diff --git a/host_vars/matrix.homedungeon.xyz/vars.yml b/host_vars/matrix.homedungeon.xyz/vars.yml
index c818105..3acfe25 100644
--- a/host_vars/matrix.homedungeon.xyz/vars.yml
+++ b/host_vars/matrix.homedungeon.xyz/vars.yml
@@ -9,8 +9,12 @@
 # because you can't change the Domain after deployment.
 matrix_domain: homedungeon.xyz
 
+# synapse-admin
 matrix_synapse_admin_enabled: true
 
+# federation
+matrix_static_files_container_labels_base_domain_enabled: true
+
 # The Matrix homeserver software to install.
 # See:
 #  - `roles/custom/matrix-base/defaults/main.yml` for valid options
@@ -71,49 +75,49 @@ postgres_connection_password: '{{ vault.postgres_connection_password }}'
 #
 # matrix_coturn_turn_external_ip_address: ''
 
-# Disable ACME / Let's Encrypt support.
-traefik_config_certificatesResolvers_acme_enabled: false
-
-# Disabling ACME support (above) automatically disables the SSL directory to be created.
-# Force-enable it to be created with this configuration, because we'll add our certificate files there.
-traefik_ssl_dir_enabled: true
-
-# Tell Traefik to load our custom SSL key pair by extending provider configuration.
-# The key pair files are created below, in `aux_file_definitions`.
-# Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
-traefik_provider_configuration_extension_yaml:
-  tls:
-    certificates:
-      - certFile: /ssl/cert.pem
-        keyFile: /ssl/privkey.pem
-    stores:
-      default:
-        defaultCertificate:
-          certFile: /ssl/cert.pem
-          keyFile: /ssl/privkey.pem
-
+## Disable ACME / Let's Encrypt support.
+#traefik_config_certificatesResolvers_acme_enabled: false
+#
+## Disabling ACME support (above) automatically disables the SSL directory to be created.
+## Force-enable it to be created with this configuration, because we'll add our certificate files there.
+#traefik_ssl_dir_enabled: true
+#
+## Tell Traefik to load our custom SSL key pair by extending provider configuration.
+## The key pair files are created below, in `aux_file_definitions`.
+## Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
+#traefik_provider_configuration_extension_yaml:
+#  tls:
+#    certificates:
+#      - certFile: /ssl/cert.pem
+#        keyFile: /ssl/privkey.pem
+#    stores:
+#      default:
+#        defaultCertificate:
+#          certFile: /ssl/cert.pem
+#          keyFile: /ssl/privkey.pem
+#
 # Use the aux role to create our custom files on the server.
 # If you'd like to do this manually, remove this `aux_file_definitions` variable.
-aux_file_definitions:
-  # Create the privkey.pem file on the server by
-  # uploading a file from the computer where Ansible is running.
-  - dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
-    src: inventory/ssl/privkey.pem
-    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
-    # Mind the indentation level (indented with two white space characters).
-    # content: |
-    #   FILE CONTENT
-    #   HERE
-
-  # Create the cert.pem file on the server
-  # uploading a file from the computer where Ansible is running.
-  - dest: "{{ traefik_ssl_dir_path }}/cert.pem"
-    src: inventory/ssl/cert.pem
-    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
-    # Mind the indentation level (indented with two white space characters).
-    # content: |
-    #   FILE CONTENT
-    #   HERE
+#aux_file_definitions:
+#  # Create the privkey.pem file on the server by
+#  # uploading a file from the computer where Ansible is running.
+#  - dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
+#    src: inventory/ssl/privkey.pem
+#    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
+#    # Mind the indentation level (indented with two white space characters).
+#    # content: |
+#    #   FILE CONTENT
+#    #   HERE
+#
+#  # Create the cert.pem file on the server
+#  # uploading a file from the computer where Ansible is running.
+#  - dest: "{{ traefik_ssl_dir_path }}/cert.pem"
+#    src: inventory/ssl/cert.pem
+#    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
+#    # Mind the indentation level (indented with two white space characters).
+#    # content: |
+#    #   FILE CONTENT
+#    #   HERE
 
 ########################################################################
 #                                                                      #
@@ -152,3 +156,23 @@ ntfy_credentials:
 # /ntfy                                                                #
 #                                                                      #
 ########################################################################
+
+# appservice-double-puppet (for bridges)
+matrix_appservice_double_puppet_enabled: true
+
+# mautrix bridges
+matrix_bridges_encryption_enabled: true
+matrix_bridges_encryption_default: true
+
+# mautrix-telegram
+matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_api_id: "{{ vault.matrix_mautrix_telegram_api_id }}"
+matrix_mautrix_telegram_api_hash: "{{ vault.matrix_mautrix_telegram_api_hash }}"
+
+matrix_mautrix_telegram_bot_token: "{{ vault.matrix_mautrix_telegram_bot_token }}"
+matrix_mautrix_telegram_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '*': relaybot
+
+matrix_mautrix_telegram_filter_mode: whitelist
diff --git a/host_vars/matrix.homedungeon.xyz/vault.yml b/host_vars/matrix.homedungeon.xyz/vault.yml
index a21a6c5..97d0dfc 100644
--- a/host_vars/matrix.homedungeon.xyz/vault.yml
+++ b/host_vars/matrix.homedungeon.xyz/vault.yml
@@ -1,22 +1,33 @@
 $ANSIBLE_VAULT;1.1;AES256
-34623334383530376336616561306564383264323631663566656363653234343765623835353262
-3535346535623630396634633932633336383961613031650a656162303037623138376432303031
-37633235626638303133376231653861373935386231643431333066633662613334363436323539
-6466623439393039640a616330303861313561636332393538646636346466393966366164636139
-30663231353132343339383437323934303261363430663163663363343433306339613332383962
-62643334633831636564393061343831613363333465376236326238636638636637396265653033
-61613566643762346337373633613530653333666265366664373865323632306337376664303337
-32663038626264323930623239643537393434353935356531316161393763636638333334663133
-38313034323961336631663165333333323062323732633430356566343036313239313364343638
-65616463353835666163336534336461383362363430363537633561616264643038336336376164
-63353664356234383638666439343664643637636135303137343833373063313638393932313136
-63393434666662306436373462626464373063613432626137613465393762666161326630323338
-39356164363732613736353165613830306634306634343333303035343135363437363166653362
-37353030383435303635643066313061646133386236376330373230303633373035343036396165
-34383663323234303863663738633437663262663630356532663732343239303966626237363938
-30643137613761333062346235643338623533653735646566326462616235363535653862633730
-33653230643538386439313236616439616562393237356636393839613534316461396362396334
-39336134633064333665336237393539623532343138383335643034316634636533346531376564
-65636434313232343935643334336237353834613764363039663565616466356631346339623536
-64356464343562313464386263343333666564323635373831376233353032653132383636623037
-32656261396237373261393930353531653837363631333032383134336233656530
+31303965303762313435353763643038643330646437373235393831333532323266663036366261
+3034613031333334613366633532393734653162303635350a376164616631303438323861396233
+65613833353965653939366136626132613363326132336436666564306338366538346666623737
+3730383535383662620a303666353139303865363435363834623638333164666539643431373031
+37666439643838356666613435343437343632393138383738643438633665356263323234313131
+64613535353738653434393530643130653461313938356136613536353933646366333333366662
+63373138326334343063653536323833303733656238356565336163373366373162396531373961
+36653066636564613438666135656262626334356539373134656661633763336430343165646662
+30663263636232633638366165623163643330643965333432613161653265366535663161353734
+62316663396631633061303831323538373937623235626163633531636439323966396164623139
+38633762303139666134363064646634666239333830363735366432646137346464626635666633
+34626566623939663732393230643863303262666335346162333865626634623534386538373437
+61626236316536363039666337656230363535303064326234666133663739353930326338393536
+39393661663737356430333235383765656635653463323732393562663134303439396430336339
+31373131316135306638343636306435666430393632613432383333393838313931373961316631
+31633666653638323331356635376539363665343061333331313933383832363135346537363961
+63623335386634303637326638333337303032613236386564343634663265623535316665313939
+61353532363037323761313936386265663236306337633234383164353465363338373130333934
+65656539363739353638613733343734663064396662386239383831396437383432666665666466
+64613634636137376361356666663139393231656334376266343061663766646161623461386165
+31633533393362663435316465643036373465626566633139616437376262633761313162366537
+37373630333265636465343664313634666261316438326161383632373161313962323133366661
+35663166636566316636346433303231636166363536313764643139386536623330326435656661
+66353065663531653765313561626631373461356364623264326634636533303166363837333065
+34303430313233343963623366323039393632396166613262613265646535666261666461376536
+63343762353335356530613935643734386235363366653230303437663531336130663739353337
+63623538626337333836376133656637616233636262633030623163393061376266303338386566
+30323131613662356436653734336364363433663135646661303133356364336330323331333735
+35313663396232333132363365366333366631376666653830386131643133666637336436383234
+34366134346364393437393835376164653566343362396330656239343037666335313863363433
+39333662663063666163373336656631393666366339623132366538333761353638613033303435
+33353137396136383331