLUsF}*yUvH<fd#j}C{v|!5X!Q0^
zft7sf_AgLSCkv<Dd1C8oEVKBEcxe?%UBEX6rT(n#^AgQsblvI}K%CY$IFq+q?19wJ
z{wt$<Q${^9vq2Vsb-vUTxSuVJ<hu6Pu0-3EbvVl4H4g;^7=r~5*b4hr%Q?oRtjs_s
zP*Y=h@-K(PC>YBzH0VL5QLU36rMJg?0_S+wE+90t0#6l_M;QO?Bg(1rrH+vhBDyux
zbiR(}ypwN82%V5TrsK}wK17DOY&{@r)ZnPy4r86h;jA5qF=wq7+E>i5*HxxW-;|&0
z#`J!k#&BfAAR2WkA(49UVv-yUy88Xv0{;Vjz3n5wxWjeq*fgKyo6_ych=x%{X*Zoc
zmts#H`YZ-(?_)BsWzZaUG!dNoQaZiKV9EXSXRw!vY<Utw#LD|Oc`>}{`csMBDfK(E
z*|Z`&QhOru1n6y8v;EKmaO%#A(EfY5i;zDJp?=sM8pzEaNDnlcQ%-$4R^g12-W@)H
zk-aHvO+RTm+r)>B=Is@!frYPizh@T>tq4TxIi;~`AVe$QV<BIB1PlhMv3=hreVI+C
z!qH0|O)T=l5lrHuNjp4X<D2eE_QqN!&P_HN5N~;O%yi+E`*+)bBr?uSE=P4y@R$w~
zvkS$7g)`i3IDr!7(*Qh;;5~Ol@oKfy?_WzsH+6}%%EGpf>dG%N&#_S?_;!!A5Q&tj
z=F=UBbc$S{g`FDVuRsFY%%#7=uZ(+t-Vx)XF_>Sh6>*KI^B=<#9n7Z^K)B#d*Z2nw
zokfT{vsZnCyPR_MwYgT{bo`_o7El^09K12;tVh?M*Gp8J!Q!hH^t;1ymrkhL{LaAX
zP5w@59xAdK(yrso<;%aq;Ckf<@`q=d2*s~KV6ipB_1Q*8@H#m^PkT}NO1sUh2!7)s
zc|;h`u?`QKGvx@XCn2jd8%rK)e7?l}el{q8)gIMZxytk){_!xmHL#F+#*8~y?N6zv
zb;(D4@friP&v3~L&l{4IpY4k;1#_RZ4L~LF8i@klo!-utO&^_O3CBb7sDG3pL`H6^
ziErNzTUDkdhHlcQd1bm^n>!ejB9sNSi+^Z--39M#`XVgLhPvQ$c6TtxK2hO=Q;aIq
z?ujkc#v=ErCl`m5xE|X^eM?_xD9<~!pS@o1$o%Vq9wRg6KUhG4J=K=XFmc+9gj6mJ
zfHRof#$h(wL?iwtFKnsjZ`o+4M$Q=0W}7&))chwx@PwFZHO@)7hrNL-L6{-_$0JXM
z$8RyHwu}s>*w<vO5CDWiHL}}aMi_eCBM-Vp5pv~=)34_tjR##RVWrN$&dsQknjCVn
zni0fHQ@Pem9~-S<iq1N@ME=IA+E<?BetD1&mSa~N&M94rO6^`YVe3_t8jaPFGP{p=
z{2A+6Kl66fpICGfYR9t}KG4WZE~ny{4?8kKWyBKg{J~z|$v3KK5*tf>IYWJjU#~lp
z`GYv)e>ju1>ntl&Ry>T1biMiJ`*vDbIfrjLL*B>~=@=0XB4`n-r}j8Lj&i?}Ga|X#
z45v<^5$@7X9A^JMoPs`A4>t|4N*S)bVS2Lv6vWm^>HWT0kXQM3R6@MtuV}%AC(W57
z>Bc`-e;Tk>BA!VHFUOn~RQ}4XaYFT!XN7(dphc|xWsXF>Yzp^eQ<TdmWjWzxkVH*e
zStL8z1F3398xG;^)mcnA8z#phS$WKT&g7}!_Doh{$PAuvw~cQc==_808rjsqdT;bu
z+g1=73Vz8UD%Ytri-;5><3<sJjJt6*%tVqCu`6&#MH#sw#V=0S{p>~ixd4y)ZKmbi
zD=FuY=vu$3MO$iWBk5n!u$kF}1alUjYOcirN}fmuA!4}3h++sKp)d;Fcq@hUD&5CI
zpa{BYb@$Yi+$~`}G|)^`dMq$80*58c8q#x;hz$(#t<(3?UiF%npI2k*sO$b@I@b|<
z!d=TX<0r~tbG9Oz<9cHGKfo$a5?wMKx_}3s`0CPd&PRd?3R@)Gu=&wG;Wwy2TNH}=
zXqF1=pYPR#Tp%L;8+Y_h2hGwT+>_wf^LP{4(S*wRnMaDP<Zh*IGIzbI++I%!b4Rb-
z60SY@F0d6ezz}EcB~Q+X6g1@d@^tph$O4DPkuTFaC&b<E%7?IP@;Vc1{>LN%uFhg)
zdN_vNMQfBI@=5YjRvW+%oAENpmWPQdDOR<)xUv=VHEQjrGJw=#lOgi;`IcD6zIR`M
zv?M+RIy5iBvh{3!LUya`pM&j(fC+(niK4hy;%*<)&`<*LCv@<5*(|Dr<m5+m3P7QZ
zL*;<esi%xRYoOrpJu?fQq@u#4?hcN|P87jypkR|bIuuT4eSI`SxAMp5trP9L{s`<Q
zUn-L)6UcIXSm3<aRC5paJ4tPIT^r=Q)bCw%HMJBXBt(7<vkA8paib#aK<@JJFHs%S
zbjD79B)N4nNORV59r_&ua+TgMC}u|+J9A03;@dk3kk=t_ChGCHkjPPFpS0v!m=sU_
z+}Q(7M<eV~4xq77UILD1PyF3oZ4L9U4=)d^;`D3AC_^Tx20C$!e6wnau^;DuF&Er?
z@DEt4mx}#$!q`}u{$7B4E@bPS{nfzL#?Lye!E_X59Of8LjTH!5yCNRqm$nm}s4EKF
zD=@qpr(wV#l-BHv^$Oo5%lpAKnXpL~5c5?!_4T?bOCjTS*X*7f)`E2(IpUlzO;U-E
zK=U<fv~X1>PQ2=+lRKUxC7R6Q9xZQXRHPmQ_VGlIT0x<I(F(alD5M%%(@334hO@4%
zlu9zYuv9~v1#x~OJzvuvSUVk&%qzd8M`#3CQML}HuBdI(p4CV)6h{-HjtO*nsXNZt
z1jNdy{{)sQ|K!U^?KbB9c(EOP-nd{NqGB*&EGX<)z&*mq1&o)t;5+ypE`NrvFecks
zPR<rvax|@lz5EKMg*m`}YtAA`B86FVPpynCbJ1y^v;CU~_j|X1FNN8PHQ1{`1lch*
zlIgJKam9R$dJIWtAnumj@i(rmBrG+JAyV;ZFKi7e|KtE<IHo?gr<h#YnXs~O2bz2t
zKbnZJJcJo~9=RAT)PEu?sA+OGd{tmOLYPs3G6&6^Wa?X)&d~+!1MC?S9{?JN5X4Wz
znD^hH_S)LmrLEs9ekqQH0S%K>Qb-0mu8AdV+dUBZ@+7538(|9-gsWVnK-1oud!n9o
z+_7{-5k_oO9Ps}VI2YzG|8wE<ctmUyK@0w5+Wk^nf#muiLV)3feMNQ@;2{^5Qb=vN
zBp#tfD@Pu+fw*)#7qySCoo^~z7I#!t1e#-rgBZlkC8LPx&W!dsu<vY}i(h_AGwx7G
zmfGQGfKgy%Vq8Fg;W<;>NzaIfjD^MbpT)sjEtk));}&7I+|f)q@>o)ad$7WD5`AQ;
z3Nw-*<RBnaIIwZMsPZ6`h0t~)PWfMv7*q9WmqX9Gm6vx4aWO{m5ZT_D0TkZ~)~V*Y
z0p?@g&=YR&XPMal1XXT$b^pyU_&?@p_F-vXH}@A+&>0BdIv}ke<`2h%1Bb=_{s~|K
zMf`@P!m2_Zk0L&wyA1@oF<D2z6h{>>82S=d^*Y%$lS37nOvkQOmwqh-&dKfxEI9(i
z8jFNpV4bXF@-<fx43k=YXDyM{UB%8VK}(d&+Fz>v-?#<;sw~tUUo7kp((U8uO@^Pk
z8dWwf7NTf55L(nI1>@O7cl{0}kuuw3PYJiq*I>8HW3bf7Wup6Ikm;AVo@d@AU!gEi
z6RvfF$}pkIB3$53BCoM8e`nWSn1V~b&=1!tBu6!N1c=(=t-JbtJ2?4SrzFwPs4RAv
zZ$c?avT$U@{M`vT6#LEDi2J&FthN@7@OzB<Z-Y|vFZP`5>;44X!=Iv(2{+|h;%?<K
z?&6WO`;B5og;QY|L+Gbx71>A>n<LCZNK}S)w12V6);F}JoqZjZ`7O1!_7?`7lqm=I
z&@95&6)v-X$?L209kL;%J*c}(gx$$uf7+b<c^sd%Vf2+2`<>*UH*wg3882)_GZ)(}
z8L@*1uHL`%`mIzsJC%`lC4a6vvP#0dCF0a2D)xL(z?rBjcxRBevEQ2+eV%E|=s$PS
z{-xDkmfsWRcYKqI3sWuB5crZ}g6ohb=87ukJM+z2_k0`VOc{YIo$>xQZs2)EIYO;t
z1YJCFJZrr}Xr?(NpaPdpcXqt;%U#x})yTopDm+z?|DUj$q{zx?1RI{~&wF{EhyGg~
zPe_F7;8rbxVW+4&TGRkBy^nQ|O9hwI|4eX9m;6f7{(BeT%aCc%>T>g)r885onsQ)h
zs<%jhOd~1T{{{npgQCF^SKN^p#6OG&YeB@fdXOc7e;}VcOSMXh#(=*I1#eZ=J6f3&
z9p+jhMX6M>^f4oiTum$?;Lof6+<ffC{(UT#cXv!KP3Y|nkt+NgMc-if(n3ib8H5x)
z^8o!jO!Flf5m9lAr!KDK9wKdisAQSwE+mBZat<jm@ognYa}}L}jc47|F9Hr=8$zxW
z7SG<oIMz%)v+BBkV{s4#CB4h>q}pZnaE5FBQXX!9-DPKv_@ay1mmkwmH0b&<S?CA<
zH{Ok8iSu)Df2dsH_JvC6@1%iL$$quxbFnvHeoWqV+!5o`!mvY38RQugX4EgQ(m#I8
z(b<Azo_Tb_jhjBMN)GKbAl`&hkrXC2ItTll03EFGuam#B4ySX8GS6OaW359}mHQ(x
zr>6!v)%-zlJYZmV_j}MGYj%#rMTNw@X6awGRm06-l&B61{+O*3QvVNNvNnCC;+uHJ
zD4r}qNSI+Oc*)UkkmZ<cood$5kWaS_USsDi-PUZ93t$A<`+f%xH>C&-%?JSr`9fZo
zL0|d8E?3;nQdC4zvhK{d$r{l!%cU`>4B$X-ll{GYmjzKUSMGAR1w(SmHfCRvB>I_&
zH2^_i@Q2;0pdkx)v<U22T}UjNyjn0FAD+UT8cLZIOA>vgfjPlU{67OSB|=`3lURzz
zlLV0{A7Hu+Gt<1~jtrJt7*nZsD*Zy#jvFCURe;dz$`8|q_`DOK{{Mzw&YN|j-p~5b
z{aj4eUfL6rS-pO#qph39F!5&&T=qHieO>F<0ITt-k3<SmrlN<fYF<Br?b#>mueo)o
zH<HMvrPE?4O;us4*GBf}2kn^YeUh_Eke!MB4|r8=qOCeiG4HZWt`d1ND7#rB)~Z}p
z_LG!}q*8Arl>(*aMer*8!7?&Db!Uc<A?UB68a6;W{wz9NIp=mv+a(|fWxF}kN_MgK
z>1cOtK3(vXc;okALgAWK2Yz*kUWRvR$m`v6hD%j1oJB6MOrpIerq;WM&HE23K32eE
zZtGozVNP#ZQCRVyG5te~AF_J~boABk(^*nV`5Zr|>f*;((cZ@yJT%$S)8i3AN)O{>
zg`6PV=A_1@1~sp981ZV?;M>Ng1{8+19O`LZrf0;~9y;G!hsuohX$X6`pQEsJ-YN<y
z9?QXCylQAmyT6VtPRgD8lIC)csmtZc$n3@HHSATt`=H#&D1W<WiZWRk)BPMp6y8Sf
z%mR$?9^doN+wZGM!FtWz(L>_iNzIe1jpfReF~cz(i#-<I_tUflB+Z~Z$BnDW^pn83
zhwNTZGE1r@Hzl0T1cLDM-wO|2!%CvIdJmVs5H&}l?|Jt&T5*|ALrCXBkpucuZ{ALT
zJ8@MzpHl&MAvRg%4i@pC^2qiUAYB{hBTe?+*Nat`HDO^B^HTG(yMXi~$<k1$>n;q*
zsls!BRk|mqi73)(F>cY*SbheFYsh}2VvAyfhm6DQs2{T8PKYb^?S-sInp4|?`H07*
z`Px;Ml>IL0+YWNK<K*%Z1;48$Y`hA0?rFA{aLcD8e70_i=bl7XqVa#@u($J!jpPh%
z`bc|{;%yZCzrF$#Zw$70Ag%|4a5dDLzIF?)_1Is-Z^H!aKjG%hJxfdt%p_2kggYwa
zZII|<IX{}Ti)z-FgJWW(&hRzAM<4UmUZ+**i033|>q0)3jJ849mb<(xayotAw7<{*
z*B28th8Jdexinl$mN|4N#bSqgwR17V2FXo*Rw;ok4};N#drCC$>J|>t)pP8XJE*oH
zfsy0k7&*h@Rnk5JsP%~~uyjoHn7X%+fu6W%v09Pcr+c<!t&PqY4QoZuGKf4n(wh&y
zNgDR*+9JRZFL@FRm6OZmFUy1#BnQR?y$&dIA2mT>7W?C_z3>b;R~??pGCz;@(C3cc
z+&(?&7|t#NOBsLTWOd?a=uUl|@l9W-(?lAX?4QofD9bQuskI#ZCq|2=MHeesA!3n7
zf+)Q6upI-+eT!49&?XWSG5`qh_tQ^Pvitu&k#IookEnc9UkW9wKKt$lTRd0x!>xt4
z2cK-J5`@Y|cfK=v7?WLR>qtRU--wDul1%GY67Xq#hE+F<d|qA}B*Z)w6H$$Z2+_i|
zbBAP^6Kxv!0TvIF4d%8DJg&uXigYM%U=&b3l>qMb^UY9ImYs(#J>ERrasObE#jD{7
zgfEhoF?_W-{xT$5!R{Rz2_`8KMEFJR3}%qp7_;7Lxjw^|gNdt`0-9K;V~F*%>e;j@
z1GX?}$C*Dq1w~6CD@zo$2tdFr-0yQHq`m#(3PFm#LIuL|PtZ`G9^8BTD-3ns+JNs*
zfK0D=Ma}h=PdYx2a{>}D5#>Mc#W?e@D+2{GzmA4<+Oxfi%$=*PYn%o79zG^1344o{
z34@sHDQtYoJ#2jO$f_~ht#7lbA3q`EJU%jiWg1zO&k{VQVnjZ9y^DG=`QHU-W~4Fs
zE7pRtjzfB<SW3QuA=AIuA(=OQ1VwVk??EN2v3PoS_9p%-ce0WEDe<S`Ujc~!dg$vy
zrI3>QH<tV_IGO(wo-sTC-!kdhc84!<bC)v4FGlg1Z?Lt!qA>~e^y|Kw>&RI{=xTdA
zA(p$ZSfFO_RQspJx#HA4Y#iSgc4GK9%&4L6>8|=DK&t36a_$p#!?20hoPM@``3@0z
zsMF_aS4lL$#Yy;ovqOi=a8X^#>+5H_lWyZtZ&^q`AmT!c`wl8@cO{q*g|Z&t;kjv;
zk1l}uq?=$H=g3SgYg&w3ZRxEGIcT`_VHf5Nqxp^7k5`%ziQ0tS4q~v~ztxrpDVlin
zhZfc8kV7wim;G%w-bL5F{h%WeOC+uusx8;#rM;Jx)n$0<mya~eCu1dE*4}Lg^XmmX
zvi}~)5&I~n&jy8f7&`anlexGP*`?Nb`#tnB9`K1c8=E(DNZ=pD8tcuGqWmhe?S8J3
zL@<=-kKEBL+PMq+!OI&K#u$@$Idn(ky^a3$H;8`~qrUhaEc~Ic+y?r!D`}EmI{YMO
z^fMQzI?I?zQsBH#0X>N9GOpMBwrCA$cRhLC(6C^;N1P&Oe54TN24#P%0_`O;Yns{i
z^J8}T;Bes32$n#DpkpEYYMm`X;h<v~qY7wqqg#UL!%33TAr*~u9nDvxCem>0#;Wb{
zf-EaR_p1pde~D?tcfoT3>2BlDM#AaU^cjg~szW+L<1;Mz6z#<0#2LlnM>|=7G!O5d
zWNzMypWjOS<W@%m%gRC4+_iCv;U-4#@<oAn-3uCj?A~qAWPw!d6Z=pJy&>MJC~5t{
z-~{`IihPqiW|{_u&=7Bt;F~*>=d0D0=)-k{Sz_E6fMphY{&&%rl$1WPKD|<H!;LhV
zk)OusCi)VGWCQ0q7crRNquTuEwZyQC=+N~%u9LIj;-a;8%*b&qyv=ayr$SB67x00D
z|I<f|K2#w|h`2WPRG7=Hplmc1cmLK&n1;ZYNvyM4Ae;-t*5|W?5DM7DGHlK!567?I
z{u7rPi<fegQSi(wmX85Y=R)bA5i+?^h0IhrGZ@d%bof|CA7_(;R&&ajOd=S6vbWRq
zYDo=Jp0_jfx@(jF^`U$Ff`Eyz_N=?OL!7hotW3sxGp&j8$<CXL58Z#vS-~^?3WfBn
z{<=*x^0$R0O1G4qcO^R7-hboJJU#8u87=auzc+rpe9?YsIP^9-s@{$t9nP*RC%U(6
z^o_-yT=9cDGPs&gb^UN=<r`9kDT5bmm2a+a(5sEzy`C917<3AAW?=ZB9j6+MkB|DO
zYlgF~pMRmBBp)uZjRBk8rAm^je#I<s!I|a#s#$4HzpR{#450<-$5~(8u@na?Zp5K=
z2RY3sihtp{vjzLP)YH8jZMJ%(fu+G$uaGsjSO;zGV;gqDQ9ZV^uB^ve^7Q=K`0hTC
zlkqWx44KW(<{#e4A@nE+{6<bWWiXBWM%)AK@E)1V!rPNjp2zCnRVjA#0)Y$dE}&tC
z>)ifWze)BX9aE$d7n>#H_8==-6oQRD5)o0c2`u}jeBsQPAd-qXEJ?=O=Js968Sfw?
z+8Y0Pi0V$S+spW^w<iSdc4sfmy2OBJ?_<5+!2JsPVRx$C^v#PQ1}T}NVO#~y_1Fop
zu{}0#jvVler*E4*vL`M_Upg8BFY^=}h=j4@f7_(*QTo*og5457G<&Mv^!lS%Yhw40
zJ1C94m6NJRcZ_3j3)&As!#!ng1iBpAM79;$AKt@%NnWp^5r~QA!WB=uiZmW1!;4<f
zM4SRg|Aq|kS?m?4enXDU)#|A6KgJs|ER;NIG}>@Q<Ys-yx0v64J3bDLp2RY09!jNJ
z&})7<S39~0m6Zc;j%xqfb{Vz`PopFI4-oWZc-k<1!1IH!@19WX4fJ}0)qlB-8yb;!
z;0dz-8@Wm)om7-73O1JLRADBdk*+k|1Khw2UVTJ9n~;dOdaKEjTDsD~RSez|bV#xR
zxZ>q3NDOAXc@G9Jy=m8l{q9Tp?7_aXE_KGYEwL0o=L~5}2^6i09%8l@n;dAi<-`kw
zChvWyH%!OLMa)9Q@l3@F1|@$0N{^h%WeSd>0m#*7V!C)}ZP-La26n?+#4vgnnpzed
za5{ptk8*4b4r93r3PkPAUa@o<PbKXw75n_q@t~UbCxST6uEL2f_P<&l!Ed)3A0DTI
z*8T&6{V5iH$!I;cbZ!MM2D$BMgAtApU}tE^VYnwNn<#I##M{H_F!8b4a}Lhmb)riB
zIvT$fq9+Kdwak|b6O`j$Jw+t=K60n)=r{VcJj*$rFEpI75U1EQ3-{m(j)H|1vKae(
z*Wj5yn_b2mn7gcs)}L%vBi$X;c}izk>~SESjBdeMJ8%nEe^%#3K{XwDuTz||A{VR-
z7TK9c--?;b2Z9DqX4kVC?_(a@av(L#^z|7Rk`J5O?!-2@-hMTj4;7d%Wug27+tXBD
z?*G@~L2o($RvqTd_^h9cJ7P;}HMQf0eX;4G2RbH^U^sS5xna_Z^f?)o{gfrSh{HAp
z())_yOjy(N%e5Vk?*X@`{JO2Sn%zN`ZK53;|Me5wqcXVMyJA=U^8j6!5Gv%(Gi)7_
z(Mb$!-H}?nPI$y@R6rwB(Ym0jhX>E~5@*T{huPgv#+YQ|DH++Qk7Ch<vi2T~K^`4k
zY;6`@$btxk4qQ`bW4>Uk4vroTMUPULNXxvRNwNR@ZZVl-nRUMYGFDISm%E2WM$mtT
z4tb`!Q4?~?PJZ#-9ZO>l601q8_pvoucLn_~c=!KBE9ct()FojVn_Z2rO(fJ<^fv^K
zU%dmdF0Li>CNlTE>aDCHQJe6Nl~$5xb%xdZfdRGFA0So0&OY-|$&8B=mx&g_-Gd}w
z_KVo*!3$cx6<LxR30VzI=po5RV1H5d@EUJ~kz*R89&CihD>3|?0G#He4=Vz@Ra^gU
ze0;6-a+1mela0&>I?}wRa-X-L81~ZSu1bCOb5kgOjs)a?K#q>G{WQXmevWu22~kAs
z%sRJYpTSqTc49K~bV|6mTrpOeq}#gQzneV%BXesN&1<iV+u+MAw)iY_fjb$QA=5ry
z7be(KetLLJToS9yk<EW$Ca?`tm`!4+3&TYspEgH94bR?5FM=;!EP&!WhbF$Ji6*Jm
z@N*9jnkttf@M>KT+*h<$z(6YyJ=3#DKA0<A3@z<;RIf2a+Bfvk3wm!K2T*U1$e!aU
z6x&)GwegA}O(_sqmbjcX`NCuV9(sDEOR{LoD6R?|;g=(HKOQ_m&NNYKgW*XYoO0c#
z{-X&Ub3E=Bb#B6T!5)2iW@Nb9)L=I6-|uC8h=*?2%pU}0f4;gyf6Gnbnjjv(UKU<L
zynLd!7(b9(e>7jjBFzOj*duNfT?Gf}_{COqmm=k|o0W2TE|hI)=H^@-DyWkwUv7LG
zcqzQHU<r66i9T*O<K?kz_!?u5ZDTfl7>*wk;Ff4sLxtlz8q5RS8)WQF%}~2DWa^V<
zc9*~ZS+E{hY=bvdpet5g94A2gMNo-WE6p$ZjPF^B<AicZ2I2VnqExM%IEND}jJ`ht
z<w%YBnAuySjM+)AsHawodR{KJz5j?b9*tg8*Vs?}LW?-+VEDGTq2%foP0pi9nY{4Z
z`)0&LeIG*BvUAr*mOeH&nVr202i+c`dYQHH_e>IgVg}Y?E8ckegMR0rloGaQAV?$`
zwK2H&Ojj&khl;UWbFS~g?{73tzlC36m`Xi?pq3}B1+~4-6}PTgB&wMnBHKqSCPDMl
z@(pH7@%N!T&#rPTdp`e>02>A(WLNR-Y?7%py)%ZE=AP-;_?Wkj<aev0Ehl6APCrqT
ziMZrH#ixQEQuTB^bH$i|@7`XNU}mBcnS55H@b<vK@oUtM$X`}9NqU8PAoF2#!SmE?
zHa?3@0rmG586WAh{vq8p(ecFchY7X*p5H*zG_vx$Kt5d{(Q0J{oHi$>!Qs_JgVjn<
z^<rR59&66_Bu=X8Ddj8|OMz9J1UR$CP+qkpq0ry<S%)M?_mQ}X$XXnSZ}|g_j#8*|
zM~J+cnI0){4W|OzM_(G@B@VC1>(UM_$r&0ybhs=V7Z<(-o=f52IiLfsZ4hGzmz;c5
z(38Sm_r;~jVi_G3n8H=cYN`s&>deKfKetDl%q11r^-nRQ>h1n5k%&@L0Q#Wra~93m
zl4CG;WnRg|U+c1+)>mo<4#X)mU9;RP)@l4v=z&IZM`z^Cy9>cC8cE#2$ASWY*z-}y
zgFq1_$R!hRU%7zCPT1&u+ER1P!FXGFsPk%nXF5fRd_1;e_K!lp7X%s!`;F1mBL^i4
zHujp$=$-Qw1$BfN(W9VLTq-_)zDK%(?Ldx-t8vLt1s=QIyG`k%g$Y~`jzmu9f`UbL
z4@J9QFG!nRZ>}YP?aOdu7`Lij&GIbN_bc>h0$vi97hYL~tSj;jP;)7W|4do`hCkd8
z-%RZz9cCNlL|pgr%tVBt1CXbFf&Fh*OMUoL?RuV+&rb;S_WkL$_{&b`q|X?Wn(}*q
zDo%0E=Vzv>t1ZhFV`ta>ueNG_9UvN1b*F39=Lo_P+JHyN8gi@maNv*<;XQV)^H}{p
z*p4=)Q#JxIsfh6X38{=RF@<)eos*{$ca&RS`5<DbD{{a86F5HK_}`utXpzQ?yHdNr
zar1T84BEJtNBM`><iSp93PT@_N>M9$-;*YlA0aSnt+)fL*R?;6!*18%2m@p6bqt%V
zk`q6x+Xsg64qLHau@f1yw&F2EtK?Wl^|2artc!mkRIbPhw?mJ(5KXvUHKXidpX6`a
zFdF;cGy@3*F6>Q9p>jxhd*GYRVM1i9?M8MlG#@X~{}G}J|BZcj*_0v_%9My`L)EFa
zC{<BeEG_aoQ(4_a`x2reJN#<X#?Sb@dTcTSqC5kZw=?xS-AsosjFj}40ns4a?o)tK
z7N56wZ3RVSIjNx>WgvGw_g7eIU(4n89x4~-68fwHEV0J@x%f?N<5^cyNQsB<r4?CL
zvt3SBlRBZaWnPI?TT*Gu8Q0`2fP{|w(e~yt16u80X1HVwf-@=yQJqAcuU4o1J_sGO
zsY@KTAA^3p3>CWP4_>d%n*t&h0XQE;o4aUkndZqxiUX!US9=>tPDja&456!aiIwd2
z^gf-G;=2x5f_|844>Nc7%_U7(>eT0Y!(uyXkA0mO)wpW_PJ<=Gtc}F~6UaLdF-mtz
z$!9uQ0<Jh+{M@TWQ2ZWksfCks<ck^+QAOx!6eA@`;N`o*4$S1{#Fim*Be=)AeUiy%
z^RMszNSUtM4S~cPAuxyW4qIIwlJ|rAIpLAiCGk{R1Rz#NdvPT_X?v<}`bRN!IxV=D
zWkJ}k?9!U1%0J;g9_m*iqhC-NiaZoTJkwe_6_IwEb96ni8ZYOb18O;jBBU3mIzy`d
z^@de^D%)pn)xtdl?udf?Q$AsM!C%%-RQJ0`qo(+v^P>~!t};I-10sHWkqQ5$&H#J$
zrXYU>3Ijs~Pq6h=iKk+OoLsdwtb#Uz-G?dZ$YIu*{hvyp9W|_Ut$&29aq|iVKV({G
z)jVrsbEw{W=(hH6_8LB1?ckBJr(kZ$i2dzdL;Uq<qWxjwtn^hq5|eN`K3}+R^RtR$
zn%L4^@KDQlmXtU~csl}}Eh8oUY<J1ohSiJZ&ED!J9?#oHNTUT%J7*7Y$mo+j)z@FF
zej#r}O!(C>oHMncz#_O*hJ-@BZ)^k(Ynh2M<eyyOCbR|ttd!8sWtY1As0)@@T`KTG
zFZfOqmk+sr$+hT>_vfCpPTdKGRk8Jz;-iyVR%njm;f_ny^(VCJD3K(3NL~ne8Gof9
z+Wyc!=mJUQbU91VJ0@=ZDOGWb1f+4KgA|xYVnRN3s-a<t{Lp?HkdUpvM@w|=w#5Rg
zEW{l@xQshT=I?WI=M&Z*ou;&?LdC!`v7;p8@DGFE)ZePF)s_$kS5G+>+SM)!e13SQ
zWaBp9I#2k|pfFpIey|r59ynwYrKWP+fc$SBEL^2f_J6k@#-P(hMd~vdvA15^KRAC`
zRCU%EMES>WyD%6l&%j0ByrR%qhXe36dgjoR?TjOpB)&4XY+;-nv4-_#YD3>d)N#Gi
zx?Aua$&~^8G;H0XpWJRfV-@VIZVWC1?W>?^C&Z!_K;g&tp<A}%6w!8stOj~4eulD#
zw7!UG1P}d6s3U!=+b~bg%R1U2E5{uAws+`~-&t4Gvj4KE8WsM_qMAbTFN>;GpzDj&
zZ(Sf;!wE_4^>=D&0J1ohN1?8f%=M0FLi4JR=H%H3^uHsR{s$YfLg`29dir;9Z5-Xj
zlu?JZ%b!W6S5Rqtir~7rRBnzhQ*8;DRCFEbc)7-0KJ(^y&{?bzo{!-!_8k?VQRXVM
zAD0wM(RW*cBCtgknv*XnAQ9YG;=OGpE}3bN{b8}Lwxl$Z{(95VUInpbEOj2z8h^sJ
zdRMQ*T_dp(5jgpF`Ro52UApH9{jJ8jKmCz)u!>eT?F@6EmP&Gc19URX4I_Ifq^&F&
zmr-bK@jy`~i#7_Jr5+)-wsqSFU}Usc+taK5C{rD7?PTU5Mr{=Y8KSSJ7jnUplDVG`
zwe6#zscDGmu1Bnp4dSDEdC=>i&h9KvEa)>^?CS9lnf5dl=#+w*tA^&@>7g3D3`sxz
z3KJfnerb}&?V=B6@5#y<m}lzl`AgC2@3&BMhm*bFlx(>phcVHQm*sj!!bqhir-;a|
z7MV!j4_pC;FKQZCu`xKOrJ>Q`i^HF0Q9yie#<qD$0mdm|WJ}aNrISzidr&9FUC*RZ
zVPs^aL`vbp?~RheG|9$5MUzmv#+y#YZ~Wu1(ZntjYtqp<o3^eQm+OHj4g?qca~~hB
z4;f}*bbLQ7YvFPx0K_a}sf_<5V0mBmVw_w@sVS`Tp~wYl{tigWC<rRxgDI3NJ%h%;
zq3q1oG}H=j@qT+zSx6yWpUgZ@N<1EKXCTesj2no7h-yJt?bjyp2{S&NM7g$S<7A~2
zA~Q!+(Q)l^EqN4_Lw)3qLYsuYdz(&8=;<t0$)8<ur2Vq4k|Jjl{{C&`7x7C8IwdXL
zXgmuR!$H$6&Gm9`feJ=*K6$$h7O_RCcCqEb0_FZR<>y)`84pEL%bv%rPHJ_CCq{m6
z*?jSU4@UeVy;>vmU{n>i8$3zZa&Mqh8j$*1875tbr)`i(=HaexOtW-X^le!vdv%<?
zmL;M2!}yLS8(k8(F;@H7ANB=CaU_A7x^6}eU*SX_kw^84ldBK{DCwR{5z-sF0edsu
z)C$IU9i(*iu)4y!&np_{d9i5|N_S_tTmbK=G70;2ey@iIZ%#APm)cl>I!hO468Rkq
zHOr^OWB_y$VlPoAX##_E+WB0CD{$3vTE6^iDWUMl?8~{zi=CDDLpD!9+5!OXQVN-h
z&Z;7bf)cmsb_lwcFZqj=H85sY$Y$;Ftz$30R+@1))EgL)D&b_xs5mBF|5-V+g~&Wy
z4BaWn7N)=0#WjF=u$7tdi0XPwOTEmRHm6Lie)f($bBnHAs!aoOnV7{biTZOq8WmI5
zu0h%}49}%NpHXOh6bezCQWruKf_wOzdjE*hSj5f|DouCfQ%H#z5pc7tT|;}1&DCF0
z<YUnEPCM-P*XD<Ok0b)QfRS(GJPysjdQI!NEJ1{bdo9-IH-bZDJC>RI)1?I&MjSII
zH$)6fcexY8TNx6Jbg#Wi#AN`2mOy{ysBD(z0gYI3Ij3(|0{7F_!*IpQ4onlOQVe04
zQSWM)*ZQb<1cS*3kJ_9$s*$m<FUa0UxGDyRQ?mx#GO~?o6{5Pi+7}SH?%p?{Q)rr@
z|87OKOTJ=$o{3f_QRa1}*mXg6j_%le+;2{Qz6V4HJTX&O(A4dd=$TqR4|r3F2&aN}
zWZ2KaMbeMizOPsdOO5>ZF2L_pS^eg(+b(&?H1aY_Z05amfrE@xH;GYw%RhOV9;Kr8
zYM(lc-~NV(?i$Zt41m0yO6$9we)GDP96Bf1pMSZPmgZyq$aq9klfK?hrwc9Fvs<qQ
zpGFxyy1}))nT9yuhc0Tsn~5$9Vg#HbynLnlnW#td&Hp~uw^7faA)P_=W5Yg#k(cO2
zlVWSiDMk#SxL<aNMNTgnT#5=8hB?T)HTG@55`lgP)$Anj@$0#uEb_dx*IoSZp<$X#
zwV%jH<zVW?yszHz=9Q3=%OzZS<POr#Jl0W<>MKF;hioRHAoRhJ<W~vw9VL}>`-D3f
zOCQGQccv!LIUF}KzGotk5m}}8n8r+bZbAO|sW^fnwGyrI*H3`+;A?^9SY0(Q&1;hV
zHS7m8C}aEx^CeK0W_fk8U0kMr=?~<-Ll)%pFMm}nZp_d`17ph3Z~3AQ_9Yoi{yAR0
zs}Wi3oKBvH^ZvGj4Y;xuA%|NRQp~TWte&T-Ka<lHD$862pneT~?GWT=zs8O7@td;f
z&n4u-9^Pt?#&L3T!wd|(w70l^1yJVo<kERNEF4yn%i1p{N{jKZc=9-s{^`h6=&(dw
zQ5okTAIOt1J~K=GiK#@+R4-rlHRHb5j7;==;LvTRh*YWu)rN8u#=zyz0NoQ6g$`Y8
zO-g|GgOTpE$rIh!qUQlmt}pySZ%PjjC?up2!6V}`8)04)LvF)5q`hncs{Zk4O{)0~
z5c>`(`ooZSZ>16~LA<u%(qAamkET?{OQsA6Z<h2Tj8}uvHb0{KJ6*)%R)GG44QJZB
z1ir9<am2~y;PyN6)4n}v;3!!pA*OB_LMFegxxp`S2I|ci+9-JPQjrMkRbk}O)-45x
zBZXuXpLS8qjFSVN07&ng(4D96-vq+4v<N(TB&u{{h?Dnce;R0ZIw<TO+tvOhlqI(u
zT+5tg*yM_8-H;gieoY)l3AXGp;SYgu`HKu)x#$K%)hf+kwF4e_&u_MoQgu#seYCLd
zk&5Bgkm>k6d$Y^cJel9A0E)M40`6239_(H6?x_lD;Nv1-uiPQ`Yul!8@>Lewb01*9
zM4=GAaA!{`b{43XsW?;M_{!isZGt;;nxaxN>`YO$gZUKZ1m<Q?NLOf>FK}o1wm@vO
z-qkyM0$*wjK2$#4YEY?#H~pK;5BVOKQ@#rT^UDlkd0BEU6{~%sm@s=qwLtrdxXjEt
zXhnl4K5fQ9jqgMkhLBzU{`!9SyV3LE<*ULV?PmS%&0uxGCvhj5=Sig2z*IvdAe%25
zYjA|g(RR}>*m(Ga=_Lkpkc@TskdEc`d*qk?m6q|z1su>uH@JFe{F30R>Xl|d<v5~!
zQLs>;ZV=yW8z`z<hC^W1Y$&#ULV7rQ4OU`J2_XSPeX=y$=!*5LwKgku_8VtX{LjW3
zpj>scyMpqtb8E74c#z|s&repF^OBU;B2n)v%;n0W7Z2wCI%$yl38AAThX647Y|3hx
z;3tLmusuT(mBvaw!ax;NP|`}Wx`tB{j7hbzF?E3kHRkXM>#AACoJ4y*$(FPJ$90}!
z?442W1ZV5p8Z*VTl+zV80)o+R*#O=Z8o;wpxHC@u0$*GVUS><Z2dlfanIbj|g^pCJ
z%UlQpt$v^Ol0bC<Jm8Hb$l|Vq!vV`c^6dA)1K+U9+V<ZHT?w4J2nN<xvhvdSYaa9<
zpd;4dgs_(yXR)4WFaG;;o(M-Klx&&UU@GTEyxlG$3JQUAU+X!*OqW$RruZOr(CL8z
zE;;-V21ZT9xw5iA0+JG+K=W@Nj`s4w1C;j}cGPob+a5J^>5$7uz+g0f*R5O6t?J5N
z)!svvZ3H{CfAcd+_SWEw3fq%o`DQx0p=o7ohPe3F$b81)ez=s$CrlL+T7=oGD?i^^
z*)iwd&|l|WGb`s+zro>u*glx(B3<rmUdj&k>fjjhh!K7<u|X&-*LV@Kw5z?i1&8K<
z)jc5*Z_<>35V8~9)}u!hEf*>FKB5>*G;hD*Z9G8zc#vxDSC+=4^|BDhj#or)@WQOB
zYv`$~u41u`)kpMO++3orC-GNh>G;USzFm<U^E??>WZ&Rr)4l;dpEQL^THVcxzDjnD
zVOTlUAi|}-dK+e6hdq7x&45IcOOkP#Gc=|kcZxxIWiE*lZVPgkp7#XJDWFu;fCK+X
z_Ade7w0M#Ky4fyW?KqK~4sdV}sAc{L3t}7FGFcUN+3>Y)^Rm#2NlU;&VT{Rm;{5dD
ztotQ#h2~~X&YHh#tXeSrlDJaxjv66NnLtz(N7?F$DrdD{=cm2-iXNl&s`@lc{E*R>
zBz#Dw{jvWNSkjnjPX-S@#_1^#ti-0(18Y{M-zIQZtqBtxSR6{#6AkTFNUmGRm=pw|
z`DchRv3ZHfkrvZzvY&@DYRTT*#NGfMm92k&b@i8?o_s1Ly5vtfdODk|c~qzTj{|6A
z2HFTJS3imH_U~gMm^uU`Y+l(DJEu)=I|R~a%OZ0KS^Z-|E3&L(LX#s&A7EVahwE5x
zc~eJij4+yPiR*Ef9LQKB#}qGL>eIvyMkhXVu+!SU@kHWP@0_`DzRjZ$Bd*xr3l8Mw
zvcX8{NE4~Y``0OrwSPy3gI~Xom*C?A7w!nns2#{iCxRVm=xS|F@a>d73{K;R!^r}V
zUU!WP(23J`s;>(PE4kvpKt8~;vLs=Nxel`L$%eeSgvuotEVz@<!Ln~|Gj_S<j8HyT
zEf7*74N~pzJ-{SA$0${D6-@m-P@B^{1C3g}E8rrI>w402^axlzm61>NSFaEsdfk09
zCxX!>BSz&4CDj2Nt895BO(UH{P3ZCsOEy^n0Z1wi3Fg;@f3CZoM$LN`BaH5QCn|13
z34hW;C(naDkFg(ODYPdsjdu{$cMw5y-LPQk+giUrp6WGKw@Dn1TeaZpOk(!THwPD(
z-a&cCuA7xbi!vVzFjy#R1kwdDlh{q#T4CBR_G>zX(lJ4=H71I!H{0_vr~Jk9cVy>j
zG{G7gKTD}?0E>l9+P&2hS$WP*^=#s`$9%}i01udvfwOfR@&&WKEaox~qqCRS;rV;Q
zgr0(fBqVre^pXaPeVVTtp?0vlf6FUa7&aeHE4z@eydfnYaXE04BD?Uy`O}&Ksv4b=
zl#BM~n~;i!<ilR`mIU`}Esnh(?|u{mvh>g@4XIuxg%oG>{@kssSJOF};NSL7gg372
zyz@u0DW{OkAu`bh>DW(I@lw8LW~em0g25b~wfBHkQ@fa1U@t^x<XOMZW_bDwH4#x<
zudZb?Xp+B^ZB?(W#>du+#3aqrXGr@o+}gqsL))kzt%u)f{zs;G?Z-9!>xotID0}o*
z=j7w&4r(^>U1*HP4trnd7!z6O$KM3OR%zIifzOGD+dR`xPw~?Eo*-i=*4^uBJiV~D
z*^nlRo6qkO9BC}^yML~ibdgHJLPFk1LY!Xd1pQjK!4Sqa1&%&fK}ZQx^!^W9?-V6j
z*KO@qy3&=ljY`{DY1_7KtJ1b@+qP}nwlhz>AI|yD-v7Lch>K`zwH9;6Sfh{r^rVZy
zJ{`}mV(^rl@m^jZ#<?{jcKZhrO6|?@gI374LYX5XDqA=l;P1GyP~_0K7iR9$TNxFB
z1D#2qO_st$jvJ}%Aau05ERK7qDveI^D}r*uZvsX573Q3MUaj!%pOC1P;B+O4Lb;5y
zVe2NVyY{Cb)j_`yUeWN^F1tsp0jlpt|5V>r++xmp^d|WODZdjGg2)qM$z@K35A+$@
zU%a(9ndLn^euuV-kpFXyK-^qQCZizyAL~_y5RO4ekmpD4gUUtJx~NRQPaA2gXeEXh
zLrCEzPcK3*A>rUq3Juj1qWvzmh%u)w#S<Ojzt(rWr|eJslxM^F!2nMcrQ~W1S(h1e
zO#y>e?Bn6wR%t~_eTWjhb|Fw#K<otXKfu;aeg9|JBF)n2Rn&IBDh{15vOAUA<i^mA
z*hl(zjJ$IkwO85hFvIIQqJdNQ*e#vNGYlY&<vsULA4kR<J$Uc%O+J-?F;Aa?Xn<*P
zR`)&MNl<)}o{X)#pmJ*X9W9ygQm~rT3-zk!H?jY?k1&#_K8XP4QM-+_av*Lv9Kt^-
zx`F!@Cn`kSUaD!IF0)Oqh|y-5rtgC^iXadMHgCJnP*5b7s+f+6<sRU=x6K>iwEw=<
zyV6(RpW<Ok+tp^+P075DY;h9GKA^lZm4BaaoSDuVe9xUFRNs^WpP`YdPdN&RT%PfW
zbJ1P2LPI`&cXUmyf_!a!HJ_Am1hy~^x8CTi{-C{k&NT@YDxxh9dLF8}OrC&kHXgHy
zH`4;<`;%CmT-V};J<rKhxVfThKCL}@!@*umeR9zq&i8l$1kVUd&+;)Nmj@&z99d*N
z=k+C0EG77_^`(>Zj<3*79{`cE-!vS2z$yYZYNzVu$7>8@e0N=Z0}V$o;X-ryP`Kc1
zU-0qTc@ZW?a39LM9<`BY)(ofGh2$V=;Th`i`Rl3eK+E@cq5r<*(|aHy5|(tzww|#I
zW#o^MG|6EyQy{A?NdQ>Ya!T#vxS1~s*Li%}!FbXz>5?NtLzXVf;$4<``=Y%|NyYf;
z37?uL=p@`^g=YgCr#hAvvA2bwpCyBsm^3V<1b?F$HrHA^6;K?4|K2zKC%+W!c8w)0
z>BtTE7y09%@}6^K;rEA^D>x`3s(XeVi@o`$V_Xc%<@S<PHM_&d6hph()LKY`Cj{xG
zEg3Z+`}JN#b*`Pm2JJP>9BFczp!5S)B+r?_<qjM!>w%Ei77s~1X+rCfu3&W}vIX=n
zV)8Gkl~o+cb44Hu-Gz77JT7?q15Y-;^&&=#WW3tg;g?doP|aMG;^PhO7vX=ns!?9^
zIOHlTW_ozO0J17IhopY7#t%8j+5v5@L7RMyBTZ}Slv#^QHGfaE+0g<7q^}zi@|9$P
z{PS29lG4RzY<Qhv_$ey3qkR!kLHzb0MFC3Hnd9Vo(7?YAuj0LqYQ252*`G3u^+Hp;
zBt~tw624RlX{O6G`CI9soNX~;7A_7ORKE9Q$FrrDS!zi+OTJ1OaM1)$eRfIHpD4W5
z9Vk8&OWRiiv@cw<Dgs+#$&0$sb7L?or_-}|7RMD0qZPJWNIkjN7N%Nm@#@h7Bxe8y
z!FBIp0_X9D_aP_Nz9*GIWXkUTXq=63&FEr!PdFN+>M{s45NLc5%=;lRfn6(_^!Ex3
zBM_hTrku#nwb^L#xC|3(x-T|AjW=0-!osx?gTFQx!W6qwB<N0ez}=3_vy>WA$Y#xJ
zj)Ka;{O53XG+beS|I&Q`23MM$qU^-1y!T9d*q`94rBb&nZeX9tMqJpnB)Y8Pk$9D-
z7aI{Bw~+_C_><W0kS5F+t*Ny2Vh4tT5Kr3td6dG;$WM<~n+)-~Zl6UZJN&Mt(e@_K
zWSb*Ei4SY8*J8#YT<pKpNJn=$SFx;xR75NaPOiGcg(Jm(3%&V8=ct&VD`39VTs<h@
z&_<yC`%HXg&D+OU=xK;&+>DQ|;U&D!d^TLTGLo1J16pae5_s41Xe~-mC{%aL+Gq)=
zy?mC$*zj#gZyv2s&-Ay82l}1S-8bSydo1rD0Hvnjow6S45#Baapa*>cPBXY~Ep44g
z_ymJ{igU8W<?<unL;wxqh6hJzimYIvB!6$G<jc_kP#5RldaiS^Ixg8v{H?q<LuXFD
zinKCav%?OyDc=Ge8RM0y@q7o9pUYqE-1%|KA(aoEaLOEen^fhwSqI57=|Sf#0z*-j
z@hr|UVSK(amw|c8Cy<Uy-L)OL$apb|hkM?5B36Hr`cP*fGA<o&+giO7RLmNBi9PBe
zsn$QWQtovdG74VGy#3V%_0CCky4iqG8QdyweP-WPJ4L(Fw<Z`|OkXC_iWUC)c2DEk
zD&%)B!%aa21d0)Ne5}Se5nJ?_KJPGSkfA(T&|doE=SiVEee1BMe)?m<!q(QqR?*S@
zRW^Y@HYpMdL$x;gJa+m_O~2rubQ;53G$Tj(j=Xh2g;Zb$++7}@U(PI%rn5e1XVof<
zwUs<2@phRrkQ(po8B*cKmuOEbO^qf!Lx26tNrx^^<t8&{rEyF*>saqUv-0J6_XlJ$
zO_vQwa<4Zw%e;>!`&#ALsMAEt;|@>QeV`Jfrws)PtRVu&dCH~lg05fZO3}ivIOx6k
zqzZf&+<%T2EBBtaJ2N$94;h^+D|!;Kk+3>@OF(d%G-**(*oD`C9dbuayrmBKg=5^N
zA}mdXzxe%@+;+mzswzN<u+aCk!_;}Y5Z->Q#%Qu9e!MSkm7ts%ECuBZ=9sN2#L=k?
z-%C`_Hb(L`b}Z#ZUn@hHe7_XD1OV4BB7CW7Y%+VL17@i)Wx<Hj@zmyyamSA{4syju
zahe%7%oih{TJt4Kl}xb5Asi_2e;0RDpg&FW@_9Zv05?_a9l&bAr~n=|77;K`?KsgF
z3z=apu~QLOW56UJWW|8TQglvCj(zW&%DJ3U|9Y)It*prmb1Qj77Bqs>8`!dFxHlH$
zM*i+B#@U~C+ze7{d!y;+$d+S1MTC@5#4r8xNJ-o3#)y?(O~%;K$m3#7EH~OlDc|sJ
zQ)yI&drw!37>T8kbI%4SRs9$_k=m{CSigR!0{{C@ln^h_IzUp)s0)29<D_#Kx)nlN
zs&1L)Ny{w|z-o1|zE!0dp5YTW4)Pao`g|EH<vB{lFvLXHkFg=uB)=S)p^0X%;bqbB
zE&o%>kQ33!d>9GFfIIl>%S3&uqG=D&WJ96$dJ6`GuR0b9M`<e~bn3k+PUDzMR1{)v
zKeS6btW3%N34avRM;e~UWyuEW(2Rv#M|*gkGpfU4S4oDD?a(D4;(`+t2Yxpzs#V>*
z5wp|`#at~lzuL3+5t^P$5eQv>y_nHVWT}pq2dt1Vc4w2!&HUU~s*8l^&`PB#vrU3D
zN4#?~lNe>}T-%kmd9c(Cl22Hm81CmWSLi6X+2qwjQ`g8*V;9$mV%*oU+*7dP&{maZ
z*AR7qlq2LCL%-d#yFVg|jQ+k@g>GVfTY)sm!-zMqO&7jI=A^-PJZMKlp0N;Q&e7v%
zJD0RqPp3(AixX#L@N<@ISpx>5ngP$X(cgDkjh|jce5r{2S^ddoYqcancW~6)c*2H?
zuDvP)cHU*Qi*uxyV}gSQ-5}Vooib^E2G7?`*iiKNA~6e{w42Zp>;O*ZX(X^5(Y>cl
z<lp6#=GveYy3V#1NqB2hhT#E{+sM&XF3?o_oi{C+uxE;Uc~`Q%Wr*^`3H9{=4wT;0
zKv5omPB04sRB-x|o@UAaIFjf#esy;k6kz$rk_pQQf134`j?#+}EkZ7LzcC#t8}95#
zPS+bNc5`+4m#o}Z5_j91FQ|g$$(aOl!zG1Rr_|MJJ#jOO(vov&y0t{bE?{$>HUI0D
z6|VYxC~*+l&Lb^;Ij8M<u#`7_zEXe!v_R3}Omfwi5wv^kx3pdK4)33qV%NcJ9+ME)
zGL1FcS?6*vAubxuj@G*iW=bK3SQ?&<O8J1YK}|=&Qo%|aKP5oQ$yl9e8@6yCBMS1k
z^cG>tI=z*$MW2c#DHBo*x^79fm~axwB+s?P^wHtSglpu)%r9>K_U|S2qCF@G?@r%I
zN*_Y5q8ZI|Zx2W#4=E$vIaF`x?{814=6_Y=Bj4a0IE_Tj7$ZFlSrd=0+M+d;2c!LD
z$RX1UY6T|bv#c?{S~o(Ed^`5V9~k9FUGG8U%N{>5(`PazyOXci!+x?ze?*4no7kB~
zpww~lSZ2@%cix`*#+6&+5?`K4O9X^>T<FUr9fRuMgN<OEx&ej7U05>LZFv6XhK80z
zGH`tmV|^=edmH{!q>MdWqqC`M7AyRaTPUgK7B!sEH#ZkE_M2sAk@5KzlzpgA2&OQG
zwM?1YdnDc^K;saWt21u(Y6bl>#*t%P;wBYCfF;MoEHsdxswn$G|4$Y%EC6W7>Ym=D
zstQ1{GOc1197itK*UO2*ZWlZ)o-oIrZga{OH{j-oP=qI6j4$FA%7c~2QlgM2<j9xB
zj2Pya@MAbQq|tIprFXE*F%sT~u?|7eDnFg}(#E;mT`xdsbI)&y3MGa5iuD6YW^;u!
zEs?|mkx0U};^e=V%AYMqyFKiI#6K?3Lh|nQN*wPJPjZho0+0LKw^@ehD#(C<*4<<q
zkFy4Euf<Uk?MG^nBa0WbPU|VRAy>y|-BUhyRve2Jc=P3>8bRlf&R+lgVsxG-+Ed}e
zJxFf$J<QPp{cRPF%}gs3QE&>1cQ?f@Z&DPKmOPOIP~19^j|%S^b16ebqPIt#e~IfW
zGbEabxryf-z1E{8R2aM&?^Jgj_tu_>RoLwG`S*Bw3qSs>R!GKJ?*uU}-nVtE8~8qs
zVT~8S3kGjrB-K$9!XA<~af}8}pd!dg!ZaXwrg<XZ9mDcS?Hb9*Cbc}?upuP||DMV)
zONW$#qe#m9p{p8=$3jyOb<P%)IrRu#1~bR_NFSqPqS38vDIgr5N+MfO9A6p#z2v_T
zwza)}cML2de9<1<<WToF&ROzhHU(tcBfbKh2q*kM4~efXdE9rX;=6PWWYtkHL=7R3
z#*N~SQ#*{|?ajDyMQteHntLROV=B#mzN?^J?)L~kNj<r9kc*2m@^t}_SGN~jW1o76
z2Wm4$Cx~=1r{jrc5w|MvLnoJwtc%=qEsHs9h8t`zv0@Oyx@>Nu!8*djLR&xx0TZLm
zZkIdPRXGXz;>GmzyYXG6$`1)51=ptw6uDyX-Hz&$Pa*R}%tsF!%GO=Cqy(!dCYuK+
zh*a8odjRA$G?Yt%Yf``X^{?rOjc2zM53blD5Ot~!-nX6?2EsdVVFe2G2U?DkM-pM^
zKtcM&XD<Btw$y0?XU)ffc^gLOJ=GZJh2vM8lO5iwXx;RS-Xc1+GkorQE>?#;#?0k1
ze%J3C0zi(Ruj~RyiDF<wDC&dx-K0OQ7|%h_YYF?q!+U7F4cz`{pMfPvS@dTNo??7P
z!k^H#BXr1{Kd|=oa|sDtA3b3xK?G7hX+pu{5I<{ECmNh{C*WLT%W2IK;b97&{Q9~n
zPBe7QsCyikPm+iFh!ZVJ!2%1FJBhfQC`U_46PS~Mp!j+=`Vtxr5;j7A0WrRpN><_Y
z_?>5_GQKf=E)T@STUP9aK4a{WI_5jfL$M`287vBI&c!gx7i@On{OqnK0xsG#scW0}
z8iGj~c^$AUaPsbR(h2l$%28HGv8PZHFR0t_>yicT|1iTjOV;FQ`Wri(gwJd>GBU}T
zI=dav#aT|@$>vPhY`pWPbK>U4BET{b)BGdijE40Zb62sFDXwR@1k|9SEcwX$0w<yE
z#l}jMQlYYsn+BYBfujdBCZSs7^Q`Fs{v|%p=4(9zy0;PCvN<MP|Lxz6ixD5FN{qj8
zVV$<tNYhzFtUNmnyd)~zovs^8sRWOav1$#6>)wl@Z2Ka4n0!4I_rKamaCZ3?ILmS6
zEiT-da`R%56;}-@6v-JFWDf=_$JSf2TcbZ0QXSn62UE-27R3=R$4(!rBCr;LCAeeI
zmHKlHyd1l(W=bdo(58;tS%Y_fh}M|SVYI6okAR_!O;{$JEq8cVg3m$P-xi+DKt43E
z2>T=V-@%^lt@y@qU}xoaTm`Cxaq~(!31+2Jrr-OxNONC~oFGirE&y@~6V9wWW|~%B
z-GzwI(e+|pV=S8GWeEr8y5QlA97TC1qxu%5rjqv|WVaQe;t*9AYKtxI8AR*+)xO+R
zuyMBCoL;kVlEWFHb^nI$N?d)t`l?XID4p_Wvw(v^0F|L}$yD-PVrHM!N&Ih>M28Zs
zTuhM*?%_~<-`i7b8$HyUx$DFx+^+VVQg_asP@-L1|2AT9A_GM*T&Vs;Q+*go>tOQq
zc;g3BDA1DE`|O+AFQBz2e#(C-K2KAhrAFjAI*nukZ6iOQ!lyCp)j8;GyahT;CiQwF
zP&Upw6GDG)RT-6LzuHo+1?`4+^-K&$!jBbw=(bN5{=|vJ!XO~lK311!`AN$3+82rm
zwx%{1exMjpX(3zHgPaxj4mezD^}HrPW0KDQD&#kxXU~aOo~*5f#W4UW0pf=#Q823O
zWzmME4HHiq%^A15HHS|Y^*Z9t^J$j_D1Vd<zqAc2xb(0#FeS^)8UNH_?T&0;hD}ia
zY=-+O|6r(QNa6VIe|IMAzEHx?T#l(&UnbNJrdI$lQKY0{=S%UgiuF!Ma9or>+C2bV
ze$@jHcbdo2Oa!4jFq8^!?(zA4;FTuNdB)NhXOx>?`M<5%+h-LNFoUxPje*+xSmJ>!
zBdK`Pqw0r)%T)}@tJZdh{5X_pZtj^^_nzh03Y^-Izog-|(P0F0E<^#9MjX{okiw0p
zTse5oi%{B2<Wwf(E0wr{1H*{!mgN7yV!hQMOT^gQW8}K~m%HB)(|_^r{A0;2s@6yy
z!*b1(%C}SCo^l)L*sL#W8G53>52;HXJ{{SJ=MZ5U)I3(e<HbH~?62U_8%0)8`NuO`
z=S&+iZw9jde``~t<Hw`PWZk^X?)z5{Pm5AX%a(@d4u?TAsh@_O*MeMR$wj`~(L#@D
zB24B^(le=fMa@71VdH4%obM9PwGpxZ+L75gEp4EyGx$>T@&9OMY)C`yA2Lv*zoFor
zW}gBv0;Fh79{H}aC9$h4|HkY5nXvp!=d~!%b_GSaw*hsg+1(>xbQOQnXc&}^#}5QR
zWh^rs3oh)`SA1@0?nBk<8V^Sl;)H0{U}qmw&P{z!T+~0Nw%0%$I;OD776&>2;!3k-
z(b&&2Mw2MIJ5zs9q)GNIN$V=8>pb-X_zeG@1qd2KwEKWKfFP~kcqS1YoA<btG|$TF
zf2(m+48^6^^u#DWRHz-7=vN}!_n?FsKVz863_aM)A7;AUbxxPa<;WwwU2yjv#~nj>
zHo)d-$m$xCxPHNBp5|(*kJf9^<dPBXp=?V={(<5W{oN;5Z`b0At@k`3&ef73Gb^Fk
zYc@plk(VFJ*_~+}y;OT}0-`urgCzDk#pY5j{K#W*+n&&qSPrS#dN7m_G?(#qkv_Ts
zaDPIEkQz!rRMDpPJ#9pQM1E<I5&!hZOmwY}`cHjH{IA|U?tO}*VdJvumFGPP78G~y
z-F^&frr$ayx3P=bNMJPke(y@?qc>3tM-E>4SCPcY;Uy|k%~S$O=CJ))t7}Ww$aZwc
zC&S0^rlD@PRW{3^hDgB@5xe(D*rQd^e)+guL-sGXaCX;9S^8Bw$Xz_yCe!9`m^Y^(
z`v=?KO$`|1sVZx{|81atLq}Sm$wNb`uu>oTMp2Zup_*C0_=4QKAh!-HFuE&#+T&Z<
zWbHjnc2faNh2?>;({PqU0x*g~Uo@Z!XX`Ba{(e8|>KxBD!xqAGH@<b+3$@Kd_kWQw
zOlJ_k0cIZZHord6=Zyx{JXttxefr@(!d(8u|GW1+;)6U%mHN$MIGK9bnE7@0lO+nb
zKM9@Qe-`%tZM4@z{kzc~Dr1`wHc~7oA7m}zOjm5-b};6Mo3%Z9k=h<A_HH8il&w0N
zu!K7ro6jqMd!|hqttt@1ri%RET50)y8`BV=8~lIkqkQ(!+x`D&xC35Rn&KLcVbTqb
zr>jYYI{@ruBikVjlmgBfMC8O7<0>pOO4={Opz|z}9JWa@&^(qGDsYha|Fkj*Rpx6$
zu0Ngu_(JZePyXG3!9Y7xSEtJ2ldpTx(yx6x8fu&1tS5Lh!K<F>ScuoAx+({gZ=u(a
zj&SYvRafv=q_h~{^%o9(tgmi9;rdpd7MU`#reeU=j`$?#R~wG0PxMZEab=^hz$J3l
z@fh<8jD<rNeR~xwU_1EVORRa@-c-wpFcGNI*~%cNyQ80c;T+;Tc^>n%Z}B4K>TT!n
zulvDJoc77CM@8_wsWz8m09dpDDJhwNLg0BeU{rM(B^`VcqvrAm0>Gl>?b-f~Ck7UT
zb7!Du0fH&*aIE+R6f4IV^zHs*dWNk^$79(9^M6PRbF)drMi(h{!@(z1c7NSI`kGlt
zF{@iByi?`No-+EQ;=2TO+Q$ZgpYRKJnP{uFyQV5PmLGf6n8x3=r0!<<oOkpyEIIGy
zYX{(4^o0&!@hDs>JtMxo1H#&`x@$&{V^@m)Ir_il24=HIzVU(IhJ;14xOQ&8kHfb}
zP!sA!cb6^=>1C-ReBwP9PPy2+vj-KLkTR8Seye>Vd~h`)ZuPIvmdpcJt^d|LRY7Us
zwCT;bx>uehvV+~kY94wu6%($;6S+rRE5DyL$`g+D1bfyguD^Jw|8r2bcQwVoP_7lt
z(RhBF+HX(z#k-y}B9gafwjw4i#Jl`TWAV?=DAorJfS@HwX~qD|McC2|W*fY-X3GKd
zRpZ=ueBP|Tkf2z=9J=`U`1?yUmPg|LG-glkf2YZd7b7D5*p-m2p$!&3F6a`i6xl;`
zifJr=-mxFcbg=He%Z#kGX1u5qp18R+9Azb1IXIKr84L%lIQI+uaq>Sq;K{5cR4Mbu
z8_FGhgrSkJBr{H6US$UzrIkD+=1+R3^gek=`XOx1@f1%+4kqr8H5%Soj25Kzmdkn@
z{{FX`>%nCV|L|w!Y-SjuzyU~STZC$>d{eWkfB3T)lU+Lfc)hy=!-0D~0RAl10aKyw
zT#Q~fKs2C9YN?sGe5=JUZsoOD@L;TMe>?p8ox2g^HDGD`N7}l~bV2$^daI{5Ui&ZT
zmBF9!xSzfYM`Tgp83xxkYYC^F;M=-B{+`M6jRi^W=5q)?a+$2W*ZfUfnILQVTPiR{
zOoV^PR|Hx2)1H7TsH4y7<&yFDe!W=Xh)R<d5KIbN50Ky|0Mgj{rml3=i=ptC-f0rW
z`3fnCf3ox)wd>qQL=X`e`c%OHMv3Y@4;<C8qMn-$EjgbcOgy>Rxt2r2)KvmOBQ&N4
z`fb26C&2h}4A<RU-)RPWCDXG;OzAI)fxgz!&9zd2x?g`Gdq&|1RL10~iSXqtBx{7O
zGberBKks7v5>-918*;%5l-S`??^LiUoiya)CY$Fgs+2lltLW;%V+3b>eO7n@3;uP)
zne6=LTLHz5ibp_96J$I62ve2GtE1+x7QSoAh9Y@UXiAfz9pK=Vuepv)zGw-m;nf!!
z{dj!y@T7WnB*-*YY}z^DWn6yEj@uQ5m!V=iF&rHe!siTIs@$=d{UFhT!zM73C<q0h
z&lWbt6CF-p8>vV_rOJG)Iv=1)wL8sxRSa33n5Tz~JIml2b{vd-X}zGc&vnMK98w9V
zmbm_MOfc9&*bw{esij&uLQ2ILKQSR$SC{AmAkvzC!}<sQj(>VZi2pU!x?NoNV9KQ7
zfo1m5iCv&*n=$I$Evv8J4|&fyaUosk@F*`XG<<q-4^2iukl{-NfSx9n&tF^f&st38
z-P1&rW~vauIs>0*I2j#T!}skOgmk$EUG`gzsF5uglHr9`04Z>JvD@_o+>FFiXEsI5
z$Hu-?UkkZGikAOl>vj2~uP+(`*>iYYZKg||v+0vxi<iudF&)b1^JgFFhB}6Zs`#pe
z2=wwqgancg5;KBVdMAlTafTo+cKOBs(B}mS15He^gzSBodH6>Rb83{#4Di~?v6p<b
zvBT6JZ#S6zZ!gbTh8bKHWF<U42kQL5yibK$4niAtG~Vk`CeMA$2wQbD|MBQ0_Pb@(
z?7sI1I~IASbx6^17u`8Hm%hFI5O$xxB%S5?Ud>@mJW38;VRcgfm68Gpe#9|szL4}J
zQb@t{jQB00$<TLQtqaqgb)<zC56enS9HSyoAYN9f$w#qdZ<^>eCpF-lMlZ?`+0lX5
zfvC;2g5U__9rr$Ndd_!oH#Kpq+Vfy7jJ8Oh{H^@No+=Wme}eX~Twi0<HRwxsWa@1p
z9YQO<H3HCWwZ7Bzs6^y-mL0{#z}nanb&qAq)*2i3%bnyp<j>~~`-G1cp$*aukT9K7
zL`~-dslW1I5c$+CeldcZ)EBBqV6Lsqd92ZYN%~-IA*<n;{qE9W4Cm<GH`}hk*i7c>
zF?;lMSMRWk|6k&X$uA|xRA3Su<9a7cGwDdjoLnh*)a~n`GmNK{lNrOqF3l;M0Hq6z
zHNPNO%UAP5F!@5@9GQAZUdFZsJQ%CRkfTrMJm;@eGv_u?DSY(Bd_efF=cgN5*G68?
zYjIXWqA$Y{+S@AoPRAvsj25Zhb`y8g)4ZL`;$1+RBdDKz6r<WYZ{~KFsaU{LKf9JO
zmxTzcAUsL43w&{a6`pcnSD#H4Qj^vC{BCf-h60d3%;^1n1;&x+{M+Pd>mI#yx$)el
z;&6<(zIZ<AqNv+Lic7UQN`(51U}tLAZ*}?|Tga~0QZgfwwDWu|9)^lC;(E6eG{<WW
zRG;*J*tWU<ux;=5)QhsKCNEm06X@%W&ia%=r?sPO>Y8da`A@>8Yb|*FJDacUObtaW
z*Ew!Buhz+(77#j7xy?|y<F%bHO;^nj$q4g8k<MhR`IyLb)t?z9X@wlLN+r@qN;b!n
z3Q$05Y}SLG`k(BjC~`kkpjB6>gTyY=XN+6mjWibB<Mk;hwu2MXy9hnrf2lK@igo|K
z*<7P%N&<PCd@%zEu-(taZu{C5k~Vyd23n4M@t#blMm!Pg^Z99<`I#IuZALan@7&8>
zm}TOmuH%%_TO)w*Bo3C0MG`3u=|uBGH~W3Kp{8v{BU_L;>n+lHbEh&>Nb3TWas!g~
z{zx+B6Gk_f%<+x=ArOT!C8|Q9XPz#}%byAF`oFu-{MlUeLG~}HZiX&>5<DAnW_{9k
z=)Bmo$*S@+_LCmg&G_nvI7r*a)9(5=q&GAc0!d*tbXjdFa9tdda!3x}>kNfFtS7F6
zr23^LVJv$569a1J)SLrXA#=7<AT^HX>C6FW+x3}-eKxplWrCbR>4sdfEC0V#8gKg@
zB7d$?S<wx618<JF%}gkLv;5P8i{^`^kT4r?dQ<E6)wuI$<gLCqqyN0y$qH8G%d|&D
zaNJqHo7lOX!#HC`7|;4rqOX38#PK|<@*ESxH&TWX;0#aZd=1*IFkAj%4BoAPb`L|8
z9mwh>>IB)mOL}><JlXrPRh&O!Hk<eUl4le{)kV0Uk#`P~W`L1NKERvHFH)Dsbra9I
zlfoLpU>>ND9_;FN_<+&2aJ<RWf7qp-pNZdiw63F~=VL<Bna+~;NT)I;r8UL6)P^4R
z#M4;wW?Cop$Y_H)71^gZE2y4GEdnrWmUw!SVi7X#DE%z<l(IWh=WMo$G@Y-6jo#R3
zCAi{8030|tb=mSaypI0q7~*lXZwR?1qKkFex@V+R{*1WMvUx|X*;u)#mnS*#4nQNs
zuFuYW@k)H8(KfvJ0!t~=9vHh{<EVeKDP)TVYL0J=(wr?r34G;4)whAm(-P?tjba_y
zBLLZ9?nQ)WM5QZ9a7*;qYdBJ24C%vN9=2{P{?fni?57d{>1F(XIAU;R9v<ZtE92U)
zOGg-BYcJ<h8;C4c@v{BpV?}SS;<*}~dV~QiUDcUV8LF?1R?OvdTDjQ4csh9hYYKj4
zERXg$&@0Y~>}ti1uFElN8I&fR^ZfZ2ZbodEYBF-UTVj^10Vw5G#vvat22Az_l727R
z;%nnPcc)a4_i2OGT<*nxSh|TbMDLItum03dEYV&vh&OX#X(){<%IYq}BK-lY8@rU<
zS1`w&lARZ}Q8*!FQnz6eU1+X%Vum>fPwXyvIzVcyw$I*z(7{Ef)9MrW?)@-PN?B9a
z?`U%e7ud?+#i%xiA|g0)TYv<X(so1OvW4{xH~Y|%aV0ZZ6+E^1QrEYs{7OyX%%COB
z=rA$`082OiqA}b{MLSnm>Mc`)OBsEBt_#6M6VCRwHLjw)c=i01jddkXw#dLnU1z($
zOo3HY#n^t@i&i_%d1X0{uyQlYnbhxs*Es;j2rAYi3gK3|>{R5ZC|M`+|4(8{R(!Xn
z&6V2~?7DBO>B1WNVQ4$~41*w(NIdMihw}Z$Lj%el2DZS^n7qVrJ-RyM%pfb3zsQdO
zTzzQX-w%icxq6hTN@ltGZKkO#EMi$#S2xEkMlFJYIsfQ(RVm`@in9y%1|+=m;q>_&
z+}pK2>>1&1)?fI$(nO%x8KdR;_JBVruHgRNt~1YKpyYo_i<ss;Er}pf*KIYNHxy8Z
z(1ZYIU~U$76Dk0vOUDVMwm*HUcQExPmCH2=emH*a>M<N!H7k9fNE@YHmSz9EC4sx)
zA^5hb!R7fF^FCUXz!IO+vD<s4K+ok}DEN2>MK(<=+hy$Z5bjy!LQ#OX{Dd+H>nyV!
z@ix58)=`C}f=WAZS!%6-AWo8^SR&R~2VSDHMMAwNJ%ulC7s_~5y5eFJ1eCKp5*kHm
zGbMOzbw=A3y-W!LYbPE1IEy-d()0dB0V@I9l~7^2;UzIMOK<YaXk{#RDZ1mft#YB2
z=lT&tjFM?Jw87ZLT|>w4UR?**kW%dXp8Q>a(!fSVI=DyCBU@e7i)p<m4GoAY1!p7e
zFt~|vbq{}@b?{hP(8Tt3fjuI#?I`27-a?SI74FWFvj*2OpP(Sf+A!{!N<rs@!=9R<
zkwmPwf4}i!Dn)_u(O2$&loH2_ze-|U?ip$~KJKUq^sL3Nb@L6QSnMYlv2KG{29O;c
zwaKU96R&1{&QqVpfAnvzCsLbIXEu~_^UjDyCMgnMGfZe5+O-xPvPj11n3?(UF?=H)
zIv(jrR#(jp=QgAZN*ENx^~}sf4^gph&Qhr~_@ioV5d<i5PV+p>%*GO?4rcrRJjFti
z&{L(3)faF9mAHLffRUW1oH2ovO-<o*S6^IMBFp!8-x%_;7a4;SZ;N{)%@}ga5LOmo
ztf3K0$mTB#7WrKBWzGQzzJ=7<butj0irQO}-Kb<IpW~3ikJZDoD79c5kWR{&W^R+I
zi9$&WJ4gV6?^<|=krawqso97`sva?4P!l=FJ>{^>hTZ}fk~a>Tkh@)ZUVc;wF7JVu
zH<&^(0^WVdHP%9&@sNpOC!(p+bXaoZd?<HDh&W)M-W}}5`@2)o_ckQ_EhrXiz04sz
zHA5^L`vF`yo+Mno_46s)X=)LPf+V7z&43(#mUZwzh|n!M&pUR6QK~5)sqM7z?a=_Y
zb7b39{0bXWhPL^Saj16j&6z=Y{uCj%KxmiW-;qOUCWr$ZmAvfOG9{M<42+JXM7}J?
z3_Nvg2s373N&kq5<unMJL2?B~$}HiGL$fO#m!^qAc@G=+=IVi@a+j|-T`BUyUZ3++
zJ>w7m^l1lX`9#S*2b^VT6a>qR7c3-^>Ae|rDnl2~6*dDnk9{45xd!6Cdy|9D1P+o=
z;y?=HB1F--!(r%J0K&HqczysKx08%q$~lh`08W!D;VV_lQ~bv-TADzZ=wILn-IdLr
zMXRAWAPS5K;&2d4=9oV7x9{B!M|SIeNA-btiPct*U$>V#eQqtE-OU*I(J-gunG@t9
z`B&8s(P5K8L37EstVA*sd49V@g>vJXo<r1C^47B>{<*5F2BwygaX{9kn>0SlHjJU1
zR|hGEVIIZQtSp{YZG?D_{S1wNQj<_rS~8jNoTESd>+$l|vrL*7g(1S>Rd8>I^n$ui
zxV^NM+g@v;hIkL3hL?T%{U#3x(~1}eqJ#uBj5_^i0UFZX+BBck-eU)o4Z9YLU`=T;
z5U|>dO#NYczuRSHr;JxO58`Cgt03fA@?X5$ox*$DxTCBC^{%f2rxlE;BvsL6_w!b@
zCg{rRmfEMQ^bM{`D?-A%?vY}28h?Cbdd4c@O4MIaZVEHaJ#(tQ$L2G%k%3~A%koaq
zx(j74JmsQ<^rxgAJ}3Qee@yaq>`zw^g>g0f7a9nNSg#F*ec<1$y9#T0&K?ZqA9(u-
zuen3nQIDXsJ4EMs#;a(`CW^T{p2A8L0&KUQANq~Y6UDfs=8Db07>PTOLP`|Gq?vOo
zT47{=03V?i6_6C?04qX~h#Iv<(&*}z7zyon9*>%x!xz)xjP429gBzn7|2$~$+vs2-
zEo~N+Lwh;$5E7?^*B$+Mdx1Y64_QGYH>y<K>CV}?rcx>ag=E0!I6ei$3;%5GC0s8%
zL3-y0Y3@6_f11oYAd+p9Gy}B;L7ezKAy?3auN54WtoV}QMigPk9oL%!HsuPpIvBZ!
zoscIavgIjRD6Ey^Ep9!m*>}+H>^LTAczguY)_5%lfGTBl6bZ_&s(GaUFi$MY=_;2O
z^UfV;DWFG`mm|=XA0u|@DJKPN!|D&#8Hb2>51`rxeumPZqLc$vLiD78f)$bXv!dh@
z#p@9f@kM?twkL(n=M3|tZ|sZV4AM)YbBE_8qA|thK3|Cr!9TBO$|u`SyH!bYsdv3n
zSLE2WRfK`#;xpyqk72YeP7(mX@Nn`ge+i1ANqMX&@8rJ#!>bmV-66=ZU!0t&2g!vs
zbVxgJ`1JjKlFJQX%+vkPbnofhIVNK1r2xQiDW^#nx461ErMUz21j)@G$UmiX2}y;&
zV)MWg$dwo#wl3EH$qDt!zRk+~u{xa<tFIP&C*Pu#g9G^MNI2{N2JS?DFk?J50WU+{
z-&l=*ug<+#_F!Aj-KjTyNJgHEwxC7-U*cqk8jzCqrf4)K7W8M)og98TDMXzZIe%f*
z{c5`_vh$U~%_!*ql8J-G;4c|wkdFb6gO#-rX#*evrCxjji(B{q>@Pm$1Tt@7##2q+
zEU3$@oknJtL}?2zdkNR-=@E)%a!xTZ$pf`LGgQt=vVxh>UTUr(mYlbhzODJK;w~M$
zMAUWA|1IK1E4l&iH6;H%+*C)<DMD%9@ILxVmsSX7K|pxLD_9BjJv%rqP+!V1)&nq)
z|D(VK61$D0&ri1kks^Xryg%hX*5d<*#cyQc1eT{~&<?}rbd@3#lhl+L$SfbVdN5Em
z=2=)!iI0IQuBIB6D;jo8xv$5f$>A*q=ziF+<bBIxiHjK}T<%O9qY&Oe`?#=fzawiI
zbMVu2DdKSWWi1Vf#^|ed5olp!$;z*zOMk-PC5JD3IWu%tM8@O<3mJ&4DJS{wQF{AT
zn_h2Zs|NwUDS0pygh%LhyCU-~eR6VDZpF9@`*vVvaxT630x-w4aSHTJRs5~+0L-zb
z2(sXN)^JTZ<0jR3Ec&9}%uW+A7-+}levY@0eH~)?+7g(24JZf^3<IA1r81Owf$G|G
zZ|+2U@8Q3_R{MQbma_4QiJ3M%mFEG-+S%AlqaxyiRRJgR{P1R{OE710S#;Z?m!*1j
zlrWksesk|8bS7JpP2^n$uQwbV*bzBEzd7<kFaDx`Rd9xQ|3yT0^?R7kH1p(4Yguk<
z6x;3C+iMlAz~)p?14n1hOBXoQ>{PscsGyRQ>Nd&n5`qB*<OLd~J=YZ{!6c}BLQa@U
zB`dQBGb)|T1r`nB8lL4O2j(42`PDi)T!ig&R^vK&x|TL-Ldv&dd$qzqB0fAk#-58I
z$l5Q?hYwq2V#sf!rwVCwU8-b;FnSYr*=YkL^yK}^dq%IZgZZcAV>{@kf@haZaxzxH
zbS{CT=V7FVV^>nrqR9gRZIp~<+%#&K9I3BjkfshEcd9RbY;HBJNYeh_+RID6fU!b)
zdJ2J0p7@uhQJfEu>$8?HibC_}Q0k1O`j`ZFlxG{>0?T|-Fu29JlkR#0HY`IywBxCS
z<#>I-Od7Yv`3XYd(#oUhA0Z-&lDbj(5?MpT99e-iFy6efC*zVz5{6O=so=-_uf!kz
zNJ=@L1DWrn3l_2n6u`#LQ4I{U0L=0KMGuEzUK6u>tRp8z$2z~?J7UJ|R1V;`dV8p&
zXt7bt@BUx|l^{Esv<Z2xV5d&0_1EZ3W~dE>GlBalyx?#m_{l&L^Ut|NC1+xM!(kJX
z(-HZe`o1EQDVD6FozYqrE_{X`khg~|^$76KdSU~1@eegQ*O#;zuOs*dpR>s2N=*#p
zVjj#3LAT9J1sP5TcR>g0N4^=xLicsthRU*VSZ~ejvRRhd;;j)Q7^(G<hu8ZQy9zD^
zwCBRR^fN;whc#%Y=vB#v&M6F;TX!4;1S@2p=GDk}%UkMcrt4oce_iQ@S+c{G1RYEr
zV5F1*u8}`KM244q7)#{-r;3Q6Pyyg8|E<QDJPXcLJ4WLFqxp-b9O5q3?rNQ+Y=_AJ
z&3krsAah%~S>#;R{-GC(OwQ0NL1mTR4P$xj^ADdU@l}2K9;X!#S=JdHh=yURx%?E3
z;llOJ<8{{nso*bHQyT8_)AO3L(!JT+(+Cb?gO#lx`ukH3p2`~Hr3-wddKP3g6qU3d
z0tTUMUm$lN@oHD;NaExM&-E-dxDp$h>~)_I;+r1|=RJGB&9mGrP4N0{TV1nae3cxR
zIS8k6ZE@t{_ZkyIMIzDn5rsDbaUR6idIoe1?u?*KezjOoMYq`;dz#Yuae^zT0gqV(
zt9kXsQB+l7b9Mw9U26Y&z8ZyJMO$qm3`515ijVo#7ZwE;Y;2wgMT|&{*FdM?>eVnV
z(z`fg=za-DI^@ItC~#D>Q_zHB$!!j&HI#zbp3?d$Q-|WhMt80<7es9kF*&@!nH+44
zGy9i=Br1g%DJw_|pMp6e#$(8EXz)(4&>$T-ENplfwdO=vrK$C^7q30Y!29?Lt5cDi
zV`||xD*?*~0LL{YoU$^Jf8UtruP1yly3?aJ!9HvlCs1bc7<}A2bjVBBMvb~tLX5`a
z_Wn-H$la`ZRA=C&%NqA{Ftb|7SoOBkyvr7X#vtEorn5T~X#4WcV%r87+0rH}h~S|?
z*%0>`6iek%k<7j_wvIE@=un#L6mCOc4|{x7K3KeQa>0&<ALz?f1H}uWjhQ_iQ$@*H
zUD0k;3|1IhxQrmK@UP67+QC%`Wr53S;#aS51r-<Aoues(w;O6LBbFDTArmZSgZ;QM
z@4omqC~-e)qcZ#8TLy;_91h+y{7L{g^PuZGvkXdBoaYf;IG=caQ%7fla{54}!4!^9
zRJ#jLV#rz(wRz&SS1N8XFh%%i1`GFJ%&2WhNXPwcNy(~gPVlUWz8o0Qk?UgL?s!==
z9%@UJkrHAYL1ooMYMlBAkW#3-xF`Yz*TUc$<Nu;77bXkE`CSh!Zd^5iMaM(1w>&~b
zROz@E^Ufa7hW7!iKpl`!PkQqzD7Cmvu;0489cU}LWE3*jgN&ta?r`V*b8;l^HMX}#
z8A&pO(&x%p6vk4)bx)2zYaw?tQnhiT)v)d>b4pu|ucji!mARfDcG{%tao3Dw9W(Mv
zdDQh&qXqM6!SKUH;e8^~SO{mw(=}`iWh359YmktaS9pwZ<yh|7a8f<yUPFokSDf`c
zC9}&`SzxiEjRt#)Ke&$B;1f~@zFE>ijQ3TKG(RUnGYETOqmz{tTlRWapX~#L1O>N*
zN)&6~w!L8!7j87B(EmFN;7&XYuU6YN>FD_#-FY7scK3pLbALsHkAvV*vEp$NMo8{#
zS&L>#uOwAbyS(BNDr^wC(#}*!KF41m%4|;TEXPLy_0#h8>jwgYGg@!LcJnm5hqQnD
z^;W0DbtWgHi?MiT@R^ScE^Icg)wvTWwfKI!pT*DLkHR8_+kYpQ__{h@!HAx?7bZN-
zXKrdk${248u!yQ7^?Q<55G7+u-#?~b?iSQAKg~xs%F{L#zpv>|CY`TsTDZ;G+842m
zD23uxJSo3=d6Y^9(BCB<+7_b4$Rt`8#R7u9gFWl&1(;1=SmSXFr=wO_EL%JiwfYy?
zC#3_xVZX`2E6sE!gLN*Ut5dwV_S7#=mS#Zdf#0OSXN!+uf%BP&{J(un<t$E2slV)p
z4rwRdaxue%n@`DwSs;gciR2i27IOGu$98tI>jXYhQR0Idb4n;-gqD71c;A!D_T6@m
z`iMisxj(#D>C7f0P{~7bdVzMo_?)h7rt`Ah?aM}e7yyURowJ3}<4lHO?}%UP?E3ak
z<~^r;BtL$+<jhWglbTI=ZV$FvW}D3gRl8j1w<8!9ZVZ`?dS=7{oUTz{Y}*Sr+X8b@
zLb&f3r8q-XrNyo#kg%9Me8Jl3pDX6^5zB4YtuOM71Aq&~`HHnygT-Vroyp+`-2Fc<
zZn{H@#AW~U=0Be%V0;Gv!ey<J-S;@!%^<6eU*HMMrZl6+sm&GE#7*d(x;cj%owO((
zE8#Jj5`fk^n|^tl1229-<j-{jUtU>4^7bC&MZF-8G49R4dSg`#IsL+9`VcsQ-x65J
z-A(vTIZyk>BTz*5^Ln5GN4E3OJjMHR84ByB%|;qquNxeP_`Wf<#>109G5U-l)&A-X
znM^%9nNF+vj;>$)E`j@km}h5)*K(;@uZOv&o2x%uF3EgYtn5vg->SHHU}dV)9Xjb}
zU9r+gJEt7`WyCRKGf<NqZOhD+#!KjB`*KLNmWcM_H?=YZqRThU^PP^%Pi-qd>-0d^
zVU&;e^<}(__cBsKzVdTQ;Hap=uv`2mq00iBQksy3nCKErBpLVmx_Fx3N3DBY`EnRe
zJNjob?R-1t;n8U=F`sr>j}QT3zr}#Q0io7~d~@EATUCsvchzgKIz!}UNOt?PmK<k-
zd=pkzZD=zA%4kbLTNKF9*8A+$B>I9WYM$dy^(sF@J4YvNS>dM6Z@0Ws28oK6d`Ylv
z9|-rR*Fn+hr0f!{CwNYTRV|t5^{%ip<|8T1*#ms-)~i?d?K0Dw|J;6jLQqqdu-{Rb
zOywK~w_@V<SFZ5URGvT6<bE1<z1rkE*5+Njs=5s@rC&zeM+l!dYm7G<P=b?@<S^C#
ziN&3YZ7dE2gj&UYK;E_L+fxbELDyHb&w9n8sgZb}6xRp%V10|?k;?QvH&?PHo-CL=
zt_xP5PrtNH=e`zyNv(CR;JQWJD)IKQ@rXlwbA1PtMrHi{B{KHn`V)4LAZ6BN()%ch
zcMSfso8T-GW74XEj{X-vgRlPpl8%1;hx!(G02DF<#cG|!gJlOsEPmdT$}s!(7czHO
z7hl~UKgqO6>@SgcD!^BH988yrd^aFt@=&Z!x7t}V7I$2*G3E7aI{>R~v|@}0cKE5Y
zLo2sTl3m_O8U939S=yiOhhD+3kB*@1RO_%{#M-l}<@`_;x+~>N^Mqd3;kr3#4#c?r
zOvhc~wbG5afzDsU+xH9ojWum)$X@}=s5zgIja#~$%C13{+voywIb||$(J$9T-70mR
zdR0LFnL~4VbYX0V<Z=|5F&T;MWxl*bDB!^0A5?cRsa1vD{VpRR2X1=D4(m&pcoKfh
zGg%)P_JFe;5Ih`&q;d4DpGc4`50U+AvEMA0%c|J&$diwpes=kmy*{JM?a|U-51RDK
zmYAI5nsD=a?I@{MG>vh2GaPz&^Czr};bcc+%irMrdM|t>q1I;+_6@e)C8=OLTj#^G
zLY<eoLjEhGojBo$Rp+?!T-K0C*xvUADDd?2gE7K?c6RxNc1wy^G0tt5bLwY&nk<cs
zqS!fx=FR=CyCn5h;5gM^D90~7+N)fI0pZvE8aF1XJ4zfuW>UMiA^xPP)lo<hc>j+m
zhWY@6!m<&$To6#Nv?#T4jBh%9gMizWXKoxxFh0pk$oHG4?w*aOH`PkVVcs5y>uq7Q
zmJ#*8X2*E!2Pk8cDdpFvIV&tcF$)9Ei)Q|LM37F~Q!7D*I+)0d*dvDNCfKTN(K|0N
z4DopOpA&jCyzZ>)c`*{BV`F0;M)AKB1O5n0J70Ytj~w79AAYwtC?YYdt5!iD>>aUJ
za65)cd;zuC;QXoVI7POT(on{BAR%XnTM^a4Zi>in^^5stpRNzSg@ZphsLOsCWK6)a
zmN+q{{y{j_{2i7#1tho`v6D7#e35o~ydL7*NvrCz6?}7IYpv;Wyb^sml1a8WWNbm6
z{9I|Uy?U?t;CQ?+xAj^M7<Gyd2dHDQ7E!x6xMGffX{9-ZWqGG-29+vPym}I2QcMX!
zWa`~*wZs?m$}E*bZNfCZdN8)jv0uvw62WbTsCpoLs+}H~-QR7k+HBf}Ucn4f@7o!-
zfcXEq{w^$s%dr|1r^Wl|&ujH+(`~Kr<qr;QajPC4Qv3lLL7il`Y5}_`p+#FPn5FNf
zkQm9=`X-?2uoN7!BHCAlYgpy9Wpu2rrRKbfb*&{(s%-<@{r<9ZechKg<#tXw=v`dK
zqJT(?Kxh39+wB&Fh;-Or3JA7T-HFW;-+VbuK|`p`b;Ws0S_%Sd2Lam8?MCo2<seGN
z8{AxujyXSmsWmz+@;0<nVR!Bg9x28M1h=y{TwQ&&`%^C9Q=ve+`zsM-B!sg&P$%P0
z3s&~PJXSILQKEEzk<(&INZkFvH;f5w@GX9&tS$mfiKbdI=ax!{L~{J+08;ge{X&(N
zoY8Q}VjDaQB0OAHmxTL}K*m%1%~~04reY%5nX~>v4$K9b)$v(&C^6aAvG7QCL1Hhy
zf~E)5@t@|~#!dGrcXuS@qv70Jr(gM8%0Gv!UcI{^c5C%svQ$UP_7O6&9xw=@l8eJi
z7{173IX#ZOl}jhXN|!7MhC8Z}Fi^xpo+(h*75VrwRdccV+iCh)w06`jnR27XYf3+w
z8V3}wnX~h^asigjJr8$w5cBTvkio%|xiJN%GW|eYtM1LffNQ5b1EQa;_P%Z`iwof>
zW1b3h1|v~aFA#xu!<GJrb%o)D;s!#stx6P*zIC3`Zg@IeX9vo7r2%vJW`n>oF3K`*
zL7URax6p7yF6qCG`^fIrqbH3N*Nkq-lSR}n5Dj=<@wb5d1UKN`hzs-f+y!baPzMl#
ziz!vcg#df^ERBdv6BzP&W1=IG3^EFCX9m<^;Ae{3<k1d^j`e^r0?NfiwE}0%x%DAN
z%Olj6Hm`xfN?7V~=MDVL-ob*4^QRoguVvi@e!MBqWx8fy0eP(U{;rG+`D-0{f;{^e
zioCHIrw<P0sa;6r2GgxT1gxr9Qq&(fYf~G2iu?DHCo5sj{qT7;>wR3~9kJ>7drMof
zD>$h1Ene936~~Bc)<3kQ?4{J`N}~C1xPstLhHEZuQd)L3(!_oc8w%p>yz^w5Zq=bV
z^lQ}UPm=SD(~_0_K?1=$iozD04vkVw`})0k56D3cvM~@{#`W}hQzI}ypu1{}sU%{2
zc?^eRx_&^RNi?o;G7tX<`t^`5PhyR-5B{ikqD|q<3xnT%Jr;Fva<@Nl&@te0EsVXt
zfDMLH4uT-OiFUvK0LA9Bo{9R~O6{=)FCA6YASB}bNk?zd=qFZn@qT9ms}^;e-s2-A
zZs(_59;Ku8T}t97hwg19e4~$RIf#)JVcuB?N`)oX=!JFV=|>`2A}5RN_OI|+Kk0d8
zCQrA3n_;8wzqIWReopVzv1tf?pJDq0C7&qzXUuU9d+)Ii=gi?b%8V%+G}p=IVz1{1
zo<WY*QV!uZEvjzd>0M?S*C%s3kuYiAsb~FXyWC~87THfmvYb|eO2IXH&p+*-qKggg
z;b69*b*wXoj@N#;KfKrhP5S!`)CpOvIe&*)eL;30sr<Q215AJ3fPKD84;LRYB*D;)
z!=8;DAVkz?Hw9xPZlrGIGf%F=>Bo8i`~LvcXdmOk6?m4qw&}`_X(xh-*-P}Jnvwjz
zT&cdDSauQPN3rWH&e{|^wBnyluG<MhSGp}mE*DRmq`i79OQ@SC`rLTS4gNaRxw}0y
z9jd%g7U5Hl>8^iyjrf{aB`N_0NUzb{wnP(32i(?}XL1m=_FB65Vf)SeSQIF=cCd>5
z78dUk>;FU7IYwF5tywy(4BNJC+qSI?WZ2HI&5RSaZQIJQZJQlmb=~gjs@w0c^J|YY
z*4|@n%xBISnJl5Wn>l6+<^bBY-Vr7a%yPV#NB6PBoBLFB0LzF%I2?<{S6P$c8AIWA
zk-kugqt~`v$IS?-`0;1VSETkvxtLDCCL`?mDZb&&n-GUNWB&01EW}W@I{0U;Pgg)!
zB{y@QeyS^-z{Fg`DngF!fG~u%Yhlo&4K98;6E?M4CQu+1dp~WsoAaTo63h6mHLF!g
zf8}v|67?x%!Zoia^aj0;r75XUvpRz(tGmDbHVN7^8e^p%PJXBZZ`ooZfjL4S?<WJk
z<=-MZwS!NJs@b&Hxnaw-%N=V`)c6346~;EE7ZYH!u2Oi2jhf26v4u@_=TpYCgH48b
znrJlch7Siml$Sq7wyP|^oY?8K&r060li6vk`j=#E-S3?Uw3{ts502Sd_$DehR2kG!
zV;7I`nE39<^t2HSB~F3NW6EMN5!LX9P9HYHbT(sC=xox^=CaUmhLm++$Bdm%_T%pc
zOelD&c}d=;JQmN}#jOJ%XxP=EkVP3lS9ohNY%>~7dR{H=H(TO9$;*tzfca1lG9yUo
z-wj1H*5Gvgt}d(x=5`gaX;hEY2?{}z4xDltVj0lc9Lr<pfJ^E?lf%kpi`}^3<&Wi-
z;8UWOU4xuwi?4O~`BRnV=>;<Kj4_yZ;pK<M=3;!BrLiymTA}Ezu0;!Ooj_^)%{oDG
z&UUo!Q*0u;?;|(C<D+O(w2gyn8~{Pyb<pF77*DCR6u3o<aL7zE%LR=v%`#t|8T5qK
z&=;$D`0=w%Q<KG7<NVD>PRfPQYv4poM-sO)!an2J#O{g3pg#2_^zzoe^+M}~P=&GI
zTvFl^cm4PL#?r{>p+^`FaI7hzRaj#olCOk<1BKpH=9~O-`}oORzLp(a6>mUjtp44;
z5-%3Q)eY+hRcxYMi6Z|MO?`jMF?uX4I726c!$t*-`k`^$(Dtuw=H`S=!c=mU%k9zr
zjE9nkrYrRh((O4mWz;wnjM2%g(}l7M>e`f<vUc$FDv4hnX~Dc72r&dd3i8xAPP;xV
z)hVm+r{jr^JXB%B|5|tBEK3t0{o)Ukm~*~#*C(YFnmksjfQLP1E}*EEw?EL7rDnDw
z27Zhobv}`oaS`{4Q1zDA->#O$8tvWuEp_Ld(;x?XY`75t2|o<&OGWaQ`$J+KaDd%n
zIEK*<3f+yQeT+76<=V<(B6cPyxHJRg@cMHOnDj#H7++GdL?D!WVS<G|Afn$DDeG%O
z&=*Hbs#4AP<&H6{b8lqA!~d(55Wf`9#B{y=RNMw44oPG{&&2vKt0<7EgWWQZ#4W8}
z$om5wF2j&=qpzN0e|;7O0{-3Wcakp||F*9qjKXd`Q>mfg0e;Yl^AjV^pS_Vdvzw6z
zDEz!C%_F@b%ESPp#@B_?ipbpu5#c`kI6cAaHx0dTNyxgrU!AxLZ<n@|#nSklQ?Mt=
zL!)xTVe%;ftm(&*o9pp`ExvvbnUM7s<roTerl#v${k1vRnmX!2?GHBeA!v5vihUg^
z#<}2eqX2yjXqmWp+>;my*|BytGBe-uF%Gpn!j(Nl3H!o)L7|}_FJ2X`>;$QSDe$aH
zCcsu~Wx+!-nGF=B;@ER-msSO@C$)DyC(f*h?gj|WouvG#L>%?_PWqA&Zg$gfkq;M|
zW67&L*+1`({dUf5_j}7LoXlpWzX|wdmUZ%z8hXZvL7Vea!>8jDj-60Lc?h`E&bv_F
zvIr8uN9Hf@whKokhF~6$)K2<q;N2XYTQvp@6*6D<G?=9v(;kjgr+H~4<dqvBg+dJW
zFdY)p$|Fk-TM|B$%Gm3|DT|AL*l!XpTuqG_sV`u3@4&SkmuinLu=MmSL}a5)GnYE)
zR9Jw`8t!-&v3j0~N_(rofoZW8KR#dU!blqY`ZA&>CaV=Dwen9c1n#1szh1(@qS}$*
z@)G%TFWLwg*>6*2<|r-;5H$BD&2`gH9tD4#)3lJ+^$TY`BjWFJP_6vHGVaMSaa-ke
z?%8AjE~O2w5wQrfwU)!EU*8n>h@!_1AJZ%&<XQ!dO+z)kA>#BHMr#pheAXnQoNMuY
z#q{+njH?{kNlzu|s{X0c-S%2;LhyX}Lv1sMI0d~N%&b;e&F-PpS<#!|OG*)oA$cW$
z+Z4&L8!%(a6*pM_rZDnJ>PwTST<VyvAfZ$%lWv<b#c|hFFU&xG?=f^^qGXLQwm%x{
zo|Q3>Pf_jeeFc1?K#*u?6H-cel>X!}rRz6AQ<}x`#ITE7B-81Mw!r^hRKN`sH_TIO
zb0HFP$=iE5igm8*p78dSS7&el4zUZPS{5hvKEIE^<J22=D{e*F>HhW;wL@0Aw<I2#
zm>CF5nQO$9*_4@!a(~3sc)(Z?BBDZdZu7D#rIVPhA5+BynDp-nzYo8PZKg_LmcOu#
zfBNHr8;xCrEHm>~nVxivY?P*1`fqmf0~e{T)T}MT6$XRru@YX7L~}|<=27>bW?Wp7
zgPvwJ6g8N5l2N6aO0n1%Zo5o`3iW~P5W<X}#)?)K5zhLZzH7uQrbqiHf?AnjuuM$o
zH^e()`n%*uVtqgM*?`1gsv<)XOH?>TX-4E_loLj%-0xo59DP9VfeSd6nLIJwmh?=c
zvPl`XY1}=mm_#^!A6|`4NXt<tnu=hhW7*$+%81LyfP`~4vx%XtvY73_hBQ^jbU}%>
z6<LNFjJScd%EB{aF{h(q!I&y@8P}qtQELd6pK#!|8>dpVr#V8b=q{l6!}2ao=WU)-
z+5FO#WIM6V;-EJS?(clxdZ#|PXlTjOu&SP6r;qId(kdDpCt)rNOJ8L1&h}Xb$%{Z^
zn!gzFmOwB+{E(|CC%mcRuRGpKTmHh_?VF?;C)F||RoiVY^Hw2a&KB^|zYP#tw4Ks(
z?|B-BeK{D$F-^L^Ba4?PSm)SM%!-yojFMxT@|2o8<2_61CZ*B}3=by)NgrJ6h`3V4
zMo4N1A6W+LPZHe>0Tq)bma+#Fngxb$%It2E7u{lzlKLz&-&!bm=wDA0;L$9I$xa4{
zSfYExa4EnD$jK&e(kz>$4xHAuhtX@HKN00+EZeTg#_~ATWbey;$Ali9ul2@Q^rt)P
zuIMXp*)uce>T)^qVi-DLfhFd`k|n~bF`Jns6t)EQchT^U#0ecs;eMw1%VokqH6u&o
zVW8P(BN<q#l+<YwK@Fv07k&p%XUC5uN_m!w)0EY%a2TCuJkZn^(eLgztV-g$*Zu58
zju}YW^g5_ExS_tHFgH6QOpyda5+@gjVn}rV<}V+>84AdgIFNds)R@{V3ko9&2Zv!O
zB{~D@(*z26qNy!`wJ|e04=thPN1uB*{_dC<m(FSCayP%Ka#L2tevy`7F$iG4{MZF_
z`mN7U-01vPK4b>O<Qb<jOP^&D7ERSSG<5jJy-=st{opr9(E%n(CP^Gq8Zo0BFdl%y
zY{DFT=Q62b<PZi)Vwv6ZEqImJQ^wo(i4eV-f2OS&W<SSR&wg)*hfw}JGh>i+&lSnE
zK0s2U#8N4U&oY-ZQ-LM~2a}zYbx+PJ<DGTasVp=R7Xt;>rxq**F%PkNPlq7?z^EHN
zWSSSBBxYoSbjT<8#jRbL#G<-VKx(19S-}hP1T@25>2I{!nefL{%e){VDQODsh-n#*
zj=xqBNLb3ZrH(zmI6jNGzh?vp$!Y|Nk(GVoj}emWar0uj8NtG$O!zwMZ|KKC3SF&Q
zrFEtYsc~y!VS>Z!SF^eH(I8$^tWn-bzefhmuBF_&bGoRM>b|OCp4ctH1BcL7<3in0
z5Ey;Z4#Eu!3ecj~!>UzuVf3rvOD^AY^syVQtpi-G2fmalr<;i}AK_qWG{hE!Fh({O
zv5XYq5aCwd+Xm4D$1=sv2q@)E1l-#J(F9~Y&A(n;LcypsRxGI`kVA@<iU1k~2UG2*
zgJ(Zk5vV}Vu2MxxHtk?t{asOQRa?aIE~cInXL1wu<sJS{L<cigm8Sq+$M474U^Av^
zBp@+s=2C7sMlYOixGXJQT1twlB`~oZ@Wfhh&y$?nA-7L8T5ytX_{@HIie>b?IOvoh
z<y#p$yLPJ;Pc#%l(3B}$C8(sBqdWl97{_Wj634B(b*4lafKF-86uX74-t#$br5nW%
z6r=j>KX_2NUOVpJlf^QHaO}M!v!K;cx_mYvgKh~-eY#3i@6TFAcF%yz({?FMzVl~M
zNFFEid-a!C0e8`s>@F0e|JwE#GX_s^BrV2L8dZgr6fzYCpLe^vbS#A(Nazq164X%O
zSaMZctq4rb4b|d3VYE~$xKn^!W@#6|paAR~tZ|fwp^?4sbV$pI7+Hr{>9?Rp(I^Tf
zNNeg-RP%~s(8U%EHk;wgfD5Xcpq8g{^jqvQc7;m|k)Mpf0MLSOvxtqwdj06mGp(<c
zYE`W&6ti{Is1M^$&$j1tSep~Z<01#Is`*Q?7-Yy2J7(w~6n2^mr_3AyxfAq}dF~!C
zT_^p^g;C0HMe;v~qM3)xF4fRN8%x7mpbhM^Lef9nUjb1hdQ~#r2Jh+bo0+JTsDa39
zH0kh;v-y(<ku|S-oI-R*jMZl@=x-?%Acrb>-e?-}zl%i};V7n!a$5O`8yMd@Fwofs
z2s@*j4Y)VX#peVS1dA7ehMwXPxAB6sUjVK=A!}^IiUpA`H9OAIx5FIrAx&NU!n=B(
z-tnM;M3vpga-GTwic;a%FrwAfcppD4N#^Va(rVE=t{(~u)`BBMRpafpstpIz%&qa4
zG6TAUFdE4xO#NGdi3g6=Y=r>&lT4mJy(63x63rIuEMq*AA4@C~odc^wRN6HZtR;ay
z)bG#qN!%LM<NFH1L685I+vldz31qAJI=7q$poDh(WHeg=TUDhGO%bX@7)u3@2gAer
z^PbvN5XC-m)@;-_cHmw5NF+xL3+pWTa;C7mMJd=!Bm&W-YC<M2--kwF*O1;9yZCn&
z4U9B|&5~m#0|MC*q3766q+a>}k*Z*Se?-yL?3UcX!MN-RPXu7C9Y*799A&E}+|f6x
zN~R!=2(J-^#pXpjDK|jKUZi9%b1Ea~x`cN08(;RL2oJ4MaE3XzDwqzvaX>Qv(Qv8w
zm(FA1^i1XNB;$hWRgQxK(qbb+{a9)<7rVv+^8BT#g1%aCTCJwI&N&9HCpD4>1WxMO
z=#rhxK|()d|7n9tOs-tAA!F#|%5zLrI@qfjj+ZMX(r(g9W4==y4DaP(zvA!BY2&e%
zp&rGD8=Hu*NE^W4FuFyFHux9Fq~eve2scNs8le-XeAcos3=Ig%xS_#iW)?YsP)JAO
zt<yc{uQe1X&8t%{ORFFSmEp1{cekzORPxFl=bI!YaST-2y}_{AG#zZIs-%@M^eQ*E
zrPS{Z&4OrAu#roLGX|Bm`zu*9I>bz0`7JvDlHZk401a$IjplyT(N*GR{X^C-4&DR4
zbj}L+Hg15?TOl0;e-+q4tZZb8#0_=WI1w8rZ*Sn3wsDj;tcl^?n=XP^uDLQ{k@}Zb
zMHa{QhB^WoWh9#YTU1p(go=(tlu|hp?AyDZ=!EaP|L-<B%Q6JZrCf_x2oE%VY8!Q%
zm_pm1WoMB>*&<D<F{~^oC+%(T%&}<IRUS_Hi-zRRrD38r!kOXyR<7fz{-Uke-*-C?
zel=P&=ZD!z&oRK0ay(H{-UDKrhG(|{Ew_3S2%B+f$)V+=u8WD-6NpymoaW6<Yce<Y
zvwOs&j-Z(xnU_1DxN&u6wV?-6fL$M5aNV6##xGmijjg)+nblWkRrhf3yw2T&KYQ+_
zNbn_l@8oHhb=W@Xy)Pq=pfomj^C$kMhj1G%DVr_UT<eUXc6Q%*gEeb~hC0SF45n+w
zU`7{*R-+->4~&=j&m*yW)hF)CZeX-UdWz3=?=Ar<qg^C}ygX2@<`EE+R*(^5(=%Du
zZtS7>Go{~u-mowBoHUOfv@03ZJ75k{R*2V00=Z052RB>0k<;@DXFYhj4`sI-&a~wJ
ztWPnn$St&^5Bc+-G3*g+k6t4EWdgJy0D$c2t7}AmfS2O`Omh(jSiuvC8u0Y=VDO|r
z$e6BFR6!qD8Sx}AtZFFLKWYn|CMSD;@kG6CM3yWwzRS~_3F7?$2^S~#4fQ4I`tk*-
zhTL{DtiYzoq56r!H9b|eebmx*-tL@z7uwZ#-`n2-4a}9!0Jx+5)XH6Q(l07k>>>tE
z^-x*<?7+z6>ubSsOd~3NeBZr&yoL>k$VWi*;Yrc)s4n3PqWs(I;{o*wcfw`Onc}j5
z=V-dy_!H&n?P75928_b@4f~^=<8KCP{4ijz80%6s-61e14XUr|(!#a5BT)oNrE3zb
zsSOMX4QFidMa@B{p}gljKWS|#5zCT5uwa@y1Dwt%*aQSd?Uquxwe6k9wc~i4L4QXy
zw6!MJFL~Wc^8|1XXo|w2OWi@vc1yVCuys^m9`_L2t?#paiL!t$C2;uC=wh^fE(#=V
z{=hXOhVKmkd$B9%E>l7#E{oj^cJoKjSb7|2`RhFO^0Mvq38^jBP$B@~wn_Xi7Ql#Z
zehkle=aXk&lHiy3EJFu&cZwC=-*$nfefGQ<d-R}lcF4nugXt=s>uC647YDkIL%Jj3
zzIKJNUEGy3{bY~SpceG~p#*yE!e@Cj+XTF!7_Q=ymTg#icnYm8_CM|R&DfN4*ShUM
zTk2;Hj{M^{;EnE|soVigsI?%792p^ZlbU(1_d?yh&AMUH2Sbb59^qB=f4Yt%FV!Tx
zH+g;w^&OE6&9-^+m}kRLvB!kLQY+P)o560C1CW)>&WVieBplss)Tm?m1@AAQ;G@gJ
z2-}Bu04a`@JIcBwdEsqs=~E6k>5V*XJ^G5kdiB@~73NWoUUwh?HW^m2#&cGE#CXrM
z#~}57kM8#39g-gV&{+m`h~1tt4$)yfUrTlal`r8R)&$l>iiIDD;%iNUfBHj#4{8Hx
zg_}NpcUr<=^i}UMYlM!}xG4#vyF^v`%4zwGhR?rs4?S1&c-%+@Pr^X3Vt=w&fcA$+
zxAh$^BGGPbPqo)O^OLJnN_^hKMjpPY*cZ~o&t}`4{Yp$0z$0I(P#Zip-hUyjMK$%y
zHl7cTm~e62JumIAxX2K`pMNU0jEF%SL*n>M+3VteZhaT^@{vg~xar-p5I{LiQlUwK
z(H>H*)C!951W$k~tliynqB-DJOqnhf`EIN&8LKpHj;%j2W=nY$N5-iQH7XLO+CAWD
zuy!-rx5U9dDYrTT4A{$Lj(cb6Q71~Y&T-dlCvbdrNj#T146dVSgI3kJ#8C-bd8_Cq
zG7L2ny<c-(rmDG=vPOZPRnJ-np~zdrnsn#D$L1S!Z-vT`aJEt;EM`_Yeq=CM6mh8V
zEvx5&DtXADSJV=F4|4MwjCr871P^Lt)H)YlbRTA`@6?~Vd_AhE)xI=m@n~gUd>5ZQ
zOfM;>;O7IsV>4zJT)ox~bf3FMSt-W2E~!1+u^72bpKx}+H={zLisNKf26%hj{SZI*
z(sad;{;3%G6%zdoK#=F1%JQBJjr`2VtRYkH6s;7soVPe)BM(LR=F$pjeHL?sMDUF>
zCLMO%*HD&YxF-6U-Dsn?Qot_Qf3!4cMGpF?J6=SeKK*=lA1f=l_+ne7Tbt)RbR!3|
zhDh@xFvf1Mmzui)Z?S?vz>W|#A;JC}X0()hv*v%duGR++`KB*E!NbaCnkw1l+oya3
zfr~;Ci278opodev9Q9aw-uEpb(!W1_Zy{H_e_By}b`z19-vQZtSuwG`N4`|Ag+bNF
z<YUgyR*W!vpM22Z{%X<c%fDrNFP3sTe50TGmc;=OLI89F**vfKH{pHWJAtv%8NcZO
zbZpj==y&K)@rUQ)!e`O<rB^Dh>34Xini9W+h5RkI4@*T=xN_p;nt6%q$fXJ7q~Cr8
zy6XQgAM$R0%dmo7_Ai9we^Vo$7|)_XvP^Woyx|Ihgz?QES}Uc;^ToemNNQp?2mR}~
zCpEs0VojWTp{$^5!9n++wENAUP!btC6>-1T7nOTjm{~s~<oyi*PxWp^{}liyVr{uw
z@y{}CDdh<j8FKq?^in+6rIf{vhOP2P*rg<LUR&G@qfpNEbJabv&aRNf3v(qr%3Qnt
z5ke_!mm~Ye8v?ght4dh9(A4ToFO3w4?Zi-an}SB^;3B)66jX!4i$PXc3i`GjbAQE$
zl`-8EaM19a%o%6XOtD~FaX0&AC@hlyC*ARbE!Kr0EGx8%XZfOZXd~pGf3CAH_59g{
zM)7cYr2M0@svL@wJB4~EXc?n1vCG<kyd300-zJuK$er!#X<UNQ<bDU|yh-h<Ew?U5
z6VLLm#mE?_E)2|GEDsWx?sCsF`qisLp-)Evd6NKOK!7|X?dOrEK!<+78`|Li!)cgo
z>EXqpOsx8D9M^wBv!lE!osk4~8Jdn_f32<a^TO2oP5*WK2kgl~Cp%^vSionGnHGup
z)m0HQ?CF$BGwjpy<wlTLyoJ`zu%E?)8#Z=l2(I$Vuoh;!YyRrD3Ej>jF1ztbaxv!f
ztX_$pkEJpg)NgmHUr{O4FA)3>$B{*%Z*8L%6w-|&Mm>u$?I7nAHn0_>E;douvHbkk
zkd`i_j&&icwR<X8g-iARhS)krr@zc~cB0u@Wa$K$RktI&8oQLoSoQjKR7KetPU*>W
z!0mYM^{tfE_a?0_GvXgKDWn_W0WzH%z~Y)jl?v~bkOfGND4n~2eAI;@WM<EbD}S80
z)YgBX&Ndv1!_&A%fH{cO2_82SOS1n$<M{&`)`r!~mO8o2Hb3oCRKVrLS5@b=WBmBX
zb>MB)>`}p5m<y<~injec`l%{cwVESf%g6ir$<0XVsP88)aT#nw|LG-@{H8BP+hAky
zFM4MjgSE<|iee5SBVSx>1ISt-i&s~v0i$jn1!e=Mvt=UQ2d~*~wcJAGUZ^u@&{1BW
zsO{!qOXwo!@1#av;lA*Qwiv*?XUGC-kl|2R5D_kc0bMunZ)p-v=l<+kHL);j+1>l-
zAlg6mi6}AnU@v%P=8*Yro@it9u4Cp?kiU^peDDA)<0m?m4aw8SWe?gTOjl>3;=#zf
zJ`scLSL&w!10}en7$f_3g`7;CN^RAwoiO|M_CDLy4^EUItcl1olldL!<jfs!K?|^E
zMSu_<&pS_OPd$es;ow9KcU_$*Zin0$uZf;q&Gb3y5n^ym8(rk8=-wjq_?#hHAF!pi
z6w%Sdv?8NoN!b)I!0Qant_zNQWgV^byN5zLI<6?Z?_!O?HIq5BpetIZ5=4G4|3+ua
zul4AeUlNNGI*~H&ocwE$%4%Se*i7bYQdJ?FgzW5KS1L4^HrYI(^mZ?x7T(p4`{g03
z*d18aKm_ldi?bYGuAcuEevs6j-VOvHESVTP_*LtwXAW%vhQ4}!@uL7I<-bHZJzwAj
zavv7zUHw@6^F+kUorSZs!S!gu;|zS?UQe~0jupM-lju7w2i7i|AAorec}4U(A#HBo
zc$5{&5b%$VpY;?h?d)Fw7uo4kv(*u#5)-4_<rx#*KY6Et6_E@nSWFL^f<HvV8?lU|
z!NuLpqqZ=Cle}V9>uaouZGgy#|B5pkTEyb`qO|Vw0oCdoL!c8umAr)>>3=d3G{Ajj
z_~%0_Yn^`2?u!K7`qlh@uo+@oyVz0O$NlM7*oRdeGS((;%c+Sfr@4iF;;PaW{{t$y
zavB^ZDPsy(S;FPoL6&SeGC!>3mHOoj6iS{(qFx9}=32_@8_5LlM!fPDB({U}QKYBA
zY%<)1mk9h$iZJ-9qC2?jQZ5A~fqdJ6P~5nYQ9Xi2a6VfuaTH9T36rKfpV!VTY+!Ym
z?m93&f%UVpGH_TTVhfF}6_!JrzrYWhmWHhhc|L*p-M`qmpXR*2??j%u=1Q3zITe4y
z0ibwki;5Mx*>iD7BVB(bZX!HHjg4{jA@Rbfw!(&zMRO`*G1Pk7?0<Z6I>hx9&?bl=
zIFdH7`*@|78$=VQ<|9T*cW_9R&x#(hKbdCA1ez27LoI$uEkt>Nkh8nqEAUU&)>OQA
zN1VwSAF1Q)Hb)hR)U#{KFH4-`)SeFL#18}$*c@B82b^&QgOzdrhHICItM}u@%XBk*
z)_-<9W99eD#0oE)8R!XZC4roE$|FfG@{@4`{r8G-%?ySlHlw31pZ7V#ZN)Wdoe+o3
zSqpPxGuj_+So78=nct@_rF0&G>vx{8=`7LN$@oZ51HZXlqPE`t<XMAa+B+nY6ki=q
zb4TDr8TBsXKEj_1MyBXt@?O!pF{9?V_nI9kVn5c8;>i*!)_U1zNa*c5W-A8zs+0{>
z8n5T@!*0+FUWNkiAEJD3SbD?NCI`6LhGLP2dYH94*jBr|R{Nu1=Nn-ry6my*O|^Gp
zEDvKuWVX+qrEsynmm+8A7qz&Z5Y3?;E)&L1<X?42XOK9U>qTgP$hnmcid|%x8D=IU
z{<{);-vG28Xgymmv1zEy*x%-+lDF<HsSJhbVlZJpPqY1Q>!#h%VD@*<*GAhgIyZt{
z>BDPa;V0?Qz!S;I(ob}uN^{0mJ$>e4vV-cxyYH7!wn@6K9peKmo7W---#$XP&5@jw
z)KdNm{LTE=x<@Mmh{kz!+te||Me@Kf9WM!EH_d_VM+e#ZY#GaTU}rWYAZV;v$mcEv
zij3y-!S!qO3Qd-XX;H$+_1<6Om&+IJa)JFe6?AR0gP#0VR#$A)aFDJ$gRe@OI?hFF
z10?TMpjOZ9A<h@QPsKmh#M%AcoBV^?R9-w(<?eNShfj%OHJb<Gi>Z^VBw`6LW@w)!
zXmuKjY@e!^4*_v!KTd==z0zme?fZH8&gNSUEOr@MkyDRo6UbepHo1axJ0WlH`Zp&q
z)da3O2hRwbOKFr8E_<4TAiwL*S&N+1nW~yJTX~OXJP+wp*x-!xs}~z;G6o;mX|x{1
z$R1F7^Ujsi0Ugwx43>=qf@@*Hunp(ZkeMr-yy{7t_Q`}*8sXjQ(ME=VUfR!kgtH^`
zRei+*c<k$gLorsEG@)j6+mr4?=uQqg3;%SWI*Ba(hTwtO^5>#({zF%RJ2tO$zhinX
z>t)GWC~-}Owf-pSOWCX0j6++<+7UirA)usDP$+H%E;b{|HDpht#M+o_6ulDm5%TVa
zT6a9k=JDOV=BSpS#M-(BldZ}=0oiX~bTi}MXI>QUro4^oAj<P5#%X1NFTBAw=#fiZ
z!;R0M1?HlL-MgGj)^vW*s@R;7SZIGRmvY(Y)>fE51W8LB1>>XUWpUax8Ft3Xp_+V+
z<S>5x6u*d=e8@L8DgFPjHKkD`()&uFE-pDsCD4uf>!gpZxV3fs`l^X-YzB8r23!re
z9HG_RC)b3R;DGd{vHA8a3Vfawj{~d~x2bybtwsdXWC~ug-U_Zt0UDu?x)$<$j7L)I
zHKkovj6Ca^oE?D(Pp;$=2m@J5iGg^h^>Kt%<I@L%-yYl5HeI)A95CSNvF{E)q^Jk+
z8IY1aVT<NB`fZ$JNJLTwNtQ_5!`h5LT)A~_68vSBB$Wi^bxAp#%2dkhUNiCTxnoVz
zmIJ;uNr7h$A@s>oK7QU*kU5NXzciS(wxq-^qVXIo9|_pryp*g7j-2vx9m6=P+>>Lb
zg*L}DnQ-t!Tr*}=Zu5nzFD&u|8~t}AVVeY8#kgIU_-#+06FogJVX=xgc9Omq>KB4(
zn8Ck$T+I8t-(icj+866!;{Og`*kqR__w&^I#skD13wZFEPB&@DCCHZw6I!{{;J}#o
zNT56KV898hwgA0{z2_^ZgNd|QSZ-6lXiFd#Q`BHE714no-=O7EK(%<=zkbW=?_6Qa
zUg-0cP=oX?B<N4(J9K7*f$+7#o{W~y>u{kbM#yGJ`gf8*>$T0-_3Zm9+2*}IjkLJ^
zjb4T&Bnb&?A6h6&Zyy#%KMLt|BAuQy8!_1GyD_F!J6oF6`AE3i?={gE@EE8cfLvFQ
z-;wfWCrA561S|BcRi4I4bi0wH-E)^3FFqI*|B~N=;q!Y=CQ96x@^%c*-xu@Bv*!wX
zAW541;{27aBV`{alL+m0y>B$>Nw&O}|KC*m<QmDn8bCMXpj)@2wT^&YrS@nc*aNRN
zIcUH2L#c`u#^71#@85icJXcSUJO+a~Zd>b}bFY6+mR_J!={KeUaq)xh+pYqTs8*s|
z?t+c0fCF-eGG{`C-swSrDfmcs+n#GZ^x_{UjoXN1iCeB9h||3`6NaV4f)QmBF7H!>
z)%)X|MSNSzReCY$kAnLy!uG2H{-aP+;M;~bUU#D6d*AW`K9dcH=y8a-R)^8ltSWU@
zhMGLpB>3N_=$h#gj&uBhs#@^V9q@bC4SehuPEQykdw(>W9*IQUvJId1VO{BY)0_2#
z8>3Mp^({i~rT6xWOhhTh1v6yt#q2L7g$ksz_a%7c<#uNiHF&$8{O^lnr5M@wE&|PJ
zxfRV)2M6uVB(aTct$uIKs;o<;-W_(KJYG7s-CL&k<+{}Rf{Xw{ch2!7%%?!#r@?O|
zC$VLMg#(rg$l<Ir^GIZNE*mA;$dgqE=VFUBJsK)CQ7~_XvfvPSh7l%jL%gkz1sNMn
zH}m9wS8eq_&>|*1+z{*CJJ*d&R7tK0^<&Od!Dyx1#~q&>Tm)&v;a&tt$imb;BW88%
z@wXr-el7&)VNf$aNkavk*?f1!5mO_)htD!R-u^5(Y;ylLKfJpsl|zZOA6SZOI9inI
z^nU0NPf#aQ99Z$1VL*UWt5*4|&)ajl4$@z>4<xaS9OmikS67dalH66IDm#8_@24qq
zP|3#vxjYCla3oD(raCu=ST|Hx2u7&s=^gP&B5#9SU3Px(11`_z?55^j9>qUEWrqBS
z_RjZno*v!Dc4HX7EWVpES^?$V*a?`|JTiwDJDznQVi5@P0Y6^qo-CGmTng+Hf8m-R
zULK$ViOG{=*<%<vImSgi+)7VTE0zkQ-zX%GKlY$oVYZupj8&9Ia&lF&CqQPOYuEfH
zVZsWdRv(aUCb`4oOG|%pt*r_iXa^q?J75U&OL^!uF?eZ5>M*9|E5jWuRAJB_YN;nw
z0wy-0R$s^$fBWMOJMu>MpNc=>RWrt4^3%BVn?-7~{e8-~FsDRBrQk<dEzY3ai}HL1
zkoYR9)g6pmJR$nTAlVREa<LGQbk!KmioyZ<171$9pn%i}PR}Db>Jw_RWTNCCS#lBb
z#311qS#oh&h=0Q?AmiSW?7hq%ku{;LkZ??iPndf-L8?D@c3Y^d|Duk;u$WT?sgvkt
z8S`YzRsQ!XKcAyN2NA}1dk2|MrrlBXn9uS3HnI*u*ErC@_t|mzS*jYMnXp7$=A7d$
zrmelnplTZTC>;`CibRYYkt#7BC0$h1pmQdC)a)QA1E|nRWkT%z*(x~56nbr762K0l
zZ}6PL&ca9K&ab89S~{j6efHx&MEVvcnS<ul`xUIAOW-yr(><2zABpmvKkYrVv8z$-
z|7MNR<iDn&Vp5_Ng7z+>?p36cc22#uzmrLgBFoCcB8`X!1pZeox}zTWfL+-;Gc1bQ
zxaa{EfFP}+Ix13C4a!`K`@O)z^ddy)-8e01#h_@eS~l<MA%>zJ`K$^09c<Fz42jB&
z)}{#pREiY<Z&n!Osp|dWQvv3iR2dsaFR_79wuy~j5B<^r;gX0#GkOJAM4XW2IuX?p
zb!j3pKB-BhMtzm8&Bg?Ac>(5GG7ff_u~&Bwax5+GW9u!mt?QU`5#h7ogE({3xcu93
zM<nWd^V_(kckUXJ?)3>(E-7kEE#^BO&=`eQ**cJWwGM-SJ|TTpmRur$nY1Zj3cj9%
z>-yQVQc+M5VI{t*&5{Lbi1})U=+Z0sA%+EFKr=`_t&I9xRS}RMTk}Z(2P&G5R<(RG
z4zWR-E=?HAFC>jCp`HSpDtzt+G+-RE4PJ-BHdre)d%`?jcIrhVE4k$0rMSf~AIs;)
z$lqjST4>x|to#j=)4smQ4x+_88LHuXio1akI08!XSqo)P$Fo9p#J@6SgHWl%AnlmR
zm212WqkI9%b4Trf<(t@*3Kc3R{^Q5plfClM%J~9Y8Xitc)>c#Y<QSNAUjgHRblVNn
z!{$z9;>Eh{vXnB=LO-fksrG->eYLuyf-v?McjseXuOImb<uzv~Q+phW9_vO`np6ze
z=t--EX>A4<`{xMJ0*uo(05VMlC#oS1Rl<Knu@UmjVObou$esb*foR{J6U)XYTb=ly
zSA)56<1#G(iJXoHg$b+U@tbx&E#|+$@tGud7Dr~yZbmxx8u5Un!M9qk7=rd-NAE>9
zE(vv?*upbi-g^IYoEG;m&82D*reto%t2uQ1awYC!Wyri+Rn~csg72y~b82!rGB~ar
zN_qT~AIJvpgYng&H6K9<VnE>G!xS^uEy%MGH8QQ#0#t<zl=~6H-np#4nbB+ahYNr7
z@1MSViwgpwluZfKGL$~m#@-73#f}BzGi1x;Q6^x&E1`knzjIBLm6i1mKIr*Y-)o@C
z1!7PZ9O3WU^et-b^=Z|tNd}w4dFkQ{vZz(76DVxL_m$*lxfSO*WFm;8_gO`#Go^v3
z2o0^x`^xth6udy37x{EKCVN~Gp*~(oRvev)68XHfP(JNy$`zr4`=UH+RfUvxq(Wrr
zh0bhyP@QMzsjiE5_rq%qyY|Rm(fEZV9{qz{MOM%&jdMzEr;aapFt3M=hpwU~V)vxq
z++RdKJxdg>xX}<__(bS272EB=@g?{a-x%?g9#*|maEGdR${^E#^2+3_)SG{h_*~U6
ze^p<!pwIZ%rqDnyCQbjx^JL&y8I{sQz_Lrs&h<%)u#no&hRoFZ**hMKmuhhqVU9{A
z3Ex^qr&kGWz+0@d<zf;3cMF0xm?Lr(r$hcEs&7M8Ocfy^Q-x4_z#^-nQ%;$ruax$n
z=K=@)di}}VtR3e8Zp?PFdSJtw3t=h<HS@C!PMPJ|oZ*7IXMw??vZ#JRDy!*2OPf1d
z?Xb$bmc*-TS#-RpV0NNdjIR7)=J|UJIbRPrz?$UQ!;wUo{xzX2Ml*tx7cbC?(*quK
z@&PF~c;%?GrX<%6t}spe!=l!46X+EEJ!~0QW^GY*2_uL%)TR{I%A8yoeB`oiH)|%S
zbgLmh4;@OIe4(*sP`I*fQscQ@zxcZwEb6BdOEoVdA*dfDgSA}RD3BAVXxMD|Y9N1S
zhROYCj5UUlVUEa{fgkdhIB**r7IRG@Hcimjx$;oZ-u%f@IYTE*r%kH+t&vjGtL51l
z3F+p+GzJ$T=G<%K=7N{PfunN5JR@VZMDiTH<vx+>`DEPzT}y{0G!1&i(dIVWgmv|h
zZd;DR{3SbUxhj0Tu(W&(te85v{jCpis3ZmgYExwT-vfG#jlb>OVukQvB5l!F(tLVI
zA#~z5V)bj!U|oW_ve{WUoO*NS$5BeGEJ#5mxaQFnCu>z;Ud)k#jR0>DgJ)CU9|`0^
zm`kl7#+BChc=MoA{tUC!$ht3yK;EC$gCo#%Oz1KtHfF;))<*83UBF<lJd?(9TbUKw
zH4(v)?^a)T#GdNzZzKX!;v-OfI}uFz=COsX;g|zMtf#h8KH=0J{Q8h(K6fN>n?q|1
zf9zaIta2!FRDJ^Oy-7k{$K=Wmp}pFs)i`n)p!15tBbirv8L#B<t_I?2slzi5;%s(M
z&0vkHxTmW}hdjWbdzK-|pq-FXjF)W8yni5TYw;rB<IFX9xC}rgHJ^(~^uLdbMx;{k
z_`3x0N7Z+}%I@?KP=|OYOk=h<AgJiuo17LQ&NY53{)@u2IUTX70{!D`Aw&7(v%RW;
zO5-<CKivp4V*6ecZ=jIrNV&L5yi{~9MfLek7pf%wtim0)5&wqW8gy=$fn{X-_N8tK
zi^&&?%`@efI=oQYNfE^OoBH9Ku4a{cvme1One;((KJwAIn1P$0&9!tm@!SN(IPAqj
z@gDlcfFb^S9W3nMiLztXfPL~vC(~*#wL?AlUF|p=nYMjbFX7<LsH=~pz2W@7^iIHn
zHwlq6zPri?fM1bqQ#VQ{@7yLjpJi3q!FUEx7@WHrqDH2z8Tb0XpsvE8@<5;F8GLcd
zr+Gb6InBWKcGcjW<_+mz3raiPnE!{EzL%$t6e*e`{YDhkWE)`B3#QJPGkXo-!oifc
zSwLfNjxl_JaGL`v@T>D%WwvY34Uuu*Ed937dwktVyB{2h|C(%Kjc^&J@tZFVT%e(O
z`E<j4YRC945P1HhJLb>L4Y(%ll<jb}-SzG6Y~jk@9<Vpa_j@YRhR$McPb%!*)_Si;
zFc>|Z)WwJn6g|3l&tM6dud?8BapdVY<?#5@<^z|qd*d1t#SH|7zTJ@YOU_3IeXZz@
z^7E%?mrxz{-sSfO>1gffL#9(wgQ(V)^hqVNK^PUxJ{}rV^PBP7P|);cv{J!jI#`o6
zESEu4s?F8SGC*q<Yv0rnN*vPfyKu2B+i=_)gLDB9l!C6H1QPg8sRMom!Y^MNZWzbB
zlc^9*;|Oyon9a{;+uXsDu&)w?%H>-b=Y&X(DfTOjtz+=#ZXJq>6TZE|<|0i^Fu9ms
zLfHR3*s5E@O{-54Xus^?;Kp4VY`o5B&iVlj^ZPc1R?|f6Il{%gE9s8<*N@0*R+AIy
zwfA;#89S11V`lkyx5;p1*ZVG-ymQ(QoL7xeJ#iJ{>ESa$ye(RYN_g6q{pjv1q%Lb+
zrl<Qwe;OM+(+ELyA{~pmx4(=ry0OIP>r0jdfPU`kIa#$%kr{i*X{G+!in~u>)&y$3
zw9iZ&BPJzX0UqF9U+``W+y<%tCWnetsMAgkTz#9CpSBdXAAsKBqbB+E)Z?Spsy<Ak
zcp}>SkrrLO2PZKc+4e_?4_@vN_Ri}`^-H04^UC;Y&on~YM4EPeSW<MFO<G;<kezhG
z)b4K_@$vOW=C0Lk9-|2@tI^yvrp^4~(GUlHTK!7~(8&JLi>|jMo+~^zc1>Q21m6C|
z0sxE<*ga&AdJA&TX{8iDmWYPl+f{IFI{^FwZKch|CGf&z;<&#I{f`vMao^HpE(TfC
zd}Byl+-6M<50ooCOQTD;Q54#kZdWNGY{Ka>u^i#B7li(cM}K@<(^m=y-9SIcSzKUI
z>@#(5z8emBJ|6P=<Roe^=|@57ry!QE3)b4m@Q>T+lWmmT4HvYoHCfFKC+;Z*Hj(UZ
zNT$C-c-zWfH1}9ust5cU|CrjJ4TMjmi<V^vF8=)F{Pa8j<D#mjh0){p)CnnBys=Ta
z91$K+X#zJCHO0xDAH(Dtv%zHKmKU=eNDK!-XoW#eEeQ?P@%#w{`}-|BkY&pIsd-UH
z#>3%h!{W;4k;`Js$?km|g|ioRTvOw)(q+6Gm|PI}r!oVBN$FiNETa(P&w-rmloq_3
z7cYo3Ao7PAy2DWbkF!p1V%!J=Z242ML1QFmdsm$K1DT^}UHo)#mUL5N_-1=H%N)?%
zl~6U3ib89xn<6*Q7w5-Lksk8*d^v~$_LVny#*4iCQYisQa=5^69EV?5MY?;(fF=H&
zNRZ$+`|XJdZeD)wNF@Fh4!*A_Qd|qwyFI_Hhg%#maPF@et|QP@wi__+i@vwgg-ky!
z%o(F#j`G#P-7a@jib7J2T~Jb-myQxBgITmtKkcY5iaCb5l6t(zPb)6c@A)Je7&jyP
z=hy!k{=g2KB1)qFIyd;cL9$|U<gM9eo*&-a1VX~QP9zMI+jK`aHwfFS4=&Dg(=R50
zVk+e4e4$_99KKgNU|57ST(HGC2Mv=4JYW1^v>8!mu?j#&MyV?Td0A8KtY1zeR8Rdz
z^t5)l{j<y~Gxq&sIX>Ph%1f>Fe)+zi1o0|A&wY9SQCN2RJID!av5*ajZ*QacPy74O
z4J5sMt!^d1=Y4$iPP(Yil^nl#Sc$IKp~M$*@%OpWFD0wq`>oil2m$<Fd!hPR`A;!h
zQP|!PV4mvh(4gGQEhVwKyEXQP<Jttl_<C#DOgO`ubQY0}X0!WV$_;iq<m99Ihr5+H
zw7l_Sp@ND_(TfbYlkStMDU0?GgKM`l3H7MlH@>v*Mk4J*1t)La<mMplJ&34hTL${n
zz7`)EuL;(I)1Cv|cGR&(Muf-dy5iq4U8FP%2~s>8P+j;#2P{8dikhfa6&R6fY(9Rp
zPrD;|?{O~$>aOsW|1fh&_ns}6oc7S+JRlfp%<O%}*BaZ_zS32Zg>20uc9!$gZp0l*
z(V25K1N@E$^$V%WPc)JW;qlnt669m>>EOn$jxOgcnqOh?12xFt{f{fnv0xT3@I?dy
zK|VB+%}0LPomD?(LurgM-T77vXn4Ev%Vv-g$S}o!yD<7Jm;|%nY1C8N^HTp*4y-59
zRxIAowQJVx>8p;gLf8yM(=%u2-x-8yTd)n>6Jims#**m=(GDhh=)&n%a31Iir<?Sg
zBq_MmO@XJ+_Yo}7K+IHiONl-f8aMAuM^ns}@{=zJU;HWkzLgtJalUUv?@fi%=<~1h
zIcpS0)n9g^+0+jCi|w5^GgK`f$Y1}5IpCpZ?`adYn(?=7cJ}jgmZ7H#A0jOae7fsb
zvTKpc^9zHUxA(@1KpVHCpuR8Zl*VJN^^1H~Ea33HbnCgPDIA{V+&>RqWkXk!@!ac^
z(-r+H65~eu!ao`aGb#V9;!g`?FtWn|Z+me=uB5s;sphQnxwtL^BoekK^p%Osu@?27
zob4@Y$#P<FC@*vj6w&p&I(Z{~R=Ul}tYa+!g@&x@>?3H_?aiQ>nu0V<g8@o!+9@c8
z!wf}SSXg9>9kv*Wo`Mtxtrep;xZeu|BEBp1bdb}rDs4U$_`Ei(o)_v@%|!o_pQXRq
z;WYM>ro!=KSNd0~lIgXb@Zw6of_dq2a^*xuON@_%-p$kI<aG1|B9O-g6Yf3tbQMxE
z)q)B5Wmood3qw(2Iy%>&4VYj}(McLy3m6y*(rM6L1h6U#M4XEG2sy8J4CCk`X1fRd
z^Rwq}t%Kl@(I)1s;r<n;mmV=KaoYG%)3>5i8%ynyG;Wroe#F?qSoGN3y@QM@{`)Ii
z7B6g^q>8|2wGw9gylBvd`yPX0Lzk0rJbPDLBM(d#TW&9E7<p9-+TUNRekIGrKoUpB
z)-|uk^;W5amxHOmTk7@eBqa9AqX~8tlQe7v3M%bsQ*!wcaLi%BL9f55+vS|*peMd_
z&X+l~vY)b)9Tqt*YE9kH7|w5-Vz6CZ8kE*@!HM7Xsq6Y3as(=<1QYrq{~Q{OxLp?_
zl)R<KoM>dl6X-JR1Ko)|5sX6ftHLPjBopKiuFE1{2WTfZ8#iq(BCrh{N$F$XE;ap0
z*PJsHRQ>MH9x{BZ$2P(7<YTYdow{|Vce09?!miT?c=eW-h`iYwJnF;R;A5P-GQgv5
z^aTHbXU(cxBeBTY`V-`6lAc%IWAK4*&4J}oFqL~XRVeWae3t-!v_2JjfZwaH9*j~;
zJv6|!?%Py+KE(G<#Gt?4>r>9MlcH9lee5)4F-Em%1k=t35*7y4Gj0X1H*UHT=Wn%P
zzw(RTKTHwfaWZW(hK4&uHFD5C{--%Zd#VQBxKy<k>zH!8CP7FRaph3WXA%Pul8`Qc
zcMvokEz9}$J|Ip%A`QRS6P$m}vm+6=217o*Ha*B_(1bt*nAJ#iG`!57e-8bPh_oAg
zH&$J0MQnMoCp4k3pY&x;gWu%~wsq~-&8w!L@TtSc^(=A_6@e&*h3n>7>*o$$iAHSf
zlh%S4HbSyGe5T@(gu<`$sw@nl=%29%zt@>dF<5Zo1^qpE5b1Tqtd);p9)ECVZ3-yN
zhN23hq2n$m*B@P%qxmQH)_5=%%g`n>d1`tX@K|ec-&*k|b*A@qjTy^58;d;Z7w^CL
zcICJ-43&`*BNI<H8d-c6JIs&g;umHbvy|1NVjjVlxd*b*qqT4Up3;z7!InJTT}@Q^
zrjO#CDvjImrk+ll_*M&#0C^M!$l@hUh1f-xsI_zPkrV8i->yZwI3-Kyhudq&7Drrh
zYX7wsObw2$HQ*1eV%Pf9o&}?}aE|jgb_#E3&%gqAi*@3-z_Gi?Un>*K=6y6{k7P};
zyb1J<z{UJ!VKMD=##GFc;c!~W+7-SwUw!h>yYU_b+7XyBr+1nL%k~pP1bgYbQKr%o
zSA)5=uy)Y^95Jd~Wq-=M>vA)G6DNr?=0w^Et3-HluGtI+mt$kQ^$tv%<EPl&q6%l_
z#cxL@9HE|$epdAdnZs%Q=#mvvFbbGxlfTE>$GN+oF-Xg7SEF?@QtlIV#UAzQ%RbGq
zq1J+mgkC4Z5xICJ2KhvKsiH>RHrRT!&ay40=nJJ9DbK}9E6ARRQMRSUS_%YfL-zuT
z{zfKk%9`Z#v92GKlq%FI4<eqkh4TvTi`kPCRqWd2YOEb?-w}Qk)GQ_`e8IGtcjFyH
z&r_OFUKLGnxyicPbAM7QyDXMEL(d6TQVu6quP<WWN}L;z_|~dep|ZuBQ|K%g>_8+y
zf}l~#6hAu8rF!zL*=VaEoOB9hGAT>eE4i3tUgz7iRJ7qX2I-Qc@(d=;^n(z|8_Fc+
zk?c_IbWh}jsc2Rc3;n#sUJrX&t5(9gaJJXf1e7%h7%h9!4n*SZ&m{WWHZ(JI6Cudk
zmi^Ow2hMNtWVLq`A6fG+E-dFtAf0&itqtJRhIiYIuq3VuZmuV+7yrx`%IW}=%_48l
z<w?mWLs_g8<&dv7DH@%*q^+?2jzy;CM-eCROjFM|?Z!4R+{f|6(oyOx>J~%uc_hbk
z>UD@pUSpXrMep|*^oFVC9EB+*TPMY|N{cQM1po>_9ZbdEY7C`lE+<Z8FSIW({aVSL
zQsMKWaA&If6~;sJo9hMO&Roq#%QILR7wP1~9<cJ37Nm}|UK!&wFo)XIF5KJd2%@bQ
ziVx!CL_1PQ_DiRM=7g8|EEsl97;aW;qVnA~Q+~rhC~z_saFhewa`bMER}uJxYA-J+
z=^*cu);9!#v*pf|>Q|n!XnA7}wlu`5L<kV}cPXeZZ9X8{Q(|n|vMX8D9uSL9Xgrt<
z`L{G!iaPeHy@w%+Y`QBGFAf$%!`A}Bcm*$gys?+q<;}`>EPXEwVD?r8YI2T5(5HFF
zP^_3#g}*0MsE8bY`a_~6^Sc{74>DkEH;FzAVa=of-0^loMb*;%#34e4ovwza`s}J`
zx7~yVxYn95x#TTYN@=0ci^D{|dZVY%lC10*(G|Z%{G%zF5k#?c26I`l$QYUy)oMVu
zT~_p-hfj$9b|iwMzseix%?%8tTAE_ahhj>>#>yg7?W=Hi^Myr}6m)b4Y>U0vxpcxJ
z&atxyY0|5SV%7@Ht8Y(<%3!;Fk8(P*Ik&0lM7uY{l@G_s>C7=^!#6mCHCvBA=t=~Q
zl6t<a5Nop?;TMb4<k{Qs@=jin#~Su7WL}rjPoQEwK(6p){md_YRGLICkvA?y#bP-Y
zW%;Y!fgsfdsio!i;n+aeO3LC%SXO9V$JL;x4bC~%6VX<J!80{1YV;-gijGrBc!=k^
z%}a=GTe$5Y>y>*T_zO4+rSt){rysoI7<eTuexIzpQi7{^@&KO*+ss$XYC>5e_YGC}
z<gC6XzPl1PJ8~Hxlv`KH&KUN*HoqvjVS+fA5|m4nmvd^3s^lVbHBi(CzurL~_Q`uR
z)l#+WHH|*0zol}l18sH|PY<N5mXa|Y5=nEv#VgMcPdZW~8Pp2+ID6?+OD06s#B-bY
zEFHZl#$&dKw35gA=i7fJH|DsIaovtpS{j{BW{bE<Dh;AE+#v?6NXrQb330C!=D_Ur
zcq(L50h_@-5p?98H@CMqllkY^RR8$NZ2}?))4Z;L{H!Zx6ZWHO$6<9%d1iP-QQkTt
z0eSN6HrWTRLRm$UjkQm4TvLjXwZQ+Dt(2VY_+CvRBUwH178@20&IQ}F%<gL6EA;Xn
zn>#XEe)ziM&Ee<;Mx8F5w-XvzX3>d??W`J*14@_1YA5mmIrYC7d&lU?yKU>YQn78@
zHdk!hNyWB}iftzqCl%YaZQHirJbRyg+kMYDx3xRIu21XV=4^A0`Rjf3^J|}IMO3lv
z$3S6aTNy`eAos$>dZs6Xra9|)m9XFEd?c^skDj6Tm<CJpQ8=#*`^v|&S+_pEwY%%Y
zx|S>jJoh`}2WImI-oc%y9iP{4-IoEC&vg?u!lL9=UZGcdpFGNB_H!2`{!?3z-lxkU
zJmE2iJA1--8xbTY-+uOtHGNXQ(@9Jh9C$)1iJ;d7=jiOnKV}0C7{_iY_^%S}i;t=R
z-obMb_~Q;6d|$7G@mBM<mZ~#D*p~ZW?zO-*e7f!-xJrxpFFSH@<(K0RFLxXd+E~9N
zzgwRlT#>vi5+t3YQ0e9cg=29?eI|A3^KMABNbo8|kRylcX=lp<Wrl88Nw1$<_f`}}
z#v*+p<Yws$geRB@9v?JhOm5Dm=t@2f2IEs1oL|M1^j=Mjj<+6k#+6V9WHEnigWON0
z^7M>dqE1tUhp4Kn8AJ%s{1W%e9~e+iPOwmJBdwH^)>!u@DAlJ!;~UTHF49Z21n`k}
zh(sL_vTBpGl!m#Iisc;KqNN%7W@-G7Q)xiW+%R!NG*F?l@H!U?ieodKFYcWZ9rCA|
z*NXVil7ss<BfJxw3OXVQXU35(pyNSHrmcCDf}3)~8}R;wv`kRDoav|hwLCkq^!$xy
z8N={b&l!#m(%be>Cm~tfK-ICRFpi9U930n7JaSBPQ8^(sHng*abns_^*;uopt=+RY
zNxn(O?b<Rm$&m^QuC*}k!*A0otW>hN>)2wLDvhvk$^~&LBs1*}m?|oAWRGo7i>y`Q
zfjaW3%_glhO0+{JgX|%r#=!K{BgPV`pAhQkjiObrPv@LRspjMkP^ks>v*P?F`u^tY
z(6!&H<fnk+7#)kZ9~<Y2cU<Ac_E&7#;lm$$$1YSM8hJ}MB;J2H(pln_lrb<yAvCSz
zg!sEI6k!yR>Q|%5NQ0Kbe;yCv9CEMq5zvo4Arp`uG}r)h8#C3=$A@|E^hZOjaq?UM
z;gYqSxzLL)yj(uHD|50X=aOf851Q&4r)s1UwnrWse+!3h82c$`tLtM4>*{-H_zo+g
zNcyi8#jr<MeTJaEPni)3$J4&pUrNLA&E#@`l4^dkS<~TN4&HonAFvhR;^6w<W*4n$
zrSd>jg;+_7QKA)s#NU=sqs2y;9Jc7q#sS7;|M6+4k3Yn%GMe!TImh?3x^5ghoX+5I
z{$2KmH*JWTf3~|Xo@uOt`LJ|xF(p27Hipx+Ml0aQB5=P?6CS_Q9ZWb-Iei%!(?gFg
zuc@Z}Br(VP{V8R&?_bznn{@fReckbYd|xKRT!&+Jh#&;%nD?+)uz(0d*g=7@q0%9)
z6@kGPms82?s0E%T#q%d0HH=~C4K8cX+Oo?>YW5FM)!=FM_j5sqX)PEXK2(byxrK5b
zo`er(NQRJX<zX|*pNv$O)hWXwq~^0r%pKYe9rN-NnjO3dqT6zO*QGnDf{z%%=IKqs
zBCSR;$o!W<l%TXIe~=RB8ygB3Sn*i!S19{y$E_Uy3>IyzFl+z#h;00HbEu7D*)>qA
zuCEa$$cMeJC})&u7HdE3u=TN%&=~ooNmT-#%JqKcV}VP`V|3&_>il}6Vzm$m76dZV
z+feM>4*0_LvDU=`76e#qCnxaOZjH+Tel7-;BR0biSJ&1ErXh&c!okv0FJ`T5W!Q~V
z2KhVU+GDn7al1<>)-Mld#FVm{Z6?SKe8iTe`m6=Gl+rJ^@&!#+tj6h{V~N?8#wIz<
zZ<6_mR`_gfE<pAVmNGCh3yA)-`1V1|FoU;aeJ}Lb{g&uTK=!A;9r1UE9}ovxl!lHN
zInFR~SCrPeLTcg6_AyM!Ylj;$sQf`tQsh2a@DM{T{x0nP9T6g#>tM{VPgNDGP_K;%
zgU4~lKSq}NcgQtN+2xNHC8xHMzpnWxYRukdM~n{d{2$dok-|}wxHd<zwZn|p1I%g@
zTAiv1{p;3PIedLzKd1)HIO}*N83V7MSk&0%MhL|}d)BcmMR@#gu;xAJB^an9lW^n%
z^i6`2D%s*K-#f`YWI#}<(tdW(w2d1tyae*Wu+B^w)|9BD2nB34p*wqBdI#%^T(J(N
zZLqvWQ9^2LCJ=JtdG8Wz`4u6nGV$}`4?WWHc)$jAZH{oZx!RIF@$m^=p8MoMi_YUS
z<F;9P-c<3%jnL9D_EC?Su(mIA{~q-OT%s@3xK{%!Fu53HtFJ_KG_5f^-b21tKoD9^
z=sEAX;!wS3<D<vNevkNFiaQeImpPY0f>QlsAX^rD%Are!lJ5YT55F~ME3P+`o;nIc
zxm8RrljnUso8A!`>l0*He1F1Q31Fq!C!qF|Nm_KWNPUqu2^(~>Py}NR^5f!7a%xCV
zTr#)iKGWV;06Y%d+2FpymPWN`3;g01Yek3dC*BThIfNhnNFRCTXjAeSo^qnK4S?Yk
z6|tPD5t13NkJ@3GY39@`xMfE^QQgGA^jMz1;IE5!kl*a?;|^1e{wOgb(U)(f4&<h~
zet-~zEZ_~_cW=>DW(T_;o9(nNj8QLCLPpQ<lX!tbc^NJZ%d{4jsBXg-&B8fRRK!oS
zM+Jkk5RFV(S|d?S5Vk50XG$9DQp+aAz%opI{jK%1t3X(+f0kW8(pVEp_8puFiE1v-
zUQCS5Qczgf#k{@vAnK4z4$Szy=r+v>a3f9#n{0adL-Mp;-~}yja`RAt(LN#{vP;J^
zd81%QZ8doEpxn6zl_H`-<M0rBC;kGTjFEb^)5orF#I-&JLV8wcW$a5Mp-+J;6bX4s
zQvKNDa<Wlknxk9b0k}p|KZGzhI@`m50tJ~%V7XYzkb;)jxb0@m{*I1fW;3N)tRa55
z%j7uKPvOiXa=4Onx||M!ThWDM-f$~?Xl2@eeZ@GYjwKYD>i*%)%lVVarnwnuVLYyf
zRa$<TWiO-i0D|YFCxX34sylDYV6wHMz%<vj{38j!*b91gZ_Nc|hP^=XtEXOuYpitJ
zRZ~+TaOO>ilc#f&yHj605Qz9>u^K06T!vD)gBv+`ftZgclAMZmNjdS)TI~ajZ$tXb
z7=1#4t)G7<o`cR&krAjls|B4S_@Vr6mB-{q2-tjy-cE<&T|YFQHswYj;RJMEtd_j5
znVyCAQ}0s{)`E;H53&|Ri5w@?aAYatpOi^9qD9kC9VOg1zYz1J5)~1AhP*~^=<qWX
zGnI8d=S)u--|eHu0ZIZ03=~W0H!!y0{#Te?4%UV<aF?arKwv|7-ibb{S{P(x;N8p3
z-4jb#4AmmjrqwGz2F>D-FVfE<nZdg1Ih8}Xtf~4FzU5D@tj9(7wQUM|7Xm740Z)^u
z(t(u|<}_|+$R`gPqxK3LPlA6v{w|HY&6&7H*Y*@rBusr<kiTG<GrEvll6ubd@C7>#
zj#`|0A_4&mZp<Y!Bw%(MCR}tq=$yx?qrnosNb$vrO-mr<7!$YT7aA96;=-x$lVjlW
z6C`&RKMSjKT5)5x^?Tph=3Y)L&~Uuoi-0Fp@D^YjrM3Gj&@6ADpm*;hXPf1+`{Itc
zq^Ax&WMFTO4jC=5y*ehcrbGGLpQiFGHGpwdG3I%Ad4d$)P+>L>M9fn0LyFn^v@3uV
zTiQ=eKgG}cDy4Ek@IK)_I*>Kav*ULE3O-ejwsAqr;`W)}xu$M)lsfC*pux_Vvejke
za_HUnZCPUK)JKOh53h)_^taI&y$cxnICV-d2hlo3Xbe4X32v66$@X}@iDtX3L~fDl
zwKu`!6~HJr!BxMD3y|S*59R`MYs?cxSD$m!7U&tx#Zxa=-Vqb^=8#%%;isF=Tf~mU
zdMjVX*YT`A<nIp_s<&QTllD6@vc8)#J(c`3`<x0+qdx|;k=goAW;QAAJnIuXED-(1
z@FIqT{T{gg`<Y$F3xklch^NcTKlS(6Gk}GVl_v4X0(Xr>Y+e{QeXPortL9{0@4dkr
zL^Te6bGh*K<d+ZTkzkzt+ci8q+4Z{#S^enx1}AN712Vk4-Kl^q$Car>Ac>7-1z^!5
zg=^V(vLxOh)C22bhnh{KP4A4=Alj8<soiv@znPGkr?>f(6ITnAqK}=y=LDI{`i^+~
zLyhWfT)%ZL;Ry_$DM2uiN(E!iRm?FxB{TC4x)|!KH*H$#{3546XHV7fq~nDVm?k16
z@ApHS$~V_4YIrtT;hWU!jC|UxNo=c4#ZP|jU}ub<V>K38+gom-Iq<0L-Ln8$vK6-b
zIHe?8n6>AUsxC+t0(h*TjpRB?ZlAZZ@?3O=P%j18XDOnC{_$~$JyG&1VYp%;{AE*a
z<CNsyb-rH-B@S(}(QjSS<-F_A%}9nF<iJSzM&(WS-J0Yrd0mVhF1VU^eWDD(mFK3|
z1&ZSy$*D9oe$O$yOH6f(mD&+_zQh!<7DC0E;S-V>9W&)z-elG#J2)60LRt6KoBWu>
z=5Tbve`E6rxw$C2dcq{~_NqK)H8`b&_iA@x%(Li;)UoiMs`=Z7$~2ZNtz#xOy*|*~
zp`38s6pwji!C;vUEOHxP5xVmI29UQASWdxvD3`w*mR8=98TmSZc{tG({IRQNR(h5X
z_!n;Y^&4qm?0}W}&20bR+qdhBxyX_g;F+D1`+7A(eDgA6+kvrl0{K2|O$g-fGp%qh
zS+8|4G+fs4Y%v$;`^h5;8Agv;SNVRz?SG8V#XNV!%u!_S%J#~&J$uUy=X+llfb@k)
z!u@@c#y+2m7jsIy>%|{-1vVf)Xm~vGbUjU&F9-_??p}#@HPWi|HPx)pcY&och0j~d
zP6WI{V8|C`0JB!TA*WKn(tLKsp7Vb{TkKwu;j?{?0QO1GF&2x_$T-`JB|0W+qAJ(N
zq#mZa{Ctz(P*9KGg-odql<^D0$fwQGH|4sf8`_qZmRTFw+ddhAjFwq0r@9B(IN|J)
zo~CLBUMwc3tUoipCw>#09O+4=KS`gr-`$~uM*e*?Js4zN9-fnE_su>?c(T*8maf?B
zGgD$BzfwXzsLKEbatG*&>`D=$b3ZG-D*ki%{UZ1hZz=!%|Ehjp<Wfobf1X_aQ$$;_
zU}^4xG071h9JfL(F&t1N<ok(lI}GS(O$2(;m+`T~#ILxjNKX0?0|gK_?g%t57H_C*
zkHaU;z?696UN0E`#t!O|*rnk_>b?Wf)mta&dd2PSLtB{CC@iT5gC~#+cd1v$e(fxQ
zO_@VO06)v6r5TCyb-EdKs<^NBD3|Mj+ou!$YA5}|HgZ0JU+c@<6e&85UF&QwPld6f
zaPOF{(Xzp$n3wxK?PR`USY*Y!F=E$R)8}L2ul-I0>hiYBig51W_7@gE@MI$}<$3pp
zp@l-Wnti_5o;KY#TrkC0^V!N_+8#Ey>U5XbpZcZOSV?dFGO>`OzcCytj27)~Z}xh?
z@KAnrR@l&qz4F^{@+y_3PlJ)gh<;yb#*eOX(c8QnUsxh*qAD)GgSMC*Y#(A`xb~Sq
z#0_>)F9c{CywBuWrr0E_seM@A9aNOTC<uV;J7YZAVk@Tg<r0W{oT~J)M{sv2Locw-
zGFJ_%h|?(}=s335kjIjgb_br{S|cON+=I4A&+qg=H2Z1p&@=YRZC58I+D#sWuNSX7
zsXeK?Ah{&5ssS%ASNOb8cUQI`3(U-S*xMgw@d3*X!(r9+?{Nn?LKA^=mM?v@^rlrN
z<SFZts3ViMYtwl{l0N|+L%t)n0QwvQ@Ybd<g$TVHhcxktDQ~#|SYQ|39rzGAP9(aj
z&Od(!e<QomTlhD&kjtDy4mR0{WSm?U_^{F8ymb6W3*hcRAouD%hCW*;z7NkN39CI(
z^ee3VeFkqx%OZT~N}PD?Cq$aoaEVQ2vFVhv_88B(biQhQcI8gW>p~h81jVWB?!E_g
za((LP3(IuL?90+q6cT>aX)ZiC-sha6xR>f|w*A316kIcR?MIpGmiXawNo(c^*Oy{-
z_pc3mFwpFyI4mR8pjhy7)A2lgywb55-yKb#j5j|QKo*heT7huo5=-6#y%Z+JyQuFP
zudpUZ_4zhak!Zc)`U%JltXpI{ll=n2JsV8Hj-I)bdTT}!v#tJD9rSLo5`=nVPG2zo
z#4=khIdN67zDh30Nh>}c4PkE9QWIy>(<6XZgzwMc%RxTQSMfmXbI41i3js>O+;$_+
z@?1(NJr~@O0{9@U-Fe~RwH@Hr6#s#K={qFQ73CpqXJ;fD)soZhp2Bnr-$Y~U7Nh;e
z?|%nW|C7QYFqpGMG2=;@nUenaX)<Brxadu2O@o?<>mKU2#eH{3W9aTKirdk>DqED}
zlM<dT?O=a2yvYm#f@{39FOmrX)$1t39zM!6um9gkSLBaj%b1-%OYSaFCDOTg)OJq~
z{X^c2S>v0Z?d|HGCY<g_F0=?KD!i0gtWHxZ;C^{1aCceP@X&<a#;}1@M}3K9d0@bu
zr83v6E$6WA0+J3eO&w3wL*$Rv@kI*p$?1|7ht#w>L13(-_4Scmg=Ihw8B+z6cTDv0
z3bI}f1Hx$5fNo0st*3ip`h)Iu-r^g0NJ651=%XY(r8!}@JKiQC?i+|(!>@C_=LuRr
zYEzS0syT*zk&D#o1D2G&K8PDf1A!O^BXfC%(t&Abu^adn!C_Q<Sz9b=6;MAvm97e5
z9KEq!+z<|zLmE2n!P#-Dxn&d;jAjqO5pX2}qCI8|u;YosXGH__pvp;;9Xy@@;crk+
zd#ejI<#BCu!~}Bs)-fG$Q5K9B?n&JghzN+o+ZI}B8#S7IWx*=Yx+#zC8&BJCHH=<1
zIXN#cS%wbtMeUl<t<yEesSV_uZU!5U4lO$B!zTBN6l8|0j=1Uzz>Mvrjdpu`i`NN*
zq2(Cjoy;Ddufu>bzN`<Bn{9gU{RQ4{FkA!ajh{dM2Rkm$@BuOW3$NWTki$<zM7P^&
zjuKVw)FKwg24obZc{7IR8bJKhZi_G8qv-0l-i#YTQI4FL^AV3{v>Vbb$xEO>re@kB
znP@@A+Dt<aZ8TntFeru4W3^oZb<a}{^2hd1tw+5){soJ~d4WvrD#}#(=4wKA-bs6M
z37J(x_H|+?`66k7iUT%}2d-J!ol(`|H4;+5_VOWed+nJpvb9ow0O|#J{qAFHn$=AN
z$>D*cjSkfAr{%>{F06an4i239gln`E$Nr(e?;rLx@D!2g<YnVcKZOh($Z&{$%Pp3}
zE7(DEbx0#4dby<k;@GA>?5+Ty>8k070bh3{6tw;%DY|paH3Xq)LRB+`Tp!L?8bEJQ
zD8tX_$s(Pd^2K<i_C6FBPY?t|M8A|doYrJ_%efq>>~(|~RQIq#qE5=?X~&C}@%X8y
zF=NmSxbl0R9+tI8z$lcnNyQQ)*}~kf1%4LQ{h}wHdvd?LO^#?cPX|h#pD9+P?t{FG
z$S!tx$f_6H)n({DS1SUS$MISR!DciQ(BWLt&W^u&s;^%5mNnYxb^9$FfZ2ZP%STt%
zx$NShNcJb)ooCM;S{DYDBUBWh_j0rR{&Sa+)_KmbgWdKE<Qu&9QJQgDGiONXI@6GM
zn9NX6!y|=(=k&?dj}R9DGjb2Z@1uI`srTjROv=?)4v+kQky=Dk#|ip_M9f-9_#9&C
zTGm0EY-qmDY&R>M?u>~+fC%_){QcJHNDn@hY56Gi=yvm5#77^sQJG(&LO}+xOVd;J
z*WlVk#lWo;qwtzANlIK2PVn6S&=EMzOo{ywBB2llZD1z$bSlozM^;5Xx^qr*wG|RL
zu$c(cn9W(7NT0Phrn4yp8RwQZROvGMJYNV+ml3tgo90lBstm%z($&!(NJLIbV;svC
zOrCf#);07pr5WT^mDn#$Shrk%xzNv(_T)l&IA~Tg7(DoI{K{!PP&?M%TL^&TI(q!e
zGX!5tj_A)XHBEJh;qXVJ6MVh6PIrbVOSZf#uxFQrnE3^8m0``-MytTRB5WSlZ2mKo
z3bRcQsAA+zicrZ3sXag=ud~+Fq3B-DOHnQ!K@l*fNLTt;I~bv~nMzC%@jAtNbNppt
zbIUP*b*02aUK|MM(BaqOTh3qCedUroldTdTr%MLBFRneN2jFAMmNs7~-i*b3le#NT
z4L6*zuBz8TiA402nUCT+lq)5mn9nTr`vT+*?9;$@o~`%B$i+CR6NN4~nP9y9VfqM6
zRb4m;lvB2Bd(fC0=X{TOo8xXdEx}M<a)S|Sl-<jBf2XtMK+GntS|df(k$`~xYTC%t
z<=^QI+zgZ@XpZQQ#lK+?#?5#=dH0}Nu9en2=B=i)PUxl(LF$L|VOe8zmTE4wQOw!D
z40ej3uSU|#;6OlYQ+&!XR{dXDv1XkmP#(vMW(EZPoNNypoBC|-f8lLy_Ef8Wf3kId
zP@k(s+=Kll{&es<&8EDG`8tvgQ(*(2vXT5Kqx3*)H7pRhe62Aw77KQuBQY$6EfAm%
z5H&KcaiV$wwQ<*nKSN}&8*R!$gjM}b)I~}It~eDItbfLOhnDGcgw(LDUlAEBnFFH$
z8jfB@*cJ;e`k(oeG&!qS6?57K)<mguzgCHGvS|yIvIe~x`eK6{>O7n`b_HZ#XC(2~
zK#UTdjwLD(Ol1KhrE5#YiVsjEdJzOn^g{w>dG>4GP<@BEr3OXa)lT56s^R@(SA@F&
zYJHU=7!&x*>uPn+LFr@Jmtxnjd1|4SJk57G-RQpude`$NAfDa<p%8piot#;eAEGzA
zou#M=svL>D6K0;==`5!`I58<DB8EXgu!D5pZrNj{tz;YO*%Fm0{xjnrv_1yHYc)!x
z_VzTimJ9g;8HnYN?%BC&Sq37P#|zex3q7{xx>eMcdu_LlU*W?*8Z&$}>a*e8j$BG@
zs@#Kml_Tqgfy3gsd^tRSGsM)}Uw+<<^qi-*rChTQ5+hOH;z&8($jGpW4c6xe^(oRB
zBkLi1C%e~GP9HAau&_}JE^#JMxVvGU1vv23pW^l#1~qR2Y5+iq0%a#Fd9?YNc@EN_
zs0*WrZQqC0Mcd68u;-xhs=t|*`9y_-086r9_J`{Kf8hiI!xcl?KvquebSF^b$J2NG
zLa>c-K;F&v-OEVv34a^zel(r6L1@LE8V3H_zzfI*lX}lKBzW+>$-^C7y_Bx>TP``p
zVh3*FLFj%8)#Vk2zs_AYO<UscAsWwgcFUj**EhH4N@@Hu;02+~qN@D?zZWmPiPYQZ
zu3KE})Y=cWtA_AAq>s)@zoX~`VdD=!b)V9p^)+EnI${j9;^C|puZ<4k4t5HAoVlc4
zCftX7;#KgpQ;v4IXM{4K1!VL|?F!MeqQ&+OSJ;}$wH0sP?+~SU;w!{L<^LVml7ox?
z55USSnKvJ!&FND|m~}CZ7^}3{$s5!myPJ_%I1}>xc`zkpjKsbn`^`0n+Ef8YJ$-6C
zKF^8!;7@Mx_rJwz(A2f4DCQf%Wo)jDR&KaS$`sw*JkTp^(ds8}{&bv|xVf1COmm8I
zBX9e8dn0EHr4bS4{2`+>mk4Lw>CyH6ihJ4x=+G%(_6SwyE#dos=s*rX-kN3@4o14z
zaK)yj8Vph+C9wDrK8|%X<JbXhvFePRQ^%%!C3~lAeO7+ex*R7Cdi~v0u)li8B#QUn
zw+pb%Fg*oVcAc!=bAwQjpqj6$bi6kL5ur{VOB9>f8y0K#c#kbXk6Vw4+Pj%!p(&4&
zS3VbvxkcCL8qFFirHZ%3Gm7z*&}^a!fSER98K#v~D2+q~`^#aY2eGs9u8z9Xd%|tb
zkEAB+9=F*`m;b4U8GV;rryb)HrHLsOTZauVsWJ?qE-G`fLg@c7_Jn{|_S2Z=7ddZp
zDM(8w&+7x39TS7678t@YUxbOr4=jT|ZF|@lp@(~>A)d>2M>dm7E`<LbsXPCrB=1^y
z%v%3I8xD*zY8?A8wBq{oQ|8aI%NfR~e=Z7Miorujx=sz5k!x`U#F4}2{IanQ%X4Es
z9}TJY6=S&h>y)?dy8GUr?9vEYFaAsTF8e~lNpm3k+D&;B{rQq(^zP8Qq{13ayj%vQ
zq1rNeJZ;0&J-u>2=*TA1*2K7*=!Rb!Ku^oZsd^mQ{&T}4`Di!Jv3)pqi@lONy@fYV
zy{-3QFMI3b2kXqQ%I6H9p_%Qn-#Iz5HTieTIDaeD^+bV)h1@={at*LwA8PXR-dU>{
z`^C>Biy+C0jH_*5(w)826}#qsUN)vq1^5gwaf>o;%}4)V)V-e=IYK8~a=C$}$8rnt
zvQrfiy*@)o%}D~wSo4h`2}(LbrNHW!5K9%F9VY{m9$uilD30k?VG4y3{`QG;NS?7I
z0k||)Q|>3Qsf!yxtTde1?oEK`Z&OiA)b+{j@mkIF)osWlo?9v-E7PUY2TklAo~yV-
zO#e|e0Dg-@;j%_B`A9uo>3sIk6l=FVnW3)<GUCbBByWPR=p8ZoQN-y+ov`w0YAL6r
zSBKLPfXf2;TPLhQy$II}P1ulff5DazbqhBGGE@b)RCvQzIy{eVqYcy1;{uFMgj!)B
zr24L#^|Z<QHzJh9cjx~y&Ns;?BlfbMupwq^o`y5VPvaVU^YX6B&3Vj!zNhJ}<e34n
zh>J1H7~bJ2IOAMW9_>Ax|7?cGC%Zq>As(O2v)j@Fs~XVwe#?CPL;ioF_#E0QCW}{A
z@BPX1TaSlJ{O{Ws02kLGZT^RB8=p{6x@qoCJB2Elp#mxX4Btwg1PLJ_v%W>Vgt+oA
z6XW2>aZFTY9?x5vH3&_7Xel9ss}3CnDNjtHytIRi9=K9=4lj~;g*urR>+_^0=aJLm
zX1uOJIi2%r9z;>_w*a@w`>BvtV^m4j5@jl7Dps@k5@m;d2cWaw#bcGPY~CXr=7S`q
zZjz`3(bgoOPRU`WWT)9#7K(ibd)#4}8io|aJ03En5Q}e^_lFMB>_1eus)CS~P}AvA
zJRwn>XfPE6y4#ZH@L}*~Q4@}p^4dg^|6%(FfYavCWD&lwKa58@6YxFe*g1=8cCPLo
zn8{KrSPomvc5N49jNim8$Y(l^U9?oSRG?6>P%%$1P_k5%PK|(C9Ra&<P@3~}bSf<;
z3ERTWehmW%cIqpAh<;#*>Ap#cra^+l?Msl1miNnKQ9LV_-@qi_3~5h-rR;kuhCE8~
zgq#w_g?s`LC<u!Kveo@m9{BJ$ltDgvkm-B~Edf~!l@+m2+qpn?2d4^U|0#lm;~Wsm
zpYH@9Y0S-Fs>Sc{`a`y=<%&C{Mb4KBxc$SX7eB63$f-?a@iyDP%9sZmR7psMR6=@8
zLEj`1>TW(oxNFqP>_IBe5LI10l_)m;O|ok|GXOM-!n_S`sWPn>;x!cloiRSp?TUPs
z%mYmwqhnuI^|my6$KC0$%lKd0-aQnxHBYS$d?UiG=KMWm0nx+wwbnodJHQ8X{L<5%
zXF*pLYAA`?%+rymBE<c=H;)pTy~5a9Sugm)o5X?MLYKUl-~VSpn@r(~1_F)8Tn0*f
zgGq9ggoFyRlRmSLLe<Q6Pv_j!@>(<6Yg^87>~%!GJMO@o6?{<mAYBg*bsdOq=lD3y
ze2s9|d?9MXiv*L6)S%L@Ub|$xEK$Y-*l7BUQSBp7E^^0~T%V+8vgD$oLSi+FADI8d
zk<;goAn76F3q{WUl!C_Oc@uV@eb-o>^KYoNdaP84N2%EObcjH8k16CFpu?SRC+a?d
zslpLMU_PU0a!Qv&h(O)-@a;Z2lbffcEHGO2S1cW^51jg~PBQ^N&&U%snv8m~B0oGD
z9vmS%%|d;%#7y?^sv&Lks;-HN_(Zlehk%V-ru2?FWsK*`*0mrh%Y{H3(+TM?`uLK*
zn$pO0V3<7iy#xHd7gwQjzCzjb@B!umisr3Ug;zP;kLl~)KFFz3ZaawgDCU^DjW+pE
zI-ymBmf|VTsm$<$l$^*$ZLsNo<R-?_CnppKqAz@$1v*<yQc$bMK#~YF)iv=62r1Xu
zz~=L(R*>RY_BE91tLj8{@ISn%Ev1n!JJK$aQO_pNuVgq56MMT`qMKnhCvi#r(oId}
zkRBaPSC{BT!7bsFb>5rZOJW445$<?`Nv52gK5kefTD)cR1&SNa*h7!`llZMNp^%x8
zjY$58cF(V~7(QxO|GCTC8~^;%s4Fpin+>xP=h<5r4M+aI;&wXEBGim4Wg*DI7`AfQ
zF{_98K_eNWQZ^L@Btu?q<mbT`eWBxaj|Ju1k>KdE%Z2viAp%{vi=)Tujq~{k#aijg
z-s6QsmOkZ|b`3tYtK1&88a*1AF-QA&E5RaDsFJ_FaiFmQ&W#071l^qa<|QKF5kF=t
z!f9V+(9X)WCeo6uoq($YVj#lE=LWZbUtvC{zmgW1GI_#r!Cvg8W&+2HFSiNd$N#2f
zxb1vovSMS8@;Po=9oewGix#aANT?828)uL541HJiqPYQEsAfdmE(H6J@WSgT+i^OE
zEBpAEq!I@|bno&AzYu?hO(KT$F^SQHEKMyT&A=x8#kN752VqVQ&mhPKrMpoMJ#uQI
zpZn&+bzg+L)^5%&J_X*;-<2=%h?+`1-vDQGjK@7OF8~D)-Q2OSKgNZ!{3dS1B-A(d
z_9Q`}k<A3<77tcCdq9zeH_}6{8IQd{OoU%b@fm%MC6j%%Piw)t;w#JILJ5VCp)X2E
z&G`o;4Rle}w&K6!9_G*(SePcOm5+SV5AzuSGLO3uc|WAA!)nV<3eD{7-)k8-l02$j
zI2K5I$kXa8`bns!6BRY8{m7|lKfL03UMEr=oH(<h>Lg0TjmivdRYSa2g~dMmXU}V-
z!0)M;tZZxzo^pCE=A~ObB6p6JXz{4AsO!&o$(^p`_>c`+k|d)vV{_%ZGe~)A)YJ8d
zO6yLfF#94>+s<Dr$t^2Qo0xh3k)KpI4$r6f6*e5KJy$5_##2s@t%^-dL-dtTSJ9@t
z;P_Az#gxGH50}|u&F`Ik9%iOG>5iFLx8`a2lnU@vd{N;3&=>w-oU3VTME_bvPFvqa
zVs78vypOpJ_kM0o$M5=j|D>xncsW>uFO?rVXvK%jBTbn(aIHTPL$B8pV<=qc-c)8t
z{H0k2=&)Gto}(9)Qp_b;-hj`Sjdr3ejTvu-0tRO#9vq9{rs7u!2a50+^q5jMnamyp
zJ7}W8Q#hFDn@l%jj|N{d>96XjcH$Q49+IXUgPOIN*FJ=suOY)@otnbkll<6;wAR59
z65#)(86Ui%sU&gp$ZTH&nVML|kC;^~(C-x6KX50Icru+G57pfam$jBSo+>ciZ*O6t
z#^rRJcyZ9ZETq{;t{PltJEVdYnI@2PntXhwCEr-T@CGC<|HoF}PvB5W?~6E66=v@h
zCXGGB7CY?(<Ju@S6$8Qb2~AGVvb&mzw{2nZq(yn*Vh+c5GkIo<z2FZXga=xp<spCF
zEGG8A^1P+om}K%Xw1sl%NeN4p`^Rg=0M%dTqwfY~_#u48Twe>NQ};Kez}7Ox&VaSe
zKtZ6sWQXpf@-P+-+1sAiWacL_n8KVOoP*=v<)(r>L2W$aV-Fl|6WcLar}K{RG56GH
z6qqPRY46?&&zq81rD|unRTPgdQq~%J2?}-p@WYpRAj=!A3NN&+@q>&Q@0)h55Fa56
zLpnA2<;l3qfuA>S<f;4RIYwTY8<f2Jrme~B0>L=>c@4+Qxnw4q^AxLOqw<q)>4r-+
zRG>dTpm1xd(w&jN55LIveyAS;(b=6qU>>#O&3|G#cX6?q%w=soVd*B(x3Kpi7irTP
zoS{_P2AR&RV8U^BL(AuXEam|E*4b9V6CB!#PVttmG-ukSl%UT1*Z<OGX(nx-bbwze
zYaY*7z1pug!g`*i@Ow;SuFqd!t`^e-gOS=jF9IP?%{_M!J4N4?<ZRnNk~w!e6jT=C
zw8$X8uA&p(3zkfhn&1BQPJ1{rTSZx@DVL{lp|suJ$r6tE<fSkq7%HFSf1UTnMx4VF
zxoy{`{fiC!YHYsMs8|$bcJq&W$9h#EUmnN^i}d7#ilvmY-DimZmRprX_j+6M1P{hs
z7a?dp;8o~NajzA<lYTyjPA;83qRkgWirWciGTAbxGyXHCUlFE+&jC>g$=7r=b48k0
zIZ^NM$=&ykMg&&$%Jty-+2g8T>ib6g*A>xerl*)#f5w>6bVGHvPTu7s>_|2J8C;l5
zxj;Z?uE{;fjAkJ!=0R(=%I-XouVd(;I5-H$2(-F%HeD7Lns99VA@bsFt}*myi;N?f
zi|3p4U#>?W_&F+tvT#0qVe2<ElqoMI7CbMqF4TmhgpmYWDD_5s=_3sCN8ORCRxaFI
zDH)`i8mducx-Uf1dIN}5Hq5DBS+z8PGv8d%oBrFG(`px|>{#qzv^V8;JM`1}_u;yq
zqEUjkek5`7I$t;2P{YTY0(2__Sml*|NR5C$tsP~C_@ccC)#eG*ac#hi3U*rxiUgRA
z$4sU`wp9n&FrHz2X+fMEE7%Vc`Os8nnP=F>S4J9L-EWEGw1?tbnqHO{g$;Z>8$%^4
z*?k&K4<$K5CC@t?i_xzUalvQL%fa7`aiE7su7&uzG58;`Gv})8xW@DRceO-gd@9`k
zqC6N@M^H?-y~R|J%dhRozG0Hc*i>2H;!M7J>iHvc`CH7by66ViXYKgL1XM%UoJ5R>
zsM&{j&-r5ar{+PQeQ<!i@#@o+)L3mR9H*k)mpA7V_qSJb#`}Ej8F#R$DsL_?^%gC|
zH*+FswT=@JMRNH7`TfS*d(#R@tAG<=%_F4mMv(#sE3nL%VtobDdLOH=yoF0b@XUc+
z5zS;?3NB&hX72^-TLj;8a!&|%t|x@Qpkia{ErUGu!U?EmD?;vS0Y^l03n<hHH<Eq`
z9ZAR@jwm^|#uS;qd*(@^EVIGYe~Al_=5mP?0(Yq`5yAPj!e*kd!8r<+k|)h~HU;{{
zJZ@E4k!y^Cf6a~8nVqROk9WrfuwPz7uId_;7t0OYve>J8HlZuAsW#pvvT0C{P*X=J
zHccG#zQu{=@x@+uT#N~RcD%!AfbHBolr<A3*nBgcX(;z!T;Q5vn<3e5G^5gWPPRLL
zCVZ5oov35CSEj)WwIGMD`MIy+v;VvRA-Lqy&%sQmt+Bx8ILqH%t3!W|B)fxi-C2m$
zfFa)Xm(+~;3glNyKcc`?W?rGB;`H%H^5jGMU(fS*V>EQCsa+>KjNBu&>HA5h!7s$e
z$vT;z!EB_ID&sgGPlurI>YsOTEPa^}F!m<pD~M$8r>~olZj-kq&2`pLced=N6{ZZi
zM?QtMS58G2OPzJU&^(OO=WO}8{~G1=Ou^19CygE~bX5znWfBXda4?Se#dbHfss&yC
zN^*5Z%j624JG^4(^1O?R3VjR18T(FPb?(iX4*el3OF5c$($&@EaC=iDi1YA0Iw@yY
zD9F7S64KGoIlpZD&6pgM?5p&)0O^Sa+%qPej1hhTC5JpY;M))I=;6NWy^C%YrNwlV
zNzRv@fvKn(t+0`!&a}-*ZHjkTLzQ$5Fs)v4pozd4>tO!F(p~FDDXEU#$!t%JN8SJM
zS<1zbyBA;g{M>poq&7eaa6-=R#LLWDQ#_i0GA0Y6Q2EPHgwMmCN7^LWHC#lhR;_a+
zCj1*9wR&n9R@izo<1=RYQ#I1$CE>B$1)79t9Q^12xWpvh9{#2>BF(FngIOE6<@}zN
zGNo^G@M@{kO4mE(@l4MCy!+cF$-Ze5Plg50m#`H+LL8ooyWhipQ23on$S1%J?+A#I
z(`gq;d1nH>y1;f{HD>ln@w(Y$5)au>a$NH7G?pr&t0y+QG+5XDD{-$i66wgA$~xsw
z#Dq|Ofob*iyTh}OkH!^kjGkFxV|na0VIcJYRZ#fa<5e9p@AmkBFy+PR!z)xi&#h&>
zs<>n-vJP4y`fPkR*2~g6Yq}{b><oz&nVW`S+fdbOy!E#D3M9|>cw9Q?-OE5)5at8z
z?ncwPC*Toa|8CrQWt|}hq5iNIVEVSlg6#uhov|#j&m3<n`Cc5WWVj3Y$hI8P*PX>P
zJTzp^G+n&c3hjkFAN9F*tNBVpNEp|1^r+<@0NmubdC3sf$(>yFhW3s=Qw2y;qP|a^
zvByKd-FYsdN9H{6<><crn{mSND2>NH^5z;h^#*Z(d>i0|VI_Auk`Ll*B$4Z5t@Zai
z=(H|pf7KV?fof%u%;U;q(yInoI?NYqgq`$LY504xvOnLD58xgXN#$E6G8M4jq=&#%
z9*I}yI*CU2VG5q=ryp)yPJOr7`k@EQAdnK}`)Ts6vEFsM1`pp_9;j+Rvigq}pkD*A
zHA${h=wC_|K!h36x7*lDL=ETDoROr{?DL|NlK$6FHD3e6$PTZ}sdKco6KPdOx#W9<
zJix^BtMQ-d<dB$bQE$xEH8Ro6Gox=u%e!6=#4*9&GM%5X?~l;8TC572+$-sGTH)Wx
z)49x?*(4?ZmeQ=UjlL>Q_aj#O?g3~A00D0Qx7Ou%zu2{L^4LGNhySPEsb6-%)52fp
zIIg(j(qEL9%eH=z3V;X8pGR~#hJBHDvb4R=?#DfUiRwOhKE6KhxE`{DsV%%r<NRYy
z{Qg$Hp)rz#pk<Zs_V)N&$%_Y;!OFPJnT9EXEog^5pBj&e!^VHi=6BWFwQp?+D1%Q|
z^=MW+ZfrfCRb`_fhdB8vp@J*W?0-!Wgo{hO0mhFkkU3F(c>=ZqOt@^%KIwd`bS#df
z5{|A8?p`YX%b|W@XqfeHhkAA8QR_k4x-$XwO7;l$XD>BHBsQW?=CdJ*O!?L*>3_3|
zKXRL{Q%de!pZR!w_qttnsifXtLz@~yB1sKE&n?Wr;-LYd8yi`E5L6h;mh^*v%Pd`=
zR&mcNH!zmNk*ILPotA?tgZ%yc`p3O|e^5a&=O6oAK5ZO5WdOD(*Y7r;+K)1yc#k@c
zlt1mjQVK`{;XP|hg6N!!xgA{uAD+Y(hO2A~yWFvhK$lF!<z%KbCcL5@vW{x+>cM|C
z**Y9huN8;>tA<l<K=C3HZvh|Dfn{%;xjo6+wX4MH+!ZY7!CLZN7lN1dn!U4|qyTz(
z3dwIrtlP0&=&@I(b0OueSSOBshrsMt;T_Fw{%!usK@3^Ua7<wTGK%>$+Tep(phk#9
zGsb5xKJ=O)$&UcWti!6_%K<DdRx|$(1tC#e47r4#KafU0+Y<+5h|*?S5z!1kO4v+U
z`^qdmnw_xZK7E2J{rS@Ic`HeXFTo~#$Mw_Zq;4?2!SZ*-`9e$tN@sz=99xdRc&CJV
zUb$HqcDyo?o51OhUe>w2g4!(@;-PUV{#{v>@AU<Id&nfbF9%$P-dIkT)AMrNz-LE!
zYpQU&Kb2O%_0JSLzOW`igOJ@1K*qRIChf0V>xC`JuAB}nlu33zqiIf58Sk#I11?tV
z9vJ#It7@TAAJ=4tvvt#qEt*W?LeM*V;?|wsd0^$Is|0ci;oO3MBY$h`(xN&_iBy!x
z2r%Z2uZ!kDeup68okrX}`p*wPg_kGBv(?#M!;tV0g_dQDrOq`Ddk#q^@whLB*)W2g
zcl9>niQ-=>y|BxIR~BXQ`GMpY^{qH9#)Mk_(st1d^uCD6<kavs(RDB$iA8*OKm5t3
zR=M4=35T4tnT=MF{N`vgfs%Z|+3T(c&|Y#b)=u^*FuqVf-j?Qf<Cxjm%+!2ic82-=
z)Yax>g`Z9MiIWY80?>gXo-(122?l_1J!8!$QkKbnJ%rf9Ly>a5Qe}&w%~mKLVnx<}
zLwS$3I$t+d>9&fVzA0$Em;)yUWhHX1l4>cSK$AMV8*KqCLm&hOmW(OTm_l{zQpXyV
zGaUv-(_0|9-uytjE#9a?vA*R+8GzJ$`&wARI0BB4E2Hfw8C;eNare;=<P1!r9|2*o
zmK~X?3(E9&ZAG{%$KJuEu+9s^RQl_t=rgA5wO&_@lg--Q&R1^ZkpQ0j`gewC@QNd~
zH&mRqeF^?*cuz1@ekhcZ*{s5$c8CZ#@?~#yr3xnaKWdaQovdY5nZ|-q@VpT|Z427=
zSP5^kE_!}02Y57q9T9OOh+O|lj!4@8I=^JlJ9@Y87iaQ9DtLpY6!gwc*>Rh+mda#P
zEriJ9+DoENyso)MeQ&bt>+Yqgz`lG-!ima+*oFELCLi;to6NgxG3GQZ_gewcW?-qN
zHpEAQ<P>=Nx;r}pP>cD3NE8M$3Gh4g%+;OIy~L(<yX8JoZ)~oG6#oJaRoqjDk7>Gh
zy&@#^`iKvKgA;uvNSTF7d5Spku7Y?Jo=4u%8t9&Wl2EO$@PBRPcO^3nBPbLbOSxhW
zF`NJ;Knq#ECc2|;#c@QEh7=9>)ls8%MlGu3^}7uW*kNBP*B`jBC%jnAN+M&&XYf{*
zhO4O0w2x+TBhkuP3n6vR3Y5vNRD~@MGIlEVx9wv|>YFkAvg&XRi6+qpbH-<wfnr)y
zaZ*Z>*Bzwqzz^$MRVh&9aw|*3o!tQ`(%8ch9%`v_Q{87TXHkZJi%&GN)K;cO8KF~_
z%TcQ(br1oWG>BA}wEo|Drq3-JLZ_@XhUb%ZyIXQ8)NbdEVKV4BaV}>dQcZfF$LUZ;
zQP0l0T6iCu*}={kvwyb~wegBdm;C>7N%;1Vrkt_VTZ{Yx;+Jf3v8KE{3-Cn}mvk~c
z$mx*SVvId>PM@))hS6aU2E!M#iI1;uqV28}XjEsh6uElH#VU7_DAm^K$yM+^He(L+
zdqsXOlu+$WR|R{5oBHE97Cg_0-P2-#tj?P^=o!MiH%iqS-N9d)L$$Zk1U#1Q^v4p}
z8rC@${qGsc6jNLrPD_Hqg_eAAHms7+X|0{Po}?5%UT2(cMS0DZPr|ZNLJd=0|GEX(
zBqS#lYl=$%RGaec<0zL2hl=4OkCt@Qcv@o#r;lUu9%Avxt%0rwedt5vfs=Plcr@(y
zzeu5r!uCq!FZrAGBfy6?d`oA1N@s1((Gu)&k4s7V=V%JLItx9@*%tZCdNoHDx^&_A
zjfNG}j8&bJxv|nE?WJ7G<3_4u8!vT{=AWk<bQqeNvh8uRwZ(d~#VFA1Dh2T}CZ`Fj
zzi%?#wKj%awBC^yr=U)3h{|ILDBT({y~{2o$;Oti_2<j+#Yb5!)FD+iO~*4P@6r}}
zm~v&Uu;y00nGc;c!$7m%>dTd^6=L{DH(4DpHTC`L>(Qj28sI=j3uuY<nQ6;tj%6*{
z(lCZP@YLfI<;QKDSPz5=Q10`2rEvA7nq^EQOZj1Of%VEFqhkimZ|zJQ#gVyLC&ZV0
zbkadkK?o$qrRtBgPnU&CS4WgEwz)#%8)}J_%5-&jDE80RIs+$d<~$A>Q$-O|d>Zcm
z1Y9tGCv5#`%|5hDBl>rJ@uY*M#WUSw%>S<b7;@wUmzBs|!-HEF7YvKvPkrM_u*@%}
zCS@fJoIUI~w${Sln@3S}ewh9kW=9BLW+?e!hT{^B%_fzVs8dyj;SCqs{|+Hx=iJ{O
zTPwekDs#%yDx|j3IO^F`<{W8?-bIiHD^neaiw&*1LmgeK&;1PovZuN{AJ)I}0cxS+
z(2?xaB(Z&M0Zz2HAB!lq&nahPTtbbUC`mfoYh0?iiGllqeW?w1G~ziWE}>n3ZKGft
z3+NcdoNB|$mMh?|oF1rGB$dQ~DByu5KUO7@Y~YetAjgC<pl`A7_{BXA3mThTXx)bN
z+y)Z+8)S}c!_3|kzie`oR3m$o_~@fqf~I=3ramEjYZDh_fYMJno7b(p=We*=>Qc~&
zDHca$IZH5+I^!ie`Mna_b1L|bMk0Fm0#-IBqDVL?T;s}&(hcX1-4-9PyApwc*Wa=8
zO`xIBXM~Cb!B=6)9qBkiW2ZB7^kdvp%}dJ?+Q(3s@;DmqezNO!3dJFc4VOys&}gMO
zVA22GS0z97Nf2BvO2eUM4%~o?_-?1^s6UYA*XpP`zGWK~B2bfW+U}WTM@e14rZ!$Z
zP;wRslQvUv`P=ToDD;xa#q}h2FPm;v`q6sO$@rT+C<#L2&&*IVQ)<a#ZM$CVu;N7b
z?d&IL6^`xsw8O-lwF41HnEZp(cs!9}6vm=wk~=t?*rM$`S*Cbz91jJQ)){E>#Bxw-
zldXpOYlL?j;vdOQRxhb{NBBmd`g&_N0(2n(q-FBCsdS@F@GV$4Lg{2(N-Joc+3ovr
z2W44a{9Qd}XfB?EgRD0F)B@8Bh5Uouim(=Qxvs9`qm<(A;H|B#5J=yHlocf;s3rF*
z0W&QU_KHfIgmZIa9&$`UYj{Tx(MibYm*HCT8FE%S61_pz=i?Z|Bl>{PQ=Rvrtrl6~
ze`@~=B?^hV;p`zlr<D3mTlZ*pd({1N-+dC()EH}o(!t4z^fygYA>^M86H+cp$b$AR
z|3s+o`(8)4&bV9Rho!&ZU~oaZ*U0zUE$oQ&1_aVkYN8--9FB8b4ECS59aFj6lQUN^
z&nyK|LxWEjJp*NGF3Z!8CZ*BOx9ubK<)xbO_MNR9DLwohQ%3SMK%A3|GQGw>(lCz~
zU*0K{);W=-YnsiB)Mt}>jgZJUb##+<H)2d#=5eHZ%a30;B}mXd1(EO9?L8R8Sk*$=
z_ex~FkOZyXpoffAEKo<Rw}|TA$@5mlm7>&-9c+nFgF&fsdp(~^vU>Q2oFP~avvWzq
zwX+)}BI!(4iy$6sv_YL9B&~yHA(>vbiBK&+_Z{|cVfHEFOeta|jj5aoV%7(@W#PmD
zI>)ia2q~4ii|wPrs!(S&%ox^cA-kX;iHg9|_4HmnWJE1XVVa7z4(~=V`G@HHF*ms+
zzFsnmiJ+Trn97P!n26=|7Xx~(0FcO*Q=Ksg;z0Iw&n(g~qG<Fg))dLKY(a-cyt%oN
z*i&zDXXQ@P;hCVO$3Az~E0!k5W37zGjDVNAI=Y|cZZhnq!*TE*VMK)f{pEnfup1IA
z)!b__#NW3Y%-NkIE6G8EgD8^T6JzI-f;Z_Y_DoRdbfNrElBl=sZ647PplCC>i(r?i
zmU0oPcjca`TTY`!bQP(>2P1vz?jC5Q%r*`#3({!Wtub74N=s;+Ej%w)<UceIJZns{
zSPAFA90)8Q71H8+xix_5^>B}tiiQL<{SgxgNe^%(MW9AX{~0v=%d_gxN=&p*19Vti
zR<$h0>VEtJv&1(uCxiCDA>cW<@ZY^eOt=TWD8=uGKa(V!aAXWI#*l@AHxk!rgMDvu
zj1}s5I+ZtQkfc<}Vn;ian{W19urDpPgqcOHcRjAkw}&b`t4Yv#um!-1eS#PeH9shH
z+qVy($<fy62ng7#NM_)VsP8bQi>PdAPZ1Az&|wXvQ6TBv(sVNw2S~5Uit|ew$LHTT
zs<Qp=EFfQ1UaKFwX?*POOw7f7To@H^xy<k#gU^90^6E1i6KE5-?JraE`^yr@-{5i<
zApf|1Un8_4t!)LOcC9J*x}duX#&2~8I*CRsk+X(45(*@l2AWnOMMIJkmS*K@Fy34$
z-#_5OKiXp=DpZPlAWJHdHS$Z(w^nlEbIKX0HZx5kAAWkVKA1QrQpz{a(Wo|kWH5S@
z?|c#Anm^cQa>_Fufssg(rg1K|Bv@vZ2q@N4--%(^4KfCOLSNY9HixvW6eS@J2P7}3
zUz4&+#}Hpy6G}&dgaVO>reb*KKM+(<!DuWeH1{1b;<2VoX76!)uy7-Y_ZeH^QbkXE
z6vq>ZP{uF3gBT)5B5mzUPbpK#`{eN$d*R%0u`)6uY&Rg0e9H(-uMcGo|8_~b&kEW*
zBviK>I_61dIDWlretv>6M!c88`^w(z$mRYh<fhU8+Eu7`$Q~_xa%4_pi=UHZF^85+
zl-zN=8;vDS8J-?}?Yfp|6xY3VTfj@Jav`Ff$u3+AiEH<Okn-ByTx)p0;Wc2gDp6L2
zS~~cn5*=Q+Y4`Psofsan?pYFJ9YiGVm7R+KL!nm#;Vaf}mfB0*Q{bgh5T^x+2rT{Y
zeh(k3VY9G68U0*Kv}Wq2GC2B&UuH(74G(jjslGL^5t+&RY#C9{5l>wJA5gvv@X7ON
zTwpGKRV1a`>DfSs$A!5i6;KbvSTrr;xI_BBYbGc5TJQ{Uy1X(pNJXzQOI_c&_oM+)
z=cK>#32RCYw$2=l3K{{YpAtIsjO+iQ>nx+<Y_@HU1PBCocM0xp!QI^&cX#(7jk^YS
zg1Zyk9fH%iyE~U}AGzb4yKfIhH}sz_-gi`W)tYNQ^BU|JJte3CdBIjkNvya^7M2oW
zb*8)=WhDs0(~8Gwk9VVUjx8xpxoVCaQ|>}`0KXkiEk9XLMEXcZC|+JWG$<+woh2#b
z@COE*(fWGJx(l*%TPoR~WkK3pRb=lg_`K*)=8banwxECt1Dp((+Wcd8UUl)Hz(7R%
z^Y#5BUW!BY0`F8W+)DWJSt0R$%+po(KZBG9CBC2jj<*OfRy<o@-=A3SEpIdgKZDp#
z4Q2N5X*4b=8Nh?3ld0b;T_|Z~x=qojx0w=KZ_I1ijlYkDX-t8jC62aqZx>2BeR-uV
zq?oP#hD|P9x2__9@yz44MhO8k(`yX`SYwk7R<?6kID==vv?i)v*Xq71S0=a|f}qoL
zIODDMEzx7&F55J61cHy1BxwpXt-ae);0IX`v!JgF(av{6XYCLZ$1fZv?~br4S!Aql
zjW#X{YTq9vQG{}||Js(>YJ&k;f^S{8N9WNud|ix9*Q`+^)QhF_Vhh9&R)V$>s?nsC
zE1hCE)s*`Aca^l&j@1{TZ%fUsh00FNRY?^5R)C6y7&mSce>^@s_VqkMWF=s1Z7uf=
zuK(uT_=z2HG|&$;x|XfD6Wb;*I0(=|qEB5q#N>;ENZ43Y3^nbE1vxzf>NAUtBLie*
z#J#kiQ|10jnp&J3=2D;`le4(EG{gfvoBm_d2*O|&sl;r2ekd3Zfo$n`tz%D%Dy@{&
ze)@^n{sz2#%(CioPCH9$46bOP<A>%TH32yi`fTeB+h3Rt4yyWbd!(pPam<N%#ilOH
zYY*DGMWriPbUtx~h$4F~00kx3whN-aOWitdNiPqo#<~scys;GjRDR>wIXVb=sdGaw
z7fjg^0C?nJOZejCMh*G)*xUFl1PbyAhr_!WnU-wls_GY4v~U|Yw<6<X2yNC1ef7qw
zduc1)YWZ<hynbY^!8ycAjIG$Yc!7U|M8dO8YK<FOYfwZBi+lV7BjVt^Wur<e5fz;4
z#aFXlm5+b20k#S~$00nRlqqQ4ooTr)ZLnRykDJ=V1~3sEqvOc!8!ocyC-yPP&ZhmL
zRup_I3gGh|tS`y&G1_^$76sWPb#S!@cF)3W9r{F(g>haczT&#?a(Ca%n!><fkC)ND
zfAOf!Pt0qRRx(Z1R>f(EVureBvL2$JWi{gBdO<>kVKA2Md_6_V2p_6D`b94Qd4Mb!
z1209wM8|KPtSHB;6bJ~etvJLQTWKBgq*I_cuI9#P!<}MziNG!LDGm!G`MCQoWN4ml
z<dacG%db{d3Q62OGD$twVq1%HF^v4{AgRyz8A5)LhCP9b?3s_jeoW;$^cz-=|MF;>
zx~KE=t+kBnTkMHugi?V}g)<y6DNndFtMn#|w{y&b+td1-jVpc6?Kf~;L<hsFR!rQ+
zkSHcZd)SgKD|ZM+Z)X>qv+<^<$ykDuiy6By&q@5{A4pr2%uWcqBNDtb^@j>MxJ9*q
zUD4eM3%j+b{pVx~O)K!x#a}vH(KiFdTc{|*JzY|-?1sMTm{CDtFlNk*g#y+ceP5SW
zGI(W*>vq0vz@|w4WE?M!Q}p>mm~Zzfg#UnzxLcLlonX4ZrGJJR%KeW5U$_so@R2gc
z4PouKCd0;6O{36TlettI#C+&8aaQhb@ks77EJv-mETMO-_#~rCL#$`rbD4w2nG7gR
zQc@7Alw~L(xA<MRHuHjBBE3}?JH()`+xEgaomroJLhd^ZsK!F&`GP-o;wc868~+9B
zx3RL7g5$Qqj>ys-C=7ZCI@0GGxwwn2e+=_O=&a}49piAtzZP^9l&2D<)&y$ycn9Y>
zWyFowl)lz4#+^g>x;3m*?tCBiOcs)J34qr|jXn%Mlz97q23<6|-x%T%0e%xz4UBjZ
z{-Od-z>lKCzsE8;85&%B#fI9x90}WOb`=xp6GQ!AH$=kP#$RCg6<B)uL*$0+fZ)ad
zu}eXUIZpokQc)YGnY(I^X(ckKj-py}6ckVpV|<km(Y7al;dmFO7m@UJPGlW3t64j{
z@*i>hu&*#VHmDyAbG6;M)D(yShMik=w3q$oH4YE=>L*tD*KYhjpLR1z&TFau^SJr1
zm+J{d0+Z2WriC+zdOY7|XF5^QF8Wy~__d=L`ya@Q_BQz<ga^J~Lv&c4HpL(q^o^XW
zw<W=((n+{ND~jd1Cci$#BY$5r;zR5b5)}vRU0z0j9Gf@oLy{u82@bBEzD38>j|4Wc
zTZ<rG$>7KxOuk1yKlzJFuU~~-UEff>7Bfa_`_!6-zlKZFGCwyk%Fz48J-^QE{&O>)
zQWGzdWwqv7J$Mvy&FmaYn-K7N39vPVb(!8C$cjeO5+50vUyKg)i=s<~nesqgiti0C
zL1etU%%^x((PGVwUw(Vc$S+n9K_VzH4|gCG#0t!vMu{e0`*iws;i0PVL=*lPeMX%B
zJ@>O~^#X`j>@zM{NhBo&O>}Rf^iA(r-hKb{=P^-`_S+!*#}08-VEkI^n`KU!O!WJ2
zZZzzkJ4pq^srsUZP+KXZm58zz1{624gx?H!PelMBgqU+=rn-zla4h>?yNyk+a6FiO
z*Zd&LL`H43!!8S|1IVCOKU(<iL|PophXNM0BVvVJQJcd^)88bg9rSkb_iBgBR~r44
zJclWUX$1$(-{x;v2WbJ@owfw#=dZ+_v!7M%&$~R_jnDjy_9Q6!W9SFb$juPni~hY9
z1tmHs@Zdd|Ya;0IgVT@v?R%o<>BXPzGTyH*yW}`pXDAg}>KWhq=u1IvB<|YuhL#rz
z$GrAEY4SH3h7U#vS-1^<-b+aeIHO9Wz#Dtxo;Oi5OO}jR^Qq1FF;O-QNN8bFG>DL`
zFb2pMg4O!kXGSZiZh~l-@2aUA6m^P+KL|!WNT)vUerz50+JBD|AxIW>kbbCsh%DS%
z>HHL1`LoQfjXB=E2|U=(PAcaMUk3mlpLv+ui!i^6yJ)$i=*NOAb!r6A6g)Oh4tlm`
z8si{lrOCK4yuw|7KR6y&u$~`$7+CN_P9P4YEST?8Xr#d7^yHW`Y&!43ZJeAjp@3yY
zxMVjY#m0Tj7g^_K>dV+(2E-f4j$N%fwBrhkiV_Q$t50{@?2Ea6;#mJ@K{mpaTSvP=
z`+TaET}89$;Ol|!n}gnBmJ`dJDe0lg?+=!kXJ|A6U#RA@0t>T>t*gx-l<2U^t)KeH
zO7Vdn1bRQh64KSE(JRI_qf21JqlmA|(fr^4Vi#1b9=op!_h$pN{AIoiT!L+7+RRYW
zs<F9X-4xqwPg`<A_#iUXrjtMrS8~P_Y@DAG0TAZwtS>KbdKZnk3E&ro%SOe)ev&re
zH)Aa3GUb!`a5okcvEP9gCJ{9dD1Z`WZOau-#Ht>jJ-1pbiPF>Kyx0g^(^WPCMa9D$
z@3!TOo9Um#%3_quzMx0w27U8AMtFl<jFZfV#IJM7)h1kco+&<SBWAGCpS(Aw;&LBJ
zCcCkrE^?!g{*${*r^}}?{Z|w03;e{sbB{6gU-9EpQSrH>lB@fb$y{mE!<R)0pSQJT
z?(eLUil$`5ilqk}qz_R=Q$dg|UM~*pmt1H((c4K=J{kU`%?%sqx_Tvw62(>W4YdH@
zbTn2NCesHkzBh=LV`ijp1V7X<+XrI4h=!u=wgrMO2mn|T4dz|AGAEx=9O<LR<gII}
zD{~e&py1dEdzxf~M8!NDO+qQe*iS@NkE!h2$G!Hi`?v@jvh~k298MFcz<UHvaWqN%
z%bG?Ox%@BjyEp-HHzrin3pTdjx4Luqx2_5W9*o*|d~scED&Msbv}b!>p-S9ZuDSN;
zIq~luq(GtacMFWclprKZ;!l!OHCnj$`_BVd#o{37Pavz{YAXI8vSSoRz}kTEB6WUL
zxk}%y_oTTrwJB>bWVVo~1kBc1OTgq_y{%-fL2#Z;C$^}|PpYu}adZ39Q0j&9XL}4&
zzYI6VO6F|mjT?)UN;frQY~=`@7~?Td!QKLqmgBC}5lr#)`|KQMG9+@-P>0=XOGNG`
zG$%`hIV^&G=|UoJXth!N-(xGa(>>_{mk#-To!pK0=EvAyt%f`l7vu|7pG~o{{oa4B
z!w;ut)6k26^Z@v8mD*<F;T3%MFCE-`6?H4{C~C%OR=kQNv7^j@OxyzetM%o`S=0cC
z`E&>ToXT}-YI#uP=elEoY$6>oSGNzMJ6?jXj|U_XaiUs760e7aoN3Q_-8vG2mdB7~
zWX31XG`DjQN4X|tZ6aG2bQvf^YpcRA_RZ99*YV#32;`VbgL;yWZco?Zb2vJTFGu6&
zKLHQQ$_e*PP)qE?n2~0chn)gR<VA=GRCZ>5mA_@1EhX3gCVsVP2p`~=jR%`8e@o{k
z&Z^YQP-@QRUN0uvQNIq0cD+fG&`!>?Hd9%*he&b7o3lJJw$WhBt(UsrWGHfSh5F35
z&MTN8hd5T)Or=Z@R^2d#!`7ZMTwNmlMPMnn?&U`J-cI)0Tw6&on1*)4ncE*hvBqA}
z`uHz%$;0Rvxg^w&utBs%mbPhFX!dG_L_oXZO0}sMt#6|{6!NXL((AdA-}y>*whn6z
z(PFw0YFwCop$4t>X)}oYe%_>FoQ}CUBe1^hhEjF;D@2HmS#6a9i~pU4cot@#BTLqw
zwi(wM;mP36K1<t;EVV!>kIDLhwef_%-Gtlm5XdHyfR}o+8iZ&o&b*rl^QEc`v65a~
z9^HiAd3(*k$C9bX+fsF*Zfb;NoyRgu=VwCdKXHy()Rao}v0iV(-}O0S=!3nc%lb4s
zjwj6R%+c5rX{0v*T0`(9R^#dBk!A7RbC~Qy_LEM0+w-<xvxGJysv7F>d){ASx%lc3
zKAZXB*I&R|Lpkyn8d#(I%w~#`p(a-3_e~tI<Aq(V_Aax(zzGE!uKiapz+$P?mbKwp
zytOhFOSvoa!9qlrW_n}4)1{x?7)8=yXPj7cU%Jh5TuL9KQibQj17cC3sJr_6a^@`o
zq$QvPr?aVd+SS-17vYf2Z0)#5()}S%Dwv@{wo1epQqJZ_vY+bmo&>h0kw#DYOjD)h
zOa<OIKK<XHT-N@rW><`oi{h(cQ~pc_tAyf8xn(#C4?j+5$Qwgh0>!X?ZzM^2jrcmN
zd~M6Jh@{j3hX+s7HU%6J-Z_aiU)?k~3^+@+JgQ0o)FIlypJA;`-9qpZ@;`mAlo-7h
ztd-9f*z<GD`HwV?ey}H?3f7v0P`G2c6av<pWZSgELTF(W0dN+J=BLMo7H20iiO^YE
zS51h~ckCxrs?j(!WAl=SYlBR2>V&<;uC|_SO-K_~ocRm6XQJJSq`TJRV6(m4HJijr
zN7YvwZ4q<sf`vcfcoeu;N~unaZ7ni8ez^r_eP3>*-zyCGH=+=<GQyw-ajYBZ!FiRw
z#rkOW8K;1hT(V%V<GnWER%bjs<5{)tBTIjIG>YGyt**0UkZHj!SD29af>|K?WYw%r
z#+|MEfj-i&6Qnu&hB9`Ly$@``rup13<_pD@MGc)?N}U%C1KYQy9K@+dF<zkm!Lm9}
z?om4>b=>nQ<N~28X)V1#s;~Fw#NXw?3$IUmjFn9g4p+p84x)8nebNK@1b+ESRLzyj
zvEG91IwkQ?CRHnE^wzNf^tz>Q$702U_;%xySPEQ=91t%M$N<@stg*hoyk?V{<mzv_
zch}tANqBH1V@OZsNk)?=ykMxOSnilEHey7FT)9LC$fi63K^t@Z89FKo>n@cB!mH;K
zt&P^~=I0$^Lby}aZJQ60h;>$)jV%2Ke^Bfws68Gw;l1@R(wfVn#jm{oXZ?OEBkzrH
zxYXWOJmSXh7h!R}WZR?=jDJK^Q(-<2t0E=x;bFj3Cubq`oaeqH?nU!nnX+_e%`7e%
zH}39G%3sbWV-4gS)3IV0$5R7zAdZyoP0RR=eLf^N(pna*48-jDw$B!|TqRzfKrmBC
zjT|etx*2pk0p`r*wyyd!MO-y&7+V9%Q!uNI;7gq9kNC@gw1dU3oq!k~c9%HzjL_dh
zKI09hs?|C`-aMs3D^)7#?X`P{O>tD|B=VuP1FcZ-iHc)1=VM|Gz?hWxVZYy^xmHa1
zzZYD}X~eWAP$Po`xbWL$BKWf7e22cilP}!Tq8G;N!Cgzn*j#OULdRW2z#xH?4G;Yw
zM1sFQ?K*pkNWg<hZZ!>Y2O016hqP~F-iiC_eVQVUq^0CWavMAuy;lDYa<PY~>hZfQ
z^h*a-F+j0w#9Jw5B6hYLtIG?G@=h--EPNkM0xb`HZLhk;=8LtBF~4j}&F`repaHdD
z%$YY6TMS@AsMLSFVDKmg3prck^79P<KKt2r?Z0j~Cmm|5r)7SX{H<-MHJk|<<1U#(
zh3dDNHtOE!oNF|$s8(#Y%Mwab<Wy3ndi@c}j`gvhr7Sf{rmtJoC7Ne7KFv`)l=Ggm
ztS4y!)_x{qj(Cj|d&!IPryz>lPLD^z;WVsP0p%gQdq@BJ(2>+16iae60_w+P>Cpsx
z(!;vXMmW$)z#mw}`z3%S2c*H6nYpAEw5PhVI?=hhg}+JVFFYs~d3};$$uuL_4=k=`
z-(?Qn8$(o$zQS=|<~9B{3VPojevVnw><GW9HTp^YInN+0kiEYrO8R83TNcNsFo-=P
zaAc|#4<^Q)c?_dTNizI&Btd|&7@*A-kePTAq(_sDj<&2D2c|4TCZq_IaWWVX2R6Gu
zu<p1U56Z0tzUV`FZZ&7N&NU;aHPR%d@&z?9hbZgcT-*MgF7=og<H8B~h9ydj_(^3w
zy<_4&I+8Y-m9<yR)=0k!`L3-R%Oc0Q^_N?w`7`mc7vr`t*J)H;`^y|@8J};$n72s~
ziFhb%hfi`P7)7;yS5J+XVKksit@zU?qvz(ugQMJe@rh;S2#Iz9wi7*U97%e=MTm-!
z%`-}3<~pTHjboe1-H~bsV1~$UIQ@WZPtpeoR~J(qHC>SxJkM_*Mug+DUW_(~qSpUr
zrH^JSJLjAZOz7ua9?O73MMIroF!|X9Mt#gzHJ^zuh|^d41odR>^L^wALreruiO;+D
zCKf?9T~hT?C3K-oIyot$kOG#iS}nVIApyvB4G|*lN_y~=c))$8t{m4JLf#SKo2-Te
z_gP~XR)YSKD_Kiwv49)cC-y?e8?XF_INI3@0yV1_-RCCgR6?oCvuBL)6U+)fajN`u
zj-vqb(e-pPLR82dd(t%nZVV*eHg12Pla!AyD4-=VX{DC~JL908k&;rh<{eE!-xz_*
zeLLpr=HN%1g^Nmqr>4GO`*zBb0Q8QRUHc|+ufEZDrG-?Rew?>lf4H!{I1yRuXT}$t
zmF+*|4xqrs<Pi0EOIXwj`M#rnMN_~e9zr1*6~!Fof7c_93b@i1!5gXnh(S|LDN`bw
zu!R>10+ylJXY;+$^+5n5m_@Fk54hK_7M~h+R1;Dzl{?S(oOT2FL;^p5lu0D0lS!fe
zjdC?_Gn=rs0u=Aw4k;l6us#@Jy}~fW3ZCadMcjjeFO*pul&<f0C2{3CMDN#>0mhns
zr(oBFJK(#qx?GqX=?Jd!wbKW#F-;Ve92s*5l*%&D*AneV){Q@NKlXgV{wYxiZ0r1t
zB>w6-9!0A}1NBpv0gi_fo&6tWz$L;!nJI7;HUmjqdVmTv;V}@Y@v!t^?ar~AaebX)
zJ(R+9y@XmAa>C*?#$a~uxK%>`pf*|{8$$*tp`=`1{4Zr8-%CO+T_e4=!zW$zaQS_S
zDEzH1-RFtcNdIWMv=9YVz;Po9wx0sMFs&AT80<@w99$wcRxE^~$*>U3Sh)+h9{+?o
zo4}f2eO33bH5>A1PDg6&bZnA1Etr)-vF~XPIUc4l`hMz#g|hl7bfwXYn>pAhSJ15$
z+}}De_dB|E1BK&=6Tx$;>`Xg0o&M<gaWaM>qUfWy>`_jIMS31d<c3?Kd?5rwjgpHR
zk@OI$gT`Q_UQT`@gXh{w6aEOfZ$Vt^TYu%EwzAoMTSS*m;@(ZXA%4Y$3e%qExPxkM
zDx99Fqd%gkc7ATcm%{PBbA|Yh5%KH3N|N|I8Xr;wlAJvEN3KC$kQR7#f<|q%<n@Z^
z0rO-I6z43DBl#glv4J{CP&NtFO{ZnCnHx~}3g}mubkYqp-m&ueTUP8jF<=#i2GpmX
z`ZwAcVfpeGmG?(NW*iPx8rqN(r)e6A0cHCZ{|^}rq~!1DiY->`5i<NOzwK`1&ZKWw
zYvLyt511TO9v5Mja!4fd;(S>~%7~c-z>8{O2T?u9VDc1EB8InNV>I%oz2t%nnWKt+
zKz|J##J08~^SlQ=sHFgjB^cuKl5JBxD|q}lLi09FZSX^WC;dpR`E{QkKIJ`*9Cg&X
zMR%j)_iTXkv-*58x6|L>G_G1?Y{dGgL^H~lSL59eX25S_Xy7lApzMaRPw`q#6Pny~
z!A#3?LziD%fR{>|9m+8Ng-xc~_4X!lIl*fkFU|I~Aq>sP8qiak-5znna%gQv{#FZ3
z{ywAob>Hli#{L}>3ix?QdOaC-C(UI!XNMJ|RiS8BlN`VUP$d;=n|4lBTXN>5`VzoN
zyOiC2rt5ax4(L=q<Okg<PX1afKKR)+&p-zy1uk2zGm|Ivmp8pAb1qNJ6W$ae;#PGQ
z15SCP$QQffCQjmN38~uq?ufONFr<(rqOqyOdc=S)SRm8-J*s0&cJLtyW)E7f(3t{~
zTyln1DfOPil}Qz=k6Pd9Xda{djU|L3`8GZ`L<$mbd{mNThca70N^|8QuRJ?IzI77b
zhOuvoH3FXa>;l_}_HR*&K(1b(n{ByY4^37Orz0%3YPswc<FAb2b#a!jH<uFC!TedH
z7GyKk@*m)49oP5ooBcG2;gN|dUD`$XM_NHu0&QgqExv+;+{zK!u0zj>(PBwgNI<Dl
z;T`B!g5_LtdiuA50G&CQ5xs0#)guY%GQ>AaedTYK@tC*Gv^{FE$n%s$qocF-%c2on
z<0j{?S~e5dqt{ytBa6)0RyLv-M>AV%<uf^eFWV>1>AO|;Y#zwsySx*}<n9SA+l0cN
znQlq(;LmqQ7J8Ip3>f_YJ`sxo!>DGOkk8OeTFp>Oy^2yA$R{~QA7$<7F3<gaS&G%>
z5~VHz34~J?jop5Hd>M&M#3i5W+Dva?v(;EK@xotm37ya{u-ZI47S>WIan5rK(dK6N
z@D;WJ<NZ<kUTWlzzo-~D+yM|Fyz~dXMU5_;Z^J8~XXlOT@9UvWMJ-JXYA=X|a<fpA
zVZN$!bt_Q<r-N5g2!dAM+StxH6By)ZjI>LMiyPZmJS9c83rIalHB^c#*!0wG4VPB$
zq5!_h<hBGZ4UKVDJe(BN5qqT}bf-Bo5#4+#FtIMB>!nUHsyF>(**{ZG28nO-hYLe2
z*;=p~?LBrLgacnwU;sc&_{Xx(mHv7Dd{M+0Pl?^Eltu;RAx^?ltxQJ`Z@M765~_&p
z*kW&u+dt)n-rv|LQyCrki;FZziJmbUdHEpxhJ&Bk!PM#G;9$(vQ1-qthSvWh4|0R#
z)Y%99F(9CHWQ{Dttm(2_)3oY+EuUX(Rxn0B<-Vs{$mChfM$`A8Hr+J-)DTt;hwfEn
zO7;aCq%WUU;P?;M>yM`8|EX*|N$|UiV}~{WoO5X84NUFi=4rZr$rVq>?ng*mZVA=f
zD)pt&DR~$3=u%$aKxr^z`<>HZ{8nU;Pv*<r*ha*TP{)AvJ@Rav-y<{x<)}M2Mq#mj
z_i*O{(johL*uKtrl*LZRrk|JP%K`V^Wm;E2VlD0`oK>qh;W082yAjWC<4j1@g-Ian
zV5T)F2AUQgE}Jl?r?ig+`r?6-bT((Fe&TzfBE)A4A7{KEn!l01!Iz#Pf3cTM^b~KC
zwwCL!Fn^!sjYghWxy~Pxg&*w75a<MQcZ<dl5t-6dG+tpZ0b*2*D2|k^tKkVA%|)_2
z<x`*U13Nkr8LBy$k76%l>q1m6m+PZTvfMtihQg*M!IR<xUhh%VbLd9rS<SiJOo+zl
zHjtl=<i8zhEOn746=%KzV-O9*GJoZzE9Zd$zl>l#F|>{q00eQ?;G+u00D`@pDJr}M
z4Br%f>-7B1AI&w5qOJ+k;<by<M(OKW_K)Loz%f4d?P<-+$y*Uu&5Md9e^nDQss`+<
z^{PP-;>6+N2vrF8@r+<VO~ugfKC}}o`MrOkx`!X)+TZeS|2NVdi?#bfg8_#;xA085
zgd>k@8b)+tO997+=9!9>L24_Rg4aNO$&|oHe^IIZqV|O5Cfa~&j%UNPeJ}o$WR>Sc
zaTz>IeiMu39vaW-J=N@vd->C(Vbe|`eot`!pQJj|NTtgi3;CxE=WivBT}y1bq!8Ro
zoWO3%3M!_d*EB@&qEY3x;UO&qX>_QQ>#=f?7X8kMsh%rUc)dw`+E-`Us9p8qLQ&pR
z-cPjlgR2K1a)0ns71QONns39EH-{CUZ#)r+Ego>j`Gwk2V+pCy&V%g558sS~5C<MX
zC6UhGmpU5x3pTc+|JiI&lg*asVfTkNc4qOZIP-k`Zz1!vDy*L5LIsVZn;!#dd3EFN
zey5uLv2Hq(&iljAUSBzZGY;>ne%@Hd#Vsmcqe>73!k5n2V*GmC(#gi5K}m~K&b6Hf
z9rB-GgxLRA{cQYY92&tapwN)PeA7YI_1PK(D6rUPX!OI<T3o;eD$$xT*vbv}?&*3}
z63_V4J2U(>+aTqQI2h7VGKHbpRpRE8l%BS|qATZ`Fzs6~L1)y}Y<T2p8Y`KRp40IE
zXQ%cah9aF>o~B=Y8X2#SJ95>xw><3xP59&&cI>Y}7=IDlwBYn=Ms=x^TJ&Y_MNA@@
zV#X~?kgWRdGu=My<Lw4pOw`W=p7$mdWCD2q8{gUm$}_|~9pw<@)zx_$y<+s!P~7#0
zo<aQQv$}Y<E#*l+QVXF@O^sd1)Bz6W&edz`a{mm&vf+fiNPOPT?a}`?n2PWf^!_|`
zd2|5cUi*^LfjC$X(8%EGBg6vcAF=C$4P>yBV;|PwVjcRbiWRI|MXh4*V3vvZaFh6U
z!?>wm1gT}p^EsOG);$U89ay)u*r_=pm$UPA*ZbIuk@t@bFjU!$ha!LHL|w?WC>X3|
z&tvWLi+{0M6^M`jVY5!@YQOl5@xmQ09FDEn;xWY+CqDkkT9_m7$ek{+n<CLn9jUyd
z_Sp9hAQO7}WV7x{kRb6sDh(?CYo!x<r#-6sXQcoA_{a>`3i|KA{`mz2&pbSi^)GQ^
z1VrQ4qeR?FQnYP9)Y`EYWbfpX8ZId?)1)Oc950lF?j3#+Y#@5UpJ#KDvg!z9<WGFP
zQvkC4hT`pINN!hHj+!TFe=lxVeACRcM*;I;qEAwA)gi;BP?fCUF9BJ&hutzq016<k
z0xgNcs2#YKoyv%H@qgqJyw<!r^B_l^YMyL`*h`XgA|VbNr=Aft%fI_F6lN3ni`nD{
z+u?+Ad)1W=2yTT+m9gxTzsrpK!Ivl`BmV4V!>>y)79i2>#{5~b<Mg~R%6Bcic#dSp
z*V6YEE8wn6rKmEM(HP(C{3`h3Y%JjpzmQCwfK)i2?UPcER$gG;8a0OK=}M{}Q*orr
zmqn#`L%Y$DqA%DJp{Ei4kzn%dpB}v{A^3r-IuC3R7gQ(W3f7;W828)kB)mOrqkpdN
z+WdQ!my{S#D9c-H&mZXi`5zR#IX*j+(??jCHF&1N&Tgm3ZtMv=xR5LLRGnrRNjXM~
z%LWQZ`<q7U5HH$&akPBk8fW9zP-4oR3^2vNgWVdOP<&NT7}|dOb_J@oeYbeEu-&rW
zo2k=`0tJGjGtMWUp;!ea`u`vVGgbcjlFE&mes62?bdk52cO(93HOZ;h5Trl?NfY*U
z<^9!k(UG~tx_D%4TD=%sTnhXY4$ZH4H>y-hZ#r|N{!8f0AltfL#Wb1EKK(hx@@;;C
zpL*w4nu#g!&IU=jJCm<9j`7WB69z|Fv<m@s^j?4Jo&;DyU>x~o3-#%WEJ;@a|5-tA
zvfJD=-T6XUWlrE$tZEXMU1g$OpgoTM#RQ?)$u5$amd<QD8(P|v=i|9nX*V)n@Op2!
z;G+qh6qMX>@RLx#4+Y8l{`UP*n8jRz{SU><t4tn~TjnGS@lsYd1~D^-7;Zy|<5=&b
zj#7M=4CnPwZ&(9?cQ%)6BC2OfS=d5D@-5bTuDuG35!`C+@ga?wc(ZAcbI>t@$E`Mt
z={j;l(|ySZkj+M&(BNz>b4lJs?CuC1Li`M~#x;thoyy&OHyS;PHkDHErY~4bbpGZX
z5esSK$zJ9PK@r*ej?MgI)hPTm^(p3)##+?(hl9`MQ0x|I9qB*?<{5M8LD9h{O%P;8
zbVt-|Tb>Py|HOZnV0kav><%Bz={g8bmIIQfJwKpqD>U@?`^Uj$mwho6y1}Zv#`}a}
zkRzs@*3@-_d&6Tc_vSPF=I3FMnJhTIVNGE)uw#OOi_|~qUTQ`(#z(=C#iBH{l3h%(
zq^KLsAC1|ZDqf!CD65B+RT2K;I}}zNwoH-N4^@%;3czbq6iz6E{$GX~Ti-7~wC(XF
zIzKZhJ8+BF|88y_gj5eX@nHM4bT*jq?sI#gc=BT}x~@~F60{wZLH;l0tg9#KcLm3r
zUzx<xU<f|EzmW7b?fE0u<|f`lkCcj8+&?hZzf|;kF{n^DmX_(CXEm^h2awd*@KlGS
z8PC=K6+l1z(%OGxLJ%iE4MS)I=M!a(f+|BlJU-fGhVHj;wx_n9<{o#Hk@FawYsXpO
zErEY!H;%>^N+o;W2()G^Ntbca;g4B7<}4w4MPQNc20UMWSp9RremNz5J{3>7;2*?E
z{nm0$5S#9pQae&U=l^E77Ay>m>54dr4{`Z@+p_}ohI^}Z9AGZV6>qrlYk4V?MvIod
ze0L=F{Q7SoVYGzZev&(J{EVS)XG`Ldt&CZ*w1pPaM-WwZrnhqWHL;tw=hn$d|7psy
z^8n3CrJFUTr^gl^{)pUA?3}4u<Lc}F7%cj6YxFR`@lpLISk;DrE&|`=qnEO3quiUF
zKgzM!SBVc|pQb5;dqM?L;TYyBA#gA_)uYK-W57?bFtpRI$TIZ-wz=3`h06Cau46n|
zms^arrr7-STFR-?e0eZn8O0nv->2!P*LX@27xT6BMQxd=barZytotOUPl~ZOhuj~t
zpPFTM;{oL;M0>9F%2qxnS_skPCvS~QJDwquk>}GT3ojCka;~`Cs0FcnwkaGmI&JY7
z{Z!<doO0a#BP!tx)OY=^(iIoH%Fr`QT4&?b9fE`eA}6yjG<zNQ+>kbEqn<RkH@en(
zO9tLIV~;zYl+{2IK97=j?s*b=!KfXflcxngs38VVROHjX>_CjT{Nf9m`7|ZowXZ<L
z!Ix<|Od|L`M@dU^pNwppyvIL~Kke%#o^3bIzWiu+LQ2WGBqeA0IsHQee~?oMi|vqh
zzErWDRIpNDWbaTiNPeosw)S)-L3z{+8ip@8JO;6M)e$^v%)jR7f<ggMdQN*ims)O-
z83en|2^g1t8c%1SO<St@I|kH}WBs6JJ{uOlV3oBk?I{l&?ILCDJTT@1H$k9sm>r7z
zQ);0rC^a&7(G)UV5Si9t$2hd!aW!QK<5>W-PsXBonSCYxJvA;<MTf%@Bsit}=U^10
zV{z4x6pRPsh|ivgkOW0Etj*aV^e#;H8<1L^^?nBpMLzrm(X5(Be!hv}5IliJ!~tGQ
zF0;Za;V<?S_k}0h*nP0-Eexn2t29v}8Buk)r}>9=E7g4?<dXj}a0P?=vq=WO)h9zl
z{{5$}cHga7SS#w$P_|Gq%gZv~n+)|HjP20e1G!4(@tjvYZI>Uw!|r70Wn!>f9A=i~
zc71PP22^fZH99tG+&z`q*GJ=@08X9ff#t0Ya@@R}Kw8!Lea)zrS0}If$nvkTtq*ii
zXL7l$M1$o(%G#KP=K}q@z!1D3RA^}Bnd@{kR#th9_)M7vQ$HS=O;k^eCVyl2*0NXw
z_cq_wQof<rr4O_TjJz%s;J9kT4~@7$oQN-qeWS3it}qT&Vc#FGADAEhWf_^V!)eY<
z=!nz*OK|9IpFr>n+TN<6N^fla1~7e~D8$*IM<{<*f2Z>w?aitMrj>YW@UOtqMdEbj
zk=~%D97U;=IUU@$fA54^Aw~j8R;&MAvhS8UEgR8H*D|tWhdlWC0GD6x$qg~sToAb6
zW5<y*%qZ6Yrp6PenExP*$&P4VXDXtN*ezPSug0!0Fd+gX9M3aPjUpncxz-Hw`mnx>
zNg7?iz{gz(i{VK8S}I5)Blzz`v%wef1V>X0y&*vEyh8HT>1v><0?%|KkVEqSV=*H(
zSTRLKi^$$OFheL??2oDC?E`+44kf5_>}_nnyI6vvxtmw(jjY^8gQ9kav!bj(K|FUh
zX}HR%Au=z@+7MquH77v5UsN;(n=B=>2KCa<a3hIx#R*-%|4*ygB#Cu4&%f7wAqrn=
zYV@qNV+AI6c)f9qEP<`91TwFJlf0vq>kyXN<Mnm@Ui(l9PT29~ZokJ%qD|68<|f$?
zGsRNXG1;tn(^dRw)tcmxr==Z?Bi8vyaovlj-|bvhs|u}4GKLG)aN5i`7Tzcgw3?Z-
zQUnIw?jU$FOXp$(^6v1PqUn2=<NwZAnh$Mv^VWG4V_21ZLTiAEUo*AFYP`D=5brYQ
zysH`Hj!k2aGwxtok0j`yD$wE-2dj8p`xLfb$(s%JGs_!k5`FkH(q8dl@_a^$AP;8P
z?G;=_aN724EL7N`?LQ<+yD9@5pRTb5I>rhT&agRKX_K=z$i#p1VaSwP`p-tpm)-`I
zQ1)>j;t9K?@rGf#6s~y>{I<)qVy@}03Sup=)tSrJ;>7gm63?rvp3b{^#DF*B6lAxO
zPGz^8w=FGb!u}!0J5w<6m_FadlCAEFH@oD;b>eHxdRMNbAJ3_ckYViO@_iqHx1PC+
z741b`2u@P^wLbwPWle87-ph5B<;aQvvkL!5@yX@eZaj!*<eDHAsDNmE(Hkt<$w`Re
zE7tWg%ePW|O+hu(IM8cH5ttKR?c*6Jb|YN-?u$Bs5IN`BqdJP8Gf*6-i&Xjib-_2p
zs?&eZ1H$BIMM=9Do;bI_*uqolLWSg7vEgmQS?>jsZF=12G3`XU(mol6=0$nfy*)Xp
zu+tXY4WVuzUyIhO8i_)xOr-C#S6cssX3iE@x%rM90*~Iv5lMyo>*q|LypB=OvRX|m
z_C?BHY-uvH45E1nzF3s+l7~4yBerKNL(|Jxc@X~?_gh0_yD@;uqQb|SPrR$;XpjTQ
zxA({=ovx%fDXTuFIuV`{$Xnl>SHQ{kI%m`Go24|o-yz2eq#Vh(68rz$Ic?mlpd0?L
zUVx6n<}?)cyE2mx-tM|&9PjhE0(BF$qZ?<_j{EE#t$PI3r&O!qcKP`imVe_U%+K><
z6ZMTN^9YVjWOS5{6LcKd)0V5y#@y<wrv*B%_66ceeOF4rcg``#VL8^xjNk4cDhVt5
zo>1jH-IJ4FNniFIN|MB8PBtbvy~i$0jIDz!HQ6tnS}CG?oy+?-EP)P|@DFLI&(x$F
zfiQjLCUK%IchUd}9I3T7mzYgWgdA;@u|5fV&(}lh5u}S7@*`OPA&lbic=&&BUc1Zf
zREWPB-ebbbE{?w%{}yW@GMY>u9za8YJw0A7z+8gpwAc8nAx!?%-8W^~^XuU4<6KVM
zbgqH`_-WJBubD|17}VgP56g?Lf_$E5=otTtbBNjB>q|PP>q{8l?lp~prBYGMO2!xK
z{hG$nGnz(2gzdx;F1(T`1;Eby05;1y_lLJ&QsUF9fT_fT37^TWU!qIv%hcV}?&rD{
z9&$cGm`nqfAxIk4dcFQ~NV6|+Ny%MC7Yof7-j1Fy@VJA!oS^tt|BdJxQQ|9TA@_>8
z8<^d8yHhR{S&yKo{X6=YEVu%b<cOoAnakTPG=QM5tVh2Hq3F=%?Gv8O>4c)%k$AOq
z>T=6yVhJ@1(4W9$Y9Q8PvF!`okKYUV4b(CV*KTRU%xkUavVX5?@!g;o+wB9sROQ^0
zG^(vOynP(w;eT>Zb>c@X=4ZYT-fb!^k6MC{Rd9Fm4%FHY5DFKVDoUVvjYf9Q=g!9y
z?m#DUVZ_zbRikWjr(%kOX@9o-Id-E2zrNB8b)K7fa+qy+5?k)HI2j;yJs5cu$Wg4_
zU<*`_sT4Kj$;h=f>iAZVw68-zm69FpU2k$_D)5m)P51L}8lrox6sPP`#eR+T9^Dx}
zSo24osvlykX=)ZzYlE_-g{rrgK(2M7*~;eSey)He$UvV-gk#mdKbL$BR6A`&iL8kE
z<3Gd<XmTm6>QW=tGtDm-S;YjloC%EGsIsGMv~xde41U#=;G0esthTu(poK54ke%8{
zZt>a0M`^u%*}s#h&(+|v_ILB|esKrok+95XMW&E(W4a{b9hfT}F9|pOJY21)&J9ne
zCZ{4(b2RzU-K45SnHWWF=2dN?ZD6QHSn_wI;$-nxs2-+c^+GHit|CpR@%#eEUE;3d
zz5VTe2(F^U)us|1oL;SrT5?k*{pGUvPwx>H=D>Dtm-RTI0%3b1$}t12ayX2L%zWRs
z@ZaD_-}X4Zx-P-q13W``_E0ti+^My?;HCd;qe<Wj@QfmYQcL%+A)1KDE6jMcc_g0{
zVjXq-+8plIp9vk(F06}u6(%CV<UQ6YsP9Pp!Wgf)>QVLxXwji!idqL4e9vTMqNbG1
zUO0_My69!ymd0-N?Q=g!+s-xfctL`?{-hv>p)(;Gi=D5X?{UgUcbmb}I5K&;XPC;D
zpxO}Y8C>F!OBe+y<%NT}?ERLiw`kgUtKB67xATw0(6daV(1<qM%*4Z{)cPqErS4m^
zhuZEtx|pIFb~nY#t(8i@*4@A=!NpaMyHubF2xyqq=eUd(l&4}UcWa#8FMj=K$)|8G
zNWQg<2GHg;pgO|S_Y2?yW1EU)wZ9^Ju38<d)~Bqq+ZQ0*#nwn?ClVIiQ*wLin0$`)
zjA6W)3aFJGW!GKTCob3$8%7|NPF83yRSv&pY_iz-430!fTM^yfHmx|VP>k!!4;qg&
zXLK6RjjpX_r+9u}rM0pLh@se<W^yl+>~Vy}^6j>Jro6J8Kd<_ZWE`~QJSNtzuNZl=
zB+1K*T>(66k?-lpO4*6WSn4XkE1|X2^Hrsnu$qTT_c>3w4}N6>D8%SC97e}$Yy+xy
zSZHKu>^CfwsFT}nepmvd8-q$ym5w}1Nsdj?Gh)GP;j8MsoqNa+%&k4qu*#h8Br}l}
z`1Uo^WPY#!zP)U}K72A?X%kw%6AP|PX&%tOCSQq5G4t3_GT=)Aar8=Lt*pe~1A4n)
z$;@I(>=S3xXnz=5g*k4<k4u-ue-3fD4i|^MPCHn+OjxPmJ7RGT(_0!Z+U$qAWjV!m
z3^%Ga;Jr4ktZ0b&HFb{8Ih@J@q#&#1Cg8jviH0TN<CSNzV+?FA4~m9ROdfPRbrE;3
zmIIQaY8OEv4w^GVpsR~HGQkb;zOJKAClhkJp!Kz%38mL_?UCmrgco}5furX+O#x+z
zwj^D>$^Lw`4qH6scw{(PTd4%UwrURff%YDSwTxQWZ9D3;a&M=lUXU_(Et98AqP1$6
zbsaIhcm!4HDQ40DhleLao^ahYTU}FZp~Na+RfqUMcm#}(s*PhXF8;FKnG?gpT-P&r
zis8-*os;n$AYS~@Ec~yj4;79P%2K`_sUY)M^ZMG}P8K!#aB!d&^F^Lu^!x?Nr@S+t
zZj#o&_)S02@*xBZg<~SU!;{{+@8u?B42=LJCgNm-icT$DJ_N7*3u>g8(N~I8>0+2A
zy$~HC@TJ*-gb#-vaO&zCI7a2lwDC3`0N!o4vg?q2&_b<hewt8GTOYBr@cTACgfe4T
zBQz<$%Pk>%XcnlN%@$-jWTq_bn~64NUbA`V8w}&@Inxm{6;(uSudGzA8UR6yM_Z^7
zZ$hq*hbNY_0<D7w)iG@DwV`XGb#Y#ywp)6k%?=y?e4-Di&EKqLYhE%1JF~7LaM)?Q
zSrnb%9|S>HQXNKMwB5X+5Pe#W$tmKK07&yz+?|9z#BD~FhSQ=~e0)Qt!^43_Zf<M<
zpM-rJNPjYCWxK2aVZ*4(EF9)^V}AM>r5We}{dME?5~7Or<76GeL*+kBu+lWQc*5(n
z-K=lE45=e5EX2RrhpiB_qodTzWLM?#%zerhU-rSlv`IS<H~EcW)*=0R&Madt7%&P}
znIs6$k5bRFRrGeoeC9Y)z#Gb>$jwxX=T+yW>xK34XLCSsIuShB;8t-q4mB#MSZJx0
z;Fjze_>gg&{i0NcCkB!IzF<*jr?pY-Ijt*|-|whzx@tEc1IeKo9rnkk&(_o+KaJ$~
z=y_;uv$clQJj>p-uh%b?BAr-LGV^2KQ9BlAjH75_J>Rm_BZU^LSdWGwxnmBoalX-h
zL+{TM>YZI-vAxr+%RAXd8}~N1@66c5=)`Fvy8ut6yoTlk$QA-@X$yI03j4)SF>;L8
zY46zM8G8|0tnTvCr+sFnp)LLTTX%4>$wjV6c)1tV-3es^C`p5c!xLW**>WOV#a5GE
zTB@*PPvD^T)u3yf9%Q>*9=1yUG(cC^Fh+Dj7@5SK;@3pSlBkmz&e>AZ^6(js{{iZT
zONwc|d4FEQ<ok3-6w%_8To>RimRTMxe|f0NQll$VkyC@N+&J?f*W?f*QD?}P?*h2P
z`A?0Pgd4H;!bWjwIW>R0!IzyGD<}7p3oe>;-mdMMp-L7kX7-ozfB&}4c$mEc)Xwy0
z%>U^T4${z8T-q}D?Czix7;~Sb@Mrr>)24KI>o@r2-tANUI-^BdHY3{2F*Hj0Hiw>~
zsq;D8#Q%G?Q41&ftuqO7!hjx6yOmN-#}zUq;##)9VLoB@-utMTTB!kh+*>&n5=<o9
z{-DHa;M?fMk}@c`(3x3y-fe<A5~<~Pz-4!Wi?v21$@mWUn0rBUUZW8T#8YQcd_uqi
zyGL|z5x7C}=BLUSBs`N5MsCtS5a94m&o=%-L~BDA(R9wGFtM}BRkuICFg>+0cFW)I
zX_S36Z5uaVj0MfCxWW;p8-HJ~-F~wOkBt_wJ_yhg|JB$u1i+B_@eD?+f5dFpb8Ad{
zXq8Qtd@bVVem-_Q{YvkGE>Aas(++Q-8p4QqOW_5wJnhO9L8`vszSmWVT)?5dJ@B@J
z|3tqc>lxE(1&b@^DhusX@afey)Fc#+#Ooh_C(S>vwKlQ;yEdvd6%`JY?;YHr<nJc8
zIkN=~+BZg3C>ka?#$=S?6yxOSgEaR=8gvMbX3}BW&>L(s*bIh$Sj)?ES0B`Hh~RK^
z&F6b-egHhd0&ozzbHr8!^;$IDS?09$44V{W%|1#iW@Aa%8EX85?^O(3qZvW(@loPs
zY_IXeUV|*59kE@n%s=0!;^{0|TNsn&Ff{+-NakoaUv(iDnJeZ|4&OkS>HRvok7tIv
zIfj4lfKn0=SW5<1(}JeY4tUGP8Bga-1kLN$?w%Z{bMjh~@pGZ5rdInO23HPQR&`D#
z)a8G-?b7)Z)B}AEl;|6C9%|ii__DK-JgAzWsO2ZRlYLfN?)AdSJmaYO+2{ZpoGRq9
zCj^l?1*6=hA|ap*zJGUk{HU}77sL@d$NJe%t&)l_xQ^p4Id#>4jCZ>3m?#dKD%O|N
ziHf!@Rh(q-21`)I&P+2%csI6rB}`Vwx(S8X;mWDb(8j^OME_)kBRgN%XH!}CG~jl6
z|7AbyQhkb{r2;gW-*QG%TYX80N5If=DG_UJ2sXmUbt!aJ(}|)$aFV8}<4E7#ZDv<j
z+ffN+YnHH7jbI2~Ex3LlQAHTs-<L#jf8?dXAeX_tb<B4f+-15Vm6+0Eb(lSvZ&C`H
z%{Z2?EX$wGB6J-V|HXSiH^$&{-X8HAN;4)&c7j>Xa}e}k9IvF@pl6RCY04;NdrQ0h
z>4J@LC2{@ZwNeQnDzx3d8ZCME0R0{cFm$a|FaN&rH(fynYBQN4Z8uvG_(*V9xK;yu
zTWS&rL19L5GTo|TTXAbrFv+46=CA?EXvz{S{%WAx$|_G}?gLA3^&>Utlm99OjIV{I
z6py%VF^H<Aks+wFkkY53H;(~Ka*QON>aadM94(#U4z1NIl{x{*BI<&dJT{`CVz@b|
z_U_WJeeKrk3rw5$(K#WC^nBYIsQYeSV(U&DnDPfI&^&Bjwr$(LC_}DaPP>?Rbi<`(
zB;~zmtk+(;?HQ$r9%K+suy#zoi*-)@DzpDBdNdvNE>H2b72W7Eg>7%>E&Zj>0$&EV
zrBYGjR2eil#u=y%>8-RO3RLUtx&8gYLE7bc9hZu6qBw`oRP|%%UTy9qJll;lU1hEo
zvM~ZfC{HahgQh@Eij-RhiuzO&#eXF7WY3Ga!c<9B8V?uoLZMPe;8DWjIwza+o$l#&
zU2~=E=4;b?`UmaNN3v!FEV~4~ndYlk@l?)Gln6!ovvK!nn0c8MvsVsp7!}7bDx>QV
zT-H-nFo|cJKPtz1io;)Hiq6Qralv(CTH8}H!a=o9pwL+J4qR64Jk!Oh-Dfc6)!g7M
zfnc0AhqNMkPo5WV8yiC?sc(h(Ia}O4h3a<#ZI+gURc~eXnOKk4Vj9;^w5{2^tCiT%
zt^RQo3{mO&v9v-LMyajzk{iDCVku;cE@OqSD|8fNBdn;zSW>n65r5P4F{$CQ4XL1O
z>qsoCpUFO*V8$y`WK4SO9LpZs!8<y4+qbD-55JDF_08gl_&2p$L)mIr8)~ivQ^4Wq
z{coF@o~Toa7R-~~iLsj9Hn$R%PuohWXDxuPA3z|?1dj79O<ro#EUOg(nm;Th23a}0
z&UhN>YI^G)qw)fhWBT2<D-kT#V!P)Ns}&1A1>GVGF^mHRs4kG3{74GVI?Qy56l^e+
zLdHQ@I?p>i#o)!>b~G`>q`jeX=C&5Jr#9(&Q%&X;ey2}hq`=rwadVQ(USQ~@$hXHW
zJ1mZz_h7*$|LFBTi9$W(*|^(dsI93!=hu!+wV*DaRL>e`e9&pg6sNZn*?1&-&e~q8
z93WjIE?G^&k(@3{r+LorGfyv^Bjl1xWTXR^0Or2L6-uN8U&^COzbCk=d&|v+(VH{6
z|8-IhzU_PQdnUc{zGLS(pFDIZvezAXx8GdcxQLNVgUKl+CxqQkhrMa0LV|BgDHPL1
z&@d#ie8Y{oXtGVbgGr_U@?47Teq4@1#GQZ>lKTrC5y2-)cNRc#^xo^My%yd=h&~@A
zECSa^ogKw&ikC|f6?=C0<u6kl`Ny#(2wRnukBzAaGO={0SFW)83lqoR*uu{E<D?+|
zL3?v)ma|ha20a&Jc^O}*%G}%BJC7%CXFo@Yij(NQnrcn~e;)<@WbiZf9Hd!}8)A^z
z$?m}Gx)r@ZUSP{4L)byX6TasYN6SIBptjKz{cgK0lSw8Oi6Qvod8SM(9Hm$F-y=FS
zTYSPu^Gy|d>LCUEUQ=;yfXSee-qjEDb97?$fVyXF`89Yl6I=7~xt-oSHG(-T1aceR
z+dSJf%NW2IKxIN3!R*hFse`UZ!ZhD@xQU6}NF9;VJe{}H!PDoG;U=FoR%GSuhyX{i
z`#Qze-Tn*M9ctFvEY&-|MK+pJH^{Zx_6O=St~2mH67tIzBGX?BD3ouT*|uVQ54Xc>
z>l|4`7Y!zr?#Ltuez_SRbY|ys{&j}X1=sXAOr?+u&Q+TSV&<pPTgS&`r;1UVlA9Rv
z^2{V$o3<NcB;J~PI*DQ>vCal#k`)(k$yyRF&1e)&2w}CyyJEt<RgP9(Qfp?FQ*L{^
zZ^j{Z8RjtQ?CY_k-}GP+?+je$GU<M`B{tCHfNl$sZ%9+02??cqz}-}Q(lp^lV<on>
zccL#w%Gj9gCtjU59zE?1HK8cX?uP1Ire)M8xyMzwL-6p-c8qvq1|~7;WxvbS(CekJ
z+!t$M+I=o1>rdGrzRzTV+4{#P@5>YOqB1rg){S?-FTLrN%|18`%z^JZO<XA#Yn=J!
zHpyP;6Ef9vChJhWy$p2?oweDTR%s9ar@F8HiX&LK#5F*IJ0ZBcySrNm65M@onMnu`
zNU)#*f&_Pm!QEYg4(=|&2A!R6pPaXQ-u?mGr+(?vcB-rURMow=?sWsx15Wp+%l+qn
z%uyqTg+F+D_rG;|pC9t|{T+ikfMeX{4xy5oRCZ==3VbQHl+96gKJB>;AB4kgiVtrg
zax>loU-168`4lKIncd_dxat|FNXk**H(hb#Vfiogn?yu&C0?v{MD4FOdTf4^>M)TK
z+PMDHcGb1mD8L7FQrie+@Nb)W4YFjYo1C*c>p4r({$z9Br(I;<)D+gyx@x=t<;@I+
zgcB91@+>g@tj>wKu1oYT94tn#PJ7y)Y|ZB_VB32RD2*7Cd?Yx!G&9CGbtrIuz0C;l
z_*iP`Rit1Vl+7k-D6zO96*c7E$~#!aeNIZ?&Es}MCt2qD{*Na+lR44DQe(J$k6V{v
zn^;y(e<a<3Sf3`dO|B~ztctlr;GUi{=5{9JLX(<k>y+Oy`mpT`|0CM1%|>IWTL>`<
z?f6$WFunr1`+hK_m!B%2O?#393L9$Le5DC<={uRgZq~<$i+ixw)jfnfpS<{EXAU+K
zUBtJ+IKqQtwP|&T3ud*MbTz5y4kW;Y<O{AngF=lpyP*!tFcH;K!4kFnQN@*)8Uppr
zPK|nvO&E~^Cb<Cb9`r$u#v+FmqX(UK`BW+rNvy7@X>5HY83ra$m#*y-T+R%4mUuBB
zQ0Ly+$cAy-Ht0|aLpciE&#nHhaQ8N9*<B9!;kt%MDbIw753fL*(N|%R;ny$IFAI>u
zT6L3-10(eBrobYN=Kf2KGs5e5gH2H69t#A$5$0aBg{-r2F)WP++KN9`t$*kiX{2ty
z&x(t99R@;}c7w^B8p<`DYXT=vjY>znpBvelB~`R3)Ve;KL65|kkF#YddK*GAULYmV
zs;PD}!`CP>|14|0Qh?U-w-}-SC>K(PABBeXlMaSL^IlNCnlo*HCDWJ^kd$w;Yv{Zs
zB*to=GF<%(0|U27NJm^#Cs{75Mr&Y*1F_|=Rz_3rMIMeMb`6yz3G)o=M7H<GldHKk
z<Eknj<>z1))EKbrVh8>O<OLN0>}T4s`ztNAxQp|`oa?R|f3v^6*82|RB!90+QDt7g
zNCj2BDY04j@{#L&x6CV|Z7eAcy=nuR{QBk9jn%p-)5wk|da-dC&4mbG+A_@(t`0-8
z6ouT^&i$!c-w<-(6}s_c$uuKMt@9<KY@Im021Q6h)amku@MxWM+%E*82FA=jKTozX
zLIp<=OJvY5(Vj{gsRFAkt!HiB%d+;c)k{0`L~vRj^L#psm;^=((TD-KA=r3<7gEP!
zps}~HE1E?fo}R5*8ZFWjuE0@CW8$VCzJ?9<dayzOy%2@Le%QXMNKBy~E~TcMKilrZ
zBmw$Xs@%@@Ft|W8Y{40LGGO;h`y8>>eP6mq0_~(fKmEUn`AMX$LbE*|J=}cqyQ0Nv
z82$0&0OECQb9YL=J~Zw>%Dp)U)#m3C_TB~5RHw1{6gGRwuG1SpFC_KTlyP4z2V{P1
zrGPT0x$uj7nT=Laqlp_`No{4PWWlQO=H0F$*CU4LBty6Z_C6zhCC+;fIG{A@b@Sqz
zidipeDDt*jcx$=pKu@t+<#9DHAl?|Fh5ZQ5jGX|^mWxry&QJGW(<xG3SXtIZo6cN#
zuRAO^k`I?y^^*O$mhjT5%|9b46ZT~IX(Gh6-C@f<e%eoO0RJ-M?hXW!lFo&~9*q1h
zzalDml{kg;j+EF6Kl-p8`MmGSoc|6ztkXRQ=IAGJ%0aFiCe3@WF3Q<@nVHRJvQqD;
zcYx*If2k&#{jWCU@_XBeCPMfr*8)BZ;V5#~^sp%2KK+`*l>511lN{uvc5CP4M?ek7
z6uX4PTE<N@?;^7g4Livu&?`vW?I>fu2Y=$H=qYB#WyxZPwUAVpT-%;CsH!h<r`aha
z=|2TyaUc~=6`fPQ9Py@g6x614q$HtJmuH_u>(w#VAJoNfJYc^Utbc;YB-c{9E+@U+
zDj=&^4tbjVNgpyK`VIr;Np5Z~F%XqwgeEC=EcaMcpak8IujX_cSQoSBE|zl^4Q}|p
zqXn{C+TeBE#;V&>H@`tu6hohFlA!^r91M<#WLE!R_U|kKP9%B|5fevf@x~m121jaq
zDQVUc(qqtSB|C)J?EShvjPaq$KvTJc6C8E3C()NZ1B=k7)7m?EV%az^2csv`+D=i-
zUr3sdL{beIRZB&Da(BYbT<~HUcEg1-@K%Z}7a9r2-&iCkKW>>GziW*xlt3^sb|h4)
zI=7wsmPskGIdVVSd0}Ao9n2P68aQ?#+?&hQvAM8qf7u>PmOZ!X882O1-h0t7*hHHC
zq78AUu*`Uot<(H2d=83DmiVq~{fD#dx&6{~j_&j>0l9r4tM`0M;HB**%Y;^gb;kNk
zQyf_iqZOF7I!ncJIpLx#6O}bl-(L4M1Uws;{l{qrUB{TWZ|GHBw4{1%-t3M{pUX=6
zb7`6aprt-~;~<4kTqAJ2LIQHheJ&3UWaW11Z>ux+uQ*pb9O+%$JB`U+SFsb&0_hF^
zO8-IvnBw|WT|L_5{t{c5_86X=bi|)1VQz$h+dN=U^*nZF5r@Kj44jn7zB+kmA@2`-
zjxOpH0%oZlSfSFJTU_O?`mgz`%lDaygQP}qAV<Nb>OWot8q(JJt`f(_S&-=0@HVz$
zzP9-jDP4cJZ;SjA$J%BVsh#Aa0l|`SS@Q_btuWDJ;rqx?P7%_}80Wl#acKv;7F;?q
z$hwg>$Y8M-7unhxXy~$j;&<g?LPowcpG{1_k~YZfhFdwjEc^8IRBknZ5ZhVP@;ggn
zMRQBX3Gc3+L;->sc$B@zGsca<I>_zYB*Q6LWfPnG_sCT2$2^;OT2D_BOG3->6`?Kg
zaV5Q2dK@I|aZXxRwsIpVn5BKxE?@DpYhsnLUr%;?hK#A`J>Nvb*bP{tY@)omCGJg{
z*jxH<ILnF~w=a&4^Tu2<#z2&>RTXymSMca~e@~vS)KfXOg9*A!+jpB&zWANlx0`|Q
zF=$h@sx7@|>npAvjv_n6hwvn_OV}Zqs6nR9q?GFKtMQbKaDO+#p)D3E7d~^K($AT`
zUyaz48~f)m3xzW7H0kAZ=B4D(`;k>bMs8uAjF4M>Ysr^01fa>Io+6@l*zz{s_M?fr
z>ftfZbv^3vZ-zwQpf{AhF;|enzq8$M1#ft@f*i9B5wFZCFeRGeRmyxl7FWMw5AIF>
zZbFK$b`T{Hsw(iVPDH>gBfb(oz9)!nd{FKGiCb3b>3fAQNb~STkJ^4wYJuf3xuzon
zV^uN*@yZV{Fqm3qgv(c1iLb5OGVARdWJbq+LN1BEH=Ea1vvyrfu0Gi7jySHtE7=>V
z2$<NE=)??gbKp^y+y+-R<}gX7-7PB*-M$=#l!xNW`4O~DusjFtWM(}jHa`xk0!4ty
zVv}?MzRw6j;snKpb?;QWie>CYi&yTSyQuK-X*`2RRm{PsvV45rcNu8YxzozbNfDer
ztSqZdJpIUV)i678udNVGH!+Ri3{8ICX_%AD>o6GJt6w&%i{2iECfA6!C_5|srMVv_
zQ{*|Qlv|0%9r=PuK%)am71{|Tel%9oUMPB!RT@w2==n)y%1bUh%SntA*_OaylKt(q
zN)t6=gX$*nm=1}S8Fvld-qe^}!}$()lF)>v0yN|&K}CAwUftY+%2fK4LyxMW39P$X
z>u9<OcJ7dA#9QIBjKDY@LLAE>%6%wLC?q60Tc|*>tRehE&~jeUYv&QS{-`6G?fk}6
zlYm_P{bXCZQQCY7qR+DCj%siC(_+#4+h_v=+phQ#|8rr5CbU1FO^mOgdX1ERmZANe
z^JbhX`|kU7PKSQ=oLRT3-}kKVCjx1l+pX#<4%pO;^4pGR{XXg!-tF*sv)}$~)q=xK
z-Q+BDsi;(t8Q*KmthJ?X64&LaT3bJ2Gi6lza!UI;$8rfKMG@U1H$PzTOfnJQvL$AY
z)6h^emH(5RJ^3F;*<%^0&0A(yUpDlr0+6%PFQN6l-D#D2=jn)))52}?JGa=M230c6
z#TjAk%DY*ks+<DPX?dV0WdU$<6B*bB`itmEynxSkcE5e(C{Nhq9;;i%ZLAEY*%6nE
zfIz&YA}^yK{|rL;VTgi{TLIDC<^qYYJU8idaJcd+PB6wmf&Csy5VWZ#pjHaQeBlp;
zfeQsc329xAV=$udx&Bnyu-QO;Mo+_lgo7;|A}hWe_^;W%-JeQG6w7Cy_ZPEW^`9F%
zM01&CaIoDAUqO>%d*gImPM9eHLGucR%MP(x2hyXy0AUiEzEa6khoxL9<b|)l?^H-d
zuMno>w_y;k*wv6;Yw%pT7>V1|t(@&#_ZU11Wj#=^Kyx+aI^8$26MxnzC)dV3<@tfE
z#3bUc%4y*>45#CRK*WQw(qMDLxG-piGbPXZ@fsCn__MF30H)^^qi$J|xm~q`+#ObB
zw6Bv|U19sr^BYyz-Ef^cy}tOM&x^%}g$kuaM94I*ad#gv88%kH!kaID-*UB#$Q!lu
z>jK=@y#s~ZrB8|1JxZbehQU`nsy5Uo(DX)*pt>hjBy&I}ye>GdN@u&C^JBvT=Aoh<
z0_`RZ`>n_##{(2EEBs&9HI%M;yJ~+fJf|qM)705a@MMwcM*SW0Q==^6+MJEt^{!Y?
zdg;uVDTcF+asfq5F{O$MxeGBlReD-L|D8VQX9Mlr-J4wlbt&VRB|s*#9VDRyTdEs$
zi!Yvs(@b2N8@%Koh<hvt=Cr=76pIs)psdx1h)%!G(V0>YY;;qY#Z44`kpG@*BSp;N
z+PivhR$@|wOi(p%*IhfwQuXJ5kVuvle8`NzHh#K}nW$LLQsP1Y^1U1QK5kufSypB%
zG4}ev)`6N?O(!oM6D)iFmd?_sL);K90d3M(>d3xkNzPi|{;d<hnxcPnCWN?#QWw;L
zEu{N#^Xh+Eb^H>i0aF|gq_K<UQzPi{Cx5))LB-CN`S|Tw1_{dMdUv%$5j0Y=mz<#f
z*n@NO^DO>pN9HORe=3*Zax<jI)_P1mIiJ3SWwur-TV$?>lOc*wk59dhs($vLJh5z}
z=VJzfX0wEn;wW3ytf{Ai0z}o=zK8{SzSz^?fD<nZ{Zd3<QaWAPK-AHCcV!eBv4cLi
z<f$k(dfOnm(kpFnb6;O1Qt1rZR?R0D5&W6?2+Oy8EVOB#vYijccurDU+PxAzrQzqg
zH0Sv?sl+kJ@f$U7(64XEokNeYvg<SoP5tO%{116kmGIw*98F$<f=JOc!tWov@5_Za
zMjVw@(e(86B+B~i>Q7dGK#|K90d&O1RG(q7)@?3_%4T#3IJE;wR>`b7GqUdv1GpDn
zzJaPZoD<BP3&))X8VV?y6Ofh{5d>pA_sRmk`hU1mW4vXXh~cOsm4b1D3P_rQ?U~lS
zVM&s``?ZH%o^9s^Qr#-Gg#oRi;;sHsOm9*zA6v;!KaeOPGM6>{PA=dI!d+!hiDmHE
zr$yo&;CeXvyvGnn-MM$Ty-zRMGFca9FCNv{y=I8`U(_H;d^VRK9<gAvsgcvNN2?ZY
zg(-!mmw4cABYSFu_`db5A`E{P0;*uNI|`nN<O23Q0neP^WZuQ%wbwWM20iZtK80GH
z22Gz#Xr^R0spbCav0gB1V*4;%S(??TA`YxfWmzwgU?6h5$=5s8HiZY<&zW$|Dtj?M
z3I$%t;uPokUoac~@4uHnEU4MzVuWC8jy!?p*OvSzmSi?a5o(|KaippeHL2cZnVD%b
zFs6%ADs|pl1Jqa;%R8;ZwfkSRG^9WodNA*_Tu3U_tWfT=FY=?2-|l=Iw#f5LS1bM1
zh+kfdw?lH+@dTfE2pxfsCElPr*^7nFeT0}Bo~{gq(!tHwB-W3N&rbIEGRJlv2YH7s
zkh*xZ{k`fjsfn&dhO3P>HW|#WjMk>C5KV%?h$UazA-veS`#w5d1dSDBYDLFtXy1>B
zxY*j>I|e6_h)<{Jm}N_`DYyw|*TwE$BLcC$tK^ngq;r7W_C5BZP~O0<;6_OBpu2=C
z?fPHUxLS)-`a~Xs2+kesIn5MmU<4Yf!k9X(2pK&67x|%~;2Uq6jXDn>U(UL|)Br5*
zySO3KMd~06(pt%JiRp6f=dYPykNah6MZ;MVh;5cx>&SPsb~5czEV?VzYtl1$vJ#9!
zg+8D$eA-O)Djh_&K-HIHW&abtwk3p@mn*A%sAHx$M9wN9I;teJi$RkgEgHhrOV1LU
zKPIHD`+NQMk@<b*VO$-$x2r0<CmD(QuKyN(Ma^g+-517h`<o(_#j1vjANt>rC41KW
zN-_Gu^WFe_@1b-+E}}g)5j*f*YeszAI%Z6z*@qY#wQU|jm!|~>u(O#3bUzm{NZFn>
z-gZdy3YYTbWXkX5w|lNn{%py~ZhC=UB4;<n;~)^?Rx%u*`bCf>%EsVLbRI5W?Xab`
z;YNl^d{R<*ko52W6b;;SkXh534X9(%qgMmB&=_O0`a5`bbtJAWo})!hT7Dd_mYwsK
z4G-O5mjHt)d$kJZ&=qQYqqC=RuBH-CjBl}hn8t0-_TcN(8>5>|DhbL^|3t|v(c@Ej
zexgbS1N`^sL^UqyyPpUsDcbjD<~x7b;-qp)><0~|ES`!gmp9;~@Vv1hY!GA&9g5~j
zp9qY{82UezBuJ$*!m*hX2WJf|I`Xn*^<CZ2a!YhuheYME@)ajtTZR!lf5RWLM%09#
zg8fKlLDk!jm?pxV-3b^lS9qMj54LIi+x}CY(tDhs36Y`&fq!UG)U_ZeThA*^Z5x2)
z)Wz{(yUgOC?N@y7>K~46AN*z*zg~&&Nu1A&!h1~i<5xBhJKgogHsM&zR@MVwHlmS6
z%VG~kka6(tVv6<;O`X)d*f9eMGW^>07lkbQ#xAd2b;$v!%<8AyxZ+mOEn{liTp@+H
zRbfK@D1nB!+Ag7>6C*>4@ftmX;u56$OF^_olfH&A##E&aiX|)OH@)pfhr8ubj9bZ{
z35=u@laiJ|#dEx>1}T)v&EuPNc=v8u44u)fS<hKP1_XPLCsyxS7>ecI@BPWfNi!;~
z?;Esn8J>DgLlRfhz_Ev)mR*1e8u;!qtZ!j!9e&N45WVAUofoMKv2f1&L{b|I$CV{d
z76072@e8z%9Z#J41MHA!QQHSiGS{IMRUCxCK&*L9grp>o4_$%#%ETcZSyS`~IKxpY
z+W8nI)O-$}#Pk^**9=j8^i!-?OYU~MI_^^>`j=EnWy5arq}t{s3n1H>78<B!8P|49
z@8!C03ihy%f9BgWL1K7EC<D@ZXS^+3j*f{Q0bmfhlbUwo7eTtApk4)O)_mLL*=4NK
z(XO=$P^YHa)lpn`oB2eGTp=Q|D=sn^n-GPpz(Ma{fJzWV$-WI0<9wuX6c91bkD(Kt
zNZ9gamBvwC6j^*tLuDddMCfG0uWEaXStj}|vN-63d?`a9pnQm}?Als62D>~vez#u!
z9<vCT-pA8GtZ-koct|?%N3xEax+XmBnG=ws$x(W{sIXYg?(Y3IjFk_v5xhl>H<t-F
zbjAdYSm?tIovoWdQpZkJ#Psm#j)n&Nj~|$(Qaq&lt6YG?_YG|=jfqPiPf+r5`LkP+
zV-j0Dk4C?^Yi-OGwx5edv++2Le+YaM$@qO7%7>1XuKaOc<CfkarTVxvtGg<NFUN>b
z0%X?B{n38jZj_IM9A{C#LJ_loX)?XOpxMB)+z*ZKwX|-os-qhAvD~ldD8`Agi0IiJ
z20k`+z5(|83iO094RBid!9^GkGLskWJ0jbgbCHf#eZ+G*-Z0_{!w~^zM1FD{`0FXa
zkEs-A*48x#Tur@Gr1}sxQ;3@<_%acV=ynZ(#>16b^!`<OgQP~8U%LI48Kv8#DpU9W
z20WIwxf!HVR01NWkUoUm@MbC|9^cjl>&#i~{N)ioAyoy3_^C|&oVg*9>iBafs!~RW
z2Zx6OslIl=pqV)j13|c_1Hb4cr5uyh9V8tYzVJ(Jtz5p+O85<p&-~?_(O&B?-0o=i
zA_?!Yp1T(tGe&ltB%4+ahki{nkzD{h_K39aZv$J5%wa(HG;)n=XJ<+m27e4@7td;r
zUkuU;C0c2BF{p!h^gRBb`RpUy_T2{Lr9;B+$IE!67L4FhwK}CO#GI~)Zd@PJS5d}V
zR0|G(KN2{XHJ%Qql+}9D(XSF3ByLOJBUv>B&eE-W?p}Y-^mbj1_8+95i0&u>J(if?
zN3Wwbgs*HTDsp_$O*UU=P#>>7D;#E%09o)gy*-uhY3%109Iv+@G_n@Hc{;V~E<?wQ
zd@RP_HMlszVIDEaH$9TWl}!9W6mgx=@>9354H>-3^~Uia^pjv#j_dYe4aX@c=16PX
zyA!hV4QiB?!H&_>8NWttuG7LaG42k}m|wj+z_4}8_GD@c=aX|b&hc{SPJL#>_ZVSw
zwTKFH9sKPbBl>Cd#?){zhGKTTSuh1lkM-tQt4>)e*lUgMN8*E^c?V{_C$+QzA7-ML
z1nIJIc;^BR*7jTN`)TB?WM^gMR(6PuZWZ9Eo+o4wFFz#)pHRW0crBJQhVN{c|K9|w
zOQH=~gXps`C7rcCOO;B(9DSQ+e^X>%T1`XA`wm{B5u-xc<js?y`>@mOIm<{jl;s5y
z;nR;v<{y1>!fIFy&~XbwdW<#E+n-aG4~+VVD%6u*1{WE&{Qe|*^)gQ7C7@y@{Y);G
z+t+NUNkFh=_~7R*?Fe9S&<)6&&(TzsefE{2`KOj5syq+bfGm)6eJFCFjI4c&6?1^`
zCn?46B!rmsKi5`z<P@|_^zp1rm!ihuj&JnHamW=W2Z&hgTvck)vw07{qxG#}?54S>
zKl^fMH^mmo%#rJtefZ+!)3Ik^MX)R&AlGpk<F3mm3bG0hOVG^}o8`6+HTV>0;o=rc
z==rrXPgkZkUxtQ>m1I8F$bduf9I$`Uhjw0h;$Y=ZWc1A`86f7V+M9?z$!uOFlY*==
zl?ji6BP<yA!+y^#{OIdto2GRzQ!Z}EimBm*RYH!VGVDH;ySdxEZR#!@>UpYa&8kw&
zE|u#!>8merkgEhANE#K-fN<r=*VNZpu>+5H(Jf;OmYk`dZ<0`Oibs5l`~V@4am37k
zw^viP>}Fy<zx86X&j8~7ndkMa)z#dzdu!|BTJxcf0)cns8P7*8f}al@(*Dk|wht12
zSk2GX9LxClwXSZj+G0TW?Cv2dN@EQBwy>o8*A-t;9Y9HyoTbK9^b>U;n2KE5AVuao
zlSQXJ8engHN9e|g{l2B;Gx{Mj%c?DRrW)DrdiQ~iGlu3PvSL3m&nE`1%GBfj>J$YX
z7FP%1HmL@;`wg1k)7jMbh?PZIQ*KA<qD)PIquWPyp5&xs!5`tXf!aLI^SeSoiW%a+
zky>!Op&i?P(Lem?(QH#SA#?0ZU-px;LhA`IN71a8>dOW988x=2tT71)2%-%f+g+V<
zD5%q8U!5Bv>Lv1e!%D@7*D6ibQC=Mg`GD%N=;$~~N=hQuW#297HUNE8-<w!`Y#`9v
zzo9+6phfB*-U)sCq;`;IL#_k3cq=K|N&z0aGr=@khsH#WW=-2dP-P`RIqB;zc2vq@
zGQ_sV53gL6Hzs<;hYCP*10T0jdf6vX%=U5sSe+V6($#AfpIA)I1U`S<eyllG#X$V3
zWOc%u#*p>!)$hOas^Q@FrvIBr{A5%4ES^p@DGJZ7`&6wh6<bLvA9IcTkv@niLR6x+
zpCPF&fool&FQRpIX%m>vK@|$!ouXScTB)xRZm?i2`mWW_v4h2lOt8oe^l2;``@3rW
z<XcETJ7K;vqad_b&yQ5!mt`{K2eB9u)ROH%x>yxTr6y9J5!DzDJ$eRhOodDL$WB}W
zzP#Pz66=N3h1AQpxLOMJiUi&xk%Xkoj;qS*)Y46uv1!-bv9`HIcpm$bg59$0R5Q!z
z-g5k4653ex5U4y0BE@frqM~);Pw|0z-J4IqeG;lhg;~u%_JGy6;`2*YAn=KoC}8t6
zhwhN|OwuV`L@;+K17TisO>3GAT_nJpMva2Og9#914m|#x5=r2^7%v))T={je(;eq|
zCu3#!Cq0F>k~d#>qqp(M;y!Ph4tkBdH8+moul*4Q8r;~5<XsyLoJrXG@$(sF&2<b0
zXjf!?cfo`>_a_^*%roSJ*?jrix7zvantYAhM1=AO;T+x}9q9__*|~`PlX!eSPh_gm
z>!bY?GAO^+d-4VQae(#eZB-Phqk_4Ci)7+-yj)cWm8mqLqMs_%xOCi?JY#9REC-{p
z#4$r$r}hs=kVR;}UF>h3zsNHYZM4#FHUm-dT3#X`HSH&>{P<U5LIC!k^qZ|A1e2|<
zn>|FJU@-9I)_Y0Zcq-t~7>-dxZ|Y|B$vep0L0l7@4lzG+>Dz(7RFV?`?*RgDG{Pvb
zK~Drl40?`cIs06F+s*#uOseXG0#n(~AL%_Am<66$f5TCaV6Fd`w55`E62}1WsLC(l
z2PHUZ5Bor}U%l}&mhI?}e-fA1xrHW~qy?YysQai;$XM8i>CQ%OCU3K*jLmN}X@8Ck
zJVt6w8ilVB$X6Uhby7>L0EcvCTxsK=^j}Xblif9lGbJZJbI{dv+$}%?OXwu--I-XA
zK!Rat1r&UnQ*-qld%mQ!6jJ?IZ!eM97*C`h`w@{s<9H{IFcN_tS`Zdn>CTc2Bo*4<
z0ohcDSZYTh4H0^&m0MtU{A8~2z1ABL@klQCEk+LvsYLzoTY!?r=xw<N&1f&zL+zOa
zuEW&ee^A{?bVF=xF<TcMf6E;usU~Hc22VPbR0`bh>K?Z_ys7sU%bRfIpiDJK-Dofs
zc_1WN1c<ig$A%HEq7zYdOOyK$F|RJ-zA>B^J^}~CIk}JQXe1%!_MTPM#=<oN#}saO
zCzDm@e53kFc2G$nG*fcrxMWMKp1;{vFPK+aoJu02KSW4giqIM195ReYbfGmF7t5{c
z5i|8}c_I%+cRH4}#S1zPDu4Ham%v^V<7>b90gtDf@WnIwSa5Tj0<!2Oqs|=;qqJ=v
zs4ubmf{%Gco;}li;=>vC1c4jhCmoAL65nZh{9OyWtsus6&>hLZ5%V%1CzgDLT7X_T
zcswTSgj#O9&;T+qBSMiGl3F$5g<-$IOos_kHoxc?6dr@kO41?bX0Ggr=)Rkerj*r}
zT6yJS-!h#$^9zac`&Ra#TZinPpbr@6>pO#>P1V9up1Kt<cbD*|o4mmblj`?7Z{U3S
z3+Q1`gBQ+D|ARXZgPGBsyh->cZw_y&&bXg8SpVJ)S5*Ixb7kom)Bb%(_V=4a^?%(4
z<@Z#iO5wlxcWsA0dcA+M^UVBK2`vAj=HC*M^T4b0uM4qa{{MK~6U~8=E^hdd>Td-2
OrlO!JUny%5`o93|pw3PJ

literal 0
HcmV?d00001

diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 00000000..15317de0
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,31 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append prometheus-nginxlog-exporter's configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role is already executed.
+      To fix this, please change the order of roles in your playbook to make sure that
+      the matrix-nginx-proxy role is run after the prometheus-nginxlog-exporter role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate prometheus-nginxlog-exporter's metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog)
+  ansible.builtin.set_fact:
+    matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
+      location /metrics/nginxlog {
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }}";
+          proxy_pass http://$backend/metrics;
+      }
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and matrix_nginx_proxy_enabled | bool
+
+- name: Register prometheus-nginxlog-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog)
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+        +
+        [matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain]
+      }}
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml
new file mode 100644
index 00000000..b205dec3
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- block:
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter
+    - install-all
+    - install-prometheus-nginxlog-exporter
+
+- block:
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter
+    - install-all
+    - install-prometheus-nginxlog-exporter
+
+- block:
+    - when: not matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml
new file mode 100644
index 00000000..9b2ac3e6
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml
@@ -0,0 +1,47 @@
+---
+
+- name: Ensure matrix-prometheus-nginxlog-exporter image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_prometheus_nginxlog_exporter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_prometheus_nginxlog_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_nginxlog_exporter_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure prometheus-nginxlog-exporter paths exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_prometheus_nginxlog_exporter_base_path }}"
+    - "{{ matrix_prometheus_nginxlog_exporter_config_path }}"
+
+- name: Ensure prometheus-nginxlog-exporter.yaml present
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prometheus-nginxlog-exporter.yaml.j2"
+    dest: "{{ matrix_prometheus_nginxlog_exporter_config_path }}/prometheus-nginxlog-exporter.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure grafana dashboard is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/nginx-proxy.json"
+    dest: "{{ matrix_grafana_config_path }}/dashboards/"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_grafana_enabled
+
+- name: Ensure matrix-prometheus-nginxlog-exporter.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+    mode: 0644
+  register: matrix_prometheus_nginxlog_exporter_systemd_service_result
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml
new file mode 100644
index 00000000..c0d0a833
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml
@@ -0,0 +1,39 @@
+---
+
+- name: Check existence of matrix-prometheus-nginxlog-exporter service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+  register: matrix_prometheus_nginxlog_exporter_service_stat
+
+- when: matrix_prometheus_nginxlog_exporter_service_stat.stat.exists | bool
+  block:
+    - name: Fail when not cleaning up nginx and prometheus configs
+      ansible.builtin.fail:
+        msg: >
+          This role has added to configs in 'matrix-nginx-proxy', 'matrix-synapse-reverse-proxy-companion' and 'matrix-prometheus'.
+          Running 'setup-synapse-reverse-proxy-companion' WILL NOT remove those settings from those roles.
+          Run the playbook again with the `setup-all` tag or all three 'setup-nginx-proxy,setup-synapse-reverse-proxy-companion,setup-prometheus' tags while
+          'matrix_prometheus_enabled: false' to rebuild their configs.
+      when: not ('setup-all' in ansible_run_tags or ('setup-nginx-proxy' in ansible_run_tags and 'setup-synapse-reverse-proxy-companion' in ansible_run_tags and 'setup-prometheus' in ansible_run_tags))
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter is stopped
+      ansible.builtin.service:
+        name: matrix-prometheus-nginxlog-exporter
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+        state: absent
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}"
+        state: absent
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter grafana dashboard doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_grafana_config_path }}/dashboards/nginx-proxy.json"
+        state: absent
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
new file mode 100644
index 00000000..a8eccaee
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Fail if Prometheus not enabled
+  ansible.builtin.fail:
+    msg: >
+      You need to set `matrix_prometheus_enabled: true` or configure an external Prometheus database
+      as this roles requires Prometheus for data storage.
+  when: not matrix_prometheus_enabled and not matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled
+
+- name: Fail if docker image not availble for arch
+  ansible.builtin.fail:
+    msg: >
+      'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'.
+
+      We currently do not support building an image using this playbook.
+
+      You can use a custom-build image by setting
+          'matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false'
+          'matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag'
+
+      or disable 'prometheus-nginxlog-exporter' by setting
+          'matrix_prometheus_nginxlog_exporter: false'
+
+      in vars.yml
+  when: matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled and matrix_architecture not in matrix_prometheus_nginxlog_exporter_docker_image_arch
+
+
+- name: Fail if nginx-proxy is not set to proxy metrics while prometheus-nginxlog-exporter is
+  ansible.builtin.fail:
+    msg: >
+      'matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled' is set but 'matrix_nginx_proxy_proxy_matrix_metrics_enabled' is not
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
new file mode 100644
index 00000000..41533488
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
@@ -0,0 +1,1705 @@
+{
+  "__inputs": [
+    {
+      "name": "DS_PROMETHEUS",
+      "label": "Prometheus",
+      "description": "",
+      "type": "datasource",
+      "pluginId": "prometheus",
+      "pluginName": "Prometheus"
+    }
+  ],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "9.3.1"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "description": "",
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": null,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 23,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 17
+          },
+          "id": 20,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "1xx by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 17
+          },
+          "id": 21,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "1xx by uri [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 25
+          },
+          "id": 18,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "2xx by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 25
+          },
+          "id": 19,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "2xx by uri [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 33
+          },
+          "id": 16,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "3xx by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 33
+          },
+          "id": 17,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "3xx by uri [$request_host]",
+          "type": "timeseries"
+        }
+      ],
+      "title": "1xx - 3xx - 2xx Status Code .....................................................",
+      "type": "row"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 1
+      },
+      "id": 2,
+      "panels": [],
+      "title": "4xx Status Code ......................................................................",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 2
+      },
+      "id": 9,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "builder",
+          "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "hide": false,
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "404 by remote addr [$request_host]",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 2
+      },
+      "id": 6,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "builder",
+          "exemplar": false,
+          "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "format": "time_series",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "404 by uri [$request_host]",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 10
+      },
+      "id": 14,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "builder",
+          "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "hide": false,
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "4xx by remote addr [$request_host]",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 10
+      },
+      "id": 15,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "builder",
+          "exemplar": false,
+          "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "format": "time_series",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "4xx by uri [$request_host]",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 18
+      },
+      "id": 8,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 11
+          },
+          "id": 10,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "502-504 by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 11
+          },
+          "id": 11,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_host, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "502-504 by host [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 19
+          },
+          "id": 12,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "5xx by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 19
+          },
+          "id": 13,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_host) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "5xx by uri [$request_host]",
+          "type": "timeseries"
+        }
+      ],
+      "title": "5xx Status Code ......................................................................",
+      "type": "row"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 19
+      },
+      "id": 27,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 4
+          },
+          "id": 24,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "hide": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "6xx > by remote addr [$request_host]",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 4
+          },
+          "id": 25,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${DS_PROMETHEUS}"
+              },
+              "editorMode": "builder",
+              "exemplar": false,
+              "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "format": "time_series",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "6xx > by uri [$request_host]",
+          "type": "timeseries"
+        }
+      ],
+      "title": "6xx > Status Code ...................................................................",
+      "type": "row"
+    }
+  ],
+  "refresh": "30s",
+  "schemaVersion": 37,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {
+          "selected": true,
+          "text": "Prometheus",
+          "value": "Prometheus"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "multi": false,
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${DS_PROMETHEUS}"
+        },
+        "definition": "label_values(http_response_count_total, request_host)",
+        "hide": 0,
+        "includeAll": true,
+        "multi": true,
+        "name": "request_host",
+        "options": [],
+        "query": {
+          "query": "label_values(http_response_count_total, request_host)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-1h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "NGINX PROXY",
+  "uid": "x2_jWNF4k",
+  "version": 11,
+  "weekStart": ""
+}
\ No newline at end of file
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
new file mode 100644
index 00000000..1e2492cd
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
@@ -0,0 +1,37 @@
+listen:
+  port: {{ matrix_prometheus_nginxlog_exporter_container_metrics_port }}
+  address: "0.0.0.0"
+  metrics_endpoint: "/metrics"
+
+namespaces:
+  - name: matrix
+    metrics_override:
+      preffix: "myprefix"
+    namespace_label: "namespace"
+    format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""
+    # enable to print to console
+    # print_log: true
+    source:
+      syslog:
+        listen_address: "udp://0.0.0.0:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}"
+        # format options: "rfc3164" ,"rfc5424", "rfc6587", "auto"
+        format: auto
+        tags: ["matrix_nginx_proxy", "matrix_nginx_proxy_companion"]
+    relabel_configs:
+      - target_label: request_uri
+        from: request
+        split: 2
+        separator: ' '
+        matches:
+        - regexp: "^([^\\?]+)(.*)"
+          replacement: "$1"
+      - target_label: remote_addr
+        from: remote_addr
+      - target_label: server_name
+        from: server_name
+      - target_label: http_x_forwarded_for
+        from: http_x_forwarded_for
+      - target_label: request_host
+        from: host
+      - target_label: log_source
+        from: log_source
\ No newline at end of file
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2
new file mode 100644
index 00000000..e799380e
--- /dev/null
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2
@@ -0,0 +1,46 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description={{ matrix_prometheus_nginxlog_exporter_container_hostname }}
+{% for service in matrix_prometheus_nginxlog_exporter_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_prometheus_nginxlog_exporter_container_hostname }} \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_prometheus_nginxlog_exporter_container_http_host_bind_port %}
+			-p {{ matrix_prometheus_nginxlog_exporter_container_http_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }} \
+			{% endif %}
+			{% if matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port %}
+			-p {{ matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}/udp \
+			{% endif %}
+			-v {{ matrix_prometheus_nginxlog_exporter_config_path }}:/etc/prometheus-nginxlog-exporter:z \
+			{% for arg in matrix_prometheus_nginxlog_exporter_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_prometheus_nginxlog_exporter_docker_image }} \
+			-config-file /etc/prometheus-nginxlog-exporter/prometheus-nginxlog-exporter.yaml
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier={{ matrix_prometheus_nginxlog_exporter_container_hostname }}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2
index 83ae8a9a..6ed7cd92 100644
--- a/roles/custom/matrix-prometheus/templates/prometheus.yml.j2
+++ b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2
@@ -64,3 +64,10 @@ scrape_configs:
     static_configs:
       - targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }}
   {% endif %}
+
+  {% if matrix_prometheus_scraper_nginxlog_enabled %}
+  - job_name: nginxlog
+    static_configs:
+      - targets:
+        - {{ matrix_prometheus_scraper_nginxlog_server_port}}
+  {% endif %}
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
index a54701b8..309bb530 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
@@ -39,7 +39,18 @@ http {
 
 	{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
-	{% else %}
+	{% endif %}
+
+	{% if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %}
+	log_format prometheus_fmt 'matrix-synapse-reverse-proxy-companion $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] '
+								'$host "$request" '
+								'$status "$http_referer" '
+								'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log syslog:server={{ matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port }},tag=matrix_nginx_proxy_companion prometheus_fmt;
+	{% endif %}
+
+	{% if not matrix_synapse_reverse_proxy_companion_access_log_enabled and not matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %}
 	access_log off;
 	{% endif %}
 

From fd7914020142be5c8da1fd780079b423efbb0fb2 Mon Sep 17 00:00:00 2001
From: Rhys <66695742+RhysRdm@users.noreply.github.com>
Date: Wed, 7 Dec 2022 15:54:58 +0000
Subject: [PATCH 150/198] Changes to allow a user to set the max participants
 on a jitsi conference (#2323)

* Changes to allow a user to set the max participants on a jitsi
conference

* changed var name from jitsi_max_participants to matrix_prosody_jitsi_max_participants
---
 docs/configuring-playbook-jitsi.md                 | 10 ++++++++++
 roles/custom/matrix-jitsi/defaults/main.yml        |  5 +++++
 roles/custom/matrix-jitsi/templates/prosody/env.j2 |  3 +++
 3 files changed, 18 insertions(+)

diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md
index 4c29b3eb..a9d3c2de 100644
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -127,6 +127,16 @@ Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/
 
 You may want to **limit the maximum video resolution**, to save up resources on both server and clients.
 
+## (Optional) Specify a Max number of participants on a Jitsi conference
+
+The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit.
+
+In order to set the max number of participants add the following variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```
+matrix_prosody_jitsi_max_participants: <INTEGER OF MAX PARTICPANTS>
+```
+
 ## (Optional) Additional JVBs
 
 By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts.
diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index c2d5948d..e923055c 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -277,3 +277,8 @@ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
 matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
+
+# Default max participants to the empty string
+#
+# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
+matrix_prosody_jitsi_max_participants: ''
diff --git a/roles/custom/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2
index 941f2c25..147c01d7 100644
--- a/roles/custom/matrix-jitsi/templates/prosody/env.j2
+++ b/roles/custom/matrix-jitsi/templates/prosody/env.j2
@@ -58,3 +58,6 @@ XMPP_MUC_MODULES=
 XMPP_INTERNAL_MUC_MODULES=
 XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
 XMPP_CROSS_DOMAIN=true
+{% if matrix_prosody_jitsi_max_participants is number %}
+MAX_PARTICIPANTS={{ matrix_prosody_jitsi_max_participants }}
+{% endif %}
\ No newline at end of file

From 6a5a09ba9bd35f8baa95d26651d0f6180934ed7c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 7 Dec 2022 20:36:22 +0200
Subject: [PATCH 151/198] Remove matrix-change-user-admin-status mentions and
 provide an alternative

---
 docs/registering-users.md        | 27 +++++++++++++++++++--------
 docs/updating-users-passwords.md |  2 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/docs/registering-users.md b/docs/registering-users.md
index 83f31a22..321346b6 100644
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@@ -9,7 +9,7 @@ Table of contents:
 	- [Managing users via a Web UI](#managing-users-via-a-web-ui)
 	- [Letting certain users register on your private server](#letting-certain-users-register-on-your-private-server)
 	- [Enabling public user registration](#enabling-public-user-registration)
-	- [Adding/Removing Administrator privileges to an existing user](#addingremoving-administrator-privileges-to-an-existing-user)
+	- [Adding/Removing Administrator privileges to an existing Synapse user](#addingremoving-administrator-privileges-to-an-existing-synapse-user)
 
 
 ## Registering users manually
@@ -58,13 +58,24 @@ and running the [installation](installing.md) procedure once again.
 If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md).
 
 
-## Adding/Removing Administrator privileges to an existing user
+## Adding/Removing Administrator privileges to an existing Synapse user
 
-The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
+To change the admin privileges for a user, you need to run an SQL query like this against the `synapse` database:
 
-* log on to your server with ssh
-* execute with the username and 0/1 (0 = non-admin | 1 = admin)
-
-```
-/usr/local/bin/matrix-change-user-admin-status <username> <0/1>
+```sql
+UPDATE users SET admin=ADMIN_VALUE WHERE name = '@USER:DOMAIN'
 ```
+
+where:
+
+- `ADMIN_VALUE` being either `0` (regular user) or `1` (admin)
+- `USER` and `DOMAIN` pointing to a valid user on your server
+
+If you're using the integrated Postgres server and not an [external Postgres server](configuring-playbook-external-postgres.md), you can launch a Postgres into the `synapse` database by:
+
+- running `/matrix/postgres/bin/cli` - to launch [`psql`](https://www.postgresql.org/docs/current/app-psql.html)
+- running `\c synapse` - to change to the `synapse` database
+
+You can then proceed to run the query above.
+
+**Note**: directly modifying the raw data of Synapse (or any other software) could cause the software to break. You've been warned!
diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md
index 30aa8c99..98663c60 100644
--- a/docs/updating-users-passwords.md
+++ b/docs/updating-users-passwords.md
@@ -36,7 +36,7 @@ Use the Synapse User Admin API as described here: https://github.com/matrix-org/
 
 This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
 
-If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
+If you didn't make your account a server admin when you created it, you can learn how to switch it now by reading about it in [Adding/Removing Administrator privileges to an existing Synapse user](registering-users.md#addingremoving-administrator-privileges-to-an-existing-synapse-user).
 
 ### Example:
 To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:

From 5823f1f29845d913abf0e722a1e6ff294c6dbd2b Mon Sep 17 00:00:00 2001
From: Dan Arnfield <dan@arnfield.com>
Date: Wed, 7 Dec 2022 13:26:02 -0600
Subject: [PATCH 152/198] Only delete playbook scripts from /usr/local/bin

---
 .../tasks/cleanup_usr_local_bin.yml              | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml
index e7abd471..586b5c47 100644
--- a/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml
@@ -3,8 +3,20 @@
 - name: Find leftover matrix scripts in /usr/local/bin
   ansible.builtin.find:
     path: "/usr/local/bin"
-    patterns: "^matrix-.*"
-    use_regex: true
+    patterns:
+      - matrix-change-user-admin-status
+      - matrix-dendrite-create-account
+      - matrix-make-user-admin
+      - matrix-postgres-cli
+      - matrix-postgres-cli-non-interactive
+      - matrix-postgres-update-user-password-hash
+      - matrix-remove-all
+      - matrix-ssl-certificates-renew
+      - matrix-ssl-lets-encrypt-certificates-renew
+      - matrix-synapse-register-user
+      - matrix-synapse-s3-storage-provider-migrate
+      - matrix-synapse-s3-storage-provider-shell
+      - matrix-synapse-worker-write-pid
   register: matrix_usr_local_bin_files_result
 
 - name: Ensure /usr/local/bin does not contain matrix scripts

From 8ef6341fd78e3b3f6a6f3e14bb51379a779dc9fd Mon Sep 17 00:00:00 2001
From: ikkemaniac <ikkemaniac@localhost>
Date: Thu, 8 Dec 2022 00:02:54 +0100
Subject: [PATCH 153/198] fix: systemd entry

---
 group_vars/matrix_servers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index e3f63bb3..e2149a99 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -297,7 +297,7 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
     +
-    ([{'name': (matrix_prometheus_nginxlog_exporter_container_hostname + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
+    ([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
     +
     ([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else [])
     +

From e6fc6b7a863cca81c15384abb0191c8457eaad23 Mon Sep 17 00:00:00 2001
From: ikkemaniac <ikkemaniac@localhost>
Date: Thu, 8 Dec 2022 01:07:49 +0100
Subject: [PATCH 154/198] fix: nginxlog prometheus config port

---
 group_vars/matrix_servers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index e3f63bb3..bdfa3fc9 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2911,7 +2911,7 @@ matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|
 matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}"
 
 matrix_prometheus_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
-matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string)
+matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_metrics_port | string)
 | default('') }}"
 
 ######################################################################

From f186d6236dced7ce52427174693dcaf6852b8fd4 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 9 Dec 2022 10:15:06 +0200
Subject: [PATCH 155/198] Add some missing tags to Synapse role

Without these:

- `--tags=install-synapse` and `--tags=install-all` would be incomplete
and will not contain Synapse worker configuration

- `--tags=install-synapse-reverse-proxy-companion` and
  `--tags=setup-synapse-reverse-proxy-companion` would not contain
  Synapse worker configuration
---
 roles/custom/matrix-synapse/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 3485e894..8aa81395 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -6,6 +6,10 @@
   tags:
     - setup-all
     - setup-synapse
+    - install-all
+    - install-synapse
+    - setup-synapse-reverse-proxy-companion
+    - install-synapse-reverse-proxy-companion
     - start
     - start-all
     - start-group

From 3824139908428cca72c54cd13a1819de40b0ace4 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 9 Dec 2022 10:18:40 +0200
Subject: [PATCH 156/198] Rename inject_into_nginx_proxy.yml to init.yml when
 it does more than injection

---
 .../tasks/{inject_into_nginx_proxy.yml => init.yml}             | 0
 roles/custom/matrix-synapse/tasks/main.yml                      | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename roles/custom/matrix-synapse/tasks/{inject_into_nginx_proxy.yml => init.yml} (100%)

diff --git a/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse/tasks/init.yml
similarity index 100%
rename from roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
rename to roles/custom/matrix-synapse/tasks/init.yml
diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml
index 8aa81395..d00c1808 100644
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -2,7 +2,7 @@
 
 - block:
     - when: matrix_synapse_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/init.yml"
   tags:
     - setup-all
     - setup-synapse

From 0d8161acb526d6d7ccffa1782dbaf79402e64cf4 Mon Sep 17 00:00:00 2001
From: Abe <indoria@aindoria.com>
Date: Fri, 9 Dec 2022 07:15:43 -0700
Subject: [PATCH 157/198] Fix Broken ma1sd Playbook Documentation Link

Old link was pointing at

`https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/configuring-playbook-ma1sd.md` which 404s

New link at `https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-ma1sd.md`
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7cf00607..177c2a0d 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ Services that run on the server to make the various parts of your installation w
 | [Coturn](https://github.com/coturn/coturn) | ✓ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [nginx](http://nginx.org/) | ✓ | Web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) | [Link](docs/configuring-playbook-nginx.md) |
 | [Let's Encrypt](https://letsencrypt.org/) | ✓ | Free  SSL certificate, which secures the connection to the Synapse server and the Element web UI | [Link](docs/configuring-playbook-ssl-certificates.md) |
-| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](configuring-playbook-ma1sd.md)
+| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md)
 | [Exim](https://www.exim.org/) | ✓ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - |
 | [Dimension](https://github.com/turt2live/matrix-dimension) | x | An open source integrations manager for matrix clients | [Link](docs/configuring-playbook-dimension.md) |
 | [Sygnal](https://github.com/matrix-org/sygnal) | x | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |

From d81e7d63280c6f991c963253ac639c13e4e8ad19 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 10 Dec 2022 10:36:40 +0200
Subject: [PATCH 158/198] Make
 matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url required

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2330
---
 docs/configuring-playbook-synapse-s3-storage-provider.md      | 4 ++--
 .../tasks/ext/s3-storage-provider/validate_config.yml         | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md
index a06d658f..6022eaad 100644
--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -28,13 +28,13 @@ While you will need some local disk space around, it's only to accommodate usage
 
 ## Installing
 
-After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure `s3-storage-provider` in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
 ```yaml
 matrix_synapse_ext_synapse_s3_storage_provider_enabled: true
 matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name
 matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1
-matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3
+matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://s3.REGION_NAME.amazonaws.com # adjust this
 matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here
 matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
 matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.
diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
index d71809fe..7a8aafaa 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
@@ -10,9 +10,10 @@
     - "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
     - "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
     - "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
+    - "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
 
 - name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
   ansible.builtin.fail:
     msg: >-
       `matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix).
-  when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"
+  when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"

From dd51ad2ba2320c75d9325ba117e2448ddfecb770 Mon Sep 17 00:00:00 2001
From: Luke Moch <19363185+mochman@users.noreply.github.com>
Date: Sat, 10 Dec 2022 08:13:55 -0500
Subject: [PATCH 159/198] fail if
 matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url 'not'
 startswith('http')

---
 .../tasks/ext/s3-storage-provider/validate_config.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
index 7a8aafaa..317269b3 100644
--- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
@@ -16,4 +16,4 @@
   ansible.builtin.fail:
     msg: >-
       `matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix).
-  when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"
+  when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"

From 2b89d5d92f22206923c4418449d9c8fe45240e05 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 11 Dec 2022 11:45:39 +0200
Subject: [PATCH 160/198] Upgrade exim-relay (4.95-r0-4 -> 4.96-r1-0)

---
 roles/custom/matrix-mailer/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml
index 48cd638c..71e87532 100644
--- a/roles/custom/matrix-mailer/defaults/main.yml
+++ b/roles/custom/matrix-mailer/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.95-r0-4
+matrix_mailer_version: 4.96-r1-0
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

From 3453fff901f0d57a594dab9955546ad166d9ac31 Mon Sep 17 00:00:00 2001
From: Matthew Cengia <mattcen@mattcen.com>
Date: Sun, 11 Dec 2022 21:25:43 +1100
Subject: [PATCH 161/198] Use upstream Docker image for amd64 rather than
 self-build

---
 group_vars/matrix_servers                                 | 2 ++
 roles/custom/matrix-client-hydrogen/defaults/main.yml     | 8 +++-----
 .../custom/matrix-client-hydrogen/tasks/setup_install.yml | 5 +----
 .../matrix-client-hydrogen/templates/config.json.j2       | 2 +-
 .../templates/systemd/matrix-client-hydrogen.service.j2   | 1 +
 5 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 48c8e4d5..93102a88 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2658,6 +2658,8 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
 
 matrix_client_hydrogen_enabled: false
 
+matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+
 # Normally, matrix-nginx-proxy is enabled and nginx can reach Hydrogen over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
 # the HTTP port to the local host.
diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml
index ac0d8289..c62b2ff6 100644
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -3,14 +3,12 @@
 
 matrix_client_hydrogen_enabled: true
 
-# Self building is used by default because the `config.json` file is only read at build time.
-# The pre-built images also were not functional as of 2021-05-15.
-matrix_client_hydrogen_container_image_self_build: true
+matrix_client_hydrogen_container_image_self_build: false
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
 matrix_client_hydrogen_version: v0.3.5
-matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
-matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}"
+matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
 
 matrix_client_hydrogen_data_path: "{{ matrix_base_data_path }}/client-hydrogen"
diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
index 7a886a88..5fe4cead 100644
--- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
+++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
@@ -38,11 +38,10 @@
 - name: Ensure Hydrogen configuration installed
   ansible.builtin.copy:
     content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}"
-    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json"
+    dest: "{{ matrix_client_hydrogen_data_path }}/config.json"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: "matrix_client_hydrogen_container_image_self_build | bool"
 
 - name: Ensure Hydrogen additional config files installed
   ansible.builtin.template:
@@ -55,8 +54,6 @@
     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
   when: "item.src is not none"
 
-# This step MUST come after the steps to install the configuration files because the config files
-# are currently only read at build time, not at run time like most other components in the playbook
 - name: Ensure Hydrogen Docker image is built
   community.docker.docker_image:
     name: "{{ matrix_client_hydrogen_docker_image }}"
diff --git a/roles/custom/matrix-client-hydrogen/templates/config.json.j2 b/roles/custom/matrix-client-hydrogen/templates/config.json.j2
index 161ee47b..b6b1b9be 100644
--- a/roles/custom/matrix-client-hydrogen/templates/config.json.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/config.json.j2
@@ -3,7 +3,7 @@
 	"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
 	"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
 	"themeManifests": [
-		"assets/theme-Element.json"
+		"assets/theme-element.json"
 	],
 	"defaultTheme": {
 		"light": "element-light",
diff --git a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
index 92bfadcb..d8a3fb98 100644
--- a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
@@ -24,6 +24,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endif %}
 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
 			--mount type=bind,src={{ matrix_client_hydrogen_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
+			--mount type=bind,src={{ matrix_client_hydrogen_data_path }}/config.json,dst=/usr/share/nginx/html/config.json,ro \
 			{% for arg in matrix_client_hydrogen_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}

From 86d177266aba99b55db30ce0d62f402786950525 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 11 Dec 2022 17:53:39 +0200
Subject: [PATCH 162/198] Upgrade matrix-corporal (2.4.0 -> 2.5.0)

---
 roles/custom/matrix-corporal/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml
index 1bed8881..136f3f8b 100644
--- a/roles/custom/matrix-corporal/defaults/main.yml
+++ b/roles/custom/matrix-corporal/defaults/main.yml
@@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.4.0
+matrix_corporal_version: 2.5.0
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}"  # for backward-compatibility

From f69d90c1e6fb126a8a2b2358707b5931522712ac Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 11 Dec 2022 17:53:52 +0200
Subject: [PATCH 163/198] Upgrade Prometheus (2.40.5 -> 2.40.6)

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index 77e7fb1a..1f4a4f49 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.5
+matrix_prometheus_version: v2.40.6
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From 108ada75e88744f7d851680a89a44b63f26ffcfc Mon Sep 17 00:00:00 2001
From: ikkemaniac <ikkemaniac@localhost>
Date: Sun, 11 Dec 2022 22:37:54 +0100
Subject: [PATCH 164/198] update dashboard, fix typo, fix using original user
 ip

improve nginxlog matches to group URI's
---
 .../templates/nginx-proxy.json                | 58 +++++++++----------
 .../prometheus-nginxlog-exporter.yaml.j2      | 20 +++++++
 2 files changed, 49 insertions(+), 29 deletions(-)

diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
index 41533488..395314fd 100644
--- a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
@@ -56,7 +56,7 @@
   "editable": true,
   "fiscalYearStartMonth": 0,
   "graphTooltip": 0,
-  "id": null,
+  "id": 5,
   "links": [],
   "liveNow": false,
   "panels": [
@@ -132,7 +132,7 @@
             "h": 8,
             "w": 12,
             "x": 0,
-            "y": 17
+            "y": 1
           },
           "id": 20,
           "options": {
@@ -154,14 +154,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "1xx by remote addr [$request_host]",
+          "title": "1xx by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -226,7 +226,7 @@
             "h": 8,
             "w": 12,
             "x": 12,
-            "y": 17
+            "y": 1
           },
           "id": 21,
           "options": {
@@ -323,7 +323,7 @@
             "h": 8,
             "w": 12,
             "x": 0,
-            "y": 25
+            "y": 9
           },
           "id": 18,
           "options": {
@@ -345,14 +345,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "2xx by remote addr [$request_host]",
+          "title": "2xx by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -417,7 +417,7 @@
             "h": 8,
             "w": 12,
             "x": 12,
-            "y": 25
+            "y": 9
           },
           "id": 19,
           "options": {
@@ -514,7 +514,7 @@
             "h": 8,
             "w": 12,
             "x": 0,
-            "y": 33
+            "y": 17
           },
           "id": 16,
           "options": {
@@ -536,14 +536,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "3xx by remote addr [$request_host]",
+          "title": "3xx by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -608,7 +608,7 @@
             "h": 8,
             "w": 12,
             "x": 12,
-            "y": 33
+            "y": 17
           },
           "id": 17,
           "options": {
@@ -644,7 +644,7 @@
           "type": "timeseries"
         }
       ],
-      "title": "1xx - 3xx - 2xx Status Code .....................................................",
+      "title": "1xx - 2xx - 3xx Status Code .....................................................",
       "type": "row"
     },
     {
@@ -744,14 +744,14 @@
             "uid": "${DS_PROMETHEUS}"
           },
           "editorMode": "builder",
-          "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
           "hide": false,
           "legendFormat": "__auto",
           "range": true,
           "refId": "B"
         }
       ],
-      "title": "404 by remote addr [$request_host]",
+      "title": "404 by upstream addr[$request_host]",
       "type": "timeseries"
     },
     {
@@ -935,14 +935,14 @@
             "uid": "${DS_PROMETHEUS}"
           },
           "editorMode": "builder",
-          "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+          "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
           "hide": false,
           "legendFormat": "__auto",
           "range": true,
           "refId": "B"
         }
       ],
-      "title": "4xx by remote addr [$request_host]",
+      "title": "4xx by upstream addr[$request_host]",
       "type": "timeseries"
     },
     {
@@ -1114,7 +1114,7 @@
             "h": 8,
             "w": 12,
             "x": 0,
-            "y": 11
+            "y": 3
           },
           "id": 10,
           "options": {
@@ -1136,14 +1136,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "502-504 by remote addr [$request_host]",
+          "title": "502-504 by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -1208,7 +1208,7 @@
             "h": 8,
             "w": 12,
             "x": 12,
-            "y": 11
+            "y": 3
           },
           "id": 11,
           "options": {
@@ -1305,7 +1305,7 @@
             "h": 8,
             "w": 12,
             "x": 0,
-            "y": 19
+            "y": 11
           },
           "id": 12,
           "options": {
@@ -1327,14 +1327,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "5xx by remote addr [$request_host]",
+          "title": "5xx by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -1399,7 +1399,7 @@
             "h": 8,
             "w": 12,
             "x": 12,
-            "y": 19
+            "y": 11
           },
           "id": 13,
           "options": {
@@ -1532,14 +1532,14 @@
                 "uid": "${DS_PROMETHEUS}"
               },
               "editorMode": "builder",
-              "expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
+              "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
               "hide": false,
               "legendFormat": "__auto",
               "range": true,
               "refId": "B"
             }
           ],
-          "title": "6xx > by remote addr [$request_host]",
+          "title": "6xx > by upstream addr[$request_host]",
           "type": "timeseries"
         },
         {
@@ -1700,6 +1700,6 @@
   "timezone": "",
   "title": "NGINX PROXY",
   "uid": "x2_jWNF4k",
-  "version": 11,
+  "version": 12,
   "weekStart": ""
 }
\ No newline at end of file
diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
index 1e2492cd..38db07eb 100644
--- a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
+++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
@@ -23,6 +23,26 @@ namespaces:
         split: 2
         separator: ' '
         matches:
+        - regexp: "^([^\\?]+)/(public|bundles|fonts|img|themes|vector-icons|element-icons|d|media).*"
+          replacement: "$1/$2/"
+        - regexp: "^([^\\?]+).*/rooms/.*/(event|read_markers|messages|receipt|state|typing|members).*"
+          replacement: "$1/rooms/:roomid:/$2"
+        - regexp: "^([^\\?]+).*/(r0|v3)/(sync|pushers|keys|devices|download|sendtodevice).*"
+          replacement: "$1/:v:/$3"
+        - regexp: "^([^\\?]+).*/rooms/(.*)/send/(.*)"
+          replacement: "$1/rooms/:roomid:/send/:command:/:id:"
+        - regexp: "^([^\\?]+).*/client/unstable/.*"
+          replacement: "$1/client/unstable/:matrixspec:"
+        - regexp: "^([^\\?]+).*/presence/.*"
+          replacement: "$1/presence/:userid:"
+        - regexp: "^([^\\?]+).*/user/.*"
+          replacement: "$1/user/:userid:"
+        - regexp: "^([^\\?]+).*/profile/.*"
+          replacement: "$1/profile/:userid:"
+        - regexp: "^([^\\?]+).*/directory/room/.*"
+          replacement: "$1/directory/room/:roomid:"
+        - regexp: "^([^\\?]+).*/thumbnail/.*"
+          replacement: "$1/thumbnail/:domain:/:mxid:"
         - regexp: "^([^\\?]+)(.*)"
           replacement: "$1"
       - target_label: remote_addr

From b9afcead4208c0a3245a6c7b16ab57f10f085052 Mon Sep 17 00:00:00 2001
From: gardar <gardar@users.noreply.github.com>
Date: Sun, 11 Dec 2022 23:25:59 +0000
Subject: [PATCH 165/198] fix: unclosed tags typo

---
 .../templates/config.yaml.j2                                  | 4 ++--
 .../matrix-bridge-mautrix-facebook/templates/config.yaml.j2   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
index 1bb87cb4..803d443f 100644
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
@@ -230,8 +230,8 @@ bridge:
         #   $message            - The message content
         message_formats:
             m.text: '<b>$sender_displayname</b>: $message'
-            m.notice: '<b>$sender_displayname<b>: $message'
-            m.emote: '* <b>$sender_displayname<b> $message'
+            m.notice: '<b>$sender_displayname</b>: $message'
+            m.emote: '* <b>$sender_displayname</b> $message'
             m.file: 'File from <b>$sender_displayname</b>: $message'
             m.image: 'Image from <b>$sender_displayname</b>: $message'
             m.audio: 'Audio from <b>$sender_displayname</b>: $message'
diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
index 3318255d..b8e25fee 100644
--- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
@@ -216,8 +216,8 @@ bridge:
         #   $message            - The message content
         message_formats:
             m.text: '<b>$sender_displayname</b>: $message'
-            m.notice: '<b>$sender_displayname<b>: $message'
-            m.emote: '* <b>$sender_displayname<b> $message'
+            m.notice: '<b>$sender_displayname</b>: $message'
+            m.emote: '* <b>$sender_displayname</b> $message'
             m.file: '<b>$sender_displayname</b> sent a file'
             m.image: '<b>$sender_displayname</b> sent an image'
             m.audio: '<b>$sender_displayname</b> sent an audio file'

From ae7325f251d4bc5653913949cba6a4da5a5e4ac5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 12 Dec 2022 15:28:23 +0200
Subject: [PATCH 166/198] Run com.devture.ansible.role.playbook_state_preserver
 even on --tags=install-all

---
 playbooks/matrix.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 92e027fb..9f6d8f77 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -115,5 +115,6 @@
       role: galaxy/com.devture.ansible.role.playbook_state_preserver
       tags:
         - setup-all
+        - install-all
 
     - role: galaxy/com.devture.ansible.role.playbook_runtime_messages

From a3ec2f32157acc58707e5c4916fe4e333f7d1fc7 Mon Sep 17 00:00:00 2001
From: Fanch <fanch@libre.bzh>
Date: Mon, 12 Dec 2022 15:18:05 +0100
Subject: [PATCH 167/198] Specify relation between matrix-registration and
 matrix-registration-bot

---
 docs/configuring-playbook-matrix-registration.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md
index 2b4b07ff..491d94e2 100644
--- a/docs/configuring-playbook-matrix-registration.md
+++ b/docs/configuring-playbook-matrix-registration.md
@@ -4,6 +4,8 @@ The playbook can install and configure [matrix-registration](https://github.com/
 
 **WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.
 
+**WARNING**: this is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)
+
 > matrix-registration is a simple python application to have a token based matrix registration.
 
 Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.

From 3f4ab0bd7efbdaea7658dfdeda9f771906aac1f2 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 12 Dec 2022 18:56:15 +0200
Subject: [PATCH 168/198] Upgrade Redis (7.0.4 -> 7.0.5)

---
 roles/custom/matrix-redis/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml
index 4eefbce4..2ae0c4d4 100644
--- a/roles/custom/matrix-redis/defaults/main.yml
+++ b/roles/custom/matrix-redis/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_redis_connection_password: ""
 matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
 matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
 
-matrix_redis_version: 7.0.4-alpine
+matrix_redis_version: 7.0.5-alpine
 matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}"
 matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
 matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'

From 1f593f708f4eadc236443d8106cf58811cfb05ca Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 12 Dec 2022 19:00:45 +0200
Subject: [PATCH 169/198] Upgrade Jitsi (stable-8044 -> stable-8138)

Untested
---
 roles/custom/matrix-jitsi/defaults/main.yml        | 3 ++-
 roles/custom/matrix-jitsi/templates/prosody/env.j2 | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index e923055c..d5bec324 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-8044
+matrix_jitsi_version: stable-8138
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}"  # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@@ -96,6 +96,7 @@ matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
 matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
 matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
 matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
+matrix_jitsi_turn_transport: tcp
 
 # Controls whether Etherpad will be available within Jitsi
 matrix_jitsi_etherpad_enabled: false
diff --git a/roles/custom/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2
index 147c01d7..b0ebbefc 100644
--- a/roles/custom/matrix-jitsi/templates/prosody/env.j2
+++ b/roles/custom/matrix-jitsi/templates/prosody/env.j2
@@ -47,6 +47,7 @@ TURN_HOST={{ matrix_jitsi_turn_host }}
 TURNS_HOST={{ matrix_jitsi_turns_host }}
 TURN_PORT={{ matrix_jitsi_turn_port }}
 TURNS_PORT={{ matrix_jitsi_turns_port }}
+TURN_TRANSPORT={{ matrix_jitsi_turn_transport }}
 TZ={{ matrix_jitsi_timezone }}
 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
@@ -60,4 +61,4 @@ XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
 XMPP_CROSS_DOMAIN=true
 {% if matrix_prosody_jitsi_max_participants is number %}
 MAX_PARTICIPANTS={{ matrix_prosody_jitsi_max_participants }}
-{% endif %}
\ No newline at end of file
+{% endif %}

From f642f6fae79678ad853700ec886ff95ee51289cf Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 13 Dec 2022 22:45:52 +0000
Subject: [PATCH 170/198] update mautrix-instagram 0.2.2 -> 0.2.3

---
 roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
index 75b99656..0e726aa8 100644
--- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
 
-matrix_mautrix_instagram_version: v0.2.2
+matrix_mautrix_instagram_version: v0.2.3
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

From 07ca0267f1267747d3532249af763248b951fdb7 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 13 Dec 2022 22:47:30 +0000
Subject: [PATCH 171/198] update redis 7.0.5 -> 7.0.6

---
 roles/custom/matrix-redis/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml
index 2ae0c4d4..8425c737 100644
--- a/roles/custom/matrix-redis/defaults/main.yml
+++ b/roles/custom/matrix-redis/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_redis_connection_password: ""
 matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
 matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
 
-matrix_redis_version: 7.0.5-alpine
+matrix_redis_version: 7.0.6-alpine
 matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}"
 matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
 matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'

From bd0f21588fea5c85d9bb2cc64370b3b70bd04233 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Tue, 13 Dec 2022 22:49:10 +0000
Subject: [PATCH 172/198] Update jitsi stable-8138 -> stable-8138-1

---
 roles/custom/matrix-jitsi/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml
index d5bec324..ce4d19cc 100644
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-8138
+matrix_jitsi_version: stable-8138-1
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}"  # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

From 455b8aff158b651ee41b7a4067d41b70bd965769 Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Wed, 14 Dec 2022 10:32:14 +0000
Subject: [PATCH 173/198] Update prometheus 2.40.6 -> 2.40.7

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index 1f4a4f49..ed13c10f 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.6
+matrix_prometheus_version: v2.40.7
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From fa735130647e586650b963432363370ce75deb86 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 17 Dec 2022 22:47:38 +0200
Subject: [PATCH 174/198] Upgrade mautrix-whatsapp (0.7.2 -> 0.8.0)

---
 roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml   | 2 +-
 .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2     | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index 186c6297..1307d09e 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.7.2
+matrix_mautrix_whatsapp_version: v0.8.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
index 9c0b95e8..4b5af2e9 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -290,6 +290,8 @@ bridge:
     # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
     # This is currently not supported in most clients.
     caption_in_message: false
+    # Should polls be sent using MSC3381 event types?
+    extev_polls: false
     # Should Matrix edits be bridged to WhatsApp edits?
     # Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away.
     send_whatsapp_edits: false

From a7d39b109a69012475aa9053db833b3d348f4008 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 17 Dec 2022 22:48:48 +0200
Subject: [PATCH 175/198] Upgrade Redis (7.0.6 -> 7.0.7)

---
 roles/custom/matrix-redis/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml
index 8425c737..779ec3a3 100644
--- a/roles/custom/matrix-redis/defaults/main.yml
+++ b/roles/custom/matrix-redis/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_redis_connection_password: ""
 matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
 matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
 
-matrix_redis_version: 7.0.6-alpine
+matrix_redis_version: 7.0.7-alpine
 matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}"
 matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
 matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'

From 576eb0006cd4907ea3706e584c8341b218854c18 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 17 Dec 2022 22:49:34 +0200
Subject: [PATCH 176/198] Upgrade Grafana (9.3.1 -> 9.3.2)

---
 roles/custom/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml
index 49f2eb51..44821b57 100644
--- a/roles/custom/matrix-grafana/defaults/main.yml
+++ b/roles/custom/matrix-grafana/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.3.1
+matrix_grafana_version: 9.3.2
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From f2e68469cb5893e11ef648e18db013c86008910e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 19 Dec 2022 12:32:43 +0200
Subject: [PATCH 177/198] Upgrade nginx (1.23.2 -> 1.23.3)

---
 roles/custom/matrix-nginx-proxy/defaults/main.yml               | 2 +-
 .../matrix-synapse-reverse-proxy-companion/defaults/main.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 839211e0..6fbc019e 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # Project source code URL: https://github.com/nginx/nginx
 matrix_nginx_proxy_enabled: true
-matrix_nginx_proxy_version: 1.23.2-alpine
+matrix_nginx_proxy_version: 1.23.3-alpine
 
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
index 13a9ca1e..364cf2c7 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -25,7 +25,7 @@
 
 matrix_synapse_reverse_proxy_companion_enabled: true
 
-matrix_synapse_reverse_proxy_companion_version: 1.23.2-alpine
+matrix_synapse_reverse_proxy_companion_version: 1.23.3-alpine
 
 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

From 5e30f6d4c4af1bb000f56641b3a57ea91c512d3f Mon Sep 17 00:00:00 2001
From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com>
Date: Mon, 19 Dec 2022 15:33:58 +0100
Subject: [PATCH 178/198] Update Mjolnir from 1.5.0 to 1.6.1

Please note that This Mjolnir version bump technnically is missing some extra stuff that mjolnir claims we should do but it didnt work when i tried it and well my mjolnir deployment has been running this since release day almost and its fine. No errors in log that are unexpected. (Mjolnir throws errors in the log for anyone who wonders for various things that are fine. Like if a protection is off that is an error. Its due to how matrix-bot-lib works.)
---
 roles/custom/matrix-bot-mjolnir/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
index 0be97eae..b17f2f4b 100644
--- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
@@ -4,7 +4,7 @@
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v1.5.0"
+matrix_bot_mjolnir_version: "v1.6.1"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

From d4a8435fa2f496f94f9c23a01148b20a56406d18 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 20 Dec 2022 10:32:00 +0200
Subject: [PATCH 179/198] Try to improve own-webserver docs a bit

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2351
---
 docs/configuring-playbook-own-webserver.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md
index 76d48587..75ba262b 100644
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -19,7 +19,12 @@ There are **2 ways you can go about it**, if you'd like to use your own webserve
 ## Method 1: Disabling the integrated nginx reverse-proxy webserver
 
 This method is about completely disabling the integrated nginx reverse-proxy webserver and replicating its behavior using another webserver.
-For an alternative, make sure to check Method #2 as well.
+
+If that other webserver is `nginx`, you'd be able to include configuration files generated by the playbook into your `nginx` webserver.
+
+If you'd like to use another webserver (not `nginx`), you'd need to do things manually. We have examples for other webservers below.
+
+For an alternative (which keeps `matrix-nginx-proxy` around and connects your other reverse-proxy with it), make sure to check Method #2.
 
 ### Preparation
 

From 362954aeab35398e3cd6cd5e735f3fade338b022 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 20 Dec 2022 11:23:40 +0200
Subject: [PATCH 180/198] Remove warning which no longer applies

This warning was added because of:
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090

The problem has since been fixed by:
https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/e9e84341a91fb0013469d74ee8c88c2edb5ad3a5

This current patch was provoked by:
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2352
---
 docs/configuring-playbook-own-webserver.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md
index 75ba262b..06f21b32 100644
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -6,9 +6,6 @@ If that's alright, you can skip this.
 If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that,
 and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can.
 
-You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver.
-For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine.
-
 There are **2 ways you can go about it**, if you'd like to use your own webserver:
 
 - [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver)

From deabd7945296ae6358be4258fe09fb2a9c7509e2 Mon Sep 17 00:00:00 2001
From: Joe Kappus <joe@wt.gd>
Date: Tue, 20 Dec 2022 14:07:14 -0500
Subject: [PATCH 181/198] Upgrade Synapse (1.73.0 -> 1.74.0)

Signed-off-by: Joe Kappus <joe@wt.gd>
---
 roles/custom/matrix-synapse/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 19c6d2b1..07eb803e 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.73.0
+matrix_synapse_version: v1.74.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

From d0b2a507689233d3120186036f4960bec9cc80d9 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 20 Dec 2022 21:36:39 +0200
Subject: [PATCH 182/198] Upgrade Hydrogen (v0.3.5 -> v0.3.6)

---
 roles/custom/matrix-client-hydrogen/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml
index c62b2ff6..c3f2ab95 100644
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -6,7 +6,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: false
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.3.5
+matrix_client_hydrogen_version: v0.3.6
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

From 42c4f0450d122806e6fb7a83bf311780d7519eeb Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 20 Dec 2022 21:37:19 +0200
Subject: [PATCH 183/198] Upgrade Prometheus (2.40.7 -> 2.41.0)

---
 roles/custom/matrix-prometheus/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml
index ed13c10f..5216ccd7 100644
--- a/roles/custom/matrix-prometheus/defaults/main.yml
+++ b/roles/custom/matrix-prometheus/defaults/main.yml
@@ -5,7 +5,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.40.7
+matrix_prometheus_version: v2.41.0
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

From 40aa42e9821aa066bc58921ec2f18590240d95ea Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 21 Dec 2022 06:43:43 +0200
Subject: [PATCH 184/198] Add reference to push.enabled to homeserver.yaml

Related to:

- https://github.com/matrix-org/synapse/pull/14551/files
- https://github.com/matrix-org/synapse/pull/14619/files
---
 .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 3767a3fc..d2dd1c74 100644
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -2532,6 +2532,8 @@ password_providers:
 ## Push ##
 
 push:
+  # enabled: false
+
   # Clients requesting push notifications can either have the body of
   # the message sent in the notification poke along with other details
   # like the sender, or just the event ID and room ID (`event_id_only`).

From 77bb386adc7f8f3a84b0029def894493fafe3093 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 21 Dec 2022 18:47:38 +0200
Subject: [PATCH 185/198] Upgrade devture/ansible (2.13.6-r0 -> 2.13.6-r0-1)

This is a rebuild on Alpinelinux 3.17.0 (previously 3.16.2).
The new container image tag was pushed for arm32 and arm64 architectures
as well (2.13.6-r0 was `amd64`-only due to CI trouble in the past).

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2353
---
 docs/ansible.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/ansible.md b/docs/ansible.md
index 22122283..60be6164 100644
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -65,7 +65,7 @@ docker run -it --rm \
 -w /work \
 -v `pwd`:/work \
 --entrypoint=/bin/sh \
-docker.io/devture/ansible:2.13.6-r0
+docker.io/devture/ansible:2.13.6-r0-1
 ```
 
 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.

From 33fb5a46657676ce98fa9bca1c187436a6aba367 Mon Sep 17 00:00:00 2001
From: Samuel Meenzen <samuel@meenzen.net>
Date: Wed, 21 Dec 2022 18:21:49 +0100
Subject: [PATCH 186/198] Upgrade Conduit (0.4.0 -> 0.5.0)

---
 roles/custom/matrix-conduit/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml
index 366321b9..bbab5cde 100644
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -6,7 +6,7 @@ matrix_conduit_enabled: true
 
 matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
 matrix_conduit_docker_image_name_prefix: "docker.io/"
-matrix_conduit_docker_image_tag: "v0.4.0"
+matrix_conduit_docker_image_tag: "v0.5.0"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

From 0179b0f1659d293b3840dc58b0a2cf38945f1c37 Mon Sep 17 00:00:00 2001
From: Samuel Meenzen <samuel@meenzen.net>
Date: Wed, 21 Dec 2022 18:28:34 +0100
Subject: [PATCH 187/198] Remove conduit workaround

Conduit update 0.5.0 fixed the issue, so this is no longer needed.
---
 group_vars/matrix_servers                                    | 4 ----
 roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 93102a88..2a9e0414 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -718,10 +718,6 @@ matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabl
 matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
 
-# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
-# This will be fixed in the upcoming `0.5.0` release of conduit.
-matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"
-
 ######################################################################
 #
 # /matrix-bridge-mautrix-discord
diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
index bb8846f5..a66d5c6a 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -141,6 +141,6 @@ matrix_mautrix_discord_bridge_encryption_allow: false
 matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
 matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
 
-# On conduit this option may prevent you from joining spaces created by the bridge.
-# Setting this to false fixes the issue.
+# On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
+# Setting this to false fixed the issue.
 matrix_mautrix_discord_bridge_restricted_rooms: true

From bef4fe5d9e8116122acdb84a81f17c188f611b2f Mon Sep 17 00:00:00 2001
From: adam-kress <okcoop@pm.me>
Date: Wed, 21 Dec 2022 13:16:09 -0500
Subject: [PATCH 188/198] Update element v1.11.16 -> v1.11.17

---
 roles/custom/matrix-client-element/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index 480e41a4..d359108c 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.11.16
+matrix_client_element_version: v1.11.17
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

From d1442dec153e0d3e16e4588e18f9ff752135994a Mon Sep 17 00:00:00 2001
From: Kuchenmampfer <79256346+Kuchenmampfer@users.noreply.github.com>
Date: Thu, 22 Dec 2022 22:31:38 +0000
Subject: [PATCH 189/198] Upgrade Signald

Fixes the following issue when trying to use the !pm <phone number> command: https://gitlab.com/signald/signald/-/issues/345
---
 roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
index 18681feb..3bdb02c8 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
 matrix_mautrix_signal_version: v0.4.2
-matrix_mautrix_signal_daemon_version: 0.23.0
+matrix_mautrix_signal_daemon_version: 0.23.1
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"

From 8b2a86e35ea42c6cb58cac3acb9a53d12e98190e Mon Sep 17 00:00:00 2001
From: Aine <aine@etke.cc>
Date: Fri, 23 Dec 2022 13:00:35 +0200
Subject: [PATCH 190/198] update beeper-linkedin 0.5.3 -> 0.5.4

---
 .../defaults/main.yml                            |  4 +++-
 .../templates/config.yaml.j2                     | 16 ++++++++--------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
index 92d9b2e1..513eba14 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -4,7 +4,7 @@
 
 matrix_beeper_linkedin_enabled: true
 
-matrix_beeper_linkedin_version: v0.5.3
+matrix_beeper_linkedin_version: v0.5.4
 
 # See: https://github.com/beeper/linkedin/pkgs/container/linkedin
 matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
@@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
 
 matrix_beeper_linkedin_bridge_presence: true
 
+matrix_beeper_linkedin_bridge_space_support_enable: true
+
 matrix_beeper_linkedin_command_prefix: "!li"
 
 matrix_beeper_linkedin_bridge_permissions: |
diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
index a30f2425..8b9c81ea 100644
--- a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
@@ -88,15 +88,15 @@ manhole:
 # Bridge config
 bridge:
     # Localpart template of MXIDs for LinkedIn  users.
+    # {userid} is replaced with the user ID of the LinkedIn user
     username_template: "linkedin_{userid}"
-    # Displayname template for LinkedIn users.
-    # Localpart template for per-user room grouping community IDs.
-    # The bridge will create these communities and add all of the specific user's portals to the community.
-    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
-    # (Note that, by default, non-admins might not have your homeserver's permission to create
-    # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.)
-    # `linkedin_{localpart}={server}` is a good value.
-    community_template: null
+    # Settings for creating a space for every user.
+    space_support:
+        # Whether or not to enable creating a space per user and inviting the
+        # user (as well as all of the puppets) to that space.
+        enable: {{ matrix_beeper_linkedin_bridge_space_support_enable|to_json }}
+        # The name of the space
+        name: "LinkedIn"
 
     # Displayname template for LinkedIn users.
     # {displayname} is replaced with the display name of the LinkedIn user

From 6795fe35782e387cb7f789f3d39a0c6a21e9163d Mon Sep 17 00:00:00 2001
From: Aine <97398200+etkecc@users.noreply.github.com>
Date: Fri, 23 Dec 2022 15:46:33 +0000
Subject: [PATCH 191/198] Update ntfy 1.29.1 -> 1.30.1

---
 roles/custom/matrix-ntfy/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml
index 981eba36..397efb35 100644
--- a/roles/custom/matrix-ntfy/defaults/main.yml
+++ b/roles/custom/matrix-ntfy/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
 matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
 matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
 
-matrix_ntfy_version: v1.29.1
+matrix_ntfy_version: v1.30.1
 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
 matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
 

From ba09705f7fbaf0108652ecbe209793b1d935eba7 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 26 Dec 2022 07:58:32 +0200
Subject: [PATCH 192/198] Make Jitsi auth setup not show credentials in the
 shell

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2363
---
 roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
index 4edc5431..60a49b42 100644
--- a/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
+++ b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
@@ -22,6 +22,7 @@
     - matrix_jitsi_prosody_auth_internal_accounts|length > 0
   register: matrix_jitsi_user_configuration_result
   changed_when: matrix_jitsi_user_configuration_result.rc == 0
+  no_log: true
 
 #
 # Tasks related to configuring other Jitsi authentication mechanisms

From a6d7370106149e079af50590d228909d6122cf33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Dec 2022 16:06:33 +0000
Subject: [PATCH 193/198] Bump ansible-community/ansible-lint-action from 6.8.2
 to 6.10.0

Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.8.2 to 6.10.0.
- [Release notes](https://github.com/ansible-community/ansible-lint-action/releases)
- [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.8.2...v6.10.0)

---
updated-dependencies:
- dependency-name: ansible-community/ansible-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/matrix.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
index 6c7ce3ca..8d846c05 100644
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -21,6 +21,6 @@ jobs:
       - name: Check out
         uses: actions/checkout@v3
       - name: Run ansible-lint
-        uses: ansible-community/ansible-lint-action@v6.8.2
+        uses: ansible-community/ansible-lint-action@v6.10.0
         with:
           path: roles/custom

From 2188dd34d108907037007ecf3f5dec3004d8d565 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 28 Dec 2022 15:29:09 +0200
Subject: [PATCH 194/198] Add missing install-* tags in setup.yml

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2356
---
 playbooks/matrix.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml
index 9f6d8f77..088ea640 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@@ -18,18 +18,24 @@
       tags:
         - setup-docker
         - setup-all
+        - install-docker
+        - install-all
 
     - when: devture_docker_sdk_for_python_installation_enabled | bool
       role: galaxy/com.devture.ansible.role.docker_sdk_for_python
       tags:
         - setup-docker
         - setup-all
+        - install-docker
+        - install-all
 
     - when: devture_timesync_installation_enabled | bool
       role: galaxy/com.devture.ansible.role.timesync
       tags:
         - setup-timesync
         - setup-all
+        - install-timesync
+        - install-all
 
     - custom/matrix-base
     - custom/matrix-dynamic-dns

From d018677293e9637c6ca53cf1f0e1f2846ed51763 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 30 Dec 2022 18:12:38 +0200
Subject: [PATCH 195/198] Upgrade geerlingguy.docker (6.0.3 -> 6.0.4)

---
 requirements.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.yml b/requirements.yml
index eef5b054..93c80215 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,7 +1,7 @@
 ---
 
 - src: geerlingguy.docker
-  version: 6.0.3
+  version: 6.0.4
 
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5

From 73e689e48eeef12906478bc6190a5254193ad0c1 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sat, 31 Dec 2022 17:33:46 +0200
Subject: [PATCH 196/198] Fix --tags=register-user not working on Dendrite due
 to broken Jinja syntax

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2369
---
 roles/custom/matrix-dendrite/tasks/register_user.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml
index 1e2fc100..8ee18ed2 100644
--- a/roles/custom/matrix-dendrite/tasks/register_user.yml
+++ b/roles/custom/matrix-dendrite/tasks/register_user.yml
@@ -29,6 +29,6 @@
 
 - name: Register user
   ansible.builtin.command:
-    cmd: "{{ {{ matrix_dendrite_bin_path }} }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
+    cmd: "{{ matrix_dendrite_bin_path }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
   register: matrix_dendrite_register_user_result
   changed_when: matrix_dendrite_register_user_result.rc == 0

From 1abba4c9181982da12aa0f1464a01754d8103c9e Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 2 Jan 2023 14:39:54 +0200
Subject: [PATCH 197/198] Upgrade matrix-corporal (2.5.0 -> 2.5.1)

---
 roles/custom/matrix-corporal/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml
index 136f3f8b..9f6da78a 100644
--- a/roles/custom/matrix-corporal/defaults/main.yml
+++ b/roles/custom/matrix-corporal/defaults/main.yml
@@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.5.0
+matrix_corporal_version: 2.5.1
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}"  # for backward-compatibility

From 2a2d9d97c2e8c593903b83491893a724f60a613d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Jan 2023 16:06:49 +0000
Subject: [PATCH 198/198] Bump ansible-community/ansible-lint-action from
 6.10.0 to 6.10.2

Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.10.0 to 6.10.2.
- [Release notes](https://github.com/ansible-community/ansible-lint-action/releases)
- [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.10.0...v6.10.2)

---
updated-dependencies:
- dependency-name: ansible-community/ansible-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/matrix.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
index 8d846c05..281b1496 100644
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -21,6 +21,6 @@ jobs:
       - name: Check out
         uses: actions/checkout@v3
       - name: Run ansible-lint
-        uses: ansible-community/ansible-lint-action@v6.10.0
+        uses: ansible-community/ansible-lint-action@v6.10.2
         with:
           path: roles/custom