diff --git a/type/__bird_bgp/manifest b/type/__bird_bgp/manifest
index 7525bb5..a1d79f2 100755
--- a/type/__bird_bgp/manifest
+++ b/type/__bird_bgp/manifest
@@ -89,6 +89,7 @@ ipv4_import=
 if [ -f "${__object:?}"/parameter/ipv4-import ];
 then
 	ipv4_import="$(cat "${__object:?}"/parameter/ipv4-import)"
+	echo "FOO" >&2
 fi
 export ipv4_import
 
diff --git a/type/__bird_ospf/man.rst b/type/__bird_ospf/man.rst
index 66c2e4a..f3f4c9a 100644
--- a/type/__bird_ospf/man.rst
+++ b/type/__bird_ospf/man.rst
@@ -24,6 +24,12 @@ import
 export
     The keyword or filter to decide what to export in the above channel.
 
+
+REQUIRED MULTIPLE PARAMETERS
+----------------------------
+interface
+    An interface to include in OSPF area 0.
+
 OPTIONAL PARAMETERS
 -------------------
 description
@@ -33,19 +39,12 @@ instance-id
     An OSPF instance ID, allowing several OSPF instances to run on the same
     links.
 
-extra-area-configuration
-    Configuration string added to the `area` section of the OSPF configuration.
-
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
 
 stubnet
     Add an optionless stubnet definition to the configuration.
 
-interface
-    An interface to include in OSPF area 0. Is required unless
-    extra-area-configuration is set.
-
 SEE ALSO
 --------
 cdist-type__bird_core(7)
diff --git a/type/__bird_ospf/manifest b/type/__bird_ospf/manifest
index 68d9c16..211e91d 100755
--- a/type/__bird_ospf/manifest
+++ b/type/__bird_ospf/manifest
@@ -44,21 +44,6 @@ then
 	instance_id="$(cat "${__object:?}/parameter/instance-id")"
 fi
 
-extra_area_configuration=
-if [ -f "${__object:?}/parameter/extra-area-configuration" ];
-then
-	extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")"
-
-	if [ "$extra_area_configuration" = "-" ]; then
-		extra_area_configuration=$(cat "$__object/stdin")
-	fi
-fi
-
-if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then
-	echo "Either --interface or --extra-area-configuration must be set." >&2
-	exit 1
-fi
-
 __file "${confdir:?}/ospf-${__object_id:?}.conf" \
 	--mode 0640 --owner root --group bird \
 	--source - << EOF
@@ -74,8 +59,6 @@ $([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}")
 	area 0 {
 $(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface")
 $(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet")
-
-		$extra_area_configuration
 	};
 }
 EOF
diff --git a/type/__bird_ospf/parameter/optional b/type/__bird_ospf/parameter/optional
index 880f228..cf6dd53 100644
--- a/type/__bird_ospf/parameter/optional
+++ b/type/__bird_ospf/parameter/optional
@@ -1,3 +1,2 @@
 description
 instance-id
-extra-area-configuration
diff --git a/type/__bird_ospf/parameter/optional_multiple b/type/__bird_ospf/parameter/optional_multiple
index 8e5902d..ed3f25a 100644
--- a/type/__bird_ospf/parameter/optional_multiple
+++ b/type/__bird_ospf/parameter/optional_multiple
@@ -1,2 +1 @@
 stubnet
-interface
diff --git a/type/__bird_radv/parameter/required b/type/__bird_ospf/parameter/required_multiple
similarity index 100%
rename from type/__bird_radv/parameter/required
rename to type/__bird_ospf/parameter/required_multiple
diff --git a/type/__bird_radv/man.rst b/type/__bird_radv/man.rst
index 27362aa..118fd60 100644
--- a/type/__bird_radv/man.rst
+++ b/type/__bird_radv/man.rst
@@ -15,29 +15,12 @@ autoconfigure IPv6 hosts, this type is a rudimentary implementation to generate
 configuration for Bird to do so.
 
 
-REQUIRED PARAMETERS
--------------------
+REQUIRED MULTIPLE PARAMETERS
+----------------------------
 interface
   The interfaces to activate the protocol on. RAs will be sent using the
   prefixes configured on these interfaces.
 
-OPTIONAL PARAMETERS
--------------------
-mtu
-  An optional MTU setting to include in the router advertisements.
-
-default-preference
-  This option specifies the Default Router Preference value to advertise to
-  hosts. Default: medium.
-
-route-preference
-  This option specifies the default value of advertised route preference for
-  specific routes. Default: medium.
-
-default-lifetime
-  This option specifies the time (in seconds) how long (since the receipt of RA)
-  hosts may use the router as a default router. 0 means do not use as a default
-  router. Default: 3.
 
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
@@ -58,7 +41,6 @@ EXAMPLES
 
     __bird_radv datacenter \
         --interface eth1 \
-        --mtu 9000 \
         --route ::/0 \
         --ns 2001:DB8:cafe::4 \
         --ns 2001:DB8:cafe::14 \
diff --git a/type/__bird_radv/manifest b/type/__bird_radv/manifest
index ed04028..a95e88e 100755
--- a/type/__bird_radv/manifest
+++ b/type/__bird_radv/manifest
@@ -55,52 +55,23 @@ then
 	DNSSL=$(sed -e 's/^/\tdnssl "/' -e 's/$/";/' "${__object:?}/parameter/dnssl")
 fi
 
-MTU=
-if [ -f "${__object:?}/parameter/mtu" ];
-then
-	MTU="link mtu $(cat "${__object:?}/parameter/mtu");"
-fi
-
-DEFAULT_PREFERENCE=
-if [ -f "${__object:?}/parameter/default-preference" ];
-then
-	DEFAULT_PREFERENCE="default preference $(cat "${__object:?}/parameter/default-preference");"
-fi
-
-ROUTE_PREFERENCE=
-if [ -f "${__object:?}/parameter/route-preference" ];
-then
-	ROUTE_PREFERENCE="route preference $(cat "${__object:?}/parameter/route-preference");"
-fi
-
-DEFAULT_LIFETIME=
-if [ -f "${__object:?}/parameter/default-lifetime" ];
-then
-	DEFAULT_LIFETIME="default lifetime $(cat "${__object:?}/parameter/default-lifetime");"
-fi
-
 __file "${confdir:?}/radv-${__object_id:?}.conf" \
 	--mode 0640 --owner root --group bird \
 	--source - << EOF
-ipv6 table radv_routes_${__object_id};
+ipv6 table radv_routes;
 
 protocol static {
 	description "Routes advertised via RAs";
-	ipv6 { table radv_routes_${__object_id}; };
+	ipv6 { table radv_routes; };
 
 $(sed -e 's/^/\troute /' -e 's/$/ unreachable;/' "${__object:?}/parameter/route")
 }
 
 protocol radv ${__object_id:?} {
 	propagate routes ${have_routes:?};
-	ipv6 { table radv_routes_${__object_id}; export all; };
+	ipv6 { table radv_routes; export all; };
 
-	interface "$(cat "${__object:?}/parameter/interface")" {
-	$MTU
-	$DEFAULT_LIFETIME
-	$DEFAULT_PREFERENCE
-	$ROUTE_PREFERENCE
-	};
+$(sed -e 's/^/\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface")
 
 $RDNS
 
diff --git a/type/__bird_radv/parameter/optional b/type/__bird_radv/parameter/optional
deleted file mode 100644
index 51058a7..0000000
--- a/type/__bird_radv/parameter/optional
+++ /dev/null
@@ -1,4 +0,0 @@
-mtu
-default-preference
-route-preference
-default-lifetime
diff --git a/type/__bird_radv/parameter/required_multiple b/type/__bird_radv/parameter/required_multiple
new file mode 100644
index 0000000..b529896
--- /dev/null
+++ b/type/__bird_radv/parameter/required_multiple
@@ -0,0 +1 @@
+interface
diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest
index 4e4d35e..968066d 100644
--- a/type/__borg_repo/manifest
+++ b/type/__borg_repo/manifest
@@ -3,7 +3,7 @@
 os="$(cat "${__global:?}"/explorer/os)"
 
 case "$os" in
-	"alpine"|"ubuntu")
+	"alpine")
 		borg_package=borgbackup
 		;;
 	*)
@@ -17,4 +17,3 @@ if [ -f "${__object:?}/parameter/owner" ];
 then
 	__package sudo
 fi
-
diff --git a/type/__haproxy_dualstack/files/http b/type/__haproxy_dualstack/files/http
new file mode 100644
index 0000000..0508a46
--- /dev/null
+++ b/type/__haproxy_dualstack/files/http
@@ -0,0 +1,8 @@
+frontend http
+	bind	BIND@:80
+	mode	http
+	option	httplog
+	default_backend	http
+
+backend http
+	mode	http
diff --git a/type/__haproxy_dualstack/files/https b/type/__haproxy_dualstack/files/https
new file mode 100644
index 0000000..73deac4
--- /dev/null
+++ b/type/__haproxy_dualstack/files/https
@@ -0,0 +1,10 @@
+frontend https
+	bind	BIND@:443
+	mode	tcp
+	option	tcplog
+	tcp-request	inspect-delay 5s
+	tcp-request	content accept if { req_ssl_hello_type 1 }
+	default_backend	https
+
+backend https
+	mode	tcp
diff --git a/type/__haproxy_dualstack/files/imaps b/type/__haproxy_dualstack/files/imaps
new file mode 100644
index 0000000..b1ec379
--- /dev/null
+++ b/type/__haproxy_dualstack/files/imaps
@@ -0,0 +1,12 @@
+frontend imaps
+	bind	BIND@:143
+	bind	BIND@:993
+
+	mode	tcp
+	option	tcplog
+	tcp-request	inspect-delay 5s
+	tcp-request	content accept if { req_ssl_hello_type 1 }
+	default_backend	imaps
+
+backend imaps
+	mode	tcp
diff --git a/type/__haproxy_dualstack/files/smtps b/type/__haproxy_dualstack/files/smtps
new file mode 100644
index 0000000..dce6ed4
--- /dev/null
+++ b/type/__haproxy_dualstack/files/smtps
@@ -0,0 +1,12 @@
+frontend smtps
+	bind	BIND@:25
+	bind	BIND@:465
+
+	mode	tcp
+	option	tcplog
+	tcp-request	inspect-delay 5s
+	tcp-request	content accept if { req_ssl_hello_type 1 }
+	default_backend	smtps
+
+backend smtps
+	mode	tcp
diff --git a/type/__haproxy_dualstack/man.rst b/type/__haproxy_dualstack/man.rst
new file mode 100644
index 0000000..6c131cb
--- /dev/null
+++ b/type/__haproxy_dualstack/man.rst
@@ -0,0 +1,121 @@
+cdist-type__haproxy_dualstack(7)
+================================
+
+
+NAME
+----
+cdist-type__haproxy_dualstack - Proxy services from a dual-stack server
+
+
+DESCRIPTION
+-----------
+This (singleton) type installs and configures haproxy to act as a dual-stack
+proxy for single-stack services.
+
+This can be useful to add IPv4 support to IPv6-only services while only using
+one IPv4 for many such services.
+
+By default this type uses the plain TCP proxy mode, which means that there is no
+need for TLS termination on this host when SNI is supported.
+This also means that proxied services will not receive the client's IP address,
+but will see the proxy's IP address instead (that of `$__target_host`).
+
+This can be solved by using the PROXY protocol, but do take into account that,
+e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same
+port, so you will need to use other ports for that.
+
+As a recommendation in this type: use TCP ports 8080 and 591 respectively to
+serve HTTP and HTTPS using the PROXY protocol.
+
+See the EXAMPLES for more details.
+
+
+OPTIONAL PARAMETERS
+-------------------
+v4proxy
+    Proxy incoming IPv4 connections to the equivalent IPv6 endpoint.
+    In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is
+    the IP address actually providing the proxied services.
+    The full format of this argument is:
+    `[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]`
+    Where starting with `proxy:` determines that the PROXY protocol must be
+    used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT
+    override for the given PROTOCOL (see `--protocol`), if not present the
+    PROTOCOL's default port will be used.
+
+
+v6proxy
+    Proxy incoming IPv6 connections to the equivalent IPv4 endpoint.
+    In its simplest use, it must be a NAME with an `A` DNS entry, which is
+    the IP address actually providing the proxied services.
+    See `--v4proxy` for more options and details.
+
+protocol
+    Can be passed multiple times or as a space-separated list of protocols.
+    Currently supported protocols are: `http`, `https`, `imaps`, `smtps`.
+    This defaults to: `http https imaps smtps`.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Proxy the IPv6-only services so IPv4-only clients can access them
+    # This uses HAProxy's TCP mode for http, https, imaps and smtps
+    __haproxy_dualstack \
+        --v4proxy ipv6.chat \
+        --v4proxy matrix.ungleich.ch
+
+    # Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them
+    # Note this means that the backend IPv6-only server will only see
+    # the IPv6 address of the haproxy host managed by cdist, which can be
+    # troublesome if this information is relevant for analytics/security/...
+    # See the PROXY example below
+    __haproxy_dualstack \
+        --protocol http --protocol https \
+        --v4proxy ipv6.chat \
+        --v4proxy matrix.ungleich.ch
+
+    # Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling
+    # IPv4-only clients to access them while maintaining the client's IP address
+    __haproxy_dualstack \
+        --protocol http --protocol https \
+        --v4proxy proxy:ipv6.chat:http=8080:https=591 \
+        --v4proxy proxy:matrix.ungleich.ch:http=8080:https=591
+    # Note however that the PROXY protocol is not compatible with regular
+    # HTTP(S) protocols, so your nginx will have to listen on different ports
+    # with the PROXY settings.
+    # Note that you will need to restrict access to the 8080 port to prevent
+    # Client IP spoofing.
+    # This can be something like:
+    # server {
+    #     # listen for regular HTTP connections
+    #     listen [::]:80 default_server;
+    #     listen 80 default_server;
+    #     # listen for PROXY HTTP connections
+    #     listen [::]:8080 proxy_protocol;
+    #     # Accept the Client's IP from the PROXY protocol
+    #     real_ip_header proxy_protocol;
+    # }
+
+
+SEE ALSO
+--------
+- https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
+- https://www.haproxy.com/blog/haproxy/proxy-protocol/
+- https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
+
+
+AUTHORS
+-------
+ungleich <foss--@--ungleich.ch>
+Evilham <cvs--@--evilham.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 ungleich glarus ag. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
diff --git a/type/__haproxy_dualstack/manifest b/type/__haproxy_dualstack/manifest
new file mode 100644
index 0000000..d110eea
--- /dev/null
+++ b/type/__haproxy_dualstack/manifest
@@ -0,0 +1,155 @@
+#!/bin/sh -eu
+
+__package haproxy
+require="__package/haproxy" __start_on_boot haproxy
+
+tmpdir="$__object/files"
+mkdir "$tmpdir"
+configtmp="$__object/files/haproxy.cfg"
+
+os=$(cat "$__global/explorer/os")
+case $os in
+	freebsd)
+		CONFIG_FILE="/usr/local/etc/haproxy.conf"
+		cat <<EOF > "$configtmp"
+global
+	maxconn	4000
+	user	nobody
+	group	nogroup
+	daemon
+
+EOF
+
+		;;
+	*)
+		CONFIG_FILE="/etc/haproxy/haproxy.cfg"
+		cat <<EOF > "$configtmp"
+global
+	log	[::1] local2
+	chroot	/var/lib/haproxy
+	pidfile	/var/run/haproxy.pid
+	maxconn	4000
+	user	haproxy
+	group	haproxy
+	daemon
+
+	# turn on stats unix socket
+	stats socket	/var/lib/haproxy/stats
+
+EOF
+		;;
+esac
+
+cat <<EOF >> "$configtmp"
+defaults
+	retries	3
+	log	global
+	timeout http-request	10s
+	timeout queue		1m
+	timeout connect		10s
+	timeout client		1m
+	timeout server		1m
+	timeout http-keep-alive	10s
+	timeout check		10s
+EOF
+
+dig_cmd="$(command -v dig || true)"
+get_ip() {
+	# Usage: get_ip (ipv4|ipv6) NAME
+	# uses "dig" if available, else fallback to "host"
+	case $1 in
+		ipv4)
+			if [ -n "${dig_cmd}" ]; then
+				${dig_cmd} +short A "$2"
+			else
+				host -t A "$2" | cut -d ' ' -f 4 | grep -v 'found:'
+			fi
+			;;
+		ipv6)
+			if [ -n "${dig_cmd}" ]; then
+				${dig_cmd} +short AAAA "$2"
+			else
+				host -t AAAA "$2" | cut -d ' ' -f 5 | grep -v 'NXDOMAIN'
+			fi
+			;;
+	esac
+}
+
+PROTOCOLS="$(cat "$__object/parameter/protocol")"
+
+for proxy in v4proxy v6proxy; do
+	param=$__object/parameter/$proxy
+	# no backend? skip generating code
+	if [ ! -f "$param" ]; then
+		continue
+	fi
+
+	# turn backend name into bind parameter: v4backend -> ipv4@
+	bind=$(echo $proxy | sed -e 's/^/ip/' -e 's/proxy//')
+
+	case $bind in
+		ipv4)
+			backendproto=ipv6
+			;;
+		ipv6)
+			backendproto=ipv4
+			;;
+	esac
+
+	for proto in ${PROTOCOLS}; do
+		# Add protocol "header"
+		printf "\n# %s %s \n" "${bind}" "${proto}" >> "$configtmp"
+
+		sed -e "s/BIND/$bind/" \
+			-e "s/\(frontend[[:space:]].*\)/\1$bind/" \
+			-e "s/\(backend[[:space:]].*\)/\\1$bind/" \
+			"$__type/files/$proto" >> "$configtmp"
+
+		while read -r hostdefinition; do
+			if echo "$hostdefinition" | grep -qE '^proxy:'; then
+				# Proxy protocol was requested
+				host="$(echo "$hostdefinition" | sed -E 's/^proxy:([^:]+).*$/\1/')"
+				send_proxy=" send-proxy"
+			else
+				# Just use tcp proxy mode
+				host="$hostdefinition"
+				send_proxy=""
+			fi
+			if echo "$hostdefinition" | grep -qE ":${proto}="; then
+				# Use custom port definition if requested
+				port="$(echo "$hostdefinition" | sed -E "s/^(.*:)?${proto}=([0-9]+).*$/:\2/")"
+			else
+				# Else use the default
+				port=""
+			fi
+			servername=$host
+
+			res=$(get_ip "$bind" "$servername")
+
+			if [ -z "$res" ]; then
+				echo "$servername does not resolve - aborting config" >&2
+				exit 1
+			fi
+
+			# Treat protocols without TLS+SNI specially
+			if [ "$proto" = http ]; then
+				echo "	use-server $servername if { hdr(host) -i $host }" >> "$configtmp"
+			else
+				echo "	use-server $servername if { req_ssl_sni -i $host }" >> "$configtmp"
+			fi
+
+			# Create the "server" itself.
+			# Note that port and send_proxy will be empty unless
+			# they were requested by the type user
+			echo "	server $servername ${backendproto}@${host}${port}${send_proxy}" >> "$configtmp"
+
+		done < "$param"
+	done
+done
+
+# Create config file
+require="__package/haproxy" __file ${CONFIG_FILE} --source "$configtmp" --mode 0644
+
+require="__file${CONFIG_FILE}" __check_messages "haproxy_reload" \
+	--pattern "^__file${CONFIG_FILE}" \
+	--execute "service haproxy reload || service haproxy restart"
diff --git a/type/__haproxy_dualstack/parameter/default/protocol b/type/__haproxy_dualstack/parameter/default/protocol
new file mode 100644
index 0000000..dc8bb7b
--- /dev/null
+++ b/type/__haproxy_dualstack/parameter/default/protocol
@@ -0,0 +1 @@
+http https imaps smtps
diff --git a/type/__haproxy_dualstack/parameter/optional_multiple b/type/__haproxy_dualstack/parameter/optional_multiple
new file mode 100644
index 0000000..8c482bd
--- /dev/null
+++ b/type/__haproxy_dualstack/parameter/optional_multiple
@@ -0,0 +1,3 @@
+protocol
+v4proxy
+v6proxy
diff --git a/type/__php_fpm/singleton b/type/__haproxy_dualstack/singleton
similarity index 100%
rename from type/__php_fpm/singleton
rename to type/__haproxy_dualstack/singleton
diff --git a/type/__jitsi_meet/explorer/configured-memory b/type/__jitsi_meet/explorer/configured-memory
deleted file mode 100755
index 658f94b..0000000
--- a/type/__jitsi_meet/explorer/configured-memory
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh -eu
-
-JICOFO="/usr/share/jicofo/jicofo.sh"
-VIDEOBRIDGE="/usr/share/jitsi-videobridge/lib/videobridge.rc"
-
-if [ -f "${JICOFO:?}" ]; then
-	jicofo_memory="$(grep JICOFO_MAX_MEMORY= "${JICOFO:?}" | cut -d= -f 2 | cut -d ";" -f 1)"
-fi
-if [ -f "${VIDEOBRIDGE:?}" ]; then
-	vb_memory="$(grep VIDEOBRIDGE_MAX_MEMORY= "${VIDEOBRIDGE:?}" | cut -d= -f 2)"
-fi
-cat <<EOF
-jicofo	${jicofo_memory:-n/a}
-videobridge	${vb_memory:-n/a}
-EOF
diff --git a/type/__jitsi_meet/explorer/jicofo-authpassword b/type/__jitsi_meet/explorer/jicofo-authpassword
deleted file mode 100755
index c71a969..0000000
--- a/type/__jitsi_meet/explorer/jicofo-authpassword
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh -eu
-
-JICOFO_AUTHPASSWORD=""
-# We need this to properly configure jicofo
-
-# Default to reading debconf
-DEBCONF_PASS_FILE="/var/cache/debconf/passwords.dat"
-if [ -f "${DEBCONF_PASS_FILE}" ]; then
-	JICOFO_AUTHPASSWORD="$(grep -A1 'Template: jicofo/jicofo-authpassword' "${DEBCONF_PASS_FILE}" | tail -n 1 | cut -d ' ' -f 2-)"
-fi
-
-# Try jicofo.conf if necessary
-JICOFO_CONF_FILE="/etc/jitsi/jicofo/jicofo.conf"
-if [ -z "${JICOFO_AUTHPASSWORD}" ] && [ -f "${JICOFO_CONF_FILE}" ]; then
-	JICOFO_AUTHPASSWORD="$(grep -E '^[[:space:]]*password:' "${JICOFO_CONF_FILE}" | sed -E 's!^[^:]*:[[:space:]]*"(.*)"$!\1!')"
-fi
-
-# And fallback to config file if necessary
-JICOFO_CONFIG_FILE="/etc/jitsi/jicofo/config"
-if [ -z "${JICOFO_AUTHPASSWORD}" ] && [ -f "${JICOFO_CONFIG_FILE}" ]; then
-	JICOFO_AUTHPASSWORD="$(grep -E '^JICOFO_AUTH_PASSWORD=' "${JICOFO_CONFIG_FILE}" | cut -d '=' -f 2-)"
-fi
-
-# If we didn't find it, this is likely a new installation and we'll generate
-# the password on the manifest
-echo "${JICOFO_AUTHPASSWORD:-}"
diff --git a/type/__jitsi_meet/explorer/jitsi-status b/type/__jitsi_meet/explorer/jitsi-status
deleted file mode 100755
index ce3d9f7..0000000
--- a/type/__jitsi_meet/explorer/jitsi-status
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh -eu
-
-if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
-	# TODO: detect curl / depend on it?
-	curl -s localhost:9888/metrics
-fi
diff --git a/type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version b/type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version
new file mode 100755
index 0000000..b1cec48
--- /dev/null
+++ b/type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version
@@ -0,0 +1,7 @@
+#!/bin/sh -e
+
+EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
+
+if [ -f "${EXPORTER_VERSION_FILE}" ]; then
+	cat "${EXPORTER_VERSION_FILE}"
+fi
diff --git a/type/__jitsi_meet/files/debconf_settings.sh b/type/__jitsi_meet/files/debconf_settings.sh
index f246c07..9e358f0 100644
--- a/type/__jitsi_meet/files/debconf_settings.sh
+++ b/type/__jitsi_meet/files/debconf_settings.sh
@@ -5,6 +5,9 @@
 if false; then
 	# We are currently not using these, just here as documentation
 	DEBCONF_SETTINGS="$(cat <<EOF
+# Jicofo user password:
+jicofo	jicofo/jicofo-authpassword	password	STH
+jitsi-meet-prosody	jicofo/jicofo-authpassword	password	STH
 # The secret used to connect to xmpp server as component
 jitsi-meet-prosody	jitsi-videobridge/jvbsecret	password	STH
 jitsi-videobridge	jitsi-videobridge/jvbsecret	password	STH
@@ -37,9 +40,6 @@ jitsi-videobridge	jitsi-videobridge/jvb-hostname	string	${JITSI_HOST}
 jitsi-videobridge2	jitsi-videobridge/jvb-hostname	string	${JITSI_HOST}
 # The hostname of the current installation:
 jitsi-meet-prosody	jitsi-meet-prosody/jvb-hostname string	${JITSI_HOST}
-# Jicofo user password:
-jicofo	jicofo/jicofo-authpassword	password	${JICOFO_AUTHPASSWORD}
-jitsi-meet-prosody	jicofo/jicofo-authpassword	password	${JICOFO_AUTHPASSWORD}
 # SSL certificate for the Jitsi Meet instance
 # Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
 jitsi-meet-web-config	jitsi-meet/cert-choice	select	Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
diff --git a/type/__jitsi_meet/files/jicofo.conf.sh b/type/__jitsi_meet/files/jicofo.conf.sh
deleted file mode 100755
index 87f83b7..0000000
--- a/type/__jitsi_meet/files/jicofo.conf.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh -eu
-
-# Start
-cat <<EOF
-# Managed remotely, changes will be lost
-
-# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
-#available options, syntax, and default values.
-jicofo {
-  xmpp: {
-    client: {
-      client-proxy: focus.${JITSI_HOST:?}
-      xmpp-domain: "${JITSI_HOST:?}"
-      domain: "auth.${JITSI_HOST:?}"
-      username: "focus"
-      password: "${JICOFO_AUTHPASSWORD:?}"
-    }
-    trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
-  }
-  bridge: {
-    brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
-  }
-EOF
-
-# Secured domains if needed
-if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
-cat <<EOF
-
-  authentication: {
-    enabled: true
-    type: XMPP
-    login-url: ${JITSI_HOST:?}
-  }
-EOF
-fi
-
-# End
-echo '}'
diff --git a/type/__jitsi_meet/files/jitsi-version b/type/__jitsi_meet/files/jitsi-version
deleted file mode 120000
index 179d1a4..0000000
--- a/type/__jitsi_meet/files/jitsi-version
+++ /dev/null
@@ -1 +0,0 @@
-../../__jitsi_meet_domain/files/jitsi-version
\ No newline at end of file
diff --git a/type/__jitsi_meet/files/prosody.cfg.lua.sh b/type/__jitsi_meet/files/prosody.cfg.lua.sh
deleted file mode 120000
index 93678b9..0000000
--- a/type/__jitsi_meet/files/prosody.cfg.lua.sh
+++ /dev/null
@@ -1 +0,0 @@
-../../__jitsi_meet_domain/files/prosody.cfg.lua.sh
\ No newline at end of file
diff --git a/type/__jitsi_meet/gencode-remote b/type/__jitsi_meet/gencode-remote
index c29d20e..ae91f53 100755
--- a/type/__jitsi_meet/gencode-remote
+++ b/type/__jitsi_meet/gencode-remote
@@ -1,43 +1,11 @@
 #!/bin/sh -e
 
-memory="$(cat "${__global}/explorer/memory")"
-G="000000"  # Will totally eff up the zero-count otherwise
-# MAX_MEMORY will affect jicofo and videobridge
-#  As a rule of thumb, the machine's RAM should be more than 2.5 * MAX_MEMORY
-if [ "${memory}" -lt "3${G}" ]; then
-	# If you use this, let us know how it works!
-	MAX_MEMORY="768m"
-elif [ "${memory}" -lt "5${G}" ]; then
-	MAX_MEMORY="1024m"
-elif [ "${memory}" -lt "8${G}" ]; then
-	MAX_MEMORY="2048m"
-else
-	# Jitsi recommends running on 8G RAM and these are the defaults
-	MAX_MEMORY="3072m"
-fi
-
-if cut -f 2 "${__object}/explorer/configured-memory" | grep -qvE "^${MAX_MEMORY}$"; then
-	# At least one service has different memory settings
-	RESTART_SERVICES="YES"
-	cat <<-EOF
-	sed -i.tmp -E \
-		-e 's!^(#[[:space:]]*)?(VIDEOBRIDGE_MAX_MEMORY)=.*\$!\2=${MAX_MEMORY}!' \
-		/usr/share/jitsi-videobridge/lib/videobridge.rc
-	sed -i.tmp -E \
-		-e 's!(JICOFO_MAX_MEMORY)[^";]+;!\1=${MAX_MEMORY};!' \
-		/usr/share/jicofo/jicofo.sh
-	EOF
-fi
-
 if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
 	echo "service nginx reload"
 fi
 
-if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/(jicofo/jicofo.conf|videobridge/jvb.conf))" "${__messages_in}"; then
-	RESTART_SERVICES="YES"
-fi
-
-if [ -n "${RESTART_SERVICES}" ]; then
+JITSI_HOST="${__object_id}"
+if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then
   echo "systemctl restart prosody"
   echo "systemctl restart jicofo"
   echo "systemctl restart jitsi-videobridge2"
diff --git a/type/__jitsi_meet/man.rst b/type/__jitsi_meet/man.rst
index e69275b..bf7cd86 100644
--- a/type/__jitsi_meet/man.rst
+++ b/type/__jitsi_meet/man.rst
@@ -21,24 +21,13 @@ You will also need the `__jitsi_meet_domain` type in order to finish setting up
 the web frontend (including TLS certificates) and its settings.
 
 You may want to use the `files/ufw` example manifest for a `__ufw`-based
-firewall compatible with this type that allows all ports needed by Jitsi-Meet.
-Note however that this will not deal with rules for SSH or for TCP port 9888,
-which exposes the prometheus exporter if not disabled.
-Remember to apply your own rules here, particularly regarding SSH.
+firewall compatible with this type.
+This file does not include rules for TCP port 9888, which exposes the
+prometheus exporter if not disabled.
+You should apply your own rules here.
 
 This type only works on De{bi,vu}an systems.
 
-It is very important for this type to stay up to date with the software, as
-otherwise new deployments or maintenance of existing instances might be
-negatively affected.
-If you can, please contribute updates to `__jitsi_meet` and
-`__jitsi_meet_domain` promptly and regularly.
-Alternatively, you can help finance that work; get in touch with the type
-authors for that (see below).
-
-This type takes care of adapting the maximum memory used by jicofo and
-videobridge in function of the hosts installed memory.
-
 NOTE: This type currently does not deal with setting up coturn.
       For that, you might want to check `__coturn` in
       https://code.ungleich.ch/ungleich-public/cdist-contrib
@@ -47,14 +36,6 @@ NOTE: This type currently does not deal with setting up coturn.
 
 OPTIONAL PARAMETERS
 -------------------
-abort-conference-count
-    Only has an effect if the prometheus exporter is enabled and if it is not
-    empty (default).
-    If at least this many conferences are active on the server, the type will
-    bail out before making any changes.
-    This is useful if you want to avoid service disruptions due to e.g. an SLA.
-
-
 turn-secret
     The shared secret for the TURN server.
 
@@ -62,6 +43,11 @@ turn-server
     The hostname of the TURN server.
     This will assume that it is listening with TLS on port 443.
 
+jitsi-version
+    The jitsi-meet version of the Debian package to be installed.
+    While this can be specified, only the default value is known to work
+    properly with this type.
+
 
 BOOLEAN PARAMETERS
 ------------------
@@ -84,11 +70,9 @@ EXAMPLES
 
 .. code-block:: sh
 
-    # Setup the firewall for Jitsi-Meet
+    # Setup the firewall 
     . "${__global}/type/__jitsi_meet/files/ufw"
     export require="__ufw"
-    # Setup firewall SSH rules as necessary
-    __ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
     # Setup Jitsi on this host
     __jitsi_meet \
       --turn-server "turn.exo.cat" \
@@ -108,4 +92,4 @@ Evilham <contact@evilham.com>
 
 COPYING
 -------
-Copyright \(C) 2022 Evilham.
+Copyright \(C) 2021 Evilham.
diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest
index 0c210a3..1cae2be 100755
--- a/type/__jitsi_meet/manifest
+++ b/type/__jitsi_meet/manifest
@@ -1,6 +1,7 @@
 #!/bin/sh -e
 
 os="$(cat "${__global}/explorer/os")"
+init="$(cat "${__global}/explorer/init")"
 case "${os}" in
 	devuan|debian)
 	;;
@@ -10,37 +11,10 @@ case "${os}" in
 	;;
 esac
 
-current_conferences="$(cat "${__object}/explorer/jitsi-status" | grep -E "^jitsi_conferences[[:space:]]" | cut -d ' ' -f 2)"
-
-JICOFO_AUTHPASSWORD="$(cat "${__object}/explorer/jicofo-authpassword")"
-if [ -z "${JICOFO_AUTHPASSWORD}" ]; then
-	# This is probably a first time installation, we'll generate the
-	# password which will be set in debconf by this type
-	# https://github.com/jitsi/jicofo/blob/aafb61b5363a1c4abdbf08e1444a6276b807993e/debian/postinst#L43
-	JICOFO_AUTHPASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16)"
-fi
-
-ABORT_CONFERENCE_COUNT="$(cat "${__object}/parameter/abort-conference-count")"
-
-if [ -n "${current_conferences}" ] && [ -n "${ABORT_CONFERENCE_COUNT}" ] && \
-	[ "${ABORT_CONFERENCE_COUNT}" -le "${current_conferences}" ]; then
-	cat <<-EOF
-Early bail out was requested when at least ${ABORT_CONFERENCE_COUNT} conferences are taking place.
-There are currently ${current_conferences} active conferences.
-
-Try again at a later time or remove or increase --abort-conference-count
-	EOF
-	exit 1
-fi
 
 JITSI_HOST="${__target_host}"
-if [ -f "${__object}/parameter/jitsi-version" ]; then
-	# This has been deprecated and will be removed 'soon'
-	JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
-else
-	# Note this won't be a parameter anymore, we won't let users stay behind
-	JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
-fi
+# Currently unused, see below
+# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
 TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
 TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
 
@@ -48,6 +22,8 @@ if [ -z "${TURN_SERVER}" ]; then
 	TURN_SERVER="${JITSI_HOST}"
 fi
 
+PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
+
 # The rest is loosely based on Jitsi's documentation
 # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
 
@@ -75,16 +51,17 @@ export require="${require} __apt_source/jitsi_meet __apt_update_index"
 # Pre-feed debconf settings, so Jitsi's installation has a good config
 # shellcheck source=type/__jitsi_meet/files/debconf_settings.sh
 . "${__type}/files/debconf_settings.sh"  # This defines DEBCONF_SETTINGS
-__debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
+__debconf_set_selections jitsi_meet --file - <<EOF
+${DEBCONF_SETTINGS}
+EOF
 export require="${require} __debconf_set_selections/jitsi_meet"
 
 # Install and upgrade packages as needed
-#   NOTE: we are doing version pinning again, but it breaks sometimes when
-#         the version is not the latest.
-#         This happens because dependencies might not be properly resolved.
-#         To avoid this, this type must be maintained up to date.
-#         If we don't use this, keeping Jitsi's up to date is very difficult.
-__package_apt jitsi-meet --version "${JITSI_VERSION}"
+__package_apt jitsi-meet
+# We are not doing version pinning anymore because it breaks when
+# the version is not the latest.
+# This happens because dependencies cannot be properly resolved.
+# --version "${JITSI_VERSION}"
 
 # Proceed only after installation/upgrade has finished
 export require="__package_apt/jitsi-meet"
@@ -148,11 +125,7 @@ require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-ava
 
 server_names_hash_bucket_size 64;
 
-types {
-# nginx's default mime.types doesn't include a mapping for wasm or wav.
-    application/wasm     wasm;
-    audio/wav            wav;
-}
+# nginx server configuration for:
 
 server {
 
@@ -175,157 +148,95 @@ server {
 }
 EOF
 
-# Starting from 2.0.7210, jitsi defines following nginx upstreams
-__directory "${NGINX_ETC}/conf.d" --state present
-require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/prosody.conf" \
-  --mode 644 \
-  --source - << EOF
-upstream prosody {
-    zone upstreams 64K;
-    server 127.0.0.1:5280;
-    keepalive 2;
-}
-EOF
-require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jvb1.conf" \
-  --mode 644 \
-  --source - << EOF
-upstream jvb1 {
-    zone upstreams 64K;
-    server 127.0.0.1:9090;
-    keepalive 2;
-}
-EOF
-require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jicofo.conf" \
-  --mode 644 \
-  --source - << EOF
-upstream jicofo {
-    zone upstreams 64K;
-    server 127.0.0.1:8888;
-    keepalive 2;
-}
-EOF
-
 if [ -f "${__object}/parameter/secured-domains" ]; then
   SECURED_DOMAINS_STATE='present'
+  SECURED_DOMAINS_STATE_JICOFO='replace'
 else
   SECURED_DOMAINS_STATE='absent'
+  SECURED_DOMAINS_STATE_JICOFO='absent'
 fi
 
-# This is the main host config
-PROSODY_MAIN_CONFIG="YES"
-# Prosody settings for common components (jvb, focus, ...)
-# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
-. "${__type}/files/prosody.cfg.lua.sh"  # This defines PROSODY_CONFIG
-__file "/etc/prosody/conf.d/00_jitsi_base.cfg.lua" \
-	--group prosody \
-	--mode 0440 \
-	--source - <<EOF
-${PROSODY_CONFIG}
+__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
+  --owner prosody --group prosody --mode 0440 \
+  --state ${SECURED_DOMAINS_STATE} \
+  --source - <<EOF
+VirtualHost "${JITSI_HOST}"
+    authentication = "internal_plain"
+
+VirtualHost "guest.${JITSI_HOST}"
+    authentication = "anonymous"
+    c2s_require_encryption = false
 EOF
 
-# Clean up zauth.cfg.lua file, which we don't use now
-__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
-  --state absent
-
-export SECURED_DOMAINS_STATE
-export JITSI_HOST
-export JICOFO_AUTHPASSWORD
-"${__type}/files/jicofo.conf.sh" | \
-	__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
-
-# Enable the private colibri REST API end point for better stats
-__file "/etc/jitsi/videobridge/jvb.conf" --mode 0444 --source '-' <<EOFJVB
-videobridge {
-    http-servers {
-        public {
-            port = 9090
-        }
-        private {
-            port = 8080
-        }
-    }
-    websockets {
-        enabled = true
-        domain = "${JITSI_HOST}:443"
-        tls = true
-    }
-    apis {
-        rest {
-            enabled = true
-        }
-    }
-    cc {
-        trust-bwe = false
-    }
-}
-EOFJVB
-
-# Enable simple per-domain body customisation
-__file "/usr/share/jitsi-meet/body.html" \
-	--mode 0644 \
-	--source '-' <<EOF
-<!--#include virtual="body-\${host}.html" -->
+__block jitsi_jicofo_secured_domains \
+  --prefix "// begin cdist: jicofo_secured_domains" \
+  --suffix "// end   cdist: jicofo_secured_domains" \
+  --file /etc/jitsi/jicofo/jicofo.conf \
+  --state "${SECURED_DOMAINS_STATE_JICOFO}" \
+  --text '-' <<EOF
+  authentication: {
+    enabled: true
+    type: XMPP
+    login-url: ${JITSI_HOST}
+  }
 EOF
 
 # These two should be changed on new release
-EXPORTER_VERSION="1.2.1"
-EXPORTER_CHECKSUM="sha256:46d4b8475b72fd7632a5203f1cc3c7067bed4629902b7780a1da85e4e06c2129"
-EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${EXPORTER_VERSION}/prometheus-jitsi-meet-exporter_${EXPORTER_VERSION}_linux_amd64.tar.gz"
-if [ -f "${__object}/parameter/disable-prometheus-exporter" ]; then
-	EXPORTER_STATE="absent"
-else
-	EXPORTER_STATE="present"
-fi
-__single_binary_service prometheus-jitsi-meet-exporter \
-	--state "${EXPORTER_STATE}" \
-	--do-not-manage-user \
-	--user "nobody" \
-	--group "nogroup" \
-	--version "${EXPORTER_VERSION}" \
-	--checksum "${EXPORTER_CHECKSUM}" \
-	--url "${EXPORTER_URL}" \
-	--unpack \
-	--service-args "-videobridge-url 'http://localhost:8080/colibri/stats' -web.listen-address ':9888'"
-
-#
-# Setup interpreter assets if requested
-# See: https://gitlab.com/mfmt/jsi/
-#
-jsi_updated_on="2022-04-21"
-__link "/usr/share/jitsi-meet/interpreters.html" \
-	--type symbolic \
-	--source "/opt/jsi/static/index.html.sample"
-__directory /opt/jsi --mode 0755
-export require="__directory/opt/jsi"
-__download /opt/jsi/jsi.tar.gz \
-	--url 'https://gitlab.com/mfmt/jsi/-/archive/1d2cceaf615ee61c0bba80e5bddc61c5d1018303/jsi-1d2cceaf615ee61c0bba80e5bddc61c5d1018303.tar.gz' \
-	--sum "sha256:b020141093daa9937507b098f358d0be994834c3e23866a457fc5140415a0c53"
-export require="__download/opt/jsi/jsi.tar.gz"
-__unpack /opt/jsi/jsi.tar.gz \
-	--preserve-archive \
-	--tar-strip 1 \
-	--destination /opt/jsi/static \
-	--onchange "$(cat <<EOF
-# Patch style.css to be served on /i/
-sed -i.tmp -E \
-	-e 's!url[(]/img/welcome-background.png[)]!url(/i/img/welcome-background.png)!' \
-	/opt/jsi/static/style.css
-# Patch jsi.js to be served on /i/
-#   and so it always uses the domain it's served from
-#   and so it uses /i/ROOM for the form
-sed -i.tmp -E \
-	-e 's!substr[(][0-9]+[)]!substr(3)!' \
-	-e 's!config[.]jitsimeet_url!url.host!' \
-	-e 's!(window[.]location[.]href)[[:space:]]*=[[:space:]]*"/"!\1 = "/i/"!' \
-	/opt/jsi/static/jsi.js
-# Patch the sample index.html, so it loads external_api.js from same host
-#   and to easen up on the branding
-#   and to enable browser cache
-sed -i.tmp -E \
-	-e "s!src=[^>]*(/external_api.js).!src='\1'!" \
-	-e "s!<h1>[^<]*</h1>!<h1>Jitsi Meetings with interpreter</h1>!" \
-	-e "s!https://meet.mayfirst.org!/!" \
-	-e "s!(style.css|jsi.js)([^?])!\1?v=${jsi_updated_on:?}\2!" \
-	/opt/jsi/static/index.html.sample
+PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
+PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745"
+PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
+PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
+if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
+	case "${init}" in
+		init|sysvinit)
+			__runit
+			require="__runit" __runit_service \
+				prometheus-jitsi-meet-exporter --log --source - <<EOF
+			#!/bin/sh -e
+			cd /tmp
+			exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
+			     prometheus-jitsi-meet-exporter \\
+				-videobridge-url 'http://localhost:8888/stats' \\
+				-web.listen-address ':9888' 2>&1
 EOF
-)"
+
+			export require="__runit_service/prometheus-jitsi-meet-exporter"
+			JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
+		;;
+		systemd)
+			__systemd_unit prometheus-jitsi-meet-exporter.service \
+				--source "-" \
+				--enablement-state "enabled" <<EOF
+[Unit]
+Description=Metrics Exporter for Jitsi Meet
+After=network.target
+
+[Service]
+Type=simple
+DynamicUser=yes
+ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+			export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
+			JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
+		;;
+	esac
+	if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
+		"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
+		# shellcheck disable=SC2059
+		__download \
+			/tmp/prometheus-jitsi-meet-exporter \
+			--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
+			--download remote \
+			--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
+			--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
+		printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
+			require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
+			"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
+			--source "-"
+	fi
+fi
+# TODO: disable the exporter if it is deployed and then admin changes their mind
diff --git a/type/__jitsi_meet/parameter/default/abort-conference-count b/type/__jitsi_meet/parameter/default/abort-conference-count
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__jitsi_meet/parameter/default/jitsi-version b/type/__jitsi_meet/parameter/default/jitsi-version
new file mode 100644
index 0000000..9fe8252
--- /dev/null
+++ b/type/__jitsi_meet/parameter/default/jitsi-version
@@ -0,0 +1 @@
+2.0.5765-1
diff --git a/type/__jitsi_meet/parameter/deprecated/jitsi-version b/type/__jitsi_meet/parameter/deprecated/jitsi-version
deleted file mode 100644
index 288d647..0000000
--- a/type/__jitsi_meet/parameter/deprecated/jitsi-version
+++ /dev/null
@@ -1,4 +0,0 @@
-Supporting different versions lead to strange issues in the life-time of a
-Jitsi instance. Chiefly: difficulties upgrading.
-
-If you are specifying this for a valid reason, please get in touch.
diff --git a/type/__jitsi_meet/parameter/optional b/type/__jitsi_meet/parameter/optional
index e18bd6a..e7581af 100644
--- a/type/__jitsi_meet/parameter/optional
+++ b/type/__jitsi_meet/parameter/optional
@@ -1,4 +1,3 @@
-abort-conference-count
 jitsi-version
 turn-secret
 turn-server
diff --git a/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh b/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh
deleted file mode 100755
index 31ac655..0000000
--- a/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh -eu
-
-# This is a helper to update the '.sh.orig' files for jitsi's
-# configuration files.
-# Then the changes must be propagated to their corresponding .sh
-# files by the type maintainer or a contributor
-
-# We could automate this, but are using it as an indicator for the
-# latest branch with which we conciliated changes.
-BRANCH="jitsi-meet_10655"
-REPO="https://github.com/jitsi/jitsi-meet"
-
-get_url() {
-	file="${1}"
-	printf "%s/raw/stable/%s/%s" "${REPO}" "${BRANCH}" "${file}"
-
-}
-
-download_file() {
-	file="${1}"
-	destination="${2:-${file}.sh.orig}"
-	url="$(get_url "${file}")"
-	echo "Downloading ${destination}"
-	curl -L "${url}" > "${destination}"
-	echo
-}
-
-download_file config.js
-download_file interface_config.js
-download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig
-download_file doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example prosody.cfg.lua.sh.orig
-
-# Change the version file, maintainers should check that it matches
-# the deb version
-printf "2.0.%s-1" "${BRANCH#*_}" > jitsi-version
diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh
index ff976b2..f825761 100644
--- a/type/__jitsi_meet_domain/files/config.js.sh
+++ b/type/__jitsi_meet_domain/files/config.js.sh
@@ -2,31 +2,7 @@
 
 # shellcheck disable=SC2034  # This is intended to be included
 JITSI_CONFIG_JS="$(cat <<EOF
-/* eslint-disable comma-dangle, no-unused-vars, no-var, prefer-template, vars-on-top */
-
-/*
- * NOTE: If you add a new option please remember to document it here:
- * https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
- */
-
-var subdir = '<!--# echo var="subdir" default="" -->';
-var subdomain = '<!--# echo var="subdomain" default="" -->';
-
-if (subdomain) {
-    subdomain = subdomain.substr(0, subdomain.length - 1).split('.')
-        .join('_')
-        .toLowerCase() + '.';
-}
-
-// In case of no ssi provided by the webserver, use empty strings
-if (subdir.startsWith('<!--')) {
-    subdir = '';
-}
-if (subdomain.startsWith('<!--')) {
-    subdomain = '';
-}
-
-var enableJaaS = false;
+/* eslint-disable no-unused-vars, no-var */
 
 var config = {
     // Connection
@@ -34,141 +10,76 @@ var config = {
 
     hosts: {
         // XMPP domain.
-        domain: '${DOMAIN}',
+        domain: '${JITSI_HOST}',
 
         // When using authentication, domain for guest users.
-        $( if [ -z "${SECURED_DOMAINS}" ]; then printf "// "
-        fi)anonymousdomain: 'guest.${DOMAIN}',
+$( if [ -n "${SECURED_DOMAINS}" ]; then cat<<EOF2
+        anonymousdomain: 'guest.${JITSI_HOST}',
+EOF2
+else cat <<EOF2
+        // anonymousdomain: 'guest.example.com',
+EOF2
+fi
+)
 
         // Domain for authenticated users. Defaults to <domain>.
-        // NOTE [cdist]: if we use '${DOMAIN}', jicofo won't start the meeting
-        authdomain: '${JITSI_HOST}',
+        // authdomain: '${JITSI_HOST}',
 
         // Focus component domain. Defaults to focus.<domain>.
-        focus: 'focus.${JITSI_HOST}',
+        // focus: 'focus.${JITSI_HOST}',
 
         // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
-        muc: 'conference.${DOMAIN}'
+        muc: 'conference.${JITSI_HOST}'
     },
 
     // BOSH URL. FIXME: use XEP-0156 to discover it.
     // useful for multidomain scenario -> src https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391/2
-    bosh: 'https://<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
+    bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
 
-    // Websocket URL (XMPP)
-    websocket: 'wss://${DOMAIN}/' + subdir + 'xmpp-websocket',
+    // Websocket URL
+    // websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
 
-    // websocketKeepAliveUrl: 'https://${DOMAIN}/' + subdir + '_unlock',
-
-    // Whether BOSH should be preferred over WebSocket if both are configured.
-    // preferBosh: false,
+    // The name of client node advertised in XEP-0115 'c' stanza
+    clientNode: 'http://jitsi.org/jitsimeet',
 
     // The real JID of focus participant - can be overridden here
     // Do not change username - FIXME: Make focus username configurable
     // https://github.com/jitsi/jitsi-meet/issues/7376
-    focusUserJid: 'focus@auth.${JITSI_HOST}',
+    // focusUserJid: 'focus@auth.${JITSI_HOST}',
 
-    // Option to send conference requests to jicofo over http (requires nginx rule for it)
-    // conferenceRequestUrl:
-    //   'https://<!--# echo var="http_host" default="jitsi-meet.example.com" -->/' + subdir + 'conference-request/v1',
-
-    // Options related to the bridge (colibri) data channel
-    bridgeChannel: {
-        // If the backend advertises multiple colibri websockets, this options allows
-        // to filter some of them out based on the domain name. We use the first URL
-        // which does not match ignoreDomain, falling back to the first one that matches
-        // ignoreDomain. Has no effect if undefined.
-        // ignoreDomain: 'example.com',
-
-        // Prefer SCTP (WebRTC data channels over the media path) over a colibri websocket.
-        // If SCTP is available in the backend it will be used instead of a WS. Defaults to
-        // false (SCTP is used only if available and no WS are available).
-        // preferSctp: false
-    },
 
     // Testing / experimental features.
     //
 
     testing: {
-        // Allows the setting of a custom bandwidth value from the UI.
-        // assumeBandwidth: true,
-
-        // Enables use of getDisplayMedia in electron
-        // electronUseGetDisplayMedia: false,
-
-        // Enables AV1 codec for FF. Note: By default it is disabled.
-        // enableAV1ForFF: false,
-
-        // Enables the use of the codec selection API supported by the browsers .
-        // enableCodecSelectionAPI: false,
+        // Disables the End to End Encryption feature. Useful for debugging
+        // issues related to insertable streams.
+        // disableE2EE: false,
 
         // P2P test mode disables automatic switching to P2P when there are 2
         // participants in the conference.
-        // p2pTestMode: false,
+        p2pTestMode: false
 
         // Enables the test specific features consumed by jitsi-meet-torture
-        // testMode: false,
+        // testMode: false
 
         // Disables the auto-play behavior of *all* newly created video element.
         // This is useful when the client runs on a host with limited resources.
-        // noAutoPlayVideo: false,
+        // noAutoPlayVideo: false
 
-        // Experiment: Whether to skip interim transcriptions.
-        // skipInterimTranscriptions: false,
+        // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
+        // simulcast is turned off for the desktop share. If presenter is turned
+        // on while screensharing is in progress, the max bitrate is automatically
+        // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
+        // the probability for this to be enabled.
+        // capScreenshareBitrate: 1 // 0 to disable
 
-        // Dump transcripts to a <transcript> element for debugging.
-        // dumpTranscript: false,
-
-        // Log the audio levels.
-        // debugAudioLevels: true,
-
-        // Will replace ice candidates IPs with invalid ones in order to fail ice.
-        // failICE: true,
-
-        // When running on Spot TV, this controls whether to show the recording consent dialog.
-        // If false (default), Spot instances will not show the recording consent dialog.
-        // If true, Spot instances will show the recording consent dialog like regular clients.
-        // showSpotConsentDialog: false,
+        // Enable callstats only for a percentage of users.
+        // This takes a value between 0 and 100 which determines the probability for
+        // the callstats to be enabled.
+        // callStatsThreshold: 5 // enable callstats for 5% of the users.
     },
 
-    // Disables moderator indicators.
-    // disableModeratorIndicator: false,
-
-    // Disables the reactions feature.
-    // disableReactions: true,
-
-    // Disables the reactions moderation feature.
-    // disableReactionsModeration: false,
-
-    // Disables the reactions in chat feature.
-    disableReactionsInChat: true,  // This has been annoying =D
-
-    // Disables polls feature.
-    // disablePolls: false,
-
-    // Disables chat feature entirely including notifications, sounds, and private messages.
-    // disableChat: false,
-
-    // Disables demote button from self-view
-    // disableSelfDemote: false,
-
-    // Disables self-view tile. (hides it from tile view and from filmstrip)
-    // disableSelfView: false,
-
-    // Disables self-view settings in UI
-    // disableSelfViewSettings: false,
-
-    // screenshotCapture : {
-    //      Enables the screensharing capture feature.
-    //      enabled: false,
-    //
-    //      The mode for the screenshot capture feature.
-    //      Can be either 'recording' - screensharing screenshots are taken
-    //      only when the recording is also on,
-    //      or 'always' - screensharing screenshots are always taken.
-    //      mode: 'recording',
-    // }
-
     // Disables ICE/UDP by filtering out local and remote UDP candidates in
     // signalling.
     // webrtcIceUdpDisable: false,
@@ -185,7 +96,6 @@ var config = {
 
     // Disable measuring of audio levels.
     disableAudioLevels: $(if [ -n "${DISABLE_AUDIO_LEVELS}" ]; then printf "true"; else printf "false"; fi),
-
     // audioLevelsInterval: 200,
 
     // Enabling this will run the lib-jitsi-meet no audio detection module which
@@ -198,10 +108,6 @@ var config = {
     // about the call.
     // enableSaveLogs: false,
 
-    // Enabling this will hide the "Show More" link in the GSM popover that can be
-    // used to display more statistics about the connection (IP, Port, protocol, etc).
-    // disableShowMoreStats: true,
-
     // Enabling this will run the lib-jitsi-meet noise detection module which will
     // notify the user if there is noise, other than voice, coming from the current
     // selected microphone. The purpose it to let the user know that the input could
@@ -221,126 +127,21 @@ var config = {
 
     // Enabling it (with #params) will disable local audio output of remote
     // participants and to enable it back a reload is needed.
-    // startSilent: false,
+    // startSilent: false
+
+    // Sets the preferred target bitrate for the Opus audio codec by setting its
+    // 'maxaveragebitrate' parameter. Currently not available in p2p mode.
+    // Valid values are in the range 6000 to 510000
+    // opusMaxAverageBitrate: 20000,
 
     // Enables support for opus-red (redundancy for Opus).
     // enableOpusRed: false,
 
-    // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio.
-    // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC.
-    // Specify enableOpusDtx to enable support for opus-dtx where
-    // audio packets won’t be transmitted while participant is silent or muted.
-    // audioQuality: {
-    //     stereo: false,
-    //     opusMaxAverageBitrate: null, // Value to fit the 6000 to 510000 range.
-    //     enableOpusDtx: false,
-    // },
-
-    // Noise suppression configuration. By default rnnoise is used. Optionally Krisp
-    // can be used by enabling it below, but the Krisp JS SDK files must be supplied in your
-    // installation. Specifically, these files are needed:
-    //   - https://meet.example.com/libs/krisp/krisp.mjs
-    //   - https://meet.example.com/libs/krisp/models/model_8.kw
-    //   - https://meet.example.com/libs/krisp/models/model_nc.kw
-    //   - https://meet.example.com/libs/krisp/models/model_bvc.kw
-    //   - https://meet.example.com/libs/krisp/assets/bvc-allowed.txt
-    //     In case when you have known BVC supported devices and you want to extend allowed devices list
-    //   - https://meet.example.com/libs/krisp/assets/bvc-allowed-ext.txt
-    //     In case when you have known BVC supported devices and you want to extend allowed devices list
-    //   - https://meet.example.com/libs/krisp/models/model_inbound_8.kw
-    //   - https://meet.example.com/libs/krisp/models/model_inbound_16.kw
-    //     In case when you want to use inbound noise suppression models
-    // NOTE: Krisp JS SDK v2.0.0 was tested.
-    // noiseSuppression: {
-    //     krisp: {
-    //         enabled: false,
-    //         logProcessStats: false,
-    //         debugLogs: false,
-    //         useBVC: false,
-    //         bufferOverflowMS: 1000,
-    //         inboundModels: {
-    //             modelInbound8: 'model_inbound_8.kef',
-    //             modelInbound16: 'model_inbound_16.kef',
-    //         },
-    //         preloadInboundModels: {
-    //             modelInbound8: 'model_inbound_8.kef',
-    //             modelInbound16: 'model_inbound_16.kef',
-    //         },
-    //         preloadModels: {
-    //             modelBVC: 'model_bvc.kef',
-    //             model8: 'model_8.kef',
-    //             modelNC: 'model_nc_mq.kef',
-    //         },
-    //         models: {
-    //             modelBVC: 'model_bvc.kef',
-    //             model8: 'model_8.kef',
-    //             modelNV: 'model_nc_mq.kef',
-    //         },
-    //         bvc: {
-    //             allowedDevices: 'bvc-allowed.txt',
-    //             allowedDevicesExt: 'bvc-allowed-ext.txt',
-    //         }
-    //     },
-    // },
-
     // Video
 
-    // Sets the default camera facing mode.
-    // cameraFacingMode: 'user',
-
     // Sets the preferred resolution (height) for local video. Defaults to 720.
     // resolution: 720,
 
-    // DEPRECATED. Please use raisedHands.disableRemoveRaisedHandOnFocus instead.
-    // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not
-    // disableRemoveRaisedHandOnFocus: false,
-
-    // Specifies which raised hand related config should be set.
-    // raisedHands: {
-    //     // Specifies whether the raised hand can be lowered by moderator.
-    //     disableLowerHandByModerator: false,
-
-    //     // Specifies whether there is a notification before hiding the raised hand
-    //     // when someone becomes the dominant speaker.
-    //     disableLowerHandNotification: true,
-
-    //     // Specifies whether there is a notification when you are the next speaker in line.
-    //     disableNextSpeakerNotification: false,
-
-    //     // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not.
-    //     disableRemoveRaisedHandOnFocus: false,
-    // },
-
-    // speakerStats: {
-    //     // Specifies whether the speaker stats is enable or not.
-    //     disabled: false,
-
-    //     // Specifies whether there will be a search field in speaker stats or not.
-    //     disableSearch: false,
-
-    //     // Specifies whether participants in speaker stats should be ordered or not, and with what priority.
-    //     // 'role', <- Moderators on top.
-    //     // 'name', <- Alphabetically by name.
-    //     // 'hasLeft', <- The ones that have left in the bottom.
-    //     order: [
-    //         'role',
-    //         'name',
-    //         'hasLeft',
-    //     ],
-    // },
-
-    // DEPRECATED. Please use speakerStats.disableSearch instead.
-    // Specifies whether there will be a search field in speaker stats or not
-    // disableSpeakerStatsSearch: false,
-
-    // DEPRECATED. Please use speakerStats.order .
-    // Specifies whether participants in speaker stats should be ordered or not, and with what priority
-    // speakerStatsOrder: [
-    //  'role', <- Moderators on top
-    //  'name', <- Alphabetically by name
-    //  'hasLeft', <- The ones that have left in the bottom
-    // ], <- the order of the array elements determines priority
-
     // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
     // Use -1 to disable.
     // maxFullResolutionParticipants: 2,
@@ -355,15 +156,20 @@ var config = {
     //         height: {
     //             ideal: 720,
     //             max: 720,
-    //             min: 240,
-    //         },
-    //     },
+    //             min: 240
+    //         }
+    //     }
     // },
 $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
 
     // Enable / disable simulcast support.
     // disableSimulcast: false,
 
+    // Enable / disable layer suspension.  If enabled, endpoints whose HD
+    // layers are not in use will be suspended (no longer sent) until they
+    // are requested again.
+    // enableLayerSuspension: false,
+
     // Every participant after the Nth will start video muted.
     startVideoMuted: ${START_VIDEO_MUTED},
 
@@ -371,250 +177,119 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // applied locally. FIXME: having these 2 options is confusing.
     // startWithVideoMuted: false,
 
+    // If set to true, prefer to use the H.264 video codec (if supported).
+    // Note that it's not recommended to do this because simulcast is not
+    // supported when  using H.264. For 1-to-1 calls this setting is enabled by
+    // default and can be toggled in the p2p section.
+    // This option has been deprecated, use preferredCodec under videoQuality section instead.
+    // preferH264: true,
+
+    // If set to true, disable H.264 video codec by stripping it out of the
+    // SDP.
+    // disableH264: false,
+
     // Desktop sharing
 
     // Optional desktop sharing frame rate options. Default value: min:5, max:5.
-    // Setting higher min/max values will affect the resolution, it makes it worse.
     // desktopSharingFrameRate: {
     //     min: 5,
-    //     max: 5,
+    //     max: 5
     // },
 
-    // Optional screenshare settings that give more control over screen capture in the browser.
-    // screenShareSettings: {
-    //      // Show users the current tab is the preferred capture source, default: false.
-    //      desktopPreferCurrentTab: false,
-    //      // Allow users to select system audio, default: include.
-    //      desktopSystemAudio: 'include',
-    //      // Allow users to seamlessly switch which tab they are sharing without having to select the tab again.
-    //      desktopSurfaceSwitching: 'include',
-    //      // Allow a user to be shown a preference for what screen is to be captured, default: unset.
-    //      desktopDisplaySurface: undefined,
-    //      // Allow users to select the current tab as a capture source, default: exclude.
-    //      desktopSelfBrowserSurface: 'exclude'
-    // },
+    // Try to start calls with screen-sharing instead of camera video.
+    // startScreenSharing: false,
 
     // Recording
 
+    // Whether to enable file recording or not.
+    // fileRecordingsEnabled: false,
     // Enable the dropbox integration.
     // dropbox: {
-    //     appKey: '<APP_KEY>', // Specify your app key here.
+    //     appKey: '<APP_KEY>' // Specify your app key here.
     //     // A URL to redirect the user to, after authenticating
     //     // by default uses:
-    //     // 'https://${DOMAIN}/static/oauth.html'
+    //     // 'https://${JITSI_HOST}/static/oauth.html'
     //     redirectURI:
-    //          'https://${DOMAIN}/subfolder/static/oauth.html',
+    //          'https://${JITSI_HOST}/subfolder/static/oauth.html'
     // },
-
-    // configuration for all things recording related. Existing settings will be migrated here in the future.
-    // recordings: {
-    //    // IF true (default) recording audio and video is selected by default in the recording dialog.
-    //    // recordAudioAndVideo: true,
-    //    // If true, shows a notification at the start of the meeting with a call to action button
-    //    // to start recording (for users who can do so).
-    //    // suggestRecording: true,
-    //    // If true, shows a warning label in the prejoin screen to point out the possibility that
-    //    // the call you're joining might be recorded.
-    //    // showPrejoinWarning: true,
-    //    // If true, the notification for recording start will display a link to download the cloud recording.
-    //    // showRecordingLink: true,
-    //    // If true, mutes audio and video when a recording begins and displays a dialog
-    //    // explaining the effect of unmuting.
-    //    // requireConsent: true,
-    //    // If true consent will be skipped for users who are already in the meeting.
-    //    // skipConsentInMeeting: true,
-    //    // Link for the recording consent dialog's "Learn more" link.
-    //    // consentLearnMoreLink: 'https://jitsi.org/meet/consent',
-    // },
-
-    // recordingService: {
-    //     // When integrations like dropbox are enabled only that will be shown,
-    //     // by enabling fileRecordingsServiceEnabled, we show both the integrations
-    //     // and the generic recording service (its configuration and storage type
-    //     // depends on jibri configuration)
-    //     enabled: false,
-
-    //     // Whether to show the possibility to share file recording with other people
-    //     // (e.g. meeting participants), based on the actual implementation
-    //     // on the backend.
-    //     sharingEnabled: false,
-
-    //     // Hide the warning that says we only store the recording for 24 hours.
-    //     hideStorageWarning: false,
-    // },
-
-    // DEPRECATED. Use recordingService.enabled instead.
+    // When integrations like dropbox are enabled only that will be shown,
+    // by enabling fileRecordingsServiceEnabled, we show both the integrations
+    // and the generic recording service (its configuration and storage type
+    // depends on jibri configuration)
     // fileRecordingsServiceEnabled: false,
-
-    // DEPRECATED. Use recordingService.sharingEnabled instead.
+    // Whether to show the possibility to share file recording with other people
+    // (e.g. meeting participants), based on the actual implementation
+    // on the backend.
     // fileRecordingsServiceSharingEnabled: false,
 
-    // Local recording configuration.
-    // localRecording: {
-    //     // Whether to disable local recording or not.
-    //     disable: false,
-
-    //     // Whether to notify all participants when a participant is recording locally.
-    //     notifyAllParticipants: false,
-
-    //     // Whether to disable the self recording feature (only local participant streams).
-    //     disableSelfRecording: false,
-    // },
-
-    // Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
-    // liveStreaming: {
-    //    // Whether to enable live streaming or not.
-    //    enabled: false,
-    //    // Terms link
-    //    termsLink: 'https://www.youtube.com/t/terms',
-    //    // Data privacy link
-    //    dataPrivacyLink: 'https://policies.google.com/privacy',
-    //    // RegExp string that validates the stream key input field
-    //    validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
-    //    // Documentation reference for the live streaming feature.
-    //    helpLink: 'https://jitsi.org/live'
-    // },
-
-    // DEPRECATED. Use liveStreaming.enabled instead.
+    // Whether to enable live streaming or not.
     // liveStreamingEnabled: false,
 
-    // DEPRECATED. Use transcription.enabled instead.
+    // Transcription (in interface_config,
+    // subtitles and buttons can be configured)
     // transcribingEnabled: false,
 
-    // DEPRECATED. Use transcription.useAppLanguage instead.
-    // transcribeWithAppLanguage: true,
-
-    // DEPRECATED. Use transcription.preferredLanguage instead.
-    // preferredTranscribeLanguage: 'en-US',
-
-    // DEPRECATED. Use transcription.autoTranscribeOnRecord instead.
+    // Enables automatic turning on captions when recording is started
     // autoCaptionOnRecord: false,
 
-    // Transcription options.
-    // transcription: {
-    //     // Whether the feature should be enabled or not.
-    //     enabled: false,
-
-    //     // Translation languages.
-    //     // Available languages can be found in
-    //     // ./lang/translation-languages.json.
-    //     translationLanguages: ['en', 'es', 'fr', 'ro'],
-
-    //     // Important languages to show on the top of the language list.
-    //     translationLanguagesHead: ['en'],
-
-    //     // If true transcriber will use the application language.
-    //     // The application language is either explicitly set by participants in their settings or automatically
-    //     // detected based on the environment, e.g. if the app is opened in a chrome instance which
-    //     // is using french as its default language then transcriptions for that participant will be in french.
-    //     // Defaults to true.
-    //     useAppLanguage: true,
-
-    //     // Transcriber language. This settings will only work if "useAppLanguage"
-    //     // is explicitly set to false.
-    //     // Available languages can be found in
-    //     // ./src/react/features/transcribing/transcriber-langs.json.
-    //     preferredLanguage: 'en-US',
-
-    //     // Enables automatic turning on transcribing when recording is started
-    //     autoTranscribeOnRecord: false,
-
-    //     // Enables automatic request of subtitles when transcriber is present in the meeting, uses the default
-    //     // language that is set
-    //     autoCaptionOnTranscribe: false,
-    //
-    //     // Disables everything related to closed captions - the tab in the chat area, the button in the menu,
-    //     // subtitles on stage and the "Show subtitles on stage" checkbox in the settings.
-    //     // Note: Starting transcriptions from the recording dialog will still work.
-    //     disableClosedCaptions: false,
-
-    //     // Whether to invite jigasi when backend transcriptions are enabled (asyncTranscription is true in metadata).
-    //     // By default, we invite it.
-    //     inviteJigasiOnBackendTranscribing: true,
-    // },
-
     // Misc
 
     // Default value for the channel "last N" attribute. -1 for unlimited.
     channelLastN: ${CHANNEL_LAST_N},
 
-    // Connection indicators
-    // connectionIndicators: {
-    //     autoHide: true,
-    //     autoHideTimeout: 5000,
-    //     disabled: false,
-    //     disableDetails: false,
-    //     inactiveDisabled: false
+    // Provides a way to use different "last N" values based on the number of participants in the conference.
+    // The keys in an Object represent number of participants and the values are "last N" to be used when number of
+    // participants gets to or above the number.
+    //
+    // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
+    // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
+    // will be used as default until the first threshold is reached.
+    //
+    // lastNLimits: {
+    //     5: 20,
+    //     30: 15,
+    //     50: 10,
+    //     70: 5,
+    //     90: 2
     // },
 
-    // Provides a way for the lastN value to be controlled through the UI.
-    // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN
-    // value will be used when the quality level is selected using "Manage Video Quality" slider.
-    // startLastN: 1,
+    // Provides a way to translate the legacy bridge signaling messages, 'LastNChangedEvent',
+    // 'SelectedEndpointsChangedEvent' and 'ReceiverVideoConstraint' into the new 'ReceiverVideoConstraints' message
+    // that invokes the new bandwidth allocation algorithm in the bridge which is described here
+    // - https://github.com/jitsi/jitsi-videobridge/blob/master/doc/allocation.md.
+    // useNewBandwidthAllocationStrategy: false,
 
     // Specify the settings for video quality optimizations on the client.
     // videoQuality: {
+    //    // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
+    //    // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
+    //    // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
+    //    // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
+    //    disabledCodec: 'H264',
     //
-    //    // Provides a way to set the codec preference on desktop based endpoints.
-    //    codecPreferenceOrder: [ 'AV1', 'VP9', 'VP8', 'H264' ],
+    //    // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
+    //    // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
+    //    // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
+    //    // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
+    //    // to take effect.
+    //    preferredCodec: 'VP8',
     //
-    //    // Provides a way to set the codec for screenshare.
-    //    screenshareCodec: 'AV1',
-    //    mobileScreenshareCodec: 'VP8',
-    //
-    //    // Enables the adaptive mode in the client that will make runtime adjustments to selected codecs and received
-    //    // videos for a better user experience. This mode will kick in only when CPU overuse is reported in the
-    //    // WebRTC statistics for the outbound video streams.
-    //    enableAdaptiveMode: false,
-    //
-    //    // Codec specific settings for scalability modes and max bitrates.
-    //    av1: {
-    //      maxBitratesVideo: {
-    //          low: 100000,
-    //          standard: 300000,
-    //          high: 1000000,
-    //          fullHd: 2000000,
-    //          ultraHd: 4000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true,
-    //      useSimulcast: false,
-    //      useKSVC: true
-    //    },
-    //    h264: {
-    //      maxBitratesVideo: {
-    //          low: 200000,
-    //          standard: 500000,
-    //          high: 1500000,
-    //          fullHd: 3000000,
-    //          ultraHd: 6000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true
-    //    },
-    //    vp8: {
-    //      maxBitratesVideo: {
-    //          low: 200000,
-    //          standard: 500000,
-    //          high: 1500000,
-    //          fullHd: 3000000,
-    //          ultraHd: 6000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: false
-    //    },
-    //    vp9: {
-    //      maxBitratesVideo: {
-    //          low: 100000,
-    //          standard: 300000,
-    //          high: 1200000,
-    //          fullHd: 2500000,
-    //          ultraHd: 5000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true,
-    //      useSimulcast: false,
-    //      useKSVC: true
+    //    // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
+    //    // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
+    //    // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
+    //    // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
+    //    // This is currently not implemented on app based clients on mobile.
+    //    maxBitratesVideo: {
+    //          VP8 : {
+    //              low: 200000,
+    //              standard: 500000,
+    //              high: 1500000
+    //          },
+    //          VP9: {
+    //              low: 100000,
+    //              standard: 300000,
+    //              high:  1200000
+    //          }
     //    },
     //
     //    // The options can be used to override default thresholds of video thumbnail heights corresponding to
@@ -629,20 +304,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     //    // the high quality.
     //    minHeightForQualityLvl: {
     //        360: 'standard',
-    //        720: 'high',
+    //        720: 'high'
     //    },
     //
-    //    // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based endpoint
-    //    mobileCodecPreferenceOrder: [ 'VP8', 'VP9', 'H264', 'AV1' ],
-    // },
-
-    // Notification timeouts
-    // notificationTimeouts: {
-    //     short: 2500,
-    //     medium: 5000,
-    //     long: 10000,
-    //     extraLong: 60000,
-    //     sticky: 0,
+    //    // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas
+    //    // for the presenter mode (camera picture-in-picture mode with screenshare).
+    //    resizeDesktopForPresenter: false
     // },
 
     // // Options for the recording limit notification.
@@ -657,23 +324,29 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     //    appName: 'Unlimited recordings APP',
     //
     //    // The URL of the app with unlimited recordings.
-    //    appURL: 'https://unlimited.recordings.app.com/',
+    //    appURL: 'https://unlimited.recordings.app.com/'
     // },
 
     // Disables or enables RTX (RFC 4588) (defaults to false).
     // disableRtx: false,
 
-    // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event.
-    // disableBeforeUnloadHandlers: true,
-
     // Disables or enables TCC support in this client (default: enabled).
     // enableTcc: true,
 
     // Disables or enables REMB support in this client (default: enabled).
     // enableRemb: true,
 
+    // Enables ICE restart logic in LJM and displays the page reload overlay on
+    // ICE failure. Current disabled by default because it's causing issues with
+    // signaling when Octo is enabled. Also when we do an "ICE restart"(which is
+    // not a real ICE restart), the client maintains the TCC sequence number
+    // counter, but the bridge resets it. The bridge sends media packets with
+    // TCC sequence numbers starting from 0.
+    // enableIceRestart: false,
+
     // Enables forced reload of the client when the call is migrated as a result of
-    // the bridge going down.
+    // the bridge going down. Currently enabled by default as call migration through
+    // session-terminate is causing siganling issues when Octo is enabled.
     // enableForcedReload: true,
 
     // Use TURN/UDP servers for the jitsi-videobridge connection (by default
@@ -681,70 +354,21 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // bridge itself is reachable via UDP)
     // useTurnUdp: false
 
-    // Enable support for encoded transform in supported browsers. This allows
-    // E2EE to work in Safari if the corresponding flag is enabled in the browser.
-    // Experimental.
-    // enableEncodedTransformSupport: false,
-
     // UI
     //
 
     // Disables responsive tiles.
     // disableResponsiveTiles: false,
 
-    // DEPRECATED. Please use \`securityUi?.hideLobbyButton\` instead.
-    // Hides lobby button.
+    // Hides lobby button
     // hideLobbyButton: false,
 
-    // DEPRECATED. Please use \`lobby?.autoKnock\` instead.
-    // If Lobby is enabled starts knocking automatically.
-    // autoKnockLobby: false,
-
-    // DEPRECATED. Please use \`lobby?.enableChat\` instead.
-    // Enable lobby chat.
-    // enableLobbyChat: true,
-
-    // DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead.
-    // Hides add breakout room button
-    // hideAddRoomButton: false,
-
     // Require users to always specify a display name.
     // requireDisplayName: true,
 
-    // Enables webhid functionality for Audio.
-    // enableWebHIDFeature: false,
-
-    // DEPRECATED! Use 'welcomePage.disabled' instead.
     // Whether to use a welcome page or not. In case it's false a random room
     // will be joined when no room is specified.
-    // enableWelcomePage: true,
-
-    // Configs for welcome page.
-    // welcomePage: {
-    //     // Whether to disable welcome page. In case it's disabled a random room
-    //     // will be joined when no room is specified.
-    //     disabled: false,
-    //     // If set, landing page will redirect to this URL.
-    //     customUrl: ''
-    // },
-
-    // Configs for the lobby screen.
-    // lobby: {
-    //     // If Lobby is enabled, it starts knocking automatically. Replaces \`autoKnockLobby\`.
-    //     autoKnock: false,
-    //     // Enables the lobby chat. Replaces \`enableLobbyChat\`.
-    //     enableChat: true,
-    //     // Shows the hangup button in the lobby screen.
-    //     showHangUp: true,
-    // },
-
-    // Configs for the security related UI elements.
-    // securityUi: {
-    //     // Hides the lobby button. Replaces \`hideLobbyButton\`.
-    //     hideLobbyButton: false,
-    //     // Hides the possibility to set and enter a lobby password.
-    //     disableLobbyPassword: false,
-    // },
+    enableWelcomePage: true,
 
     // Disable app shortcuts that are registered upon joining a conference
     // disableShortcuts: false,
@@ -758,35 +382,20 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // enableClosePage: false,
 
     // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
-    // Setting this to null, will also disable showing the remote videos
-    // when the toolbar is shown on mouse movements
-    // disable1On1Mode: null | false | true,
+    // disable1On1Mode: false,
 
-    // Default local name to be displayed
-    // defaultLocalDisplayName: 'me',
-
-    // Default remote name to be displayed
-    // defaultRemoteDisplayName: 'Fellow Jitster',
-
-    // Hides the display name from the participant thumbnail
-    // hideDisplayName: false,
-
-    // Hides the dominant speaker name badge that hovers above the toolbox
-    // hideDominantSpeakerBadge: false,
-
-    // Default language for the user interface. Cannot be overwritten.
-    // For iframe integrations, use the \`lang\` option directly instead.
+    // Default language for the user interface.
     defaultLanguage: '${DEFAULT_LANGUAGE}',
 
     // Disables profile and the edit of all fields from the profile settings (display name and email)
     // disableProfile: false,
 
-    // Hides the email section under profile settings.
-    // hideEmailInSettings: false,
+    // Whether or not some features are checked based on token.
+    // enableFeaturesBasedOnToken: false,
 
     // When enabled the password used for locking a room is restricted to up to the number of digits specified
-    // default: roomPasswordNumberOfDigits: false,
     // roomPasswordNumberOfDigits: 10,
+    // default: roomPasswordNumberOfDigits: false,
 
     // Message to show the users. Example: 'The service will be down for
     // maintenance at 01:00 AM GMT,
@@ -796,34 +405,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // and microsoftApiApplicationClientID
     // enableCalendarIntegration: false,
 
-    // Whether to notify when the conference is terminated because it was destroyed.
-    // notifyOnConferenceDestruction: true,
-
-    // The client id for the google APIs used for the calendar integration, youtube livestreaming, etc.
-    // googleApiApplicationClientID: '<client_id>',
-
-    // Configs for prejoin page.
-    // prejoinConfig: {
-    //     // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
-    //     enabled: true,
-    //     // Hides the participant name editing field in the prejoin screen.
-    //     // If requireDisplayName is also set as true, a name should still be provided through
-    //     // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
-    //     hideDisplayName: false,
-    //     // List of buttons to hide from the extra join options dropdown.
-    //     hideExtraJoinButtons: ['no-audio', 'by-phone'],
-    //     // Configuration for pre-call test
-    //     // By setting preCallTestEnabled, you enable the pre-call test in the prejoin page.
-    //     // ICE server credentials need to be provided over the preCallTestICEUrl
-    //     preCallTestEnabled: false,
-    //     preCallTestICEUrl: '',
-    //     // Shows the hangup button in the lobby screen.
-    //     showHangUp: true,
-    // },
-
-    // When 'true', the user cannot edit the display name.
-    // (Mainly useful when used in conjunction with the JWT so the JWT name becomes read only.)
-    // readOnlyName: false,
+    // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
+    // prejoinPageEnabled: false,
 
     // If etherpad integration is enabled, setting this to true will
     // automatically open the etherpad when a participant joins.  This
@@ -837,24 +420,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // set or the lobby is not enabled.
     // enableInsecureRoomNameWarning: false,
 
-    // Array with avatar URL prefixes that need to use CORS.
-    // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
+    // Whether to automatically copy invitation URL after creating a room.
+    // Document should be focused for this option to work
+    // enableAutomaticUrlCopy: false,
 
-    // Base URL for a Gravatar-compatible service. Defaults to Gravatar.
-    // DEPRECATED! Use \`gravatar.baseUrl\` instead.
-    // gravatarBaseURL: 'https://www.gravatar.com/avatar/',
-
-    // Setup for Gravatar-compatible services.
-    // gravatar: {
-    //     // Defaults to Gravatar.
-    //     baseUrl: 'https://www.gravatar.com/avatar/',
-    //     // True if Gravatar should be disabled.
-    //     disabled: false,
-    // },
-
-    // App name to be displayed in the invitation email subject, as an alternative to
-    // interfaceConfig.APP_NAME.
-    // inviteAppName: null,
+    // Base URL for a Gravatar-compatible service. Defaults to libravatar.
+    // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
 
     // Moved from interfaceConfig(TOOLBAR_BUTTONS).
     // The name of the toolbar buttons to display in the toolbar, including the
@@ -863,186 +434,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // some other values in config.js to be enabled. Also, the "profile" button will
     // not display for users with a JWT.
     // Notes:
-    // - it's possible to reorder the buttons in the maintoolbar by changing the order of the mainToolbarButtons
+    // - it's impossible to choose which buttons go in the "More actions" menu
+    // - it's impossible to control the placement of buttons
     // - 'desktop' controls the "Share your screen" button
     // - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI
     // toolbarButtons: [
-    //    'camera',
-    //    'chat',
-    //    'closedcaptions',
-    //    'desktop',
-    //    'download',
-    //    'embedmeeting',
-    //    'etherpad',
-    //    'feedback',
-    //    'filmstrip',
-    //    'fullscreen',
-    //    'hangup',
-    //    'help',
-    //    'highlight',
-    //    'invite',
-    //    'linktosalesforce',
-    //    'livestreaming',
-    //    'microphone',
-    //    'noisesuppression',
-    //    'participants-pane',
-    //    'profile',
-    //    'raisehand',
-    //    'recording',
-    //    'security',
-    //    'select-background',
-    //    'settings',
-    //    'shareaudio',
-    //    'sharedvideo',
-    //    'shortcuts',
-    //    'stats',
-    //    'tileview',
-    //    'toggle-camera',
-    //    'videoquality',
-    //    'whiteboard',
+    //    'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
+    //    'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
+    //    'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand',
+    //    'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
+    //    'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'
     // ],
 
-    // Holds values related to toolbar visibility control.
-    // toolbarConfig: {
-    //     // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT
-    //     // The initial number of milliseconds for the toolbar buttons to be visible on screen.
-    //     initialTimeout: 20000,
-    //     // Moved from interfaceConfig.TOOLBAR_TIMEOUT
-    //     // Number of milliseconds for the toolbar buttons to be visible on screen.
-    //     timeout: 4000,
-    //     // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
-    //     // Whether toolbar should be always visible or should hide after x milliseconds.
-    //     alwaysVisible: false,
-    //     // Indicates whether the toolbar should still autohide when chat is open
-    //     autoHideWhileChatIsOpen: false,
-    //     // Default background color for the main toolbar. Accepts any valid CSS color.
-    //     // backgroundColor: '#ffffff',
-    // },
-
-    // Overrides the buttons displayed in the main toolbar. Depending on the screen size the number of displayed
-    // buttons varies from 2 buttons to 8 buttons. Every array in the mainToolbarButtons array will replace the
-    // corresponding default buttons configuration matched by the number of buttons specified in the array. Arrays with
-    // more than 8 buttons or less then 2 buttons will be ignored. When there there isn't an override for a certain
-    // configuration (for example when 3 buttons are displayed) the default jitsi-meet configuration will be used.
-    // The order of the buttons in the array is preserved.
-    // mainToolbarButtons: [
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'reactions', 'participants-pane', 'tileview' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'participants-pane', 'tileview' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'chat', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'chat' ],
-    //     [ 'microphone', 'camera' ]
-    // ],
-
-    // Toolbar buttons which have their click/tap event exposed through the API on
-    // \`toolbarButtonClicked\`. Passing a string for the button key will
-    // prevent execution of the click/tap routine; passing an object with \`key\` and
-    // \`preventExecution\` flag on false will not prevent execution of the click/tap
-    // routine. Below array with mixed mode for passing the buttons.
-    // buttonsWithNotifyClick: [
-    //     'camera',
-    //     {
-    //         key: 'chat',
-    //         preventExecution: false
-    //     },
-    //     {
-    //         key: 'closedcaptions',
-    //         preventExecution: true
-    //     },
-    //     'desktop',
-    //     'download',
-    //     'embedmeeting',
-    //     'end-meeting',
-    //     'etherpad',
-    //     'feedback',
-    //     'filmstrip',
-    //     'fullscreen',
-    //     'hangup',
-    //     'hangup-menu',
-    //     'help',
-    //     {
-    //         key: 'invite',
-    //         preventExecution: false
-    //     },
-    //     'livestreaming',
-    //     'microphone',
-    //     'mute-everyone',
-    //     'mute-video-everyone',
-    //     'noisesuppression',
-    //     'participants-pane',
-    //     'profile',
-    //     {
-    //         key: 'raisehand',
-    //         preventExecution: true
-    //     },
-    //     'recording',
-    //     'security',
-    //     'select-background',
-    //     'settings',
-    //     'shareaudio',
-    //     'sharedvideo',
-    //     'shortcuts',
-    //     'stats',
-    //     'tileview',
-    //     'toggle-camera',
-    //     'videoquality',
-    //     // The add passcode button from the security dialog.
-    //     {
-    //         key: 'add-passcode',
-    //         preventExecution: false
-    //     },
-    //     'whiteboard',
-    // ],
-
-    // Participant context menu buttons which have their click/tap event exposed through the API on
-    // \`participantMenuButtonClick\`. Passing a string for the button key will
-    // prevent execution of the click/tap routine; passing an object with \`key\` and
-    // \`preventExecution\` flag on false will not prevent execution of the click/tap
-    // routine. Below array with mixed mode for passing the buttons.
-    // participantMenuButtonsWithNotifyClick: [
-    //     'allow-video',
-    //     {
-    //         key: 'ask-unmute',
-    //         preventExecution: false
-    //     },
-    //     'conn-status',
-    //     'flip-local-video',
-    //     'grant-moderator',
-    //     {
-    //         key: 'kick',
-    //         preventExecution: true
-    //     },
-    //     {
-    //         key: 'hide-self-view',
-    //         preventExecution: false
-    //     },
-    //     'mute',
-    //     'mute-others',
-    //     'mute-others-video',
-    //     'mute-video',
-    //     'pinToStage',
-    //     'privateMessage',
-    //     {
-    //         key: 'remote-control',
-    //         preventExecution: false
-    //     },
-    //     'send-participant-to-room',
-    //     'verify',
-    // ],
-
-    // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
-    // 'microphone', 'camera', 'select-background', 'invite', 'settings'
-    // hiddenPremeetingButtons: [],
-
-    // An array with custom option buttons for the participant context menu
-    // type:  Array<{ icon: string; id: string; text: string; }>
-    // customParticipantMenuButtons: [],
-
-    // An array with custom option buttons for the toolbar
-    // type:  Array<{ icon: string; id: string; text: string; backgroundColor?: string; }>
-    // customToolbarButtons: [],
-
     // Stats
     //
 
@@ -1055,33 +458,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     // The interval at which PeerConnection.getStats() is called. Defaults to 10000
     // pcStatsInterval: 10000,
 
-    // Enables sending participants' display names to stats
+    // To enable sending statistics to callstats.io you must provide the
+    // Application ID and Secret.
+    // callStatsID: '',
+    // callStatsSecret: '',
+
+    // Enables sending participants' display names to callstats
     // enableDisplayNameInStats: false,
 
-    // Enables sending participants' emails (if available) to stats and other analytics
+    // Enables sending participants' emails (if available) to callstats and other analytics
     // enableEmailInStats: false,
 
-    // faceLandmarks: {
-    //     // Enables sharing your face coordinates. Used for centering faces within a video.
-    //     enableFaceCentering: false,
-
-    //     // Enables detecting face expressions and sharing data with other participants
-    //     enableFaceExpressionsDetection: false,
-
-    //     // Enables displaying face expressions in speaker stats
-    //     enableDisplayFaceExpressions: false,
-
-    //     // Enable rtc stats for face landmarks
-    //     enableRTCStats: false,
-
-    //     // Minimum required face movement percentage threshold for sending new face centering coordinates data.
-    //     faceCenteringThreshold: 10,
-
-    //     // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
-    //     captureInterval: 1000,
-    // },
-
-    // Controls the percentage of automatic feedback shown to participants.
+    // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
     // The default value is 100%. If set to 0, no automatic feedback will be requested
     // feedbackPercentage: 100,
 
@@ -1089,7 +477,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
     //
 
     // If third party requests are disabled, no other server will be contacted.
-    // This means avatars will be locally generated and external stats integration
+    // This means avatars will be locally generated and callstats integration
     // will not function.
     disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi),
 
@@ -1106,6 +494,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
         // connection.
         enabled: true,
 
+        // The STUN servers that will be used in the peer to peer connections
+        stunServers: [
+
+            { urls: 'stun:${TURN_SERVER}:443' }
+        ]
+
         // Sets the ICE transport policy for the p2p connection. At the time
         // of this writing the list of possible values are 'all' and 'relay',
         // but that is subject to change in the future. The enum is defined in
@@ -1114,74 +508,57 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
         // If not set, the effective value is 'all'.
         // iceTransportPolicy: 'all',
 
-        // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based
-        // endpoints.
-        // mobileCodecPreferenceOrder: [ 'H264', 'VP8', 'VP9', 'AV1' ],
-        //
-        // Provides a way to set the codec preference on desktop based endpoints.
-        // codecPreferenceOrder: [ 'AV1', 'VP9', 'VP8', 'H264 ],
+        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+        // is supported). This setting is deprecated, use preferredCodec instead.
+        // preferH264: true,
 
-        // Provides a way to set the codec for screenshare.
-        // screenshareCodec: 'AV1',
-        // mobileScreenshareCodec: 'VP8',
+        // Provides a way to set the video codec preference on the p2p connection. Acceptable
+        // codec values are 'VP8', 'VP9' and 'H264'.
+        // preferredCodec: 'H264',
+
+        // If set to true, disable H.264 video codec by stripping it out of the
+        // SDP. This setting is deprecated, use disabledCodec instead.
+        // disableH264: false,
+
+        // Provides a way to prevent a video codec from being negotiated on the p2p connection.
+        // disabledCodec: '',
 
         // How long we're going to wait, before going back to P2P after the 3rd
         // participant has left the conference (to filter out page reload).
-        // backToP2PDelay: 5,
-
-        // The STUN servers that will be used in the peer to peer connections
-        stunServers: [
-
-            // { urls: 'stun:jitsi-meet.example.com:3478' },
-            { urls: 'stun:${TURN_SERVER}:443' },
-        ],
+        // backToP2PDelay: 5
     },
 
     analytics: {
-${ANALYTICS_SETTINGS}
-        // True if the analytics should be disabled
-        // disabled: false,
+        // The Google Analytics Tracking ID:
+        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
 
         // Matomo configuration:
         // matomoEndpoint: 'https://your-matomo-endpoint/',
         // matomoSiteID: '42',
 
         // The Amplitude APP Key:
-        // amplitudeAPPKey: '<APP_KEY>',
-
-        // Obfuscates room name sent to analytics (amplitude, rtcstats)
-        // Default value is false.
-        // obfuscateRoomName: false,
+        // amplitudeAPPKey: '<APP_KEY>'
 
         // Configuration for the rtcstats server:
         // By enabling rtcstats server every time a conference is joined the rtcstats
         // module connects to the provided rtcstatsEndpoint and sends statistics regarding
         // PeerConnection states along with getStats metrics polled at the specified
         // interval.
-        // rtcstatsEnabled: false,
-        // rtcstatsStoreLogs: false,
+        // rtcstatsEnabled: true,
 
         // In order to enable rtcstats one needs to provide a endpoint url.
         // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
 
-        // The interval at which rtcstats will poll getStats, defaults to 10000ms.
+        // The interval at which rtcstats will poll getStats, defaults to 1000ms.
         // If the value is set to 0 getStats won't be polled and the rtcstats client
         // will only send data related to RTCPeerConnection events.
-        // rtcstatsPollInterval: 10000,
-
-        // This determines if rtcstats sends the SDP to the rtcstats server or replaces
-        // all SDPs with an empty string instead.
-        // rtcstatsSendSdp: false,
+        // rtcstatsPolIInterval: 1000,
 
         // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
         // scriptURLs: [
-        //      "https://example.com/my-custom-analytics.js",
+        //      "libs/analytics-ga.min.js", // google-analytics
+        //      "https://example.com/my-custom-analytics.js"
         // ],
-
-        // By enabling watchRTCEnabled option you would want to use watchRTC feature
-        // This would also require to configure watchRTCConfigParams.
-        // Please remember to keep rtcstatsEnabled disabled for watchRTC to work.
-        // watchRTCEnabled: false,
     },
 
     // Logs that should go be passed through the 'log' event if a handler is defined for it
@@ -1189,95 +566,62 @@ ${ANALYTICS_SETTINGS}
 
     // Information about the jitsi-meet instance we are connecting to, including
     // the user region as seen by the server.
-    // deploymentInfo: {
-    //     shard: "shard1",
-    //     region: "europe",
-    //     userRegion: "asia",
-    // },
+    deploymentInfo: {
+        // shard: "shard1",
+        // region: "europe",
+        // userRegion: "asia"
+    },
 
-    // Array<string> of disabled sounds.
-    // Possible values:
-    // - 'ASKED_TO_UNMUTE_SOUND'
-    // - 'E2EE_OFF_SOUND'
-    // - 'E2EE_ON_SOUND'
-    // - 'INCOMING_MSG_SOUND'
-    // - 'KNOCKING_PARTICIPANT_SOUND'
-    // - 'LIVE_STREAMING_OFF_SOUND'
-    // - 'LIVE_STREAMING_ON_SOUND'
-    // - 'NO_AUDIO_SIGNAL_SOUND'
-    // - 'NOISY_AUDIO_INPUT_SOUND'
-    // - 'OUTGOING_CALL_EXPIRED_SOUND'
-    // - 'OUTGOING_CALL_REJECTED_SOUND'
-    // - 'OUTGOING_CALL_RINGING_SOUND'
-    // - 'OUTGOING_CALL_START_SOUND'
-    // - 'PARTICIPANT_JOINED_SOUND'
-    // - 'PARTICIPANT_LEFT_SOUND'
-    // - 'RAISE_HAND_SOUND'
-    // - 'REACTION_SOUND'
-    // - 'RECORDING_OFF_SOUND'
-    // - 'RECORDING_ON_SOUND'
-    // - 'TALK_WHILE_MUTED_SOUND'
-    disabledSounds: ['REACTION_SOUND'],  // This is actually intrusive
-
-    // DEPRECATED! Use \`disabledSounds\` instead.
     // Decides whether the start/stop recording audio notifications should play on record.
     // disableRecordAudioNotification: false,
 
-    // DEPRECATED! Use \`disabledSounds\` instead.
     // Disables the sounds that play when other participants join or leave the
     // conference (if set to true, these sounds will not be played).
     // disableJoinLeaveSounds: false,
 
-    // DEPRECATED! Use \`disabledSounds\` instead.
-    // Disables the sounds that play when a chat message is received.
-    // disableIncomingMessageSound: false,
-
     // Information for the chrome extension banner
     // chromeExtensionBanner: {
     //     // The chrome extension to be installed address
     //     url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
-    //     edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
 
     //     // Extensions info which allows checking if they are installed or not
     //     chromeExtensionsInfo: [
     //         {
     //             id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
-    //             path: 'jitsi-logo-48x48.png',
-    //         },
-    //         // Edge extension info
-    //         {
-    //             id: 'eeecajlpbgjppibfledfihobcabccihn',
-    //             path: 'jitsi-logo-48x48.png',
-    //         },
+    //             path: 'jitsi-logo-48x48.png'
+    //         }
     //     ]
     // },
 
-    // e2ee: {
-    //   labels: {
-    //     description: '',
-    //     label: '',
-    //     tooltip: '',
-    //     warning: '',
-    //   },
-    //   externallyManagedKey: false,
-    //   disabled: false,
+    // Local Recording
+    //
+
+    // localRecording: {
+    // Enables local recording.
+    // Additionally, 'localrecording' (all lowercase) needs to be added to
+    // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+    // button to show up on the toolbar.
+    //
+    //     enabled: true,
+    //
+
+    // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+    //     format: 'flac'
+    //
+
     // },
 
     // Options related to end-to-end (participant to participant) ping.
     // e2eping: {
-    //   // Whether ene-to-end pings should be enabled.
-    //   enabled: false,
+    //   // The interval in milliseconds at which pings will be sent.
+    //   // Defaults to 10000, set to <= 0 to disable.
+    //   pingInterval: 10000,
     //
-    //   // The number of responses to wait for.
-    //   numRequests: 5,
-    //
-    //   // The max conference size in which e2e pings will be sent.
-    //   maxConferenceSize: 200,
-    //
-    //   // The maximum number of e2e ping messages per second for the whole conference to aim for.
-    //   // This is used to control the pacing of messages in order to reduce the load on the backend.
-    //   maxMessagesPerSecond: 250,
-    // },
+    //   // The interval in milliseconds at which analytics events
+    //   // with the measured RTT will be sent. Defaults to 60000, set
+    //   // to <= 0 to disable.
+    //   analyticsInterval: 60000,
+    //   },
 
     // If set, will attempt to use the provided video input device label when
     // triggering a screenshare, instead of proceeding through the normal flow
@@ -1286,66 +630,10 @@ ${ANALYTICS_SETTINGS}
     // use only.
     // _desktopSharingSourceDevice: 'sample-id-or-label',
 
-    // DEPRECATED! Use deeplinking.disabled instead.
     // If true, any checks to handoff to another application will be prevented
     // and instead the app will continue to display in the current browser.
     // disableDeepLinking: false,
 
-    // The deeplinking config.
-    // deeplinking: {
-    //
-    //     // The desktop deeplinking config, disabled by default.
-    //     desktop: {
-    //         appName: 'Jitsi Meet',
-    //         appScheme: 'jitsi-meet,
-    //         download: {
-    //             linux:
-    //               'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet-x86_64.AppImage',
-    //             macos: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.dmg',
-    //             windows: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.exe'
-    //         },
-    //         enabled: false
-    //     },
-    //     // If true, any checks to handoff to another application will be prevented
-    //     // and instead the app will continue to display in the current browser.
-    //     disabled: false,
-
-    //     // whether to hide the logo on the deep linking pages.
-    //     hideLogo: false,
-
-    //     // The ios deeplinking config.
-    //     ios: {
-    //         appName: 'Jitsi Meet',
-    //         // Specify mobile app scheme for opening the app from the mobile browser.
-    //         appScheme: 'org.jitsi.meet',
-    //         // Custom URL for downloading ios mobile app.
-    //         downloadLink: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
-    //     },
-
-    //     // The android deeplinking config.
-    //     android: {
-    //         appName: 'Jitsi Meet',
-    //         // Specify mobile app scheme for opening the app from the mobile browser.
-    //         appScheme: 'org.jitsi.meet',
-    //         // Custom URL for downloading android mobile app.
-    //         downloadLink: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
-    //         // Android app package name.
-    //         appPackage: 'org.jitsi.meet',
-    //         fDroidUrl: 'https://f-droid.org/en/packages/org.jitsi.meet/',
-    //     }
-    // },
-
-    // // The terms, privacy and help centre URL's.
-    // // TODO: Check and set these up
-    legalUrls: {
-        helpCentre: '',
-        privacy: '',
-        terms: ''
-    //     helpCentre: 'https://web-cdn.jitsi.net/faq/meet-faq.html',
-    //     privacy: 'https://jitsi.org/meet/privacy',
-    //     terms: 'https://jitsi.org/meet/terms'
-    },
-
     // A property to disable the right click context menu for localVideo
     // the menu has option to flip the locally seen video for local presentations
     // disableLocalVideoFlip: false,
@@ -1359,8 +647,7 @@ ${ANALYTICS_SETTINGS}
     // Disables all invite functions from the app (share, invite, dial out...etc)
     // disableInviteFunctions: true,
 
-    // Disables storing the room name to the recents list. When in an iframe this is ignored and
-    // the room is never stored in the recents list.
+    // Disables storing the room name to the recents list
     // doNotStoreRoom: true,
 
     // Deployment specific URLs.
@@ -1370,143 +657,38 @@ ${ANALYTICS_SETTINGS}
     //    userDocumentationURL: 'https://docs.example.com/video-meetings.html',
     //    // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
     //    // to the specified URL for an app download page.
-    //    downloadAppsUrl: 'https://docs.example.com/our-apps.html',
+    //    downloadAppsUrl: 'https://docs.example.com/our-apps.html'
     // },
 
     // Options related to the remote participant menu.
     // remoteVideoMenu: {
-    //     // Whether the remote video context menu to be rendered or not.
-    //     disabled: true,
-    //     // If set to true the 'Switch to visitor' button will be disabled.
-    //     disableDemote: true,
     //     // If set to true the 'Kick out' button will be disabled.
-    //     disableKick: true,
-    //     // If set to true the 'Grant moderator' button will be disabled.
-    //     disableGrantModerator: true,
-    //     // If set to 'all' the 'Private chat' button will be disabled for all participants.
-    //     // If set to 'allow-moderator-chat' the 'Private chat' button will be available for chats with moderators.
-    //     // If set to 'disable-visitor-chat' the 'Private chat' button will be disabled for visitor-main participant
-    //     // conversations.
-    //     disablePrivateChat: 'all' | 'allow-moderator-chat' | 'disable-visitor-chat',
+    //     disableKick: true
     // },
 
-
     // If set to true all muting operations of remote participants will be disabled.
     // disableRemoteMute: true,
 
+    // Enables support for lip-sync for this client (if the browser supports it).
+    // enableLipSync: false
+
     /**
      External API url used to receive branding specific information.
      If there is no url set or there are missing fields, the defaults are applied.
-     The config file should be in JSON.
      None of the fields are mandatory and the response must have the shape:
-    {
-        // Whether participant can only send group chat message if \`send-groupchat\` feature is enabled in jwt.
-        groupChatRequiresPermission: false,
-        // Whether participant can only create polls if \`create-polls\` feature is enabled in jwt.
-        pollCreationRequiresPermission: false,
-        // The domain url to apply (will replace the domain in the sharing conference link/embed section)
-        inviteDomain: 'example-company.org',
-        // The hex value for the colour used as background
-        backgroundColor: '#fff',
-        // The url for the image used as background
-        backgroundImageUrl: 'https://example.com/background-img.png',
-        // The anchor url used when clicking the logo image
-        logoClickUrl: 'https://example-company.org',
-        // The url used for the image used as logo
-        logoImageUrl: 'https://example.com/logo-img.png',
-        // Endpoint that enables support for salesforce integration with in-meeting resource linking
-        // This is required for:
-        // listing the most recent records - salesforceUrl/records/recents
-        // searching records - salesforceUrl/records?text=${text}
-        // retrieving record details - salesforceUrl/records/${id}?type=${type}
-        // and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
-        // salesforceUrl: 'https://api.example.com/',
-        // Overwrite for pool of background images for avatars
-        avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'],
-        // The lobby/prejoin screen background
-        premeetingBackground: 'url(https://example.com/premeeting-background.png)',
-        // A list of images that can be used as video backgrounds.
-        // When this field is present, the default images will be replaced with those provided.
-        virtualBackgrounds: ['https://example.com/img.jpg'],
-        // Object containing customized icons that should replace the default ones.
-        // The keys need to be the exact same icon names used in here:
-        // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/icons/svg/index.ts
-        // To avoid having the icons trimmed or displayed in an unexpected way, please provide svg
-        // files containing svg xml icons in the size that the default icons come in.
-        customIcons: {
-            IconArrowUp: 'https://example.com/arrow-up.svg',
-            IconDownload: 'https://example.com/download.svg',
-            IconRemoteControlStart: 'https://example.com/remote-start.svg',
-        },
-        // Object containing a theme's properties. It also supports partial overwrites of the main theme.
-        // For a list of all possible theme tokens and their current defaults, please check:
-        // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
-        // For a short explanations on each of the tokens, please check:
-        // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.ts
-        // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code
-        // or they are partially applied.
-        customTheme: {
-            palette: {
-                ui01: "orange !important",
-                ui02: "maroon",
-                surface02: 'darkgreen',
-                ui03: "violet",
-                ui04: "magenta",
-                ui05: "blueviolet",
-                action01: 'green',
-                action01Hover: 'lightgreen',
-                disabled01: 'beige',
-                success02: 'cadetblue',
-                action02Hover: 'aliceblue',
-            },
-            typography: {
-                labelRegular: {
-                    fontSize: 25,
-                    lineHeight: 30,
-                    fontWeight: 500,
-                }
-            }
-        }
-    }
+     {
+         // The hex value for the colour used as background
+         backgroundColor: '#fff',
+         // The url for the image used as background
+         backgroundImageUrl: 'https://example.com/background-img.png',
+         // The anchor url used when clicking the logo image
+         logoClickUrl: 'https://example-company.org',
+         // The url used for the image used as logo
+         logoImageUrl: 'https://example.com/logo-img.png'
+     }
     */
     dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}",
 
-    // A list of allowed URL domains for shared video.
-    //
-    // NOTE:
-    // '*' is allowed value and it will allow any URL to be used for shared video. We do not recommend using '*',
-    // use it at your own risk!
-    // sharedVideoAllowedURLDomains: [ ],
-
-    // Options related to the participants pane.
-    // participantsPane: {
-    //     // Enables feature
-    //     enabled: true,
-    //     // Hides the moderator settings tab.
-    //     hideModeratorSettingsTab: false,
-    //     // Hides the more actions button.
-    //     hideMoreActionsButton: false,
-    //     // Hides the mute all button.
-    //     hideMuteAllButton: false,
-    // },
-
-    // Options related to the breakout rooms feature.
-    // breakoutRooms: {
-    //     // Hides the add breakout room button. This replaces \`hideAddRoomButton\`.
-    //     hideAddRoomButton: false,
-    //     // Hides the auto assign participants button.
-    //     hideAutoAssignButton: false,
-    //     // Hides the join breakout room button.
-    //     hideJoinRoomButton: false,
-    // },
-
-    // When true, virtual background feature will be disabled.
-    // disableVirtualBackground: false,
-
-    // When true the user cannot add more images to be used as virtual background.
-    // Only the default ones from will be available.
-    // disableAddingBackgroundImages: false,
-
     // Sets the background transparency level. '0' is fully transparent, '1' is opaque.
     // backgroundAlpha: 1,
 
@@ -1518,36 +700,11 @@ ${ANALYTICS_SETTINGS}
     // If true, tile view will not be enabled automatically when the participants count threshold is reached.
     // disableTileView: true,
 
-    // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it,
-    // with a 16:9 aspect ratio (old behaviour).
-    // disableTileEnlargement: true,
-
-    // Controls the visibility and behavior of the top header conference info labels.
-    // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
-    // conferenceInfo: {
-    //     // those labels will not be hidden in tandem with the toolbox.
-    //     alwaysVisible: ['recording', 'raised-hands-count'],
-    //     // those labels will be auto-hidden in tandem with the toolbox buttons.
-    //     autoHide: [
-    //         'subject',
-    //         'conference-timer',
-    //         'participants-count',
-    //         'e2ee',
-    //         'video-quality',
-    //         'insecure-room',
-    //         'highlight-moment',
-    //         'top-panel-toggle',
-    //     ]
-    // },
-
     // Hides the conference subject
-    // hideConferenceSubject: false,
+    // hideConferenceSubject: true,
 
     // Hides the conference timer.
-    // hideConferenceTimer: false,
-
-    // Hides the recording label
-    // hideRecordingLabel: false,
+    // hideConferenceTimer: true,
 
     // Hides the participants stats
     // hideParticipantsStats: true,
@@ -1555,116 +712,34 @@ ${ANALYTICS_SETTINGS}
     // Sets the conference subject
     // subject: 'Conference Subject',
 
-    // Sets the conference local subject
-    // localSubject: 'Conference Local Subject',
-
     // This property is related to the use case when jitsi-meet is used via the IFrame API. When the property is true
     // jitsi-meet will use the local storage of the host page instead of its own. This option is useful if the browser
     // is not persisting the local storage inside the iframe.
     // useHostPageLocalStorage: true,
 
-    // Etherpad ("shared document") integration.
-    //
-    // If set, add a "Open shared document" link to the bottom right menu that
-    // will open an etherpad document.
-    // etherpad_base: 'https://your-etherpad-installati.on/p/',
-
-    // To enable information about dial-in access to meetings you need to provide
-    // dialInNumbersUrl and dialInConfCodeUrl.
-    // dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
-    // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
-    // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
-    // or the other way around (more info in resources/cloud-api.swagger)
-
-    // You can use external service for authentication that will redirect back passing a jwt token
-    // You can use tokenAuthUrl config to point to a URL of such service.
-    // The URL for the service supports few params which will be filled in by the code.
-    // tokenAuthUrl:
-    //      'https://myservice.com/auth/{room}?code_challenge_method=S256&code_challenge={code_challenge}&state={state}'
-    // Supported parameters in tokenAuthUrl:
-    //      {room} - will be replaced with the room name
-    //      {code_challenge} - (A web only). A oauth 2.0 code challenge that will be sent to the service. See:
-    //          https://datatracker.ietf.org/doc/html/rfc7636. The code verifier will be saved in the sessionStorage
-    //          under key: 'code_verifier'.
-    //      {state} - A json with the current state before redirecting. Keys that are included in the state:
-    //          - room (The current room name as shown in the address bar)
-    //          - roomSafe (the backend safe room name to use (lowercase), that is passed to the backend)
-    //          - tenant (The tenant if any)
-    //          - config.xxx (all config overrides)
-    //          - interfaceConfig.xxx (all interfaceConfig overrides)
-    //          - ios=true (in case ios mobile app is used)
-    //          - android=true (in case android mobile app is used)
-    //          - electron=true (when web is loaded in electron app)
-    // If there is a logout service you can specify its URL with:
-    // tokenLogoutUrl: 'https://myservice.com/logout'
-    // You can enable tokenAuthUrlAutoRedirect which will detect that you have logged in successfully before
-    // and will automatically redirect to the token service to get the token for the meeting.
-    // tokenAuthUrlAutoRedirect: false
-    // An option to respect the context.tenant jwt field compared to the current tenant from the url
-    // tokenRespectTenant: false,
-    // An option to get for user info (name, picture, email) in the token outside the user context.
-    // Can be used with Firebase tokens.
-    // tokenGetUserInfoOutOfContext: false,
-
-    // You can put an array of values to target different entity types in the invite dialog.
-    // Valid values are "phone", "room", "sip", "user", "videosipgw" and "email"
-    // peopleSearchQueryTypes: ["user", "email"],
-    // Directory endpoint which is called for invite dialog autocomplete
-    // peopleSearchUrl: "https://myservice.com/api/people",
-    // Endpoint which is called to send invitation requests
-    // inviteServiceUrl: "https://myservice.com/api/invite",
-
-    // For external entities (e. g. email), the localStorage key holding the token value for directory authentication
-    // peopleSearchTokenLocation: "mytoken",
-
-
-    // Options related to visitors.
-    // visitors: {
-    //     // Starts audio/video when the participant is promoted from visitor.
-    //     enableMediaOnPromote: {
-    //         audio: true,
-    //         video: true
-    //     },
-    //     // Hides the visitor count for visitors.
-    //     // hideVisitorCountForVisitors: false,
-    //     // Whether to show the join meeting dialog when joining as a visitor.
-    //     // showJoinMeetingDialog: true,
-    // },
-    // The default type of desktop sharing sources that will be used in the electron app.
-    // desktopSharingSources: ['screen', 'window'],
-
-    // Disables the echo cancelation for local audio tracks.
-    // disableAEC: true,
-
-    // Disables the auto gain control for local audio tracks.
-    // disableAGC: true,
-
-    // Disables the audio processing (echo cancelation, auto gain control and noise suppression) for local audio tracks.
-    // disableAP: true,
-
-    // Disables the anoise suppression for local audio tracks.
-    // disableNS: true,
-
-    // Replaces the display name with the JID of the participants.
-    // displayJids: true,
-
-    // Enables disables talk while muted detection.
-    // enableTalkWhileMuted: true,
-
-    // Sets the peer connection ICE transport policy to "relay".
-    // forceTurnRelay: true,
-
     // List of undocumented settings used in jitsi-meet
     /**
      _immediateReloadThreshold
+     debug
+     debugAudioLevels
      deploymentInfo
+     dialInConfCodeUrl
+     dialInNumbersUrl
      dialOutAuthUrl
      dialOutCodesUrl
-     dialOutRegionUrl
      disableRemoteControl
+     displayJids
+     etherpad_base
+     externalConnectUrl
+     firefox_fake_device
+     googleApiApplicationClientID
      iAmRecorder
      iAmSipGateway
      microsoftApiApplicationClientID
+     peopleSearchQueryTypes
+     peopleSearchUrl
+     requireDisplayName
+     tokenAuthUrl
      */
 
     /**
@@ -1678,21 +753,25 @@ ${ANALYTICS_SETTINGS}
     /**
      _peerConnStatusOutOfLastNTimeout
      _peerConnStatusRtcMuteTimeout
+     abTesting
      avgRtpStatsN
+     callStatsConfIDNamespace
+     callStatsCustomScriptUrl
      desktopSharingSources
-     disableLocalStats
+     disableAEC
+     disableAGC
+     disableAP
+     disableHPF
+     disableNS
+     enableTalkWhileMuted
+     forceJVB121Ratio
+     forceTurnRelay
      hiddenDomain
-     hiddenFromRecorderFeatureEnabled
      ignoreStartMuted
      websocketKeepAlive
      websocketKeepAliveUrl
      */
 
-    /**
-     * Default interval (milliseconds) for triggering mouseMoved iframe API event
-     */
-    mouseMoveCallbackInterval: 1000,
-
     /**
         Use this array to configure which notifications will be shown to the user
         The items correspond to the title or description key of that notification
@@ -1703,7 +782,6 @@ ${ANALYTICS_SETTINGS}
     */
     // notifications: [
     //     'connection.CONNFAIL', // shown when the connection fails,
-    //     'dialog.cameraConstraintFailedError', // shown when the camera failed
     //     'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
     //     'dialog.kickTitle', // shown when user has been kicked
     //     'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
@@ -1714,12 +792,10 @@ ${ANALYTICS_SETTINGS}
     //     'dialog.recording', // recording notifications (pending, on, off, limits)
     //     'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
     //     'dialog.reservationError',
-    //     'dialog.screenSharingFailedTitle', // shown when the screen sharing failed
     //     'dialog.serviceUnavailable', // shown when server is not reachable
     //     'dialog.sessTerminated', // shown when there is a failed conference session
     //     'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration
     //     'dialog.tokenAuthFailed', // show when an invalid jwt is used
-    //     'dialog.tokenAuthFailedWithReasons', // show when an invalid jwt is used with the reason behind the error
     //     'dialog.transcribing', // transcribing notifications (pending, off)
     //     'dialOut.statusMessage', // shown when dial out status is updated.
     //     'liveStreaming.busy', // shown when livestreaming service is busy
@@ -1727,45 +803,21 @@ ${ANALYTICS_SETTINGS}
     //     'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
     //     'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
     //     'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
-    //     'notify.audioUnmuteBlockedTitle', // shown when mic unmute blocked
-    //     'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
-    //     'notify.connectedOneMember', // show when a participant joined
-    //     'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
-    //     'notify.connectedTwoMembers', // show when two participants joined simultaneously
-    //     'notify.dataChannelClosed', // shown when the bridge channel has been disconnected
-    //     'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
+    //     'localRecording.localRecording', // shown when a local recording is started
+    //     'notify.disconnected', // shown when a participant has left
+    //     'notify.grantedTo', // shown when moderator rights were granted to a participant
     //     'notify.invitedOneMember', // shown when 1 participant has been invited
     //     'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
     //     'notify.invitedTwoMembers', // shown when 2 participants have been invited
     //     'notify.kickParticipant', // shown when a participant is kicked
-    //     'notify.leftOneMember', // show when a participant left
-    //     'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
-    //     'notify.leftTwoMembers', // show when two participants left simultaneously
-    //     'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
-    //     'notify.localRecordingStarted', // shown when the local recording has been started
-    //     'notify.localRecordingStopped', // shown when the local recording has been stopped
-    //     'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
-    //     'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
-    //     'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
-    //     'notify.moderator', // shown when user gets moderator privilege
     //     'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
     //     'notify.mutedTitle', // shown when user has been muted upon joining,
     //     'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
     //     'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
-    //     'notify.noiseSuppressionFailedTitle', // shown when failed to start noise suppression
-    //     'notify.participantWantsToJoin', // shown when lobby is enabled and participant requests to join meeting
-    //     'notify.participantsWantToJoin', // shown when lobby is enabled and participants request to join meeting
     //     'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
     //     'notify.passwordSetRemotely', // shown when a password has been set remotely
-    //     'notify.raisedHand', // shown when a participant used raise hand,
-    //     'notify.screenShareNoAudio', // shown when the audio could not be shared for the selected screen
-    //     'notify.screenSharingAudioOnlyTitle', // shown when the best performance has been affected by screen sharing
-    //     'notify.selfViewTitle', // show "You can always un-hide the self-view from settings"
+    //     'notify.raisedHand', // shown when a partcipant used raise hand,
     //     'notify.startSilentTitle', // shown when user joined with no audio
-    //     'notify.suboptimalExperienceTitle', // show the browser warning
-    //     'notify.unmute', // shown to moderator when user raises hand during AV moderation
-    //     'notify.videoMutedRemotelyTitle', // shown when user's video is muted by a remote party,
-    //     'notify.videoUnmuteBlockedTitle', // shown when camera unmute and desktop sharing are blocked
     //     'prejoin.errorDialOut',
     //     'prejoin.errorDialOutDisconnected',
     //     'prejoin.errorDialOutFailed',
@@ -1778,161 +830,16 @@ ${ANALYTICS_SETTINGS}
     //     'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
     //     'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
     //     'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
-    //     'transcribing.failed', // shown when transcribing fails
-    // ],
+    //     'transcribing.failedToStart' // shown when transcribing fails to start
+    // ]
 
-    // List of notifications to be disabled. Works in tandem with the above setting.
-    // disabledNotifications: [],
+    // Allow all above example options to include a trailing comma and
+    // prevent fear when commenting out the last value.
+    makeJsonParserHappy: 'even if last key had a trailing comma'
 
-    // Prevent the filmstrip from autohiding when screen width is under a certain threshold
-    // disableFilmstripAutohiding: false,
-
-    // filmstrip: {
-    //     // Disable the vertical/horizontal filmstrip.
-    //     disabled: false,
-    //     // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
-    //     // (width, tiles aspect ratios) through the interfaceConfig options.
-    //     disableResizable: false,
-
-    //     // Disables the stage filmstrip
-    //     // (displaying multiple participants on stage besides the vertical filmstrip)
-    //     disableStageFilmstrip: false,
-
-    //     // Default number of participants that can be displayed on stage.
-    //     // The user can change this in settings. Number must be between 1 and 6.
-    //     stageFilmstripParticipants: 1,
-
-    //     // Disables the top panel (only shown when a user is sharing their screen).
-    //     disableTopPanel: false,
-
-    //     // The minimum number of participants that must be in the call for
-    //     // the top panel layout to be used.
-    //     minParticipantCountForTopPanel: 50,
-
-    //     // The width of the filmstrip on joining meeting. Can be resized afterwards.
-    //     initialWidth: 400,
-
-    //     // Whether the draggable resize bar of the filmstrip is always visible. Setting this to true will make
-    //     // the filmstrip always visible in case \`disableResizable\` is false.
-    //     alwaysShowResizeBar: true,
-    // },
-
-    // Tile view related config options.
-    // tileView: {
-    //     // Whether tileview should be disabled.
-    //     disabled: false,
-    //     // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
-    //     // not be possible to show the exact number of participants specified here.
-    //     numberOfVisibleTiles: 25,
-    // },
-
-    // Specifies whether the chat emoticons are disabled or not
-    // disableChatSmileys: false,
-
-    // Settings for the GIPHY integration.
-    // giphy: {
-    //     // Whether the feature is enabled or not.
-    //     enabled: false,
-    //     // SDK API Key from Giphy.
-    //     sdkKey: '',
-    //     // Display mode can be one of:
-    //     // - tile: show the GIF on the tile of the participant that sent it.
-    //     // - chat: show the GIF as a message in chat
-    //     // - all: all of the above. This is the default option
-    //     displayMode: 'all',
-    //     // How long the GIF should be displayed on the tile (in milliseconds).
-    //     tileTime: 5000,
-    //     // Limit results by rating: g, pg, pg-13, r. Default value: g.
-    //     rating: 'pg',
-    // },
-
-    // Logging
-    // logging: {
-    //      // Default log level for the app and lib-jitsi-meet.
-    //      defaultLogLevel: 'trace',
-    //      // Option to disable LogCollector.
-    //      //disableLogCollector: true,
-    //      // Individual loggers are customizable.
-    //      loggers: {
-    //          // The following are too verbose in their logging with the default level.
-    //          'modules/RTC/TraceablePeerConnection.js': 'info',
-    //          'modules/xmpp/strophe.util.js': 'log',
-    //      },
-    // },
-
-    // Application logo url
-    // defaultLogoUrl: 'images/watermark.svg',
-
-    // Settings for the Excalidraw whiteboard integration.
-    // whiteboard: {
-    //     // Whether the feature is enabled or not.
-    //     enabled: true,
-    //     // The server used to support whiteboard collaboration.
-    //     // https://github.com/jitsi/excalidraw-backend
-    //     collabServerBaseUrl: 'https://excalidraw-backend.example.com',
-    //     // The user access limit to the whiteboard, introduced as a means
-    //     // to control the performance.
-    //     userLimit: 25,
-    //     // The url for more info about the whiteboard and its usage limitations.
-    //     limitUrl: 'https://example.com/blog/whiteboard-limits',
-    // },
-
-    // The watchRTC initialize config params as described :
-    // https://testrtc.com/docs/installing-the-watchrtc-javascript-sdk/#h-set-up-the-sdk
-    // https://www.npmjs.com/package/@testrtc/watchrtc-sdk
-    // watchRTCConfigParams: {
-    //         /** Watchrtc api key */
-    //         rtcApiKey: string;
-    //         /** Identifier for the session */
-    //         rtcRoomId?: string;
-    //         /** Identifier for the current peer */
-    //         rtcPeerId?: string;
-    //         /**
-    //          * ["tag1", "tag2", "tag3"]
-    //          * @deprecated use 'keys' instead
-    //          */
-    //         rtcTags?: string[];
-    //         /** { "key1": "value1", "key2": "value2"} */
-    //         keys?: any;
-    //         /** Enables additional logging */
-    //         debug?: boolean;
-    //         rtcToken?: string;
-    //         /**
-    //          * @deprecated No longer needed. Use "proxyUrl" instead.
-    //          */
-    //         wsUrl?: string;
-    //         proxyUrl?: string;
-    //         console?: {
-    //             level: string;
-    //             override: boolean;
-    //         };
-    //         allowBrowserLogCollection?: boolean;
-    //         collectionInterval?: number;
-    //         logGetStats?: boolean;
-    // },
-
-    // Hide login button on auth dialog, you may want to enable this if you are using JWT tokens to authenticate users
-    // hideLoginButton: true,
-
-    // If true remove the tint foreground on focused user camera in filmstrip
-    // disableCameraTintForeground: false,
-
-    // File sharign service.
-    // fileSharing: {
-    //     // The URL of the file sharing service API. See resources/file-sharing.yaml for more details.
-    //     apiUrl: 'https://example.com',
-    //     // Whether the file sharing service is enabled or not.
-    //     enabled: true,
-    //     // Maximum file size limit (-1 value disables any file size limit check)
-    //     maxFileSize: 50,
-    // },
+    // no configuration value should follow this line.
 };
 
-// Set the default values for JaaS customers
-if (enableJaaS) {
-    config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
-    config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
-    config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
-}
+/* eslint-enable no-unused-vars, no-var */
 EOF
 )"
diff --git a/type/__jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig
index 07c9095..9d49d52 100644
--- a/type/__jitsi_meet_domain/files/config.js.sh.orig
+++ b/type/__jitsi_meet_domain/files/config.js.sh.orig
@@ -1,28 +1,4 @@
-/* eslint-disable comma-dangle, no-unused-vars, no-var, prefer-template, vars-on-top */
-
-/*
- * NOTE: If you add a new option please remember to document it here:
- * https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
- */
-
-var subdir = '<!--# echo var="subdir" default="" -->';
-var subdomain = '<!--# echo var="subdomain" default="" -->';
-
-if (subdomain) {
-    subdomain = subdomain.substr(0, subdomain.length - 1).split('.')
-        .join('_')
-        .toLowerCase() + '.';
-}
-
-// In case of no ssi provided by the webserver, use empty strings
-if (subdir.startsWith('<!--')) {
-    subdir = '';
-}
-if (subdomain.startsWith('<!--')) {
-    subdomain = '';
-}
-
-var enableJaaS = false;
+/* eslint-disable no-unused-vars, no-var */
 
 var config = {
     // Connection
@@ -42,126 +18,56 @@ var config = {
         // focus: 'focus.jitsi-meet.example.com',
 
         // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
-        muc: 'conference.' + subdomain + 'jitsi-meet.example.com',
+        muc: 'conference.jitsi-meet.example.com'
     },
 
     // BOSH URL. FIXME: use XEP-0156 to discover it.
-    bosh: 'https://jitsi-meet.example.com/' + subdir + 'http-bind',
+    bosh: '//jitsi-meet.example.com/http-bind',
 
-    // Websocket URL (XMPP)
-    websocket: 'wss://jitsi-meet.example.com/' + subdir + 'xmpp-websocket',
+    // Websocket URL
+    // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
 
-    // websocketKeepAliveUrl: 'https://jitsi-meet.example.com/' + subdir + '_unlock',
-
-    // Whether BOSH should be preferred over WebSocket if both are configured.
-    // preferBosh: false,
+    // The name of client node advertised in XEP-0115 'c' stanza
+    clientNode: 'http://jitsi.org/jitsimeet',
 
     // The real JID of focus participant - can be overridden here
     // Do not change username - FIXME: Make focus username configurable
     // https://github.com/jitsi/jitsi-meet/issues/7376
     // focusUserJid: 'focus@auth.jitsi-meet.example.com',
 
-    // Option to send conference requests to jicofo over http (requires nginx rule for it)
-    // conferenceRequestUrl:
-    //   'https://<!--# echo var="http_host" default="jitsi-meet.example.com" -->/' + subdir + 'conference-request/v1',
-
-    // Options related to the bridge (colibri) data channel
-    bridgeChannel: {
-        // If the backend advertises multiple colibri websockets, this options allows
-        // to filter some of them out based on the domain name. We use the first URL
-        // which does not match ignoreDomain, falling back to the first one that matches
-        // ignoreDomain. Has no effect if undefined.
-        // ignoreDomain: 'example.com',
-
-        // Prefer SCTP (WebRTC data channels over the media path) over a colibri websocket.
-        // If SCTP is available in the backend it will be used instead of a WS. Defaults to
-        // false (SCTP is used only if available and no WS are available).
-        // preferSctp: false
-    },
 
     // Testing / experimental features.
     //
 
     testing: {
-        // Allows the setting of a custom bandwidth value from the UI.
-        // assumeBandwidth: true,
-
-        // Enables use of getDisplayMedia in electron
-        // electronUseGetDisplayMedia: false,
-
-        // Enables AV1 codec for FF. Note: By default it is disabled.
-        // enableAV1ForFF: false,
-
-        // Enables the use of the codec selection API supported by the browsers .
-        // enableCodecSelectionAPI: false,
+        // Disables the End to End Encryption feature. Useful for debugging
+        // issues related to insertable streams.
+        // disableE2EE: false,
 
         // P2P test mode disables automatic switching to P2P when there are 2
         // participants in the conference.
-        // p2pTestMode: false,
+        p2pTestMode: false
 
         // Enables the test specific features consumed by jitsi-meet-torture
-        // testMode: false,
+        // testMode: false
 
         // Disables the auto-play behavior of *all* newly created video element.
         // This is useful when the client runs on a host with limited resources.
-        // noAutoPlayVideo: false,
+        // noAutoPlayVideo: false
 
-        // Experiment: Whether to skip interim transcriptions.
-        // skipInterimTranscriptions: false,
+        // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
+        // simulcast is turned off for the desktop share. If presenter is turned
+        // on while screensharing is in progress, the max bitrate is automatically
+        // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
+        // the probability for this to be enabled.
+        // capScreenshareBitrate: 1 // 0 to disable
 
-        // Dump transcripts to a <transcript> element for debugging.
-        // dumpTranscript: false,
-
-        // Log the audio levels.
-        // debugAudioLevels: true,
-
-        // Will replace ice candidates IPs with invalid ones in order to fail ice.
-        // failICE: true,
-
-        // When running on Spot TV, this controls whether to show the recording consent dialog.
-        // If false (default), Spot instances will not show the recording consent dialog.
-        // If true, Spot instances will show the recording consent dialog like regular clients.
-        // showSpotConsentDialog: false,
+        // Enable callstats only for a percentage of users.
+        // This takes a value between 0 and 100 which determines the probability for
+        // the callstats to be enabled.
+        // callStatsThreshold: 5 // enable callstats for 5% of the users.
     },
 
-    // Disables moderator indicators.
-    // disableModeratorIndicator: false,
-
-    // Disables the reactions feature.
-    // disableReactions: true,
-
-    // Disables the reactions moderation feature.
-    // disableReactionsModeration: false,
-
-    // Disables the reactions in chat feature.
-    // disableReactionsInChat: false,
-
-    // Disables polls feature.
-    // disablePolls: false,
-
-    // Disables chat feature entirely including notifications, sounds, and private messages.
-    // disableChat: false,
-
-    // Disables demote button from self-view
-    // disableSelfDemote: false,
-
-    // Disables self-view tile. (hides it from tile view and from filmstrip)
-    // disableSelfView: false,
-
-    // Disables self-view settings in UI
-    // disableSelfViewSettings: false,
-
-    // screenshotCapture : {
-    //      Enables the screensharing capture feature.
-    //      enabled: false,
-    //
-    //      The mode for the screenshot capture feature.
-    //      Can be either 'recording' - screensharing screenshots are taken
-    //      only when the recording is also on,
-    //      or 'always' - screensharing screenshots are always taken.
-    //      mode: 'recording',
-    // }
-
     // Disables ICE/UDP by filtering out local and remote UDP candidates in
     // signalling.
     // webrtcIceUdpDisable: false,
@@ -178,7 +84,6 @@ var config = {
 
     // Disable measuring of audio levels.
     // disableAudioLevels: false,
-
     // audioLevelsInterval: 200,
 
     // Enabling this will run the lib-jitsi-meet no audio detection module which
@@ -191,10 +96,6 @@ var config = {
     // about the call.
     // enableSaveLogs: false,
 
-    // Enabling this will hide the "Show More" link in the GSM popover that can be
-    // used to display more statistics about the connection (IP, Port, protocol, etc).
-    // disableShowMoreStats: true,
-
     // Enabling this will run the lib-jitsi-meet noise detection module which will
     // notify the user if there is noise, other than voice, coming from the current
     // selected microphone. The purpose it to let the user know that the input could
@@ -214,126 +115,21 @@ var config = {
 
     // Enabling it (with #params) will disable local audio output of remote
     // participants and to enable it back a reload is needed.
-    // startSilent: false,
+    // startSilent: false
+
+    // Sets the preferred target bitrate for the Opus audio codec by setting its
+    // 'maxaveragebitrate' parameter. Currently not available in p2p mode.
+    // Valid values are in the range 6000 to 510000
+    // opusMaxAverageBitrate: 20000,
 
     // Enables support for opus-red (redundancy for Opus).
     // enableOpusRed: false,
 
-    // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio.
-    // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC.
-    // Specify enableOpusDtx to enable support for opus-dtx where
-    // audio packets won’t be transmitted while participant is silent or muted.
-    // audioQuality: {
-    //     stereo: false,
-    //     opusMaxAverageBitrate: null, // Value to fit the 6000 to 510000 range.
-    //     enableOpusDtx: false,
-    // },
-
-    // Noise suppression configuration. By default rnnoise is used. Optionally Krisp
-    // can be used by enabling it below, but the Krisp JS SDK files must be supplied in your
-    // installation. Specifically, these files are needed:
-    //   - https://meet.example.com/libs/krisp/krisp.mjs
-    //   - https://meet.example.com/libs/krisp/models/model_8.kw
-    //   - https://meet.example.com/libs/krisp/models/model_nc.kw
-    //   - https://meet.example.com/libs/krisp/models/model_bvc.kw
-    //   - https://meet.example.com/libs/krisp/assets/bvc-allowed.txt
-    //     In case when you have known BVC supported devices and you want to extend allowed devices list
-    //   - https://meet.example.com/libs/krisp/assets/bvc-allowed-ext.txt
-    //     In case when you have known BVC supported devices and you want to extend allowed devices list
-    //   - https://meet.example.com/libs/krisp/models/model_inbound_8.kw
-    //   - https://meet.example.com/libs/krisp/models/model_inbound_16.kw
-    //     In case when you want to use inbound noise suppression models
-    // NOTE: Krisp JS SDK v2.0.0 was tested.
-    // noiseSuppression: {
-    //     krisp: {
-    //         enabled: false,
-    //         logProcessStats: false,
-    //         debugLogs: false,
-    //         useBVC: false,
-    //         bufferOverflowMS: 1000,
-    //         inboundModels: {
-    //             modelInbound8: 'model_inbound_8.kef',
-    //             modelInbound16: 'model_inbound_16.kef',
-    //         },
-    //         preloadInboundModels: {
-    //             modelInbound8: 'model_inbound_8.kef',
-    //             modelInbound16: 'model_inbound_16.kef',
-    //         },
-    //         preloadModels: {
-    //             modelBVC: 'model_bvc.kef',
-    //             model8: 'model_8.kef',
-    //             modelNC: 'model_nc_mq.kef',
-    //         },
-    //         models: {
-    //             modelBVC: 'model_bvc.kef',
-    //             model8: 'model_8.kef',
-    //             modelNV: 'model_nc_mq.kef',
-    //         },
-    //         bvc: {
-    //             allowedDevices: 'bvc-allowed.txt',
-    //             allowedDevicesExt: 'bvc-allowed-ext.txt',
-    //         }
-    //     },
-    // },
-
     // Video
 
-    // Sets the default camera facing mode.
-    // cameraFacingMode: 'user',
-
     // Sets the preferred resolution (height) for local video. Defaults to 720.
     // resolution: 720,
 
-    // DEPRECATED. Please use raisedHands.disableRemoveRaisedHandOnFocus instead.
-    // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not
-    // disableRemoveRaisedHandOnFocus: false,
-
-    // Specifies which raised hand related config should be set.
-    // raisedHands: {
-    //     // Specifies whether the raised hand can be lowered by moderator.
-    //     disableLowerHandByModerator: false,
-
-    //     // Specifies whether there is a notification before hiding the raised hand
-    //     // when someone becomes the dominant speaker.
-    //     disableLowerHandNotification: true,
-
-    //     // Specifies whether there is a notification when you are the next speaker in line.
-    //     disableNextSpeakerNotification: false,
-
-    //     // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not.
-    //     disableRemoveRaisedHandOnFocus: false,
-    // },
-
-    // speakerStats: {
-    //     // Specifies whether the speaker stats is enable or not.
-    //     disabled: false,
-
-    //     // Specifies whether there will be a search field in speaker stats or not.
-    //     disableSearch: false,
-
-    //     // Specifies whether participants in speaker stats should be ordered or not, and with what priority.
-    //     // 'role', <- Moderators on top.
-    //     // 'name', <- Alphabetically by name.
-    //     // 'hasLeft', <- The ones that have left in the bottom.
-    //     order: [
-    //         'role',
-    //         'name',
-    //         'hasLeft',
-    //     ],
-    // },
-
-    // DEPRECATED. Please use speakerStats.disableSearch instead.
-    // Specifies whether there will be a search field in speaker stats or not
-    // disableSpeakerStatsSearch: false,
-
-    // DEPRECATED. Please use speakerStats.order .
-    // Specifies whether participants in speaker stats should be ordered or not, and with what priority
-    // speakerStatsOrder: [
-    //  'role', <- Moderators on top
-    //  'name', <- Alphabetically by name
-    //  'hasLeft', <- The ones that have left in the bottom
-    // ], <- the order of the array elements determines priority
-
     // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
     // Use -1 to disable.
     // maxFullResolutionParticipants: 2,
@@ -348,14 +144,19 @@ var config = {
     //         height: {
     //             ideal: 720,
     //             max: 720,
-    //             min: 240,
-    //         },
-    //     },
+    //             min: 240
+    //         }
+    //     }
     // },
 
     // Enable / disable simulcast support.
     // disableSimulcast: false,
 
+    // Enable / disable layer suspension.  If enabled, endpoints whose HD
+    // layers are not in use will be suspended (no longer sent) until they
+    // are requested again.
+    // enableLayerSuspension: false,
+
     // Every participant after the Nth will start video muted.
     // startVideoMuted: 10,
 
@@ -363,250 +164,119 @@ var config = {
     // applied locally. FIXME: having these 2 options is confusing.
     // startWithVideoMuted: false,
 
+    // If set to true, prefer to use the H.264 video codec (if supported).
+    // Note that it's not recommended to do this because simulcast is not
+    // supported when  using H.264. For 1-to-1 calls this setting is enabled by
+    // default and can be toggled in the p2p section.
+    // This option has been deprecated, use preferredCodec under videoQuality section instead.
+    // preferH264: true,
+
+    // If set to true, disable H.264 video codec by stripping it out of the
+    // SDP.
+    // disableH264: false,
+
     // Desktop sharing
 
     // Optional desktop sharing frame rate options. Default value: min:5, max:5.
-    // Setting higher min/max values will affect the resolution, it makes it worse.
     // desktopSharingFrameRate: {
     //     min: 5,
-    //     max: 5,
+    //     max: 5
     // },
 
-    // Optional screenshare settings that give more control over screen capture in the browser.
-    // screenShareSettings: {
-    //      // Show users the current tab is the preferred capture source, default: false.
-    //      desktopPreferCurrentTab: false,
-    //      // Allow users to select system audio, default: include.
-    //      desktopSystemAudio: 'include',
-    //      // Allow users to seamlessly switch which tab they are sharing without having to select the tab again.
-    //      desktopSurfaceSwitching: 'include',
-    //      // Allow a user to be shown a preference for what screen is to be captured, default: unset.
-    //      desktopDisplaySurface: undefined,
-    //      // Allow users to select the current tab as a capture source, default: exclude.
-    //      desktopSelfBrowserSurface: 'exclude'
-    // },
+    // Try to start calls with screen-sharing instead of camera video.
+    // startScreenSharing: false,
 
     // Recording
 
+    // Whether to enable file recording or not.
+    // fileRecordingsEnabled: false,
     // Enable the dropbox integration.
     // dropbox: {
-    //     appKey: '<APP_KEY>', // Specify your app key here.
+    //     appKey: '<APP_KEY>' // Specify your app key here.
     //     // A URL to redirect the user to, after authenticating
     //     // by default uses:
     //     // 'https://jitsi-meet.example.com/static/oauth.html'
     //     redirectURI:
-    //          'https://jitsi-meet.example.com/subfolder/static/oauth.html',
+    //          'https://jitsi-meet.example.com/subfolder/static/oauth.html'
     // },
-
-    // configuration for all things recording related. Existing settings will be migrated here in the future.
-    // recordings: {
-    //    // IF true (default) recording audio and video is selected by default in the recording dialog.
-    //    // recordAudioAndVideo: true,
-    //    // If true, shows a notification at the start of the meeting with a call to action button
-    //    // to start recording (for users who can do so).
-    //    // suggestRecording: true,
-    //    // If true, shows a warning label in the prejoin screen to point out the possibility that
-    //    // the call you're joining might be recorded.
-    //    // showPrejoinWarning: true,
-    //    // If true, the notification for recording start will display a link to download the cloud recording.
-    //    // showRecordingLink: true,
-    //    // If true, mutes audio and video when a recording begins and displays a dialog
-    //    // explaining the effect of unmuting.
-    //    // requireConsent: true,
-    //    // If true consent will be skipped for users who are already in the meeting.
-    //    // skipConsentInMeeting: true,
-    //    // Link for the recording consent dialog's "Learn more" link.
-    //    // consentLearnMoreLink: 'https://jitsi.org/meet/consent',
-    // },
-
-    // recordingService: {
-    //     // When integrations like dropbox are enabled only that will be shown,
-    //     // by enabling fileRecordingsServiceEnabled, we show both the integrations
-    //     // and the generic recording service (its configuration and storage type
-    //     // depends on jibri configuration)
-    //     enabled: false,
-
-    //     // Whether to show the possibility to share file recording with other people
-    //     // (e.g. meeting participants), based on the actual implementation
-    //     // on the backend.
-    //     sharingEnabled: false,
-
-    //     // Hide the warning that says we only store the recording for 24 hours.
-    //     hideStorageWarning: false,
-    // },
-
-    // DEPRECATED. Use recordingService.enabled instead.
+    // When integrations like dropbox are enabled only that will be shown,
+    // by enabling fileRecordingsServiceEnabled, we show both the integrations
+    // and the generic recording service (its configuration and storage type
+    // depends on jibri configuration)
     // fileRecordingsServiceEnabled: false,
-
-    // DEPRECATED. Use recordingService.sharingEnabled instead.
+    // Whether to show the possibility to share file recording with other people
+    // (e.g. meeting participants), based on the actual implementation
+    // on the backend.
     // fileRecordingsServiceSharingEnabled: false,
 
-    // Local recording configuration.
-    // localRecording: {
-    //     // Whether to disable local recording or not.
-    //     disable: false,
-
-    //     // Whether to notify all participants when a participant is recording locally.
-    //     notifyAllParticipants: false,
-
-    //     // Whether to disable the self recording feature (only local participant streams).
-    //     disableSelfRecording: false,
-    // },
-
-    // Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
-    // liveStreaming: {
-    //    // Whether to enable live streaming or not.
-    //    enabled: false,
-    //    // Terms link
-    //    termsLink: 'https://www.youtube.com/t/terms',
-    //    // Data privacy link
-    //    dataPrivacyLink: 'https://policies.google.com/privacy',
-    //    // RegExp string that validates the stream key input field
-    //    validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
-    //    // Documentation reference for the live streaming feature.
-    //    helpLink: 'https://jitsi.org/live'
-    // },
-
-    // DEPRECATED. Use liveStreaming.enabled instead.
+    // Whether to enable live streaming or not.
     // liveStreamingEnabled: false,
 
-    // DEPRECATED. Use transcription.enabled instead.
+    // Transcription (in interface_config,
+    // subtitles and buttons can be configured)
     // transcribingEnabled: false,
 
-    // DEPRECATED. Use transcription.useAppLanguage instead.
-    // transcribeWithAppLanguage: true,
-
-    // DEPRECATED. Use transcription.preferredLanguage instead.
-    // preferredTranscribeLanguage: 'en-US',
-
-    // DEPRECATED. Use transcription.autoTranscribeOnRecord instead.
+    // Enables automatic turning on captions when recording is started
     // autoCaptionOnRecord: false,
 
-    // Transcription options.
-    // transcription: {
-    //     // Whether the feature should be enabled or not.
-    //     enabled: false,
-
-    //     // Translation languages.
-    //     // Available languages can be found in
-    //     // ./lang/translation-languages.json.
-    //     translationLanguages: ['en', 'es', 'fr', 'ro'],
-
-    //     // Important languages to show on the top of the language list.
-    //     translationLanguagesHead: ['en'],
-
-    //     // If true transcriber will use the application language.
-    //     // The application language is either explicitly set by participants in their settings or automatically
-    //     // detected based on the environment, e.g. if the app is opened in a chrome instance which
-    //     // is using french as its default language then transcriptions for that participant will be in french.
-    //     // Defaults to true.
-    //     useAppLanguage: true,
-
-    //     // Transcriber language. This settings will only work if "useAppLanguage"
-    //     // is explicitly set to false.
-    //     // Available languages can be found in
-    //     // ./src/react/features/transcribing/transcriber-langs.json.
-    //     preferredLanguage: 'en-US',
-
-    //     // Enables automatic turning on transcribing when recording is started
-    //     autoTranscribeOnRecord: false,
-
-    //     // Enables automatic request of subtitles when transcriber is present in the meeting, uses the default
-    //     // language that is set
-    //     autoCaptionOnTranscribe: false,
-    //
-    //     // Disables everything related to closed captions - the tab in the chat area, the button in the menu,
-    //     // subtitles on stage and the "Show subtitles on stage" checkbox in the settings.
-    //     // Note: Starting transcriptions from the recording dialog will still work.
-    //     disableClosedCaptions: false,
-
-    //     // Whether to invite jigasi when backend transcriptions are enabled (asyncTranscription is true in metadata).
-    //     // By default, we invite it.
-    //     inviteJigasiOnBackendTranscribing: true,
-    // },
-
     // Misc
 
     // Default value for the channel "last N" attribute. -1 for unlimited.
     channelLastN: -1,
 
-    // Connection indicators
-    // connectionIndicators: {
-    //     autoHide: true,
-    //     autoHideTimeout: 5000,
-    //     disabled: false,
-    //     disableDetails: false,
-    //     inactiveDisabled: false
+    // Provides a way to use different "last N" values based on the number of participants in the conference.
+    // The keys in an Object represent number of participants and the values are "last N" to be used when number of
+    // participants gets to or above the number.
+    //
+    // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
+    // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
+    // will be used as default until the first threshold is reached.
+    //
+    // lastNLimits: {
+    //     5: 20,
+    //     30: 15,
+    //     50: 10,
+    //     70: 5,
+    //     90: 2
     // },
 
-    // Provides a way for the lastN value to be controlled through the UI.
-    // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN
-    // value will be used when the quality level is selected using "Manage Video Quality" slider.
-    // startLastN: 1,
+    // Provides a way to translate the legacy bridge signaling messages, 'LastNChangedEvent',
+    // 'SelectedEndpointsChangedEvent' and 'ReceiverVideoConstraint' into the new 'ReceiverVideoConstraints' message
+    // that invokes the new bandwidth allocation algorithm in the bridge which is described here
+    // - https://github.com/jitsi/jitsi-videobridge/blob/master/doc/allocation.md.
+    // useNewBandwidthAllocationStrategy: false,
 
     // Specify the settings for video quality optimizations on the client.
     // videoQuality: {
+    //    // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
+    //    // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
+    //    // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
+    //    // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
+    //    disabledCodec: 'H264',
     //
-    //    // Provides a way to set the codec preference on desktop based endpoints.
-    //    codecPreferenceOrder: [ 'AV1', 'VP9', 'VP8', 'H264' ],
+    //    // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
+    //    // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
+    //    // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
+    //    // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
+    //    // to take effect.
+    //    preferredCodec: 'VP8',
     //
-    //    // Provides a way to set the codec for screenshare.
-    //    screenshareCodec: 'AV1',
-    //    mobileScreenshareCodec: 'VP8',
-    //
-    //    // Enables the adaptive mode in the client that will make runtime adjustments to selected codecs and received
-    //    // videos for a better user experience. This mode will kick in only when CPU overuse is reported in the
-    //    // WebRTC statistics for the outbound video streams.
-    //    enableAdaptiveMode: false,
-    //
-    //    // Codec specific settings for scalability modes and max bitrates.
-    //    av1: {
-    //      maxBitratesVideo: {
-    //          low: 100000,
-    //          standard: 300000,
-    //          high: 1000000,
-    //          fullHd: 2000000,
-    //          ultraHd: 4000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true,
-    //      useSimulcast: false,
-    //      useKSVC: true
-    //    },
-    //    h264: {
-    //      maxBitratesVideo: {
-    //          low: 200000,
-    //          standard: 500000,
-    //          high: 1500000,
-    //          fullHd: 3000000,
-    //          ultraHd: 6000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true
-    //    },
-    //    vp8: {
-    //      maxBitratesVideo: {
-    //          low: 200000,
-    //          standard: 500000,
-    //          high: 1500000,
-    //          fullHd: 3000000,
-    //          ultraHd: 6000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: false
-    //    },
-    //    vp9: {
-    //      maxBitratesVideo: {
-    //          low: 100000,
-    //          standard: 300000,
-    //          high: 1200000,
-    //          fullHd: 2500000,
-    //          ultraHd: 5000000,
-    //          ssHigh: 2500000
-    //      },
-    //      scalabilityModeEnabled: true,
-    //      useSimulcast: false,
-    //      useKSVC: true
+    //    // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
+    //    // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
+    //    // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
+    //    // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
+    //    // This is currently not implemented on app based clients on mobile.
+    //    maxBitratesVideo: {
+    //          VP8 : {
+    //              low: 200000,
+    //              standard: 500000,
+    //              high: 1500000
+    //          },
+    //          VP9: {
+    //              low: 100000,
+    //              standard: 300000,
+    //              high:  1200000
+    //          }
     //    },
     //
     //    // The options can be used to override default thresholds of video thumbnail heights corresponding to
@@ -621,20 +291,12 @@ var config = {
     //    // the high quality.
     //    minHeightForQualityLvl: {
     //        360: 'standard',
-    //        720: 'high',
+    //        720: 'high'
     //    },
     //
-    //    // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based endpoint
-    //    mobileCodecPreferenceOrder: [ 'VP8', 'VP9', 'H264', 'AV1' ],
-    // },
-
-    // Notification timeouts
-    // notificationTimeouts: {
-    //     short: 2500,
-    //     medium: 5000,
-    //     long: 10000,
-    //     extraLong: 60000,
-    //     sticky: 0,
+    //    // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas
+    //    // for the presenter mode (camera picture-in-picture mode with screenshare).
+    //    resizeDesktopForPresenter: false
     // },
 
     // // Options for the recording limit notification.
@@ -649,23 +311,29 @@ var config = {
     //    appName: 'Unlimited recordings APP',
     //
     //    // The URL of the app with unlimited recordings.
-    //    appURL: 'https://unlimited.recordings.app.com/',
+    //    appURL: 'https://unlimited.recordings.app.com/'
     // },
 
     // Disables or enables RTX (RFC 4588) (defaults to false).
     // disableRtx: false,
 
-    // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event.
-    // disableBeforeUnloadHandlers: true,
-
     // Disables or enables TCC support in this client (default: enabled).
     // enableTcc: true,
 
     // Disables or enables REMB support in this client (default: enabled).
     // enableRemb: true,
 
+    // Enables ICE restart logic in LJM and displays the page reload overlay on
+    // ICE failure. Current disabled by default because it's causing issues with
+    // signaling when Octo is enabled. Also when we do an "ICE restart"(which is
+    // not a real ICE restart), the client maintains the TCC sequence number
+    // counter, but the bridge resets it. The bridge sends media packets with
+    // TCC sequence numbers starting from 0.
+    // enableIceRestart: false,
+
     // Enables forced reload of the client when the call is migrated as a result of
-    // the bridge going down.
+    // the bridge going down. Currently enabled by default as call migration through
+    // session-terminate is causing siganling issues when Octo is enabled.
     // enableForcedReload: true,
 
     // Use TURN/UDP servers for the jitsi-videobridge connection (by default
@@ -673,70 +341,21 @@ var config = {
     // bridge itself is reachable via UDP)
     // useTurnUdp: false
 
-    // Enable support for encoded transform in supported browsers. This allows
-    // E2EE to work in Safari if the corresponding flag is enabled in the browser.
-    // Experimental.
-    // enableEncodedTransformSupport: false,
-
     // UI
     //
 
     // Disables responsive tiles.
     // disableResponsiveTiles: false,
 
-    // DEPRECATED. Please use `securityUi?.hideLobbyButton` instead.
-    // Hides lobby button.
+    // Hides lobby button
     // hideLobbyButton: false,
 
-    // DEPRECATED. Please use `lobby?.autoKnock` instead.
-    // If Lobby is enabled starts knocking automatically.
-    // autoKnockLobby: false,
-
-    // DEPRECATED. Please use `lobby?.enableChat` instead.
-    // Enable lobby chat.
-    // enableLobbyChat: true,
-
-    // DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead.
-    // Hides add breakout room button
-    // hideAddRoomButton: false,
-
     // Require users to always specify a display name.
     // requireDisplayName: true,
 
-    // Enables webhid functionality for Audio.
-    // enableWebHIDFeature: false,
-
-    // DEPRECATED! Use 'welcomePage.disabled' instead.
     // Whether to use a welcome page or not. In case it's false a random room
     // will be joined when no room is specified.
-    // enableWelcomePage: true,
-
-    // Configs for welcome page.
-    // welcomePage: {
-    //     // Whether to disable welcome page. In case it's disabled a random room
-    //     // will be joined when no room is specified.
-    //     disabled: false,
-    //     // If set, landing page will redirect to this URL.
-    //     customUrl: ''
-    // },
-
-    // Configs for the lobby screen.
-    // lobby: {
-    //     // If Lobby is enabled, it starts knocking automatically. Replaces `autoKnockLobby`.
-    //     autoKnock: false,
-    //     // Enables the lobby chat. Replaces `enableLobbyChat`.
-    //     enableChat: true,
-    //     // Shows the hangup button in the lobby screen.
-    //     showHangUp: true,
-    // },
-
-    // Configs for the security related UI elements.
-    // securityUi: {
-    //     // Hides the lobby button. Replaces `hideLobbyButton`.
-    //     hideLobbyButton: false,
-    //     // Hides the possibility to set and enter a lobby password.
-    //     disableLobbyPassword: false,
-    // },
+    enableWelcomePage: true,
 
     // Disable app shortcuts that are registered upon joining a conference
     // disableShortcuts: false,
@@ -750,35 +369,20 @@ var config = {
     // enableClosePage: false,
 
     // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
-    // Setting this to null, will also disable showing the remote videos
-    // when the toolbar is shown on mouse movements
-    // disable1On1Mode: null | false | true,
+    // disable1On1Mode: false,
 
-    // Default local name to be displayed
-    // defaultLocalDisplayName: 'me',
-
-    // Default remote name to be displayed
-    // defaultRemoteDisplayName: 'Fellow Jitster',
-
-    // Hides the display name from the participant thumbnail
-    // hideDisplayName: false,
-
-    // Hides the dominant speaker name badge that hovers above the toolbox
-    // hideDominantSpeakerBadge: false,
-
-    // Default language for the user interface. Cannot be overwritten.
-    // For iframe integrations, use the `lang` option directly instead.
+    // Default language for the user interface.
     // defaultLanguage: 'en',
 
     // Disables profile and the edit of all fields from the profile settings (display name and email)
     // disableProfile: false,
 
-    // Hides the email section under profile settings.
-    // hideEmailInSettings: false,
+    // Whether or not some features are checked based on token.
+    // enableFeaturesBasedOnToken: false,
 
     // When enabled the password used for locking a room is restricted to up to the number of digits specified
-    // default: roomPasswordNumberOfDigits: false,
     // roomPasswordNumberOfDigits: 10,
+    // default: roomPasswordNumberOfDigits: false,
 
     // Message to show the users. Example: 'The service will be down for
     // maintenance at 01:00 AM GMT,
@@ -788,34 +392,8 @@ var config = {
     // and microsoftApiApplicationClientID
     // enableCalendarIntegration: false,
 
-    // Whether to notify when the conference is terminated because it was destroyed.
-    // notifyOnConferenceDestruction: true,
-
-    // The client id for the google APIs used for the calendar integration, youtube livestreaming, etc.
-    // googleApiApplicationClientID: '<client_id>',
-
-    // Configs for prejoin page.
-    // prejoinConfig: {
-    //     // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
-    //     enabled: true,
-    //     // Hides the participant name editing field in the prejoin screen.
-    //     // If requireDisplayName is also set as true, a name should still be provided through
-    //     // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
-    //     hideDisplayName: false,
-    //     // List of buttons to hide from the extra join options dropdown.
-    //     hideExtraJoinButtons: ['no-audio', 'by-phone'],
-    //     // Configuration for pre-call test
-    //     // By setting preCallTestEnabled, you enable the pre-call test in the prejoin page.
-    //     // ICE server credentials need to be provided over the preCallTestICEUrl
-    //     preCallTestEnabled: false,
-    //     preCallTestICEUrl: '',
-    //     // Shows the hangup button in the lobby screen.
-    //     showHangUp: true,
-    // },
-
-    // When 'true', the user cannot edit the display name.
-    // (Mainly useful when used in conjunction with the JWT so the JWT name becomes read only.)
-    // readOnlyName: false,
+    // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
+    // prejoinPageEnabled: false,
 
     // If etherpad integration is enabled, setting this to true will
     // automatically open the etherpad when a participant joins.  This
@@ -829,24 +407,12 @@ var config = {
     // set or the lobby is not enabled.
     // enableInsecureRoomNameWarning: false,
 
-    // Array with avatar URL prefixes that need to use CORS.
-    // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
+    // Whether to automatically copy invitation URL after creating a room.
+    // Document should be focused for this option to work
+    // enableAutomaticUrlCopy: false,
 
-    // Base URL for a Gravatar-compatible service. Defaults to Gravatar.
-    // DEPRECATED! Use `gravatar.baseUrl` instead.
-    // gravatarBaseURL: 'https://www.gravatar.com/avatar/',
-
-    // Setup for Gravatar-compatible services.
-    // gravatar: {
-    //     // Defaults to Gravatar.
-    //     baseUrl: 'https://www.gravatar.com/avatar/',
-    //     // True if Gravatar should be disabled.
-    //     disabled: false,
-    // },
-
-    // App name to be displayed in the invitation email subject, as an alternative to
-    // interfaceConfig.APP_NAME.
-    // inviteAppName: null,
+    // Base URL for a Gravatar-compatible service. Defaults to libravatar.
+    // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
 
     // Moved from interfaceConfig(TOOLBAR_BUTTONS).
     // The name of the toolbar buttons to display in the toolbar, including the
@@ -855,186 +421,18 @@ var config = {
     // some other values in config.js to be enabled. Also, the "profile" button will
     // not display for users with a JWT.
     // Notes:
-    // - it's possible to reorder the buttons in the maintoolbar by changing the order of the mainToolbarButtons
+    // - it's impossible to choose which buttons go in the "More actions" menu
+    // - it's impossible to control the placement of buttons
     // - 'desktop' controls the "Share your screen" button
     // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI
     // toolbarButtons: [
-    //    'camera',
-    //    'chat',
-    //    'closedcaptions',
-    //    'desktop',
-    //    'download',
-    //    'embedmeeting',
-    //    'etherpad',
-    //    'feedback',
-    //    'filmstrip',
-    //    'fullscreen',
-    //    'hangup',
-    //    'help',
-    //    'highlight',
-    //    'invite',
-    //    'linktosalesforce',
-    //    'livestreaming',
-    //    'microphone',
-    //    'noisesuppression',
-    //    'participants-pane',
-    //    'profile',
-    //    'raisehand',
-    //    'recording',
-    //    'security',
-    //    'select-background',
-    //    'settings',
-    //    'shareaudio',
-    //    'sharedvideo',
-    //    'shortcuts',
-    //    'stats',
-    //    'tileview',
-    //    'toggle-camera',
-    //    'videoquality',
-    //    'whiteboard',
+    //    'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
+    //    'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
+    //    'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand',
+    //    'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
+    //    'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'
     // ],
 
-    // Holds values related to toolbar visibility control.
-    // toolbarConfig: {
-    //     // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT
-    //     // The initial number of milliseconds for the toolbar buttons to be visible on screen.
-    //     initialTimeout: 20000,
-    //     // Moved from interfaceConfig.TOOLBAR_TIMEOUT
-    //     // Number of milliseconds for the toolbar buttons to be visible on screen.
-    //     timeout: 4000,
-    //     // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
-    //     // Whether toolbar should be always visible or should hide after x milliseconds.
-    //     alwaysVisible: false,
-    //     // Indicates whether the toolbar should still autohide when chat is open
-    //     autoHideWhileChatIsOpen: false,
-    //     // Default background color for the main toolbar. Accepts any valid CSS color.
-    //     // backgroundColor: '#ffffff',
-    // },
-
-    // Overrides the buttons displayed in the main toolbar. Depending on the screen size the number of displayed
-    // buttons varies from 2 buttons to 8 buttons. Every array in the mainToolbarButtons array will replace the
-    // corresponding default buttons configuration matched by the number of buttons specified in the array. Arrays with
-    // more than 8 buttons or less then 2 buttons will be ignored. When there there isn't an override for a certain
-    // configuration (for example when 3 buttons are displayed) the default jitsi-meet configuration will be used.
-    // The order of the buttons in the array is preserved.
-    // mainToolbarButtons: [
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'reactions', 'participants-pane', 'tileview' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'participants-pane', 'tileview' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'raisehand', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'desktop', 'chat', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'chat', 'participants-pane' ],
-    //     [ 'microphone', 'camera', 'chat' ],
-    //     [ 'microphone', 'camera' ]
-    // ],
-
-    // Toolbar buttons which have their click/tap event exposed through the API on
-    // `toolbarButtonClicked`. Passing a string for the button key will
-    // prevent execution of the click/tap routine; passing an object with `key` and
-    // `preventExecution` flag on false will not prevent execution of the click/tap
-    // routine. Below array with mixed mode for passing the buttons.
-    // buttonsWithNotifyClick: [
-    //     'camera',
-    //     {
-    //         key: 'chat',
-    //         preventExecution: false
-    //     },
-    //     {
-    //         key: 'closedcaptions',
-    //         preventExecution: true
-    //     },
-    //     'desktop',
-    //     'download',
-    //     'embedmeeting',
-    //     'end-meeting',
-    //     'etherpad',
-    //     'feedback',
-    //     'filmstrip',
-    //     'fullscreen',
-    //     'hangup',
-    //     'hangup-menu',
-    //     'help',
-    //     {
-    //         key: 'invite',
-    //         preventExecution: false
-    //     },
-    //     'livestreaming',
-    //     'microphone',
-    //     'mute-everyone',
-    //     'mute-video-everyone',
-    //     'noisesuppression',
-    //     'participants-pane',
-    //     'profile',
-    //     {
-    //         key: 'raisehand',
-    //         preventExecution: true
-    //     },
-    //     'recording',
-    //     'security',
-    //     'select-background',
-    //     'settings',
-    //     'shareaudio',
-    //     'sharedvideo',
-    //     'shortcuts',
-    //     'stats',
-    //     'tileview',
-    //     'toggle-camera',
-    //     'videoquality',
-    //     // The add passcode button from the security dialog.
-    //     {
-    //         key: 'add-passcode',
-    //         preventExecution: false
-    //     },
-    //     'whiteboard',
-    // ],
-
-    // Participant context menu buttons which have their click/tap event exposed through the API on
-    // `participantMenuButtonClick`. Passing a string for the button key will
-    // prevent execution of the click/tap routine; passing an object with `key` and
-    // `preventExecution` flag on false will not prevent execution of the click/tap
-    // routine. Below array with mixed mode for passing the buttons.
-    // participantMenuButtonsWithNotifyClick: [
-    //     'allow-video',
-    //     {
-    //         key: 'ask-unmute',
-    //         preventExecution: false
-    //     },
-    //     'conn-status',
-    //     'flip-local-video',
-    //     'grant-moderator',
-    //     {
-    //         key: 'kick',
-    //         preventExecution: true
-    //     },
-    //     {
-    //         key: 'hide-self-view',
-    //         preventExecution: false
-    //     },
-    //     'mute',
-    //     'mute-others',
-    //     'mute-others-video',
-    //     'mute-video',
-    //     'pinToStage',
-    //     'privateMessage',
-    //     {
-    //         key: 'remote-control',
-    //         preventExecution: false
-    //     },
-    //     'send-participant-to-room',
-    //     'verify',
-    // ],
-
-    // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
-    // 'microphone', 'camera', 'select-background', 'invite', 'settings'
-    // hiddenPremeetingButtons: [],
-
-    // An array with custom option buttons for the participant context menu
-    // type:  Array<{ icon: string; id: string; text: string; }>
-    // customParticipantMenuButtons: [],
-
-    // An array with custom option buttons for the toolbar
-    // type:  Array<{ icon: string; id: string; text: string; backgroundColor?: string; }>
-    // customToolbarButtons: [],
-
     // Stats
     //
 
@@ -1047,33 +445,18 @@ var config = {
     // The interval at which PeerConnection.getStats() is called. Defaults to 10000
     // pcStatsInterval: 10000,
 
-    // Enables sending participants' display names to stats
+    // To enable sending statistics to callstats.io you must provide the
+    // Application ID and Secret.
+    // callStatsID: '',
+    // callStatsSecret: '',
+
+    // Enables sending participants' display names to callstats
     // enableDisplayNameInStats: false,
 
-    // Enables sending participants' emails (if available) to stats and other analytics
+    // Enables sending participants' emails (if available) to callstats and other analytics
     // enableEmailInStats: false,
 
-    // faceLandmarks: {
-    //     // Enables sharing your face coordinates. Used for centering faces within a video.
-    //     enableFaceCentering: false,
-
-    //     // Enables detecting face expressions and sharing data with other participants
-    //     enableFaceExpressionsDetection: false,
-
-    //     // Enables displaying face expressions in speaker stats
-    //     enableDisplayFaceExpressions: false,
-
-    //     // Enable rtc stats for face landmarks
-    //     enableRTCStats: false,
-
-    //     // Minimum required face movement percentage threshold for sending new face centering coordinates data.
-    //     faceCenteringThreshold: 10,
-
-    //     // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
-    //     captureInterval: 1000,
-    // },
-
-    // Controls the percentage of automatic feedback shown to participants.
+    // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
     // The default value is 100%. If set to 0, no automatic feedback will be requested
     // feedbackPercentage: 100,
 
@@ -1081,7 +464,7 @@ var config = {
     //
 
     // If third party requests are disabled, no other server will be contacted.
-    // This means avatars will be locally generated and external stats integration
+    // This means avatars will be locally generated and callstats integration
     // will not function.
     // disableThirdPartyRequests: false,
 
@@ -1098,6 +481,13 @@ var config = {
         // connection.
         enabled: true,
 
+        // The STUN servers that will be used in the peer to peer connections
+        stunServers: [
+
+            // { urls: 'stun:jitsi-meet.example.com:3478' },
+            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
+        ]
+
         // Sets the ICE transport policy for the p2p connection. At the time
         // of this writing the list of possible values are 'all' and 'relay',
         // but that is subject to change in the future. The enum is defined in
@@ -1106,73 +496,57 @@ var config = {
         // If not set, the effective value is 'all'.
         // iceTransportPolicy: 'all',
 
-        // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based
-        // endpoints.
-        // mobileCodecPreferenceOrder: [ 'H264', 'VP8', 'VP9', 'AV1' ],
-        //
-        // Provides a way to set the codec preference on desktop based endpoints.
-        // codecPreferenceOrder: [ 'AV1', 'VP9', 'VP8', 'H264 ],
+        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+        // is supported). This setting is deprecated, use preferredCodec instead.
+        // preferH264: true,
 
-        // Provides a way to set the codec for screenshare.
-        // screenshareCodec: 'AV1',
-        // mobileScreenshareCodec: 'VP8',
+        // Provides a way to set the video codec preference on the p2p connection. Acceptable
+        // codec values are 'VP8', 'VP9' and 'H264'.
+        // preferredCodec: 'H264',
+
+        // If set to true, disable H.264 video codec by stripping it out of the
+        // SDP. This setting is deprecated, use disabledCodec instead.
+        // disableH264: false,
+
+        // Provides a way to prevent a video codec from being negotiated on the p2p connection.
+        // disabledCodec: '',
 
         // How long we're going to wait, before going back to P2P after the 3rd
         // participant has left the conference (to filter out page reload).
-        // backToP2PDelay: 5,
-
-        // The STUN servers that will be used in the peer to peer connections
-        stunServers: [
-
-            // { urls: 'stun:jitsi-meet.example.com:3478' },
-            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
-        ],
+        // backToP2PDelay: 5
     },
 
     analytics: {
-        // True if the analytics should be disabled
-        // disabled: false,
+        // The Google Analytics Tracking ID:
+        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
 
         // Matomo configuration:
         // matomoEndpoint: 'https://your-matomo-endpoint/',
         // matomoSiteID: '42',
 
         // The Amplitude APP Key:
-        // amplitudeAPPKey: '<APP_KEY>',
-
-        // Obfuscates room name sent to analytics (amplitude, rtcstats)
-        // Default value is false.
-        // obfuscateRoomName: false,
+        // amplitudeAPPKey: '<APP_KEY>'
 
         // Configuration for the rtcstats server:
         // By enabling rtcstats server every time a conference is joined the rtcstats
         // module connects to the provided rtcstatsEndpoint and sends statistics regarding
         // PeerConnection states along with getStats metrics polled at the specified
         // interval.
-        // rtcstatsEnabled: false,
-        // rtcstatsStoreLogs: false,
+        // rtcstatsEnabled: true,
 
         // In order to enable rtcstats one needs to provide a endpoint url.
         // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
 
-        // The interval at which rtcstats will poll getStats, defaults to 10000ms.
+        // The interval at which rtcstats will poll getStats, defaults to 1000ms.
         // If the value is set to 0 getStats won't be polled and the rtcstats client
         // will only send data related to RTCPeerConnection events.
-        // rtcstatsPollInterval: 10000,
-
-        // This determines if rtcstats sends the SDP to the rtcstats server or replaces
-        // all SDPs with an empty string instead.
-        // rtcstatsSendSdp: false,
+        // rtcstatsPolIInterval: 1000,
 
         // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
         // scriptURLs: [
-        //      "https://example.com/my-custom-analytics.js",
+        //      "libs/analytics-ga.min.js", // google-analytics
+        //      "https://example.com/my-custom-analytics.js"
         // ],
-
-        // By enabling watchRTCEnabled option you would want to use watchRTC feature
-        // This would also require to configure watchRTCConfigParams.
-        // Please remember to keep rtcstatsEnabled disabled for watchRTC to work.
-        // watchRTCEnabled: false,
     },
 
     // Logs that should go be passed through the 'log' event if a handler is defined for it
@@ -1180,95 +554,62 @@ var config = {
 
     // Information about the jitsi-meet instance we are connecting to, including
     // the user region as seen by the server.
-    // deploymentInfo: {
-    //     shard: "shard1",
-    //     region: "europe",
-    //     userRegion: "asia",
-    // },
+    deploymentInfo: {
+        // shard: "shard1",
+        // region: "europe",
+        // userRegion: "asia"
+    },
 
-    // Array<string> of disabled sounds.
-    // Possible values:
-    // - 'ASKED_TO_UNMUTE_SOUND'
-    // - 'E2EE_OFF_SOUND'
-    // - 'E2EE_ON_SOUND'
-    // - 'INCOMING_MSG_SOUND'
-    // - 'KNOCKING_PARTICIPANT_SOUND'
-    // - 'LIVE_STREAMING_OFF_SOUND'
-    // - 'LIVE_STREAMING_ON_SOUND'
-    // - 'NO_AUDIO_SIGNAL_SOUND'
-    // - 'NOISY_AUDIO_INPUT_SOUND'
-    // - 'OUTGOING_CALL_EXPIRED_SOUND'
-    // - 'OUTGOING_CALL_REJECTED_SOUND'
-    // - 'OUTGOING_CALL_RINGING_SOUND'
-    // - 'OUTGOING_CALL_START_SOUND'
-    // - 'PARTICIPANT_JOINED_SOUND'
-    // - 'PARTICIPANT_LEFT_SOUND'
-    // - 'RAISE_HAND_SOUND'
-    // - 'REACTION_SOUND'
-    // - 'RECORDING_OFF_SOUND'
-    // - 'RECORDING_ON_SOUND'
-    // - 'TALK_WHILE_MUTED_SOUND'
-    // disabledSounds: [],
-
-    // DEPRECATED! Use `disabledSounds` instead.
     // Decides whether the start/stop recording audio notifications should play on record.
     // disableRecordAudioNotification: false,
 
-    // DEPRECATED! Use `disabledSounds` instead.
     // Disables the sounds that play when other participants join or leave the
     // conference (if set to true, these sounds will not be played).
     // disableJoinLeaveSounds: false,
 
-    // DEPRECATED! Use `disabledSounds` instead.
-    // Disables the sounds that play when a chat message is received.
-    // disableIncomingMessageSound: false,
-
     // Information for the chrome extension banner
     // chromeExtensionBanner: {
     //     // The chrome extension to be installed address
     //     url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
-    //     edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
 
     //     // Extensions info which allows checking if they are installed or not
     //     chromeExtensionsInfo: [
     //         {
     //             id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
-    //             path: 'jitsi-logo-48x48.png',
-    //         },
-    //         // Edge extension info
-    //         {
-    //             id: 'eeecajlpbgjppibfledfihobcabccihn',
-    //             path: 'jitsi-logo-48x48.png',
-    //         },
+    //             path: 'jitsi-logo-48x48.png'
+    //         }
     //     ]
     // },
 
-    // e2ee: {
-    //   labels: {
-    //     description: '',
-    //     label: '',
-    //     tooltip: '',
-    //     warning: '',
-    //   },
-    //   externallyManagedKey: false,
-    //   disabled: false,
+    // Local Recording
+    //
+
+    // localRecording: {
+    // Enables local recording.
+    // Additionally, 'localrecording' (all lowercase) needs to be added to
+    // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+    // button to show up on the toolbar.
+    //
+    //     enabled: true,
+    //
+
+    // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+    //     format: 'flac'
+    //
+
     // },
 
     // Options related to end-to-end (participant to participant) ping.
     // e2eping: {
-    //   // Whether ene-to-end pings should be enabled.
-    //   enabled: false,
+    //   // The interval in milliseconds at which pings will be sent.
+    //   // Defaults to 10000, set to <= 0 to disable.
+    //   pingInterval: 10000,
     //
-    //   // The number of responses to wait for.
-    //   numRequests: 5,
-    //
-    //   // The max conference size in which e2e pings will be sent.
-    //   maxConferenceSize: 200,
-    //
-    //   // The maximum number of e2e ping messages per second for the whole conference to aim for.
-    //   // This is used to control the pacing of messages in order to reduce the load on the backend.
-    //   maxMessagesPerSecond: 250,
-    // },
+    //   // The interval in milliseconds at which analytics events
+    //   // with the measured RTT will be sent. Defaults to 60000, set
+    //   // to <= 0 to disable.
+    //   analyticsInterval: 60000,
+    //   },
 
     // If set, will attempt to use the provided video input device label when
     // triggering a screenshare, instead of proceeding through the normal flow
@@ -1277,62 +618,10 @@ var config = {
     // use only.
     // _desktopSharingSourceDevice: 'sample-id-or-label',
 
-    // DEPRECATED! Use deeplinking.disabled instead.
     // If true, any checks to handoff to another application will be prevented
     // and instead the app will continue to display in the current browser.
     // disableDeepLinking: false,
 
-    // The deeplinking config.
-    // deeplinking: {
-    //
-    //     // The desktop deeplinking config, disabled by default.
-    //     desktop: {
-    //         appName: 'Jitsi Meet',
-    //         appScheme: 'jitsi-meet,
-    //         download: {
-    //             linux:
-    //               'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet-x86_64.AppImage',
-    //             macos: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.dmg',
-    //             windows: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.exe'
-    //         },
-    //         enabled: false
-    //     },
-    //     // If true, any checks to handoff to another application will be prevented
-    //     // and instead the app will continue to display in the current browser.
-    //     disabled: false,
-
-    //     // whether to hide the logo on the deep linking pages.
-    //     hideLogo: false,
-
-    //     // The ios deeplinking config.
-    //     ios: {
-    //         appName: 'Jitsi Meet',
-    //         // Specify mobile app scheme for opening the app from the mobile browser.
-    //         appScheme: 'org.jitsi.meet',
-    //         // Custom URL for downloading ios mobile app.
-    //         downloadLink: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
-    //     },
-
-    //     // The android deeplinking config.
-    //     android: {
-    //         appName: 'Jitsi Meet',
-    //         // Specify mobile app scheme for opening the app from the mobile browser.
-    //         appScheme: 'org.jitsi.meet',
-    //         // Custom URL for downloading android mobile app.
-    //         downloadLink: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
-    //         // Android app package name.
-    //         appPackage: 'org.jitsi.meet',
-    //         fDroidUrl: 'https://f-droid.org/en/packages/org.jitsi.meet/',
-    //     }
-    // },
-
-    // // The terms, privacy and help centre URL's.
-    // legalUrls: {
-    //     helpCentre: 'https://web-cdn.jitsi.net/faq/meet-faq.html',
-    //     privacy: 'https://jitsi.org/meet/privacy',
-    //     terms: 'https://jitsi.org/meet/terms'
-    // },
-
     // A property to disable the right click context menu for localVideo
     // the menu has option to flip the locally seen video for local presentations
     // disableLocalVideoFlip: false,
@@ -1346,8 +635,7 @@ var config = {
     // Disables all invite functions from the app (share, invite, dial out...etc)
     // disableInviteFunctions: true,
 
-    // Disables storing the room name to the recents list. When in an iframe this is ignored and
-    // the room is never stored in the recents list.
+    // Disables storing the room name to the recents list
     // doNotStoreRoom: true,
 
     // Deployment specific URLs.
@@ -1357,143 +645,38 @@ var config = {
     //    userDocumentationURL: 'https://docs.example.com/video-meetings.html',
     //    // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
     //    // to the specified URL for an app download page.
-    //    downloadAppsUrl: 'https://docs.example.com/our-apps.html',
+    //    downloadAppsUrl: 'https://docs.example.com/our-apps.html'
     // },
 
     // Options related to the remote participant menu.
     // remoteVideoMenu: {
-    //     // Whether the remote video context menu to be rendered or not.
-    //     disabled: true,
-    //     // If set to true the 'Switch to visitor' button will be disabled.
-    //     disableDemote: true,
     //     // If set to true the 'Kick out' button will be disabled.
-    //     disableKick: true,
-    //     // If set to true the 'Grant moderator' button will be disabled.
-    //     disableGrantModerator: true,
-    //     // If set to 'all' the 'Private chat' button will be disabled for all participants.
-    //     // If set to 'allow-moderator-chat' the 'Private chat' button will be available for chats with moderators.
-    //     // If set to 'disable-visitor-chat' the 'Private chat' button will be disabled for visitor-main participant
-    //     // conversations.
-    //     disablePrivateChat: 'all' | 'allow-moderator-chat' | 'disable-visitor-chat',
+    //     disableKick: true
     // },
 
-
     // If set to true all muting operations of remote participants will be disabled.
     // disableRemoteMute: true,
 
+    // Enables support for lip-sync for this client (if the browser supports it).
+    // enableLipSync: false
+
     /**
      External API url used to receive branding specific information.
      If there is no url set or there are missing fields, the defaults are applied.
-     The config file should be in JSON.
      None of the fields are mandatory and the response must have the shape:
-    {
-        // Whether participant can only send group chat message if `send-groupchat` feature is enabled in jwt.
-        groupChatRequiresPermission: false,
-        // Whether participant can only create polls if `create-polls` feature is enabled in jwt.
-        pollCreationRequiresPermission: false,
-        // The domain url to apply (will replace the domain in the sharing conference link/embed section)
-        inviteDomain: 'example-company.org',
-        // The hex value for the colour used as background
-        backgroundColor: '#fff',
-        // The url for the image used as background
-        backgroundImageUrl: 'https://example.com/background-img.png',
-        // The anchor url used when clicking the logo image
-        logoClickUrl: 'https://example-company.org',
-        // The url used for the image used as logo
-        logoImageUrl: 'https://example.com/logo-img.png',
-        // Endpoint that enables support for salesforce integration with in-meeting resource linking
-        // This is required for:
-        // listing the most recent records - salesforceUrl/records/recents
-        // searching records - salesforceUrl/records?text=${text}
-        // retrieving record details - salesforceUrl/records/${id}?type=${type}
-        // and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
-        // salesforceUrl: 'https://api.example.com/',
-        // Overwrite for pool of background images for avatars
-        avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'],
-        // The lobby/prejoin screen background
-        premeetingBackground: 'url(https://example.com/premeeting-background.png)',
-        // A list of images that can be used as video backgrounds.
-        // When this field is present, the default images will be replaced with those provided.
-        virtualBackgrounds: ['https://example.com/img.jpg'],
-        // Object containing customized icons that should replace the default ones.
-        // The keys need to be the exact same icon names used in here:
-        // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/icons/svg/index.ts
-        // To avoid having the icons trimmed or displayed in an unexpected way, please provide svg
-        // files containing svg xml icons in the size that the default icons come in.
-        customIcons: {
-            IconArrowUp: 'https://example.com/arrow-up.svg',
-            IconDownload: 'https://example.com/download.svg',
-            IconRemoteControlStart: 'https://example.com/remote-start.svg',
-        },
-        // Object containing a theme's properties. It also supports partial overwrites of the main theme.
-        // For a list of all possible theme tokens and their current defaults, please check:
-        // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
-        // For a short explanations on each of the tokens, please check:
-        // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.ts
-        // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code
-        // or they are partially applied.
-        customTheme: {
-            palette: {
-                ui01: "orange !important",
-                ui02: "maroon",
-                surface02: 'darkgreen',
-                ui03: "violet",
-                ui04: "magenta",
-                ui05: "blueviolet",
-                action01: 'green',
-                action01Hover: 'lightgreen',
-                disabled01: 'beige',
-                success02: 'cadetblue',
-                action02Hover: 'aliceblue',
-            },
-            typography: {
-                labelRegular: {
-                    fontSize: 25,
-                    lineHeight: 30,
-                    fontWeight: 500,
-                }
-            }
-        }
-    }
+     {
+         // The hex value for the colour used as background
+         backgroundColor: '#fff',
+         // The url for the image used as background
+         backgroundImageUrl: 'https://example.com/background-img.png',
+         // The anchor url used when clicking the logo image
+         logoClickUrl: 'https://example-company.org',
+         // The url used for the image used as logo
+         logoImageUrl: 'https://example.com/logo-img.png'
+     }
     */
     // dynamicBrandingUrl: '',
 
-    // A list of allowed URL domains for shared video.
-    //
-    // NOTE:
-    // '*' is allowed value and it will allow any URL to be used for shared video. We do not recommend using '*',
-    // use it at your own risk!
-    // sharedVideoAllowedURLDomains: [ ],
-
-    // Options related to the participants pane.
-    // participantsPane: {
-    //     // Enables feature
-    //     enabled: true,
-    //     // Hides the moderator settings tab.
-    //     hideModeratorSettingsTab: false,
-    //     // Hides the more actions button.
-    //     hideMoreActionsButton: false,
-    //     // Hides the mute all button.
-    //     hideMuteAllButton: false,
-    // },
-
-    // Options related to the breakout rooms feature.
-    // breakoutRooms: {
-    //     // Hides the add breakout room button. This replaces `hideAddRoomButton`.
-    //     hideAddRoomButton: false,
-    //     // Hides the auto assign participants button.
-    //     hideAutoAssignButton: false,
-    //     // Hides the join breakout room button.
-    //     hideJoinRoomButton: false,
-    // },
-
-    // When true, virtual background feature will be disabled.
-    // disableVirtualBackground: false,
-
-    // When true the user cannot add more images to be used as virtual background.
-    // Only the default ones from will be available.
-    // disableAddingBackgroundImages: false,
-
     // Sets the background transparency level. '0' is fully transparent, '1' is opaque.
     // backgroundAlpha: 1,
 
@@ -1505,36 +688,11 @@ var config = {
     // If true, tile view will not be enabled automatically when the participants count threshold is reached.
     // disableTileView: true,
 
-    // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it,
-    // with a 16:9 aspect ratio (old behaviour).
-    // disableTileEnlargement: true,
-
-    // Controls the visibility and behavior of the top header conference info labels.
-    // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
-    // conferenceInfo: {
-    //     // those labels will not be hidden in tandem with the toolbox.
-    //     alwaysVisible: ['recording', 'raised-hands-count'],
-    //     // those labels will be auto-hidden in tandem with the toolbox buttons.
-    //     autoHide: [
-    //         'subject',
-    //         'conference-timer',
-    //         'participants-count',
-    //         'e2ee',
-    //         'video-quality',
-    //         'insecure-room',
-    //         'highlight-moment',
-    //         'top-panel-toggle',
-    //     ]
-    // },
-
     // Hides the conference subject
-    // hideConferenceSubject: false,
+    // hideConferenceSubject: true,
 
     // Hides the conference timer.
-    // hideConferenceTimer: false,
-
-    // Hides the recording label
-    // hideRecordingLabel: false,
+    // hideConferenceTimer: true,
 
     // Hides the participants stats
     // hideParticipantsStats: true,
@@ -1542,116 +700,34 @@ var config = {
     // Sets the conference subject
     // subject: 'Conference Subject',
 
-    // Sets the conference local subject
-    // localSubject: 'Conference Local Subject',
-
     // This property is related to the use case when jitsi-meet is used via the IFrame API. When the property is true
     // jitsi-meet will use the local storage of the host page instead of its own. This option is useful if the browser
     // is not persisting the local storage inside the iframe.
     // useHostPageLocalStorage: true,
 
-    // Etherpad ("shared document") integration.
-    //
-    // If set, add a "Open shared document" link to the bottom right menu that
-    // will open an etherpad document.
-    // etherpad_base: 'https://your-etherpad-installati.on/p/',
-
-    // To enable information about dial-in access to meetings you need to provide
-    // dialInNumbersUrl and dialInConfCodeUrl.
-    // dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
-    // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
-    // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
-    // or the other way around (more info in resources/cloud-api.swagger)
-
-    // You can use external service for authentication that will redirect back passing a jwt token
-    // You can use tokenAuthUrl config to point to a URL of such service.
-    // The URL for the service supports few params which will be filled in by the code.
-    // tokenAuthUrl:
-    //      'https://myservice.com/auth/{room}?code_challenge_method=S256&code_challenge={code_challenge}&state={state}'
-    // Supported parameters in tokenAuthUrl:
-    //      {room} - will be replaced with the room name
-    //      {code_challenge} - (A web only). A oauth 2.0 code challenge that will be sent to the service. See:
-    //          https://datatracker.ietf.org/doc/html/rfc7636. The code verifier will be saved in the sessionStorage
-    //          under key: 'code_verifier'.
-    //      {state} - A json with the current state before redirecting. Keys that are included in the state:
-    //          - room (The current room name as shown in the address bar)
-    //          - roomSafe (the backend safe room name to use (lowercase), that is passed to the backend)
-    //          - tenant (The tenant if any)
-    //          - config.xxx (all config overrides)
-    //          - interfaceConfig.xxx (all interfaceConfig overrides)
-    //          - ios=true (in case ios mobile app is used)
-    //          - android=true (in case android mobile app is used)
-    //          - electron=true (when web is loaded in electron app)
-    // If there is a logout service you can specify its URL with:
-    // tokenLogoutUrl: 'https://myservice.com/logout'
-    // You can enable tokenAuthUrlAutoRedirect which will detect that you have logged in successfully before
-    // and will automatically redirect to the token service to get the token for the meeting.
-    // tokenAuthUrlAutoRedirect: false
-    // An option to respect the context.tenant jwt field compared to the current tenant from the url
-    // tokenRespectTenant: false,
-    // An option to get for user info (name, picture, email) in the token outside the user context.
-    // Can be used with Firebase tokens.
-    // tokenGetUserInfoOutOfContext: false,
-
-    // You can put an array of values to target different entity types in the invite dialog.
-    // Valid values are "phone", "room", "sip", "user", "videosipgw" and "email"
-    // peopleSearchQueryTypes: ["user", "email"],
-    // Directory endpoint which is called for invite dialog autocomplete
-    // peopleSearchUrl: "https://myservice.com/api/people",
-    // Endpoint which is called to send invitation requests
-    // inviteServiceUrl: "https://myservice.com/api/invite",
-
-    // For external entities (e. g. email), the localStorage key holding the token value for directory authentication
-    // peopleSearchTokenLocation: "mytoken",
-
-
-    // Options related to visitors.
-    // visitors: {
-    //     // Starts audio/video when the participant is promoted from visitor.
-    //     enableMediaOnPromote: {
-    //         audio: true,
-    //         video: true
-    //     },
-    //     // Hides the visitor count for visitors.
-    //     // hideVisitorCountForVisitors: false,
-    //     // Whether to show the join meeting dialog when joining as a visitor.
-    //     // showJoinMeetingDialog: true,
-    // },
-    // The default type of desktop sharing sources that will be used in the electron app.
-    // desktopSharingSources: ['screen', 'window'],
-
-    // Disables the echo cancelation for local audio tracks.
-    // disableAEC: true,
-
-    // Disables the auto gain control for local audio tracks.
-    // disableAGC: true,
-
-    // Disables the audio processing (echo cancelation, auto gain control and noise suppression) for local audio tracks.
-    // disableAP: true,
-
-    // Disables the anoise suppression for local audio tracks.
-    // disableNS: true,
-
-    // Replaces the display name with the JID of the participants.
-    // displayJids: true,
-
-    // Enables disables talk while muted detection.
-    // enableTalkWhileMuted: true,
-
-    // Sets the peer connection ICE transport policy to "relay".
-    // forceTurnRelay: true,
-
     // List of undocumented settings used in jitsi-meet
     /**
      _immediateReloadThreshold
+     debug
+     debugAudioLevels
      deploymentInfo
+     dialInConfCodeUrl
+     dialInNumbersUrl
      dialOutAuthUrl
      dialOutCodesUrl
-     dialOutRegionUrl
      disableRemoteControl
+     displayJids
+     etherpad_base
+     externalConnectUrl
+     firefox_fake_device
+     googleApiApplicationClientID
      iAmRecorder
      iAmSipGateway
      microsoftApiApplicationClientID
+     peopleSearchQueryTypes
+     peopleSearchUrl
+     requireDisplayName
+     tokenAuthUrl
      */
 
     /**
@@ -1665,21 +741,25 @@ var config = {
     /**
      _peerConnStatusOutOfLastNTimeout
      _peerConnStatusRtcMuteTimeout
+     abTesting
      avgRtpStatsN
+     callStatsConfIDNamespace
+     callStatsCustomScriptUrl
      desktopSharingSources
-     disableLocalStats
+     disableAEC
+     disableAGC
+     disableAP
+     disableHPF
+     disableNS
+     enableTalkWhileMuted
+     forceJVB121Ratio
+     forceTurnRelay
      hiddenDomain
-     hiddenFromRecorderFeatureEnabled
      ignoreStartMuted
      websocketKeepAlive
      websocketKeepAliveUrl
      */
 
-    /**
-     * Default interval (milliseconds) for triggering mouseMoved iframe API event
-     */
-    mouseMoveCallbackInterval: 1000,
-
     /**
         Use this array to configure which notifications will be shown to the user
         The items correspond to the title or description key of that notification
@@ -1690,7 +770,6 @@ var config = {
     */
     // notifications: [
     //     'connection.CONNFAIL', // shown when the connection fails,
-    //     'dialog.cameraConstraintFailedError', // shown when the camera failed
     //     'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
     //     'dialog.kickTitle', // shown when user has been kicked
     //     'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
@@ -1701,12 +780,10 @@ var config = {
     //     'dialog.recording', // recording notifications (pending, on, off, limits)
     //     'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
     //     'dialog.reservationError',
-    //     'dialog.screenSharingFailedTitle', // shown when the screen sharing failed
     //     'dialog.serviceUnavailable', // shown when server is not reachable
     //     'dialog.sessTerminated', // shown when there is a failed conference session
     //     'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration
     //     'dialog.tokenAuthFailed', // show when an invalid jwt is used
-    //     'dialog.tokenAuthFailedWithReasons', // show when an invalid jwt is used with the reason behind the error
     //     'dialog.transcribing', // transcribing notifications (pending, off)
     //     'dialOut.statusMessage', // shown when dial out status is updated.
     //     'liveStreaming.busy', // shown when livestreaming service is busy
@@ -1714,45 +791,21 @@ var config = {
     //     'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
     //     'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
     //     'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
-    //     'notify.audioUnmuteBlockedTitle', // shown when mic unmute blocked
-    //     'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
-    //     'notify.connectedOneMember', // show when a participant joined
-    //     'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
-    //     'notify.connectedTwoMembers', // show when two participants joined simultaneously
-    //     'notify.dataChannelClosed', // shown when the bridge channel has been disconnected
-    //     'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
+    //     'localRecording.localRecording', // shown when a local recording is started
+    //     'notify.disconnected', // shown when a participant has left
+    //     'notify.grantedTo', // shown when moderator rights were granted to a participant
     //     'notify.invitedOneMember', // shown when 1 participant has been invited
     //     'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
     //     'notify.invitedTwoMembers', // shown when 2 participants have been invited
     //     'notify.kickParticipant', // shown when a participant is kicked
-    //     'notify.leftOneMember', // show when a participant left
-    //     'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
-    //     'notify.leftTwoMembers', // show when two participants left simultaneously
-    //     'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
-    //     'notify.localRecordingStarted', // shown when the local recording has been started
-    //     'notify.localRecordingStopped', // shown when the local recording has been stopped
-    //     'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
-    //     'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
-    //     'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
-    //     'notify.moderator', // shown when user gets moderator privilege
     //     'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
     //     'notify.mutedTitle', // shown when user has been muted upon joining,
     //     'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
     //     'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
-    //     'notify.noiseSuppressionFailedTitle', // shown when failed to start noise suppression
-    //     'notify.participantWantsToJoin', // shown when lobby is enabled and participant requests to join meeting
-    //     'notify.participantsWantToJoin', // shown when lobby is enabled and participants request to join meeting
     //     'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
     //     'notify.passwordSetRemotely', // shown when a password has been set remotely
-    //     'notify.raisedHand', // shown when a participant used raise hand,
-    //     'notify.screenShareNoAudio', // shown when the audio could not be shared for the selected screen
-    //     'notify.screenSharingAudioOnlyTitle', // shown when the best performance has been affected by screen sharing
-    //     'notify.selfViewTitle', // show "You can always un-hide the self-view from settings"
+    //     'notify.raisedHand', // shown when a partcipant used raise hand,
     //     'notify.startSilentTitle', // shown when user joined with no audio
-    //     'notify.suboptimalExperienceTitle', // show the browser warning
-    //     'notify.unmute', // shown to moderator when user raises hand during AV moderation
-    //     'notify.videoMutedRemotelyTitle', // shown when user's video is muted by a remote party,
-    //     'notify.videoUnmuteBlockedTitle', // shown when camera unmute and desktop sharing are blocked
     //     'prejoin.errorDialOut',
     //     'prejoin.errorDialOutDisconnected',
     //     'prejoin.errorDialOutFailed',
@@ -1765,159 +818,14 @@ var config = {
     //     'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
     //     'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
     //     'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
-    //     'transcribing.failed', // shown when transcribing fails
-    // ],
+    //     'transcribing.failedToStart' // shown when transcribing fails to start
+    // ]
 
-    // List of notifications to be disabled. Works in tandem with the above setting.
-    // disabledNotifications: [],
+    // Allow all above example options to include a trailing comma and
+    // prevent fear when commenting out the last value.
+    makeJsonParserHappy: 'even if last key had a trailing comma'
 
-    // Prevent the filmstrip from autohiding when screen width is under a certain threshold
-    // disableFilmstripAutohiding: false,
-
-    // filmstrip: {
-    //     // Disable the vertical/horizontal filmstrip.
-    //     disabled: false,
-    //     // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
-    //     // (width, tiles aspect ratios) through the interfaceConfig options.
-    //     disableResizable: false,
-
-    //     // Disables the stage filmstrip
-    //     // (displaying multiple participants on stage besides the vertical filmstrip)
-    //     disableStageFilmstrip: false,
-
-    //     // Default number of participants that can be displayed on stage.
-    //     // The user can change this in settings. Number must be between 1 and 6.
-    //     stageFilmstripParticipants: 1,
-
-    //     // Disables the top panel (only shown when a user is sharing their screen).
-    //     disableTopPanel: false,
-
-    //     // The minimum number of participants that must be in the call for
-    //     // the top panel layout to be used.
-    //     minParticipantCountForTopPanel: 50,
-
-    //     // The width of the filmstrip on joining meeting. Can be resized afterwards.
-    //     initialWidth: 400,
-
-    //     // Whether the draggable resize bar of the filmstrip is always visible. Setting this to true will make
-    //     // the filmstrip always visible in case `disableResizable` is false.
-    //     alwaysShowResizeBar: true,
-    // },
-
-    // Tile view related config options.
-    // tileView: {
-    //     // Whether tileview should be disabled.
-    //     disabled: false,
-    //     // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
-    //     // not be possible to show the exact number of participants specified here.
-    //     numberOfVisibleTiles: 25,
-    // },
-
-    // Specifies whether the chat emoticons are disabled or not
-    // disableChatSmileys: false,
-
-    // Settings for the GIPHY integration.
-    // giphy: {
-    //     // Whether the feature is enabled or not.
-    //     enabled: false,
-    //     // SDK API Key from Giphy.
-    //     sdkKey: '',
-    //     // Display mode can be one of:
-    //     // - tile: show the GIF on the tile of the participant that sent it.
-    //     // - chat: show the GIF as a message in chat
-    //     // - all: all of the above. This is the default option
-    //     displayMode: 'all',
-    //     // How long the GIF should be displayed on the tile (in milliseconds).
-    //     tileTime: 5000,
-    //     // Limit results by rating: g, pg, pg-13, r. Default value: g.
-    //     rating: 'pg',
-    // },
-
-    // Logging
-    // logging: {
-    //      // Default log level for the app and lib-jitsi-meet.
-    //      defaultLogLevel: 'trace',
-    //      // Option to disable LogCollector.
-    //      //disableLogCollector: true,
-    //      // Individual loggers are customizable.
-    //      loggers: {
-    //          // The following are too verbose in their logging with the default level.
-    //          'modules/RTC/TraceablePeerConnection.js': 'info',
-    //          'modules/xmpp/strophe.util.js': 'log',
-    //      },
-    // },
-
-    // Application logo url
-    // defaultLogoUrl: 'images/watermark.svg',
-
-    // Settings for the Excalidraw whiteboard integration.
-    // whiteboard: {
-    //     // Whether the feature is enabled or not.
-    //     enabled: true,
-    //     // The server used to support whiteboard collaboration.
-    //     // https://github.com/jitsi/excalidraw-backend
-    //     collabServerBaseUrl: 'https://excalidraw-backend.example.com',
-    //     // The user access limit to the whiteboard, introduced as a means
-    //     // to control the performance.
-    //     userLimit: 25,
-    //     // The url for more info about the whiteboard and its usage limitations.
-    //     limitUrl: 'https://example.com/blog/whiteboard-limits',
-    // },
-
-    // The watchRTC initialize config params as described :
-    // https://testrtc.com/docs/installing-the-watchrtc-javascript-sdk/#h-set-up-the-sdk
-    // https://www.npmjs.com/package/@testrtc/watchrtc-sdk
-    // watchRTCConfigParams: {
-    //         /** Watchrtc api key */
-    //         rtcApiKey: string;
-    //         /** Identifier for the session */
-    //         rtcRoomId?: string;
-    //         /** Identifier for the current peer */
-    //         rtcPeerId?: string;
-    //         /**
-    //          * ["tag1", "tag2", "tag3"]
-    //          * @deprecated use 'keys' instead
-    //          */
-    //         rtcTags?: string[];
-    //         /** { "key1": "value1", "key2": "value2"} */
-    //         keys?: any;
-    //         /** Enables additional logging */
-    //         debug?: boolean;
-    //         rtcToken?: string;
-    //         /**
-    //          * @deprecated No longer needed. Use "proxyUrl" instead.
-    //          */
-    //         wsUrl?: string;
-    //         proxyUrl?: string;
-    //         console?: {
-    //             level: string;
-    //             override: boolean;
-    //         };
-    //         allowBrowserLogCollection?: boolean;
-    //         collectionInterval?: number;
-    //         logGetStats?: boolean;
-    // },
-
-    // Hide login button on auth dialog, you may want to enable this if you are using JWT tokens to authenticate users
-    // hideLoginButton: true,
-
-    // If true remove the tint foreground on focused user camera in filmstrip
-    // disableCameraTintForeground: false,
-
-    // File sharign service.
-    // fileSharing: {
-    //     // The URL of the file sharing service API. See resources/file-sharing.yaml for more details.
-    //     apiUrl: 'https://example.com',
-    //     // Whether the file sharing service is enabled or not.
-    //     enabled: true,
-    //     // Maximum file size limit (-1 value disables any file size limit check)
-    //     maxFileSize: 50,
-    // },
+    // no configuration value should follow this line.
 };
 
-// Set the default values for JaaS customers
-if (enableJaaS) {
-    config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
-    config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
-    config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
-}
+/* eslint-enable no-unused-vars, no-var */
diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh b/type/__jitsi_meet_domain/files/interface_config.js.sh
index d2ebaa3..2a65bfc 100644
--- a/type/__jitsi_meet_domain/files/interface_config.js.sh
+++ b/type/__jitsi_meet_domain/files/interface_config.js.sh
@@ -20,7 +20,7 @@ JITSI_INTERFACE_CONFIG_JS="$(cat <<EOF
  */
 
 var interfaceConfig = {
-    APP_NAME: '${BRANDING_APP_NAME}',
+    APP_NAME: 'Jitsi Meet',
     AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
     AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
 
@@ -36,12 +36,42 @@ var interfaceConfig = {
     BRAND_WATERMARK_LINK: '',
 
     CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
+    /**
+     * Whether the connection indicator icon should hide itself based on
+     * connection strength. If true, the connection indicator will remain
+     * displayed while the participant has a weak connection and will hide
+     * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
+     * strong.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
 
-    DEFAULT_BACKGROUND: '#040404',
+    /**
+     * How long the connection indicator should remain displayed before hiding.
+     * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
+     *
+     * @type {number}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
+
+    /**
+     * If true, hides the connection indicators completely.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_DISABLED: false,
+
+    DEFAULT_BACKGROUND: '#474747',
+    DEFAULT_LOCAL_DISPLAY_NAME: 'me',
+    DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
+    DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
     DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
 
     DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
 
+    DISABLE_FOCUS_INDICATOR: false,
+
     /**
      * If true, notifications regarding joining/leaving are no longer displayed.
      */
@@ -52,6 +82,14 @@ var interfaceConfig = {
      */
     DISABLE_PRESENCE_STATUS: false,
 
+    /**
+     * Whether the ringing sound in the call/ring overlay is disabled. If
+     * {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_RINGING: false,
+
     /**
      * Whether the speech to text transcription subtitles panel is disabled.
      * If {@code undefined}, defaults to {@code false}.
@@ -73,18 +111,27 @@ var interfaceConfig = {
 
     ENABLE_DIAL_OUT: true,
 
+    ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
+
     FILM_STRIP_MAX_HEIGHT: 120,
 
     GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
 
+    /**
+     * Hide the logo on the deep linking pages.
+     */
+    HIDE_DEEP_LINKING_LOGO: false,
+
     /**
      * Hide the invite prompt in the header when alone in the meeting.
      */
     HIDE_INVITE_MORE_HEADER: false,
 
+    INITIAL_TOOLBAR_TIMEOUT: 20000,
     JITSI_WATERMARK_LINK: 'https://jitsi.org',
 
     LANG_DETECTION: true, // Allow i18n to detect the system language
+    LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
     LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
 
     /**
@@ -104,11 +151,28 @@ var interfaceConfig = {
      */
     MOBILE_APP_PROMO: true,
 
+    /**
+     * Specify custom URL for downloading android mobile app.
+     */
+    MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+
+    /**
+     * Specify custom URL for downloading f droid app.
+     */
+    MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
+
+    /**
+     * Specify URL for downloading ios mobile app.
+     */
+    MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
+
+    NATIVE_APP_NAME: 'Jitsi Meet',
+
     // Names of browsers which should show a warning stating the current browser
     // has a suboptimal experience. Browsers which are not listed as optimal or
     // unsupported are considered suboptimal. Valid values are:
-    // chrome, chromium, electron, firefox , safari, webkit
-    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'electron', 'safari', 'webkit' ],
+    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
+    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
 
     POLICY_LOGO: null,
     PROVIDER_NAME: 'Jitsi',
@@ -121,7 +185,7 @@ var interfaceConfig = {
     RECENT_LIST_ENABLED: true,
     REMOTE_THUMBNAIL_RATIO: 1, // 1:1
 
-    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds', 'more' ],
+    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ],
 
     /**
      * Specify which sharing features should be displayed. If the value is not set
@@ -132,12 +196,13 @@ var interfaceConfig = {
     SHOW_BRAND_WATERMARK: false,
 
     /**
-     * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
-     * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
-     * being already installed is done before rendering.
-     */
+    * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
+    * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
+    * being already installed is done before rendering.
+    */
     SHOW_CHROME_EXTENSION_BANNER: false,
 
+    SHOW_DEEP_LINKING_IMAGE: false,
     SHOW_JITSI_WATERMARK: true,
     SHOW_POWERED_BY: false,
     SHOW_PROMOTIONAL_CLOSE_PAGE: false,
@@ -148,6 +213,16 @@ var interfaceConfig = {
      */
     SUPPORT_URL: 'https://community.jitsi.org/',
 
+    TOOLBAR_ALWAYS_VISIBLE: false,
+
+    /**
+     * DEPRECATED!
+     * This config was moved to config.js as \`toolbarButtons\`.
+     */
+    // TOOLBAR_BUTTONS: [],
+
+    TOOLBAR_TIMEOUT: 4000,
+
     // Browsers, in addition to those which do not fully support WebRTC, that
     // are not supported and should show the unsupported browser page.
     UNSUPPORTED_BROWSERS: [],
@@ -178,78 +253,39 @@ var interfaceConfig = {
      */
     // TILE_VIEW_MAX_COLUMNS: 5,
 
-    // List of undocumented settings
     /**
-     INDICATOR_FONT_SIZES
-     PHONE_NUMBER_REGEX
-    */
-
-    // -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
-
-    /**
-     * Specify URL for downloading ios mobile app.
+     * Specify Firebase dynamic link properties for the mobile apps.
      */
-    // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
-
-    /**
-     * Specify custom URL for downloading android mobile app.
-     */
-    // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+    // MOBILE_DYNAMIC_LINK: {
+    //    APN: 'org.jitsi.meet',
+    //    APP_CODE: 'w2atb',
+    //    CUSTOM_DOMAIN: undefined,
+    //    IBI: 'com.atlassian.JitsiMeet.ios',
+    //    ISI: '1165103905'
+    // },
 
     /**
      * Specify mobile app scheme for opening the app from the mobile browser.
      */
     // APP_SCHEME: 'org.jitsi.meet',
 
-    // NATIVE_APP_NAME: 'Jitsi Meet',
-
-    /**
-     * Hide the logo on the deep linking pages.
-     */
-    // HIDE_DEEP_LINKING_LOGO: false,
-
     /**
      * Specify the Android app package name.
      */
     // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
 
     /**
-     * Specify custom URL for downloading f droid app.
+     * Override the behavior of some notifications to remain displayed until
+     * explicitly dismissed through a user action. The value is how long, in
+     * milliseconds, those notifications should remain displayed.
      */
-    // MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/packages/org.jitsi.meet/',
+    // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
 
-    // Connection indicators (
-    // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
-    // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
-    // CONNECTION_INDICATOR_DISABLED) got moved to config.js.
-
-    // Please use disableModeratorIndicator from config.js
-    // DISABLE_FOCUS_INDICATOR: false,
-
-    // Please use defaultLocalDisplayName from config.js
-    // DEFAULT_LOCAL_DISPLAY_NAME: 'me',
-
-    // Please use defaultLogoUrl from config.js
-    DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
-
-    // Please use defaultRemoteDisplayName from config.js
-    // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
-
-    // Moved to config.js as \`toolbarConfig.initialTimeout\`.
-    // INITIAL_TOOLBAR_TIMEOUT: 20000,
-
-    // Moved to config.js as \`toolbarConfig.alwaysVisible\`.
-    // Documentation reference for the live streaming feature.
-    // LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
-
-    // Moved to config.js as \`toolbarConfig.alwaysVisible\`.
-    // TOOLBAR_ALWAYS_VISIBLE: false,
-
-    // This config was moved to config.js as \`toolbarButtons\`.
-    // TOOLBAR_BUTTONS: [],
-
-    // Moved to config.js as \`toolbarConfig.timeout\`.
-    // TOOLBAR_TIMEOUT: 4000,
+    // List of undocumented settings
+    /**
+     INDICATOR_FONT_SIZES
+     PHONE_NUMBER_REGEX
+    */
 
     // Allow all above example options to include a trailing comma and
     // prevent fear when commenting out the last value.
diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig
index 1e774b3..fb8dd48 100644
--- a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig
+++ b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig
@@ -25,12 +25,42 @@ var interfaceConfig = {
     BRAND_WATERMARK_LINK: '',
 
     CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
+    /**
+     * Whether the connection indicator icon should hide itself based on
+     * connection strength. If true, the connection indicator will remain
+     * displayed while the participant has a weak connection and will hide
+     * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
+     * strong.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
 
-    DEFAULT_BACKGROUND: '#040404',
+    /**
+     * How long the connection indicator should remain displayed before hiding.
+     * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
+     *
+     * @type {number}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
+
+    /**
+     * If true, hides the connection indicators completely.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_DISABLED: false,
+
+    DEFAULT_BACKGROUND: '#474747',
+    DEFAULT_LOCAL_DISPLAY_NAME: 'me',
+    DEFAULT_LOGO_URL: 'images/watermark.svg',
+    DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
     DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
 
     DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
 
+    DISABLE_FOCUS_INDICATOR: false,
+
     /**
      * If true, notifications regarding joining/leaving are no longer displayed.
      */
@@ -41,6 +71,14 @@ var interfaceConfig = {
      */
     DISABLE_PRESENCE_STATUS: false,
 
+    /**
+     * Whether the ringing sound in the call/ring overlay is disabled. If
+     * {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_RINGING: false,
+
     /**
      * Whether the speech to text transcription subtitles panel is disabled.
      * If {@code undefined}, defaults to {@code false}.
@@ -62,18 +100,27 @@ var interfaceConfig = {
 
     ENABLE_DIAL_OUT: true,
 
+    ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
+
     FILM_STRIP_MAX_HEIGHT: 120,
 
     GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
 
+    /**
+     * Hide the logo on the deep linking pages.
+     */
+    HIDE_DEEP_LINKING_LOGO: false,
+
     /**
      * Hide the invite prompt in the header when alone in the meeting.
      */
     HIDE_INVITE_MORE_HEADER: false,
 
+    INITIAL_TOOLBAR_TIMEOUT: 20000,
     JITSI_WATERMARK_LINK: 'https://jitsi.org',
 
     LANG_DETECTION: true, // Allow i18n to detect the system language
+    LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
     LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
 
     /**
@@ -93,11 +140,28 @@ var interfaceConfig = {
      */
     MOBILE_APP_PROMO: true,
 
+    /**
+     * Specify custom URL for downloading android mobile app.
+     */
+    MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+
+    /**
+     * Specify custom URL for downloading f droid app.
+     */
+    MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
+
+    /**
+     * Specify URL for downloading ios mobile app.
+     */
+    MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
+
+    NATIVE_APP_NAME: 'Jitsi Meet',
+
     // Names of browsers which should show a warning stating the current browser
     // has a suboptimal experience. Browsers which are not listed as optimal or
     // unsupported are considered suboptimal. Valid values are:
-    // chrome, chromium, electron, firefox , safari, webkit
-    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'electron', 'safari', 'webkit' ],
+    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
+    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
 
     POLICY_LOGO: null,
     PROVIDER_NAME: 'Jitsi',
@@ -110,7 +174,7 @@ var interfaceConfig = {
     RECENT_LIST_ENABLED: true,
     REMOTE_THUMBNAIL_RATIO: 1, // 1:1
 
-    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds', 'more' ],
+    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ],
 
     /**
      * Specify which sharing features should be displayed. If the value is not set
@@ -121,12 +185,13 @@ var interfaceConfig = {
     SHOW_BRAND_WATERMARK: false,
 
     /**
-     * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
-     * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
-     * being already installed is done before rendering.
-     */
+    * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
+    * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
+    * being already installed is done before rendering.
+    */
     SHOW_CHROME_EXTENSION_BANNER: false,
 
+    SHOW_DEEP_LINKING_IMAGE: false,
     SHOW_JITSI_WATERMARK: true,
     SHOW_POWERED_BY: false,
     SHOW_PROMOTIONAL_CLOSE_PAGE: false,
@@ -137,6 +202,16 @@ var interfaceConfig = {
      */
     SUPPORT_URL: 'https://community.jitsi.org/',
 
+    TOOLBAR_ALWAYS_VISIBLE: false,
+
+    /**
+     * DEPRECATED!
+     * This config was moved to config.js as `toolbarButtons`.
+     */
+    // TOOLBAR_BUTTONS: [],
+
+    TOOLBAR_TIMEOUT: 4000,
+
     // Browsers, in addition to those which do not fully support WebRTC, that
     // are not supported and should show the unsupported browser page.
     UNSUPPORTED_BROWSERS: [],
@@ -167,78 +242,39 @@ var interfaceConfig = {
      */
     // TILE_VIEW_MAX_COLUMNS: 5,
 
-    // List of undocumented settings
     /**
-     INDICATOR_FONT_SIZES
-     PHONE_NUMBER_REGEX
-    */
-
-    // -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
-
-    /**
-     * Specify URL for downloading ios mobile app.
+     * Specify Firebase dynamic link properties for the mobile apps.
      */
-    // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
-
-    /**
-     * Specify custom URL for downloading android mobile app.
-     */
-    // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+    // MOBILE_DYNAMIC_LINK: {
+    //    APN: 'org.jitsi.meet',
+    //    APP_CODE: 'w2atb',
+    //    CUSTOM_DOMAIN: undefined,
+    //    IBI: 'com.atlassian.JitsiMeet.ios',
+    //    ISI: '1165103905'
+    // },
 
     /**
      * Specify mobile app scheme for opening the app from the mobile browser.
      */
     // APP_SCHEME: 'org.jitsi.meet',
 
-    // NATIVE_APP_NAME: 'Jitsi Meet',
-
-    /**
-     * Hide the logo on the deep linking pages.
-     */
-    // HIDE_DEEP_LINKING_LOGO: false,
-
     /**
      * Specify the Android app package name.
      */
     // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
 
     /**
-     * Specify custom URL for downloading f droid app.
+     * Override the behavior of some notifications to remain displayed until
+     * explicitly dismissed through a user action. The value is how long, in
+     * milliseconds, those notifications should remain displayed.
      */
-    // MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/packages/org.jitsi.meet/',
+    // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
 
-    // Connection indicators (
-    // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
-    // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
-    // CONNECTION_INDICATOR_DISABLED) got moved to config.js.
-
-    // Please use disableModeratorIndicator from config.js
-    // DISABLE_FOCUS_INDICATOR: false,
-
-    // Please use defaultLocalDisplayName from config.js
-    // DEFAULT_LOCAL_DISPLAY_NAME: 'me',
-
-    // Please use defaultLogoUrl from config.js
-    // DEFAULT_LOGO_URL: 'images/watermark.svg',
-
-    // Please use defaultRemoteDisplayName from config.js
-    // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
-
-    // Moved to config.js as `toolbarConfig.initialTimeout`.
-    // INITIAL_TOOLBAR_TIMEOUT: 20000,
-
-    // Please use `liveStreaming.helpLink` from config.js
-    // Documentation reference for the live streaming feature.
-    // LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
-
-    // Moved to config.js as `toolbarConfig.alwaysVisible`.
-    // TOOLBAR_ALWAYS_VISIBLE: false,
-
-    // This config was moved to config.js as `toolbarButtons`.
-    // TOOLBAR_BUTTONS: [],
-
-    // Moved to config.js as `toolbarConfig.timeout`.
-    // TOOLBAR_TIMEOUT: 4000,
+    // List of undocumented settings
+    /**
+     INDICATOR_FONT_SIZES
+     PHONE_NUMBER_REGEX
+    */
 
     // Allow all above example options to include a trailing comma and
     // prevent fear when commenting out the last value.
diff --git a/type/__jitsi_meet_domain/files/jitsi-version b/type/__jitsi_meet_domain/files/jitsi-version
deleted file mode 100644
index 0459f40..0000000
--- a/type/__jitsi_meet_domain/files/jitsi-version
+++ /dev/null
@@ -1 +0,0 @@
-2.0.10655-1
\ No newline at end of file
diff --git a/type/__jitsi_meet_domain/files/nginx.sh b/type/__jitsi_meet_domain/files/nginx.sh
index 853aaf6..8b124e2 100644
--- a/type/__jitsi_meet_domain/files/nginx.sh
+++ b/type/__jitsi_meet_domain/files/nginx.sh
@@ -2,42 +2,6 @@
 
 # shellcheck disable=SC2034  # This is intended to be included
 JITSI_NGINX_CONFIG="$(cat <<EOF
-# Jitsi uses following lines by default, in our cdist types they must be commented
-# out as we already set it with __jitsi_meet in the default server config.
-#server_names_hash_bucket_size 64;
-#
-#types {
-## nginx's default mime.types doesn't include a mapping for wasm or wav.
-#    application/wasm     wasm;
-#    audio/wav            wav;
-#}
-# These upstreams are managed by __jitsi_meet
-#upstream jicofo {
-#    zone upstreams 64K;
-#    server 127.0.0.1:8888;
-#    keepalive 2;
-#}
-#upstream prosody {
-#    zone upstreams 64K;
-#    server 127.0.0.1:5280;
-#    keepalive 2;
-#}
-#upstream jvb1 {
-#    zone upstreams 64K;
-#    server 127.0.0.1:9090;
-#    keepalive 2;
-#}
-#map \$arg_vnode \$prosody_node {
-#    default prosody;
-#    v1 v1;
-#    v2 v2;
-#    v3 v3;
-#    v4 v4;
-#    v5 v5;
-#    v6 v6;
-#    v7 v7;
-#    v8 v8;
-#}
 server {
     listen 80;
     listen [::]:80;
@@ -46,17 +10,17 @@ server {
     include snippets/acme-challenge.conf;
 
     location / {
-        return 301 https://\$host\$request_uri;
+       return 301 https://\$host\$request_uri;
     }
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name ${DOMAIN};
 
     include snippets/acme-challenge.conf;
 
-    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
+# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_prefer_server_ciphers off;
@@ -66,11 +30,6 @@ server {
     ssl_session_tickets off;
 
     add_header Strict-Transport-Security "max-age=63072000" always;
-    set \$prefix "";
-    # Try the custom page for this domain, fallback to default page
-    set \$custom_index "index-${DOMAIN}.html";
-    # We expect this domain to be properly configured, the file should exist
-    set \$config_js_location "/etc/jitsi/meet/${DOMAIN}-config.js";
 
     ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
@@ -82,7 +41,7 @@ server {
     ssi_types application/x-javascript application/javascript;
 
     # Try the custom page for this domain, fallback to default page
-    index \$custom_index index.html index.htm;
+    index index-${DOMAIN}.html index.html index.htm;
     error_page 404 /static/404.html;
 
     gzip on;
@@ -91,10 +50,9 @@ server {
     gzip_proxied no-cache no-store private expired auth;
     gzip_min_length 512;
 
-    # include /etc/jitsi/meet/jaas/*.conf;
-
+    # We expect this domain to be properly configured, the file should exist
     location = /config.js {
-        alias \$config_js_location;
+        alias /etc/jitsi/meet/${DOMAIN}-config.js;
     }
     # We expect this domain to be properly configured, the file should exist
     location = /interface_config.js {
@@ -113,128 +71,70 @@ server {
         alias /usr/share/jitsi-meet/libs/external_api.min.js;
     }
 
-    location = /_api/room-info {
-        proxy_pass http://prosody/room-info?prefix=\$prefix&\$args;
-        proxy_http_version 1.1;
-        proxy_set_header X-Forwarded-For \$remote_addr;
-        proxy_set_header Host \$http_host;
-    }
-
-    location ~ ^/_api/public/(.*)\$ {
-        autoindex off;
-        alias /etc/jitsi/meet/public/\$1;
-    }
-
-    # ensure all static content can always be found first
-    location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)\$
+    #ensure all static content can always be found first
+    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
     {
         add_header 'Access-Control-Allow-Origin' '*';
         alias /usr/share/jitsi-meet/\$1/\$2;
 
         # cache all versioned files
         if (\$arg_v) {
-            expires 1y;
+          expires 1y;
         }
     }
 
-    # Paths for jsi / interpreters
-    location ~ ^/i/(img/[^./]*.png|jsi.js|style.css)$
-    {
-        add_header 'Access-Control-Allow-Origin' '*';
-        alias /opt/jsi/static/\$1;
-
-        # cache all versioned files
-        if (\$arg_v) {
-            expires 1y;
-        }
-    }
-    location ~ ^/i/
-    {
-        try_files /${DOMAIN}-interpreters.html /interpreters.html \$uri;
-    }
-
     # BOSH
     location = /http-bind {
-        proxy_pass http://prosody/http-bind?prefix=\$prefix&\$args;
-        proxy_http_version 1.1;
+        proxy_pass      http://localhost:5280/http-bind;
         proxy_set_header X-Forwarded-For \$remote_addr;
 	# Prevision for 'multi-domain' jitsi instances
 	# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
-        proxy_set_header Host ${DOMAIN};
-        proxy_set_header Connection "";
+        proxy_set_header Host ${JITSI_HOST};
     }
 
     # xmpp websockets
     location = /xmpp-websocket {
-        proxy_pass http://prosody/xmpp-websocket?prefix=\$prefix&\$args;
+        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
         proxy_http_version 1.1;
         proxy_set_header Upgrade \$http_upgrade;
         proxy_set_header Connection "upgrade";
 	# Prevision for 'multi-domain' jitsi instances
 	# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
-        proxy_set_header Host ${DOMAIN};
+        proxy_set_header Host ${JITSI_HOST};
         tcp_nodelay on;
     }
 
     # colibri (JVB) websockets for jvb1
     location ~ ^/colibri-ws/default-id/(.*) {
-        proxy_pass http://jvb1/colibri-ws/default-id/\$1\$is_args\$args;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection "upgrade";
-        tcp_nodelay on;
-    }
-
-    # load test minimal client, uncomment when used
-    #location ~ ^/_load-test/([^/?&:'"]+)\$ {
-    #    rewrite ^/_load-test/(.*)\$ /load-test/index.html break;
-    #}
-    #location ~ ^/_load-test/libs/(.*)\$ {
-    #    add_header 'Access-Control-Allow-Origin' '*';
-    #    alias /usr/share/jitsi-meet/load-test/libs/\$1;
-    #}
-
-    location = /_unlock {
-        add_header 'Access-Control-Allow-Origin' '*';
-        add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains';
-        add_header "Cache-Control" "no-cache, no-store";
-    }
-
-    location ~ ^/conference-request/v1([/].*)?\$ {
-        proxy_pass http://jicofo/conference-request/v1\$1;
-        add_header "Cache-Control" "no-cache, no-store";
-        add_header 'Access-Control-Allow-Origin' '*';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type';
-    }
-    location ~ ^/([^/?&:'"]+)/conference-request/v1([/].*)?\$ {
-        rewrite ^/([^/?&:'"]+)/conference-request/v1([/].*)?\$ /conference-request/v1\$2;
+       proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade \$http_upgrade;
+       proxy_set_header Connection "upgrade";
+       tcp_nodelay on;
     }
 
     location ~ ^/([^/?&:'"]+)\$ {
-        set \$roomname "\$1";
         try_files \$uri @root_path;
     }
 
     location @root_path {
-        # rewrite ^/(.*)\$ /\$custom_index break;
         rewrite ^/(.*)\$ / break;
     }
 
     location ~ ^/([^/?&:'"]+)/config.js\$
     {
-        set \$subdomain "\$1.";
-        set \$subdir "\$1/";
+       set \$subdomain "\$1.";
+       set \$subdir "\$1/";
 
-        alias \$config_js_location;
+       alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
     }
 
-    ## Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
-    #location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)\$ {
-    #    set \$subdomain "\$1.";
-    #    set \$subdir "\$1/";
-    #    rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)\$ /\$2;
-    #}
+    #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
+    location ~ ^/([^/?&:'"]+)/(.*)\$ {
+        set \$subdomain "\$1.";
+        set \$subdir "\$1/";
+        rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
+    }
 
     # BOSH for subdomains
     location ~ ^/([^/?&:'"]+)/http-bind {
@@ -253,21 +153,6 @@ server {
 
         rewrite ^/(.*)\$ /xmpp-websocket;
     }
-
-    location ~ ^/([^/?&:'"]+)/_api/room-info {
-        set \$subdomain "\$1.";
-        set \$subdir "\$1/";
-        set \$prefix "\$1";
-
-        rewrite ^/(.*)\$ /_api/room-info;
-    }
-
-    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
-    location ~ ^/([^/?&:'"]+)/(.*)\$ {
-        set \$subdomain "\$1.";
-        set \$subdir "\$1/";
-        rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
-    }
 }
 EOF
 )"
diff --git a/type/__jitsi_meet_domain/files/nginx.sh.orig b/type/__jitsi_meet_domain/files/nginx.sh.orig
index 0ea213d..8c1ba5e 100644
--- a/type/__jitsi_meet_domain/files/nginx.sh.orig
+++ b/type/__jitsi_meet_domain/files/nginx.sh.orig
@@ -1,53 +1,27 @@
 server_names_hash_bucket_size 64;
 
-types {
-# nginx's default mime.types doesn't include a mapping for wasm or wav.
-    application/wasm     wasm;
-    audio/wav            wav;
-}
-upstream prosody {
-    zone upstreams 64K;
-    server 127.0.0.1:5280;
-    keepalive 2;
-}
-upstream jvb1 {
-    zone upstreams 64K;
-    server 127.0.0.1:9090;
-    keepalive 2;
-}
-map $arg_vnode $prosody_node {
-    default prosody;
-    v1 v1;
-    v2 v2;
-    v3 v3;
-    v4 v4;
-    v5 v5;
-    v6 v6;
-    v7 v7;
-    v8 v8;
-}
 server {
     listen 80;
     listen [::]:80;
     server_name jitsi-meet.example.com;
 
     location ^~ /.well-known/acme-challenge/ {
-        default_type "text/plain";
-        root         /usr/share/jitsi-meet;
+       default_type "text/plain";
+       root         /usr/share/jitsi-meet;
     }
     location = /.well-known/acme-challenge/ {
-        return 404;
+       return 404;
     }
     location / {
-        return 301 https://$host$request_uri;
+       return 301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name jitsi-meet.example.com;
 
-    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
+# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_prefer_server_ciphers off;
@@ -57,9 +31,6 @@ server {
     ssl_session_tickets off;
 
     add_header Strict-Transport-Security "max-age=63072000" always;
-    set $prefix "";
-    set $custom_index "";
-    set $config_js_location /etc/jitsi/meet/jitsi-meet.example.com-config.js;
 
     ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
     ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
@@ -79,52 +50,36 @@ server {
     gzip_proxied no-cache no-store private expired auth;
     gzip_min_length 512;
 
-    include /etc/jitsi/meet/jaas/*.conf;
-
     location = /config.js {
-        alias $config_js_location;
+        alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
     }
 
     location = /external_api.js {
         alias /usr/share/jitsi-meet/libs/external_api.min.js;
     }
 
-    location = /_api/room-info {
-        proxy_pass http://prosody/room-info?prefix=$prefix&$args;
-        proxy_http_version 1.1;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header Host $http_host;
-    }
-
-    location ~ ^/_api/public/(.*)$ {
-        autoindex off;
-        alias /etc/jitsi/meet/public/$1;
-    }
-
-    # ensure all static content can always be found first
-    location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)$
+    #ensure all static content can always be found first
+    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
     {
         add_header 'Access-Control-Allow-Origin' '*';
         alias /usr/share/jitsi-meet/$1/$2;
 
         # cache all versioned files
         if ($arg_v) {
-            expires 1y;
+          expires 1y;
         }
     }
 
     # BOSH
     location = /http-bind {
-        proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
-        proxy_http_version 1.1;
+        proxy_pass      http://localhost:5280/http-bind;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header Host $http_host;
-        proxy_set_header Connection "";
     }
 
     # xmpp websockets
     location = /xmpp-websocket {
-        proxy_pass http://$prosody_node/xmpp-websocket?prefix=$prefix&$args;
+        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -134,61 +89,34 @@ server {
 
     # colibri (JVB) websockets for jvb1
     location ~ ^/colibri-ws/default-id/(.*) {
-        proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        tcp_nodelay on;
-    }
-
-    # load test minimal client, uncomment when used
-    #location ~ ^/_load-test/([^/?&:'"]+)$ {
-    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
-    #}
-    #location ~ ^/_load-test/libs/(.*)$ {
-    #    add_header 'Access-Control-Allow-Origin' '*';
-    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
-    #}
-
-    location = /_unlock {
-        add_header 'Access-Control-Allow-Origin' '*';
-        add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains';
-        add_header "Cache-Control" "no-cache, no-store";
-    }
-
-    location ~ ^/conference-request/v1(\/.*)?$ {
-        proxy_pass http://127.0.0.1:8888/conference-request/v1$1;
-        add_header "Cache-Control" "no-cache, no-store";
-        add_header 'Access-Control-Allow-Origin' '*';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type';
-    }
-    location ~ ^/([^/?&:'"]+)/conference-request/v1(\/.*)?$ {
-        rewrite ^/([^/?&:'"]+)/conference-request/v1(\/.*)?$ /conference-request/v1$2;
+       proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection "upgrade";
+       tcp_nodelay on;
     }
 
     location ~ ^/([^/?&:'"]+)$ {
-        set $roomname "$1";
         try_files $uri @root_path;
     }
 
     location @root_path {
-        rewrite ^/(.*)$ /$custom_index break;
+        rewrite ^/(.*)$ / break;
     }
 
     location ~ ^/([^/?&:'"]+)/config.js$
     {
-        set $subdomain "$1.";
-        set $subdir "$1/";
+       set $subdomain "$1.";
+       set $subdir "$1/";
 
-        alias $config_js_location;
+       alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
     }
 
-    # Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
-    location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
+    #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
+    location ~ ^/([^/?&:'"]+)/(.*)$ {
         set $subdomain "$1.";
         set $subdir "$1/";
-        rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
+        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
     }
 
     # BOSH for subdomains
@@ -208,19 +136,4 @@ server {
 
         rewrite ^/(.*)$ /xmpp-websocket;
     }
-
-    location ~ ^/([^/?&:'"]+)/_api/room-info {
-        set $subdomain "$1.";
-        set $subdir "$1/";
-        set $prefix "$1";
-
-        rewrite ^/(.*)$ /_api/room-info;
-    }
-
-    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
-    location ~ ^/([^/?&:'"]+)/(.*)$ {
-        set $subdomain "$1.";
-        set $subdir "$1/";
-        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
-    }
 }
diff --git a/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh b/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
deleted file mode 100644
index 97c9853..0000000
--- a/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
+++ /dev/null
@@ -1,238 +0,0 @@
-#!/bin/sh -eu
-
-# Source:
-# https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
-FOCUS_USER="focus"
-JITSI_DOMAIN="${JITSI_DOMAIN:-${JITSI_HOST:?}}"
-# PROSODY_MAIN_CONFIG: defined in __jitsi_meet, empty in __jitsi_meet_domain
-PROSODY_SECUREDOMAIN_START="--[["
-PROSODY_SECUREDOMAIN_END="--]]"
-if [ -n "${PROSODY_MAIN_CONFIG}" ]; then
-	PROSODY_MAIN_START=""
-	PROSODY_MAIN_END=""
-	PROSODY_DOMAIN_START="--[["
-	PROSODY_DOMAIN_END="--]]"
-else
-	PROSODY_MAIN_START="--[["
-	PROSODY_MAIN_END="--]]"
-	PROSODY_DOMAIN_START=""
-	PROSODY_DOMAIN_END=""
-	if [ -n "${SECURED_DOMAINS}" ]; then
-		PROSODY_SECUREDOMAIN_START=""
-		PROSODY_SECUREDOMAIN_END=""
-	fi
-fi
-# Websockets haven't been fully tested in this type and don't work reliably
-PROSODY_WEBSOCKET="-- "
-
-# shellcheck disable=SC2034  # This is intended to be included
-PROSODY_CONFIG="$(cat <<EOFPROSODY
--- Managed remotely, changes will be lost
-${PROSODY_MAIN_START}
--- This will be managed by __jitsi_meet
-
--- We need this for prosody 13.0
-component_admins_as_room_owners = true
-
-plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-
--- domain mapper options, must at least have domain base set to use the mapper
-muc_mapper_domain_base = "${JITSI_HOST:?}";
-
-external_service_secret = "${TURN_SECRET:-TurnSecret}";
-external_services = {
-     { type = "stun", host = "${JITSI_HOST:?}", port = 3478 },
-     { type = "turn", host = "${JITSI_HOST:?}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
-     { type = "turns", host = "${JITSI_HOST:?}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
-};
-
-cross_domain_bosh = false;
-consider_bosh_secure = true;
--- Use websockets
--- https://community.jitsi.org/t/how-to-how-to-enable-websockets-xmpp-websocket-and-smacks-for-prosody/87920
-${PROSODY_WEBSOCKET}consider_websocket_secure = true;
-
--- https_ports = { }; -- Remove this line to prevent listening on port 5284
-
--- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
---http_cors_override = {
---    bosh = {
---        enabled = false;
---    };
---    websocket = {
---        enabled = false;
---    };
---}
-
--- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
-ssl = {
-    protocol = "tlsv1_2+";
-    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-}
-
-unlimited_jids = {
-    "${FOCUS_USER:?}@auth.${JITSI_HOST:?}",
-    "jvb@auth.${JITSI_HOST:?}"
-}
-
--- https://prosody.im/doc/modules/mod_smacks
-smacks_max_unacked_stanzas = 5;
-smacks_hibernation_time = 60;
-smacks_max_old_sessions = 1;
-${PROSODY_MAIN_END}
-
-${PROSODY_DOMAIN_START}
--- This will be managed by __jitsi_meet_domain
-VirtualHost "${JITSI_DOMAIN:?}"
-    authentication = "jitsi-anonymous" -- do not delete me
-    -- Properties below are modified by jitsi-meet-tokens package config
-    -- and authentication above is switched to "token"
-    --app_id="example_app_id"
-    --app_secret="example_app_secret"
-    -- Assign this host a certificate for TLS, otherwise it would use the one
-    -- set in the global section (if any).
-    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
-    -- use the global one.
-    ssl = {
-        key = "/etc/prosody/certs/${JITSI_DOMAIN:?}.key";
-        certificate = "/etc/prosody/certs/${JITSI_DOMAIN:?}.crt";
-    }
-    -- we need bosh
-    modules_enabled = {
-        "bosh";
-        "websocket";
-        "smacks";
-        "ping"; -- Enable mod_ping
-        "external_services";
-        "features_identity";
-        "conference_duration";
-        "muc_lobby_rooms";
-        "muc_breakout_rooms";
-${PROSODY_WEBSOCKET}        "websocket";
-${PROSODY_WEBSOCKET}        "smacks";
-    }
-    smacks_max_unacked_stanzas = 5;
-    smacks_hibernation_time = 60;
-    smacks_max_hibernated_sessions = 1;
-    smacks_max_old_sessions = 1;
-    c2s_require_encryption = false
-    lobby_muc = "lobby.${JITSI_DOMAIN:?}"
-    breakout_rooms_muc = "breakout.${JITSI_DOMAIN:?}"
-    main_muc = "conference.${JITSI_DOMAIN:?}"
-    -- muc_lobby_whitelist = { "recorder.${JITSI_DOMAIN:?}" } -- Here we can whitelist jibri to enter lobby enabled rooms
-
-Component "conference.${JITSI_DOMAIN:?}" "muc"
-    restrict_room_creation = true
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_meeting_id";
-        "muc_domain_mapper";
-        "polls";
-        --"token_verification";
-        "muc_rate_limit";
-        "muc_password_whitelist";
-    }
-    admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
-    muc_password_whitelist = {
-        "${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
-    }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-
-Component "breakout.${JITSI_DOMAIN:?}" "muc"
-    restrict_room_creation = true
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_meeting_id";
-        "muc_domain_mapper";
-        "muc_rate_limit";
-        "polls";
-    }
-    admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-
--- internal muc component
-Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "ping";
-    }
-    admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-${PROSODY_DOMAIN_END}
-${PROSODY_MAIN_START}
--- This will be managed by __jitsi_meet
-
-VirtualHost "auth.${JITSI_DOMAIN:?}"
-    ssl = {
-       key = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.key";
-       certificate = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.crt";
-    }
-
-    modules_enabled = {
-        "limits_exception";
-        "smacks";
-    }
-    authentication = "internal_hashed"
-    smacks_hibernation_time = 15;
-
-VirtualHost "recorder.${JITSI_DOMAIN:?}"
-    modules_enabled = {
-      "smacks";
-    }
-    authentication = "internal_hashed"
-    smacks_max_old_sessions = 2000;
-${PROSODY_MAIN_END}
-${PROSODY_DOMAIN_START}
--- This will be managed by __jitsi_meet_domain
-
--- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
-Component "focus.${JITSI_DOMAIN:?}" "client_proxy"
-    -- Single focus user for the whole instance
-    target_address = "${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
-
-Component "speakerstats.${JITSI_DOMAIN:?}" "speakerstats_component"
-    muc_component = "conference.${JITSI_DOMAIN:?}"
-
-Component "endconference.${JITSI_DOMAIN:?}" "end_conference"
-    muc_component = "conference.${JITSI_DOMAIN:?}"
-
-Component "avmoderation.${JITSI_DOMAIN:?}" "av_moderation_component"
-    muc_component = "conference.${JITSI_DOMAIN:?}"
-
-Component "filesharing.${JITSI_DOMAIN:?}" "filesharing_component"
-    muc_component = "conference.${JITSI_DOMAIN:?}"
-
-Component "lobby.${JITSI_DOMAIN:?}" "muc"
-    storage = "memory"
-    restrict_room_creation = true
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_rate_limit";
-    }
-
-Component "metadata.${JITSI_DOMAIN:?}" "room_metadata_component"
-    muc_component = "conference.${JITSI_DOMAIN:?}"
-    breakout_rooms_component = "breakout.${JITSI_DOMAIN:?}"
-
-Component "polls.${JITSI_DOMAIN:?}" "polls_component"
-${PROSODY_DOMAIN_END}
-
-${PROSODY_SECUREDOMAIN_START}
--- Only used on secured domains
-VirtualHost "${JITSI_DOMAIN}"
-    authentication = "internal_plain"
-
-VirtualHost "guest.${JITSI_DOMAIN}"
-    authentication = "anonymous"
-    c2s_require_encryption = false
-${PROSODY_SECUREDOMAIN_END}
-EOFPROSODY
-)"
diff --git a/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh.orig b/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh.orig
deleted file mode 100644
index bfd5e6a..0000000
--- a/type/__jitsi_meet_domain/files/prosody.cfg.lua.sh.orig
+++ /dev/null
@@ -1,167 +0,0 @@
--- We need this for prosody 13.0
-component_admins_as_room_owners = true
-
-plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-
--- domain mapper options, must at least have domain base set to use the mapper
-muc_mapper_domain_base = "jitmeet.example.com";
-
-external_service_secret = "__turnSecret__";
-external_services = {
-     { type = "stun", host = "jitmeet.example.com", port = 3478 },
-     { type = "turn", host = "jitmeet.example.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
-     { type = "turns", host = "jitmeet.example.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
-};
-
-cross_domain_bosh = false;
-consider_bosh_secure = true;
-consider_websocket_secure = true;
--- https_ports = { }; -- Remove this line to prevent listening on port 5284
-
--- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
---http_cors_override = {
---    bosh = {
---        enabled = false;
---    };
---    websocket = {
---        enabled = false;
---    };
---}
-
--- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
-ssl = {
-    protocol = "tlsv1_2+";
-    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-}
-
-unlimited_jids = {
-    "focusUser@auth.jitmeet.example.com",
-    "jvb@auth.jitmeet.example.com"
-}
-
--- https://prosody.im/doc/modules/mod_smacks
-smacks_max_unacked_stanzas = 5;
-smacks_hibernation_time = 60;
-smacks_max_old_sessions = 1;
-
-VirtualHost "jitmeet.example.com"
-    authentication = "jitsi-anonymous" -- do not delete me
-    -- Properties below are modified by jitsi-meet-tokens package config
-    -- and authentication above is switched to "token"
-    --app_id="example_app_id"
-    --app_secret="example_app_secret"
-    -- Assign this host a certificate for TLS, otherwise it would use the one
-    -- set in the global section (if any).
-    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
-    -- use the global one.
-    ssl = {
-        key = "/etc/prosody/certs/jitmeet.example.com.key";
-        certificate = "/etc/prosody/certs/jitmeet.example.com.crt";
-    }
-    -- we need bosh
-    modules_enabled = {
-        "bosh";
-        "websocket";
-        "smacks";
-        "ping"; -- Enable mod_ping
-        "external_services";
-        "features_identity";
-        "conference_duration";
-        "muc_lobby_rooms";
-        "muc_breakout_rooms";
-    }
-    c2s_require_encryption = false
-    lobby_muc = "lobby.jitmeet.example.com"
-    breakout_rooms_muc = "breakout.jitmeet.example.com"
-    main_muc = "conference.jitmeet.example.com"
-    -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
-
-Component "conference.jitmeet.example.com" "muc"
-    restrict_room_creation = true
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_meeting_id";
-        "muc_domain_mapper";
-        --"token_verification";
-        "muc_rate_limit";
-        "muc_password_whitelist";
-    }
-    admins = { "focusUser@auth.jitmeet.example.com" }
-    muc_password_whitelist = {
-        "focusUser@auth.jitmeet.example.com"
-    }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-
-Component "breakout.jitmeet.example.com" "muc"
-    restrict_room_creation = true
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_meeting_id";
-        "muc_domain_mapper";
-        "muc_rate_limit";
-        "polls";
-    }
-    admins = { "focusUser@auth.jitmeet.example.com" }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-
--- internal muc component
-Component "internal.auth.jitmeet.example.com" "muc"
-    storage = "memory"
-    modules_enabled = {
-        "muc_hide_all";
-        "ping";
-    }
-    admins = { "focusUser@auth.jitmeet.example.com", "jvb@auth.jitmeet.example.com" }
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-
-VirtualHost "auth.jitmeet.example.com"
-    modules_enabled = {
-        "limits_exception";
-        "smacks";
-    }
-    authentication = "internal_hashed"
-    smacks_hibernation_time = 15;
-
-VirtualHost "recorder.jitmeet.example.com"
-    modules_enabled = {
-      "smacks";
-    }
-    authentication = "internal_hashed"
-    smacks_max_old_sessions = 2000;
-
--- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
-Component "focus.jitmeet.example.com" "client_proxy"
-    target_address = "focusUser@auth.jitmeet.example.com"
-
-Component "speakerstats.jitmeet.example.com" "speakerstats_component"
-    muc_component = "conference.jitmeet.example.com"
-
-Component "endconference.jitmeet.example.com" "end_conference"
-    muc_component = "conference.jitmeet.example.com"
-
-Component "avmoderation.jitmeet.example.com" "av_moderation_component"
-    muc_component = "conference.jitmeet.example.com"
-
-Component "filesharing.jitmeet.example.com" "filesharing_component"
-    muc_component = "conference.jitmeet.example.com"
-
-Component "lobby.jitmeet.example.com" "muc"
-    storage = "memory"
-    restrict_room_creation = true
-    muc_room_locking = false
-    muc_room_default_public_jids = true
-    modules_enabled = {
-        "muc_hide_all";
-        "muc_rate_limit";
-    }
-
-Component "metadata.jitmeet.example.com" "room_metadata_component"
-    muc_component = "conference.jitmeet.example.com"
-    breakout_rooms_component = "breakout.jitmeet.example.com"
-
-Component "polls.jitmeet.example.com" "polls_component"
diff --git a/type/__jitsi_meet_domain/man.rst b/type/__jitsi_meet_domain/man.rst
index 0a6e488..ff78287 100644
--- a/type/__jitsi_meet_domain/man.rst
+++ b/type/__jitsi_meet_domain/man.rst
@@ -11,24 +11,14 @@ DESCRIPTION
 -----------
 This type installs and configures the frontend for Jitsi-Meet.
 
-Additionally to regular Jitsi-Meet, users can load `DOMAIN/i/` and
-`DOMAIN/i/ROOM` for an interpreter-enabled interface; this is done with a
-patched version of Jitsi Simultaneous Interpretation (jsi; see references).
-At least a user with `interpreter` in their name must be present.
-
-
-This type supports "multi-domain" installations.
-
-New in April 2022: rooms are independent for each domain, that is:
+This supports "multi-domain" installations, notice that in such a setup, all
+rooms are shared across the different URLs, e.g.
 https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
-different rooms.
-Note however, that right now if using secured domains, users are still shared
-across any domains hosted in the same instance.
-One way to work around that could be to run multiple jicofos, but we do not
-want to bloat the servers.
-A better way is to patch jicofo, get in touch with the type authors if you want
-the gory details.
+equivalent.
 
+This is due to the underlying XMPP and signaling rooms being common.
+There might be a way to perform tricks on the Nginx-side to avoid this, but
+time is lacking :-).
 
 This assumes `__jitsi_meet` has already been ran on the target host, and,
 amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
@@ -51,11 +41,6 @@ admin-email
 
 OPTIONAL PARAMETERS
 -------------------
-analytics-settings
-    This goes inside the `analytics` part of `config.js`.
-    Defaults to: `disabled: true`.
-    See: https://github.com/jitsi/jitsi-meet/blob/master/config.js
-
 channel-last-n
     Default value for the "last N" attribute.
     Defaults to 20. Set to -1 for unlimited.
@@ -75,10 +60,6 @@ start-video-muted
     Defaults to 10.
 
 
-state
-    Whether the domain is 'present' or 'absent', defaults to 'present'.
-
-
 turn-server
     The TURN server to be used.
     Defaults to `__target_host`.
@@ -93,15 +74,6 @@ video-constraints
     It must not have a trailing comma, see `constraints` in
     `__jitsi_meet_domain/files/config.js.sh`.
 
-branding-app-name
-    This will change `Jitsi Meet` in many places to the brand you desire.
-    Defaults to `Jitsi Meet`.
-
-branding-extra-body
-    This must be valid HTML, it will be included server-side and delivered to
-    clients alongside the default `index.html`.
-    This is useful if you would rather not replace the whole `index`, but
-    still want the chance to do some heavier branding / add instructions / etc.
 
 branding-json
     Path to a JSON file that will be served as the `dynamicBrandingUrl`.
@@ -109,12 +81,14 @@ branding-json
     `__jitsi_meet_domain/files/config.js.sh`.
     If not set, no branding will be set up.
 
+
 branding-index
     Path to an HTML file that will be served instead of Jitsi-Meet's default
     one.
     If not set, the default index file will be used.
     If set to `-`, the type's standard input will be used.
 
+
 branding-watermark
     Path to a png file that will be served instead of Jitsi-Meet's default
     one.
@@ -169,7 +143,6 @@ SEE ALSO
 --------
 - `__jitsi_meet(7)`
 - `__jitsi_meet_user(7)`
-- Jitsi Meet Simultaneous Interpretation: https://gitlab.com/mfmt/jsi
 
 
 AUTHORS
diff --git a/type/__jitsi_meet_domain/manifest b/type/__jitsi_meet_domain/manifest
index 755fe32..5c92c1c 100755
--- a/type/__jitsi_meet_domain/manifest
+++ b/type/__jitsi_meet_domain/manifest
@@ -18,12 +18,9 @@ NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
 START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
 TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
 VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
-ANALYTICS_SETTINGS="$(cat "${__object}/parameter/analytics-settings")"
-BRANDING_APP_NAME="$(cat "${__object}/parameter/branding-app-name")"
 BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
 BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
 BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
-STATE="$(cat "${__object}/parameter/state")"
 
 if [ "${BRANDING_INDEX}" = "-" ]; then
 	BRANDING_INDEX="${__object}/stdin"
@@ -50,31 +47,11 @@ if [ -n "${BRANDING_JSON}" ]; then
 	DYNAMIC_BRANDING_URL="/branding.json"
 fi
 
-case "${STATE}" in
-	present)
-		# When adding the domain, Let's Encrypt must come before nginx
-		le_require=""
-		nginx_require="__letsencrypt_cert/${DOMAIN}"
-		;;
-	absent)
-		# When removing, nginx must come before Let's Encrypt
-		le_require="__file/etc/nginx/sites-enabled/${DOMAIN}.conf"
-		nginx_require=""
-		;;
-	*)
-		cat >> /dev/stderr <<-EOM
-		Unsupported state '${STATE}', must be 'present' or 'absent'.
-		EOM
-		exit 1
-		;;
-esac
-
 #
 # Deal with certbot
 #
 # use object id as domain
-require="${le_require}" __letsencrypt_cert "${DOMAIN}" \
-	--state "${STATE}" \
+__letsencrypt_cert "${DOMAIN}" \
 	--admin-email "${ADMIN_EMAIL}" \
 	--deploy-hook "service nginx reload" \
 	--webroot /usr/share/jitsi-meet
@@ -82,9 +59,8 @@ require="${le_require}" __letsencrypt_cert "${DOMAIN}" \
 # Create virtualhost for nginx
 # shellcheck source=type/__jitsi_meet_domain/files/nginx.sh
 . "${__type}/files/nginx.sh"  # This defines JITSI_NGINX_CONFIG
-require="${nginx_require}" __file \
+require="__letsencrypt_cert/${DOMAIN}" __file \
 	"/etc/nginx/sites-enabled/${DOMAIN}.conf" \
-	--state "${STATE}" \
 	--mode 0644 --source "-" <<EOF
 ${JITSI_NGINX_CONFIG}
 EOF
@@ -93,7 +69,6 @@ EOF
 # shellcheck source=type/__jitsi_meet_domain/files/config.js.sh
 . "${__type}/files/config.js.sh"  # This defines JITSI_CONFIG_JS
 __file "/etc/jitsi/meet/${DOMAIN}-config.js" \
-	--state "${STATE}" \
 	--mode 0644 --source "-" <<EOF
 ${JITSI_CONFIG_JS}
 EOF
@@ -102,7 +77,6 @@ EOF
 # shellcheck source=type/__jitsi_meet_domain/files/interface_config.js.sh
 . "${__type}/files/interface_config.js.sh"  # This defines JITSI_CONFIG_JS
 __file "/etc/jitsi/meet/${DOMAIN}-interface_config.js" \
-	--state "${STATE}" \
 	--mode 0644 --source "-" <<EOF
 ${JITSI_INTERFACE_CONFIG_JS}
 EOF
@@ -113,7 +87,7 @@ EOF
 #
 # Helper function to manage the state of the target branding file
 _var_state() {
-	if [ "${STATE}" = "present" ] && [ -n "${1}" ]; then
+	if [ -n "${1}" ]; then
 		echo "present"
 	else
 		echo "absent"
@@ -132,43 +106,3 @@ __file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
 	--mode 0644 \
 	--state "$(_var_state "${BRANDING_WATERMARK}")" \
 	--source "${BRANDING_WATERMARK}"
-# Simple body customisation
-__file "/usr/share/jitsi-meet/body-${DOMAIN}.html" \
-	--mode 0644 \
-	--state "$(_var_state "${STATE}")" \
-	--source "${__object}/parameter/branding-extra-body"
-
-#
-# Take care of prosody settings for the domain
-#
-JITSI_DOMAIN="${DOMAIN}"
-# Prosody settings for common components (jvb, focus, ...)
-# shellcheck source=type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
-. "${__type}/files/prosody.cfg.lua.sh"  # This defines PROSODY_CONFIG
-__file "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
-	--group prosody \
-	--mode 0440 \
-	--state "${STATE}" \
-	--source '-' <<EOF
-${PROSODY_CONFIG}
-EOF
-__link "/etc/prosody/conf.d/${DOMAIN}.cfg.lua" \
-	--source "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
-	--state "${STATE}" \
-	--type symbolic
-
-if [ "${STATE}" = "present" ]; then
-	export require="${require} __file/etc/prosody/conf.avail/${DOMAIN}.cfg.lua __link/etc/prosody/conf.d/${DOMAIN}.cfg.lua"
-	__check_messages "prosody/${DOMAIN}" \
-		--pattern '^(__file|__link)/etc/prosody/conf[.](avail|d)/' \
-		--execute "$(cat <<EOF
-if [ ! -f "/var/lib/prosody/${DOMAIN}.crt" ]; then
-	echo | prosodyctl cert generate '${DOMAIN}';
-	ln -sf '/var/lib/prosody/${DOMAIN}.key' '/etc/prosody/certs/${DOMAIN}.key'
-	ln -sf '/var/lib/prosody/${DOMAIN}.crt' '/etc/prosody/certs/${DOMAIN}.crt'
-fi
-# Surprisingly, a reload is not enough
-service prosody restart
-EOF
-)"
-fi
diff --git a/type/__jitsi_meet_domain/parameter/default/analytics-settings b/type/__jitsi_meet_domain/parameter/default/analytics-settings
deleted file mode 100644
index 561a7d6..0000000
--- a/type/__jitsi_meet_domain/parameter/default/analytics-settings
+++ /dev/null
@@ -1 +0,0 @@
-        disabled: true
diff --git a/type/__jitsi_meet_domain/parameter/default/branding-app-name b/type/__jitsi_meet_domain/parameter/default/branding-app-name
deleted file mode 100644
index 50236b5..0000000
--- a/type/__jitsi_meet_domain/parameter/default/branding-app-name
+++ /dev/null
@@ -1 +0,0 @@
-Jitsi Meet
diff --git a/type/__jitsi_meet_domain/parameter/default/branding-extra-body b/type/__jitsi_meet_domain/parameter/default/branding-extra-body
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__jitsi_meet_domain/parameter/default/state b/type/__jitsi_meet_domain/parameter/default/state
deleted file mode 100644
index 568612b..0000000
--- a/type/__jitsi_meet_domain/parameter/default/state
+++ /dev/null
@@ -1 +0,0 @@
-present
\ No newline at end of file
diff --git a/type/__jitsi_meet_domain/parameter/optional b/type/__jitsi_meet_domain/parameter/optional
index f9f51eb..5b53621 100644
--- a/type/__jitsi_meet_domain/parameter/optional
+++ b/type/__jitsi_meet_domain/parameter/optional
@@ -1,13 +1,9 @@
-analytics-settings
 channel-last-n
 default-language
 notice-message
 start-video-muted
 turn-server
 video-constraints
-branding-app-name
 branding-json
 branding-index
-branding-extra-body
 branding-watermark
-state
diff --git a/type/__matrix_element/files/config.json.sh b/type/__matrix_element/files/config.json.sh
index fa30cda..9791f38 100755
--- a/type/__matrix_element/files/config.json.sh
+++ b/type/__matrix_element/files/config.json.sh
@@ -34,12 +34,12 @@ EOF
 
     if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then
         cat << EOF
-        "authFooterLinks": $BRANDING_AUTH_FOOTER_LINKS,
+        "authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS",
 EOF
     fi
 
     cat << EOF
-    "welcomeBackgroundUrl": "$BRANDING_WELCOME_BACKGROUND_URL"
+    "welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg"
 EOF
     echo '},'
 }
@@ -52,7 +52,7 @@ cat << EOF
             "server_name": "$DEFAULT_SERVER_NAME"
         },
         "m.identity_server": {
-            "base_url": "$IDENTITY_SERVER_URL"
+            "base_url": "https://vector.im"
         }
     },
     "brand": "$BRAND",
@@ -85,10 +85,6 @@ cat << EOF
             "url": "$COOKIE_POLICY_URL",
             "text": "Cookie Policy"
         }
-    ],
-   "embeddedPages": {
-        "welcomeUrl": "$WELCOME_PAGE_URL",
-        "homeUrl": "$HOME_PAGE_URL"
-    }
+    ]
 }
 EOF
diff --git a/type/__matrix_element/man.rst b/type/__matrix_element/man.rst
index 0d748a3..05f0685 100644
--- a/type/__matrix_element/man.rst
+++ b/type/__matrix_element/man.rst
@@ -27,28 +27,12 @@ default_server_name
 default_server_url
   URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'.
 
-identity_server_url
-  URL of matrix identity server to connect to, defaults to 'https://vector.im'.
-  See element documentation
-  `<https://github.com/vector-im/element-web/blob/develop/docs/config.md#identity-servers>_`
-  for details.
-
 owner
   Owner of the deployed files, passed to `chown`. Defaults to 'root'.
 
 brand
   Web UI branding, defaults to 'Element'.
 
-branding_auth_header_logo_url
-  A logo image that is shown in the header during authentication flows.
-
-branding_welcome_background_url
-  An image to use as a wallpaper outside the app during authentication flows. If an array is passed, an image is chosen randomly for each visit.
-
-branding_auth_footer_links
-  a list of links to show in the authentication page footer: `[{"text": "Link
-  text", "url": "https://link.target"}, {"text": "Other link", ...}]`
-
 default_country_code
   ISO 3166 alpha2 country code to use when showing country selectors, such as
   phone number inputs. Defaults to GB.
diff --git a/type/__matrix_element/manifest b/type/__matrix_element/manifest
index fe937c5..544bd96 100755
--- a/type/__matrix_element/manifest
+++ b/type/__matrix_element/manifest
@@ -25,13 +25,11 @@ INSTALL_DIR=$(cat "$__object/parameter/install_dir")
 
 export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name")
 export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url")
-export IDENTITY_SERVER_URL=$(cat "$__object/parameter/identity_server_url")
 export BRAND=$(cat "$__object/parameter/brand")
 export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code")
 export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers")
 export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url")
 export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url")
-export BRANDING_WELCOME_BACKGROUND_URL=$(cat "$__object/parameter/branding_welcome_background_url")
 
 if [ -f "$__object/parameter/jitsi_domain" ]; then
     export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain")
@@ -46,24 +44,14 @@ if [ -f "$__object/parameter/branding_auth_footer_links" ]; then
 fi
 
 if [ -f "$__object/parameter/homepage" ]; then
+    export EMBED_HOMEPAGE=1
     homepage=$(cat "$__object/parameter/homepage")
-    if [ -f "$homepage" ]; then
-      upload_homepage=1
-    else
-      export HOME_PAGE_URL=$homepage
-    fi
 fi
 
-WELCOME_PAGE_URL="welcome.html"
 if [ -f "$__object/parameter/welcomepage" ]; then
+    export EMBED_WELCOMEPAGE=1
     welcomepage=$(cat "$__object/parameter/welcomepage")
-    if [ -f welcomepage ]; then
-      export UPLOAD_WELCOMEPAGE=1
-    else
-      WELCOME_PAGE_URL=$welcomepage
-    fi
 fi
-export WELCOME_PAGE_URL
 
 if [ -f "$__object/parameter/custom_asset" ]; then
    "$__object/parameter/custom_asset" | while IFS= read -r file; do
@@ -103,14 +91,14 @@ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json"
   --mode 0664 \
   --state present
 
-if [ $upload_homepage ]; then
+if [ $EMBED_HOMEPAGE ]; then
     require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \
       --source "$homepage" \
       --mode 0664 \
       --state present
 fi
 
-if [ $upload_welcomepage ]; then
+if [ $EMBED_WELCOMEPAGE ]; then
     require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \
       --source "$welcomepage" \
       --mode 0664 \
diff --git a/type/__matrix_element/parameter/default/branding_welcome_background_url b/type/__matrix_element/parameter/default/branding_welcome_background_url
deleted file mode 100644
index 5f5acef..0000000
--- a/type/__matrix_element/parameter/default/branding_welcome_background_url
+++ /dev/null
@@ -1 +0,0 @@
-themes/element/img/backgrounds/lake.jpg
diff --git a/type/__matrix_element/parameter/default/identity_server b/type/__matrix_element/parameter/default/identity_server
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__matrix_element/parameter/optional b/type/__matrix_element/parameter/optional
index 2830f81..21a2faf 100644
--- a/type/__matrix_element/parameter/optional
+++ b/type/__matrix_element/parameter/optional
@@ -1,6 +1,5 @@
 default_server_url
 default_server_name
-identity_server_url
 brand
 default_country_code
 privacy_policy_url
@@ -12,4 +11,3 @@ welcomepage
 jitsi_domain
 branding_auth_header_logo_url
 branding_auth_footer_links
-branding_welcome_background_url
diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh
index 64b40ee..bc94391 100755
--- a/type/__matrix_synapse/files/homeserver.yaml.sh
+++ b/type/__matrix_synapse/files/homeserver.yaml.sh
@@ -448,7 +448,7 @@ retention:
   # matter much because Synapse doesn't take it into account yet.
   #
   default_policy:
-    min_lifetime: ${MESSAGE_RETENTION_POLICY_MIN_LIFETIME:?}
+    min_lifetime: 1d
     max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?}
 
   # Retention policy limits. If set, and the state of a room contains a
@@ -1175,26 +1175,14 @@ fi
 cat << EOF
 # The shared secret used to compute passwords for the TURN server
 #
-EOF
+turn_shared_secret: "$TURN_SHARED_SECRET"
 
-if [ -n "$TURN_SHARED_SECRET" ]; then
-	echo "turn_shared_secret: \"$TURN_SHARED_SECRET\""
-fi
-
-cat << EOF
 # The Username and password if the TURN server needs them and
 # does not use a token
 #
-EOF
+#turn_username: "TURNSERVER_USERNAME"
+#turn_password: "TURNSERVER_PASSWORD"
 
-if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then
-	cat <<- EOF
-	turn_username: "$TURN_USERNAME"
-	turn_password: "$TURN_PASSWORD"
-	EOF
-fi
-
-cat << EOF
 # How long generated TURN credentials last
 #
 turn_user_lifetime: ${TURN_USER_LIFETIME:?}
@@ -1334,7 +1322,7 @@ fi
 cat << EOF
 # Enable 3PIDs lookup requests to identity servers from this server.
 #
-enable_3pid_lookup: ${ENABLE_3PID_LOOKUPS:?}
+#enable_3pid_lookup: true
 
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
@@ -1342,12 +1330,9 @@ EOF
 
 if [ -n "$REGISTRATION_SHARED_SECRET" ]; then
 	echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'"
-else
-	echo "# registration_shared_secret: 'secret'"
 fi
 
 cat << EOF
-
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
 # The default number is 12 (which equates to 2^12 rounds).
@@ -1368,13 +1353,7 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?}
 # (By default, no suggestion is made, so it is left up to the client.)
 #
 #default_identity_server: https://matrix.org
-EOF
 
-if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then
-	echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\""
-fi
-
-cat << EOF
 # Handle threepid (email/phone etc) registration and password resets through a set of
 # *trusted* identity servers. Note that this allows the configured identity server to
 # reset passwords for accounts!
@@ -1406,7 +1385,7 @@ account_threepid_delegates:
 #
 # Does not apply to server administrators. Defaults to 'true'
 #
-enable_set_displayname: ${ENABLE_SET_DISPLAYNAME:?}
+#enable_set_displayname: false
 
 # Whether users are allowed to change their avatar after it has been
 # initially set. Useful when provisioning users based on the contents
@@ -1421,7 +1400,7 @@ enable_set_displayname: ${ENABLE_SET_DISPLAYNAME:?}
 #
 # Defaults to 'true'
 #
-enable_3pid_changes: ${ENABLE_3PID_CHANGES:?}
+#enable_3pid_changes: false
 
 # Users who register on this homeserver will automatically be joined
 # to these rooms.
@@ -1717,24 +1696,7 @@ saml2_config:
     #  local: ["saml2/idp.xml"]
     #  remote:
     #    - url: https://our_idp/metadata.xml
-EOF
 
-if [ -n "$SAML2_IDP_METADATA_URL" ]; then
-	cat << EOF
-    metadata:
-      remote:
-        - url: "$SAML2_IDP_METADATA_URL"
-EOF
-fi
-
-if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then
-	cat << EOF
-    key_file: "$SAML2_SP_KEY"
-    cert_file: "$SAML2_SP_CERT"
-EOF
-fi
-
-cat << EOF
     # Allowed clock difference in seconds between the homeserver and IdP.
     #
     # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
@@ -1808,15 +1770,7 @@ cat << EOF
     # The custom module's class. Uncomment to use a custom module.
     #
     #module: mapping_provider.SamlMappingProvider
-EOF
 
-if [ -n "$SAML2_MAPPING_PROVIDER_MODULE" ]; then
-	cat << EOF
-    module: "$SAML2_MAPPING_PROVIDER_MODULE"
-EOF
-fi
-
-cat << EOF
     # Custom configuration values for the module. Below options are
     # intended for the built-in provider, they should be changed if
     # using a custom module. This section will be passed as a Python
@@ -1846,17 +1800,6 @@ cat << EOF
       # value will be used instead.
       #
       #mxid_mapping: dotreplace
-EOF
-
-if [ -n "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" ]; then
-	echo "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" | while IFS= read -r entry; do
-		cat << EOF
-      $entry
-EOF
-	done
-fi
-
-cat << EOF
 
   # In previous versions of synapse, the mapping from SAML attribute to
   # MXID was always calculated dynamically rather than stored in a
@@ -2191,7 +2134,7 @@ sso:
     # You can see the default templates at:
     # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
     #
-    template_dir: "${SSO_TEMPLATE_DIR:?}"
+    #template_dir: "res/templates"
 
 
 # JSON web token integration. The following settings can be used to make
diff --git a/type/__matrix_synapse/gencode-remote b/type/__matrix_synapse/gencode-remote
index 30770ed..cf7c648 100755
--- a/type/__matrix_synapse/gencode-remote
+++ b/type/__matrix_synapse/gencode-remote
@@ -8,7 +8,7 @@ case "$os" in
 		synapse_conf_dir=/etc/synapse
 		synapse_service=synapse
 		;;
-	debian|ubuntu)
+	debian)
 		synapse_conf_dir=/etc/matrix-synapse
 		synapse_service=matrix-synapse
 		;;
diff --git a/type/__matrix_synapse/man.rst b/type/__matrix_synapse/man.rst
index 0ec7a94..4eb23bb 100644
--- a/type/__matrix_synapse/man.rst
+++ b/type/__matrix_synapse/man.rst
@@ -1,5 +1,5 @@
 cdist-type__matrix_synapse(7)
-=============================
+======================
 
 NAME
 ----
@@ -8,7 +8,7 @@ cdist-type__matrix_synapse - Install and configure Synapse, a Matrix homeserver
 
 DESCRIPTION
 -----------
-This type installs and configures the Synapse Matrix homeserver. This is a
+This type install and configure the Synapse Matrix homeserver. This is a
 signleton type.
 
 
@@ -52,13 +52,13 @@ ldap-base-dn
   Base DN of your LDAP tree.
 
 ldap-uid-attribute
-  LDAP attribute mapping to Synapse's uid field, default to uid.
+  LDAP attriute mapping to Synapse's uid field, default to uid.
 
 ldap-mail-attribute
-  LDAP attribute mapping to Synapse's mail field, default to mail.
+  LDAP attriute mapping to Synapse's mail field, default to mail.
 
 ldap-name-attribute
-  LDAP attribute mapping to Synapse's name field, default to givenName.
+  LDAP attriute mapping to Synapse's name field, default to givenName.
 
 ldap-bind-dn
   User used to authenticate against your LDAP server in 'search' mode.
@@ -81,7 +81,7 @@ smtp-host
   The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
 
 smtp-port
-  The port on the mail server for outgoing SMTP. Defaults to 25.
+  # The port on the mail server for outgoing SMTP. Defaults to 25.
 
 smtp-user
   Username for authentication to the SMTP server. By
@@ -133,14 +133,6 @@ turn-uri
 turn-shared-secret
   Shared secret used to access the TURN REST API.
 
-turn-username
-  Username used to authenticate against the TURN server if needed / a shared
-  secret token is not used.
-
-turn-password
-  Password used to authenticate against the TURN server if needed / a shared
-  secret token is not used.
-
 turn-user-lifetime
   Lifetime of TURN credentials. Defaults to 1h.
 
@@ -162,12 +154,6 @@ rc-login-burst
 registration-allows-email-pattern
     Only allow email addresses matching specified filter. Can be specified multiple times. A pattern must look like `.*@vector\.im`.
 
-disable-displayname-changes
-  Whether users are allowed to change their displayname after it has been initially set.
-
-disable-3pid-changes
-  Whether users can change the 3PIDs associated with their accounts (email address and msisdn).
-
 auto-join-room
   Room where newly-registered users are automatically added. Can be specified multiple times.
 
@@ -195,25 +181,6 @@ bind-address
   Address used to bind the synapse listeners. Can be specified multiple times.
   Defaults to '::1' and '127.0.0.1'.
 
-saml2-idp-metadata-url
-  HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic.
-
-saml2-sp-key
-  Path to PEM-formatted key file for use by PySAML2.
-
-saml2-sp-cert
-  Path to PEM-formatted cert file for use by PySAML2.
-
-saml2-mapping-provider-module
-  Name of custom Python module used to map SAML2 attributes to synapse internals.
-
-saml2-mapping-provider-extra-settings
-  Extra YAML-formatted key/pair values provided as configuration to the SAML2
-  mapping provider module (e.g. 'key: value'). Can be specified multiple times.
-
-sso-template-dir
-  Directory used to source SSO-related HTML templates.
-
 extra-setting
   Arbitrary string to be added to the configuration file. Can be specified multiple times.
 
@@ -255,9 +222,6 @@ allow-public-rooms-without-auth
 enable-server-notices
   Enable the server notices room.
 
-enable-3pid-lookups
-  Enable 3PIDs lookup requests to identity servers from this server.
-
 allow-guest-access
   Allows users to register as guests without a password/email/etc, and
   participate in rooms hosted on this server which have been made accessible
diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest
index bc76143..4650a17 100755
--- a/type/__matrix_synapse/manifest
+++ b/type/__matrix_synapse/manifest
@@ -20,24 +20,41 @@
 
 # OS-specific configuration.
 os=$(cat "$__global/explorer/os")
+distribution=$(cat "$__global/explorer/lsb_codename")
 
 case "$os" in
-	debian|ubuntu)
+	debian)
 		synapse_user=matrix-synapse
-		synapse_pkg=matrix-synapse-py3
+		synapse_pkg=matrix-synapse
 		synapse_service=matrix-synapse
 		ldap_auth_provider_pkg=matrix-synapse-ldap3
 		synapse_conf_dir='/etc/matrix-synapse'
 		synapse_data_dir='/var/lib/matrix-synapse'
 
-		__apt_key matrix-org \
-			--uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
-
-		require="__apt_key/matrix-org" __apt_source matrix-org \
-			--uri https://packages.matrix.org/debian/ \
-			--component main
-		package_req="__apt_source/matrix-org"
-	;;
+		# See https://packages.debian.org/bullseye/matrix-synapse for state of
+		# synapse packaging in debian.
+		case "$distribution" in
+			stretch)
+				echo "The matrix-synapse package in debian stretch is outdated and unusable." >&2
+				exit 1
+				;;
+			buster)
+				# Enable debian-backports for debian Buster, as the 'stable'
+				# matrix-synapse package is ways too old (< 1.0).
+				apt_target_release=buster-backports
+				__apt_backports
+				;;
+				bullseye|sid)
+					# As of writting (2021-02), the default matrix-synapse of those
+					# release is perfectly usable.
+					:
+				;;
+				*)
+					echo "Unknown debian release '$distribution'. Exiting" >&2
+					exit 1
+				;;
+		esac
+		;;
 	alpine)
 		synapse_user=synapse
 		synapse_pkg=synapse
@@ -96,7 +113,7 @@ export SERVER_NAME BASE_URL REPORT_STATS MAX_UPLOAD_SIZE EXPOSE_METRICS \
 	WEB_CLIENT_URL ROOM_ENCRYPTION_POLICY BIND_ADDRESSES
 
 if [ -f "$__object/parameter/enable-server-notices" ]; then
-	export ENABLE_SERVER_NOTICES=1
+    export ENABLE_SERVER_NOTICES=1
 fi
 
 # TLS.
@@ -172,88 +189,25 @@ ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations')
 USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users')
 export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS
 
-if [ -f "$__object/parameter/registration-shared-secret" ]; then
+if [ -f "$__object/parameter/registration-shared-token" ]; then
 	REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret")
 	export REGISTRATION_SHARED_SECRET
 fi
 
 if [ -f "$__object/parameter/registration-requires-email" ]; then
-	export REGISTRATION_REQUIRES_EMAIL=1
+    export REGISTRATION_REQUIRES_EMAIL=1
 fi
 
-ENABLE_SET_DISPLAYNAME='true'
-if [ -f "$__object/parameter/disable-displayname-changes" ]; then
-	ENABLE_SET_DISPLAYNAME='false'
-fi
-export ENABLE_SET_DISPLAYNAME
-
-ENABLE_3PID_CHANGES='true'
-if [ -f "$__object/parameter/disable-3pid-changes" ]; then
-	ENABLE_3PID_CHANGES='false'
-fi
-export ENABLE_3PID_CHANGES
-
 if [ -f "$__object/parameter/auto-join-room" ]; then
-	AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")"
-	export AUTO_JOIN_ROOMS
+    AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")"
+    export AUTO_JOIN_ROOMS
 fi
 
 if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
-	RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern")
-	export RESGISTRATION_ALLOWS_EMAIL_PATTERN
+    RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern")
+    export RESGISTRATION_ALLOWS_EMAIL_PATTERN
 fi
 
-if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
-	# Synapse fails to start while trying to parse IDP metadata if this package
-	# is not installed.
-	__package xmlsec1
-
-	SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url")
-	export SAML2_IDP_METADATA_URL
-fi
-
-if [ -f "$__object/parameter/saml2-sp-key" ]; then
-	SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key")
-	export SAML2_SP_KEY
-fi
-
-if [ -f "$__object/parameter/saml2-sp-cert" ]; then
-	SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert")
-	export SAML2_SP_CERT
-fi
-
-if [ -f "$__object/parameter/saml2-mapping-provider-module" ]; then
-	SAML2_MAPPING_PROVIDER_MODULE=$(cat "$__object/parameter/saml2-mapping-provider-module")
-	export SAML2_MAPPING_PROVIDER_MODULE
-fi
-
-if [ -f "$__object/parameter/saml2-mapping-provider-extra-config" ]; then
-	SAML2_MAPPING_PROVIDER_EXTRA_CONFIG=$(cat "$__object/parameter/saml2-mapping-provider-extra-config")
-	export SAML2_MAPPING_PROVIDER_EXTRA_CONFIG
-fi
-
-SSO_TEMPLATE_DIR=$(cat "$__object/parameter/sso-template-dir")
-export SSO_TEMPLATE_DIR
-
-if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then
-	echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2
-	exit 1
-elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then
-	echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2
-	exit 1
-fi
-
-if [ -f "$__object/parameter/default-identity-server" ]; then
-	DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server")
-	export DEFAULT_IDENTITY_SERVER
-fi
-
-ENABLE_3PID_LOOKUPS='false'
-if [ -f "$__object/parameter/enable-3pid-lookups" ]; then
-	ENABLE_3PID_LOOKUPS='true'
-fi
-export ENABLE_3PID_LOOKUPS
-
 # Federation.
 ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
 ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
@@ -269,8 +223,7 @@ fi
 # Message retention.
 ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy')
 MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
-MESSAGE_RETENTION_POLICY_MIN_LIFETIME=$MESSAGE_RETENTION_POLICY_MAX_LIFETIME
-export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME MESSAGE_RETENTION_POLICY_MIN_LIFETIME
+export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
 
 # Previews.
 ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview')
@@ -310,16 +263,6 @@ if [ -f "$__object/parameter/turn-uri" ]; then
 	export TURN_URIS
 fi
 
-if [ -f "$__object/parameter/turn-username" ]; then
-	TURN_USERNAME=$(cat "$__object/parameter/turn-username")
-	export TURN_USERNAME
-fi
-
-if [ -f "$__object/parameter/turn-password" ]; then
-	TURN_PASSWORD=$(cat "$__object/parameter/turn-password")
-	export TURN_PASSWORD
-fi
-
 # Worker-mode configuration.
 export MAIN_LISTENER_PORT=8008
 export ENABLE_MEDIA_REPO='true'
@@ -353,25 +296,38 @@ export ENABLE_REPLICATION ENABLE_REDIS_SUPPORT WORKER_REPLICATION_SECRET \
 case "$DATABASE_ENGINE" in
 	sqlite3)
 		:
-		;;
+	;;
 	psycopg2)
 		when='database engine is psycopg2'
 		is_required_when "$DATABASE_HOST" '--database-host' "$when"
 		is_required_when "$DATABASE_USER" '--database-user' "$when"
-		;;
+	;;
 	*)
 		echo "Invalid database engine: $DATABASE_ENGINE." >&2
 		exit 1
-		;;
+	;;
 esac
 
 
-# Install OS packages.
-require="$package_req" __package "$synapse_pkg"
-synapse_req="__package/$synapse_pkg"
+# Install OS packages. We have a bit of boilerplate to handle the debian
+# backports situation.
+synapse_req=
+if [ -n "$apt_target_release" ]; then
+	require="__apt_backports" __package_apt "$synapse_pkg" \
+		--target-release "$apt_target_release"
+	synapse_req="__package_apt/$synapse_pkg"
+else
+	__package "$synapse_pkg"
+	synapse_req="__package/$synapse_pkg"
+fi
 
 if [ -n "$ENABLE_LDAP_AUTH" ]; then
-	require="$package_req" __package "$ldap_auth_provider_pkg"
+	if [ -n "$apt_target_release" ]; then
+		require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \
+			--target-release "$apt_target_release"
+		else
+			__package "$ldap_auth_provider_pkg"
+	fi
 fi
 
 # Generate and deploy configuration files.
@@ -380,13 +336,13 @@ mkdir -p "$__object/files"
 "$__type/files/log.config.sh" > "$__object/files/log.config"
 
 require="$synapse_req" __file "$synapse_conf_dir/homeserver.yaml" \
-	--owner $synapse_user \
-	--mode 600 \
-	--source "$__object/files/homeserver.yaml"
+  --owner $synapse_user \
+  --mode 600 \
+  --source "$__object/files/homeserver.yaml"
 require="$synapse_req" __file "$LOG_CONFIG_PATH" \
-	--owner $synapse_user \
-	--mode 600 \
-	--source "$__object/files/log.config"
+  --owner $synapse_user \
+  --mode 600 \
+  --source "$__object/files/log.config"
 
 for directory in $DATA_DIR $LOG_DIR; do
 	require="$synapse_req" __directory $directory \
@@ -394,8 +350,8 @@ for directory in $DATA_DIR $LOG_DIR; do
 		--owner $synapse_user
 done
 
-# Make dpkg-reconfigure happy on debian-based systems.
-if [ "$os" = "debian" ] || [ "$os" = "ubuntu" ]; then
+# Make dpkg-reconfigure happy on debian systems.
+if [ "$os" = "debian" ]; then
 	require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
 		--owner $synapse_user \
 		--source - <<- EOF
diff --git a/type/__matrix_synapse/parameter/boolean b/type/__matrix_synapse/parameter/boolean
index 54c383a..7ff48de 100644
--- a/type/__matrix_synapse/parameter/boolean
+++ b/type/__matrix_synapse/parameter/boolean
@@ -17,6 +17,3 @@ user-directory-search-all-users
 enable-message-retention-policy
 worker-mode
 enable-url-preview
-enable-3pid-lookups
-disable-3pid-changes
-disable-displayname-changes
diff --git a/type/__matrix_synapse/parameter/default/sso-template-dir b/type/__matrix_synapse/parameter/default/sso-template-dir
deleted file mode 100644
index b51bcdc..0000000
--- a/type/__matrix_synapse/parameter/default/sso-template-dir
+++ /dev/null
@@ -1 +0,0 @@
-res/template
diff --git a/type/__matrix_synapse/parameter/optional b/type/__matrix_synapse/parameter/optional
index 1786dd1..1378365 100644
--- a/type/__matrix_synapse/parameter/optional
+++ b/type/__matrix_synapse/parameter/optional
@@ -13,8 +13,6 @@ ldap-bind-password
 ldap-filter
 turn-shared-secret
 turn-user-lifetime
-turn-username
-turn-password
 max-upload-size
 smtp-host
 smtp-port
@@ -36,9 +34,3 @@ background-tasks-worker
 tls-cert
 tls-private-key
 registration-shared-secret
-saml2-idp-metadata-url
-saml2-sp-key
-saml2-sp-cert
-default-identity-server
-saml2-mapping-provider-module
-sso-template-dir
diff --git a/type/__matrix_synapse/parameter/optional_multiple b/type/__matrix_synapse/parameter/optional_multiple
index dfd69cb..8871dd6 100644
--- a/type/__matrix_synapse/parameter/optional_multiple
+++ b/type/__matrix_synapse/parameter/optional_multiple
@@ -5,4 +5,3 @@ app-service-config-file
 extra-setting
 bind-address
 outbound-federation-worker
-saml2-mapping-provider-extra-config
diff --git a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service
index 6f89cd8..6352b00 100644
--- a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service
+++ b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service
@@ -15,7 +15,7 @@ NotifyAccess=main
 User=matrix-synapse
 WorkingDirectory=/var/lib/matrix-synapse
 EnvironmentFile=/etc/default/matrix-synapse
-ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
+ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=3
diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest
index 2b5738b..ef02112 100755
--- a/type/__matterbridge/manifest
+++ b/type/__matterbridge/manifest
@@ -20,7 +20,7 @@
 
 os=$(cat "$__global/explorer/os")
 case "$os" in
-   debian|ubuntu)
+   debian)
      # This type assume systemd for service installation.
    ;;
    *)
@@ -31,13 +31,11 @@ case "$os" in
 esac
 
 # Required parameters.
-version=$(cat "$__object/parameter/version")
+VERSION=$(cat "$__object/parameter/version")
 if [ -f "$__object/parameter/config" ]; then
-    config="$(cat "$__object/parameter/config")"
-    if [ "$config" = "-" ]; then
-        mkdir -p "$__object/files"
-        config="$__object/files/matterbridge.toml"
-        cat "$__object/stdin" > "$config"
+    CONFIG="$(cat "$__object/parameter/config")"
+    if [ "$CONFIG" = "-" ]; then
+        CONFIG=$(cat "$__object/stdin")
     fi
 fi
 
@@ -48,11 +46,11 @@ export USER=matterbridge
 export GROUP=$USER
 
 # Internal variables.
-artefact="matterbridge-$version-linux-64bit"
+artefact="matterbridge-$VERSION-linux-64bit"
 checksum_file="checksums.txt"
 release_download_url=https://github.com/42wim/matterbridge/releases/download
-binary_url="$release_download_url/v$version/$artefact"
-checksum_file_url="$release_download_url/v$version/$checksum_file"
+binary_url="$release_download_url/v$VERSION/$artefact"
+checksum_file_url="$release_download_url/v$VERSION/$checksum_file"
 config_dir=$(dirname $CONFIG_PATH)
 systemd_unit_path='/etc/systemd/system/matterbridge.service'
 
@@ -90,7 +88,7 @@ require="__user/$USER" __directory "$config_dir" \
 require="__directory/$config_dir" __file "$CONFIG_PATH" \
   --owner "$USER" \
   --mode 0640 \
-  --source "$config"
+  --source "$CONFIG"
 
 __file "$systemd_unit_path" \
   --source "$__object/files/matterbridge.service"
diff --git a/type/__nginx/man.rst b/type/__nginx/man.rst
index c1827c0..71d47e7 100644
--- a/type/__nginx/man.rst
+++ b/type/__nginx/man.rst
@@ -28,16 +28,6 @@ uacme-hookscript
   Custom hook passed to the __uacme_obtain type: useful to integrate the
   dns-01 challenge with third-party DNS providers.
 
-acme-url
-  ACMEv2 server directory object URL. Lets'Encrypt is used by default.
-
-acme-eab-credentials
-  Specify RFC8555 External Account Binding credentials according to
-  https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new
-  ACME account with an existing account in a non-ACME system such as a CA
-  customer database. KEYID must be an ASCII string. KEY must be
-  base64url-encoded.
-
 EXAMPLES
 --------
 
diff --git a/type/__nginx/manifest b/type/__nginx/manifest
index cdd483a..b552319 100644
--- a/type/__nginx/manifest
+++ b/type/__nginx/manifest
@@ -36,20 +36,6 @@ then
 	set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
 fi
 
-set_custom_acme_url=
-if [ -f "${__object:?}/parameter/acme-url" ];
-then
-	custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
-	set_custom_acme_url="--acme-url $custom_acme_url"
-fi
-
-set_acme_eab_credentials=
-if [ -f "${__object:?}/parameter/acme-eab-credentials" ];
-then
-	acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials")
-	set_acme_eab_credentials="--eab-credentials $acme_eab_credentials"
-fi
-
 # Deploy simple HTTP vhost, allowing to serve ACME challenges.
 __nginx_vhost "301-to-https-$domain" \
 	--domain "$domain" --altdomains "$altdomains" --to-https
@@ -60,18 +46,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
 	cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to")
 fi
 
-# shellcheck disable=SC2086
-__uacme_account \
-	$set_custom_acme_url \
-	$set_acme_eab_credentials \
-
+__uacme_account
 # shellcheck disable=SC2086
 require="__nginx_vhost/301-to-https-$domain __uacme_account" \
 	__uacme_obtain "$domain" \
 		--altdomains "$altdomains" \
 		$set_custom_uacme_hookscript \
-		$set_custom_acme_url \
-		$set_acme_eab_credentials \
 		--owner "$cert_ownership" \
 		--install-key-to "$nginx_certdir/$domain/privkey.pem" \
 		--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
diff --git a/type/__nginx/parameter/optional b/type/__nginx/parameter/optional
index 8d6fae6..1a5fb95 100644
--- a/type/__nginx/parameter/optional
+++ b/type/__nginx/parameter/optional
@@ -2,6 +2,4 @@ config
 domain
 altdomains
 uacme-hookscript
-acme-url
-acme-eab-credentials
 force-cert-ownership-to
diff --git a/type/__nginx_vhost/manifest b/type/__nginx_vhost/manifest
index 8b010f8..f9ad84d 100644
--- a/type/__nginx_vhost/manifest
+++ b/type/__nginx_vhost/manifest
@@ -32,7 +32,7 @@ case "$os" in
 
 		require="$install_reqs" __start_on_boot nginx
 
-		export NGINX_SITEDIR="$nginx_confdir/http.d"
+		export NGINX_SITEDIR="$nginx_confdir/conf.d"
 		export NGINX_CERTDIR="$nginx_confdir/ssl"
 		export NGINX_SNIPPETSDIR="$nginx_confdir/snippets"
 		export NGINX_WEBROOT="/var/www"
@@ -158,7 +158,6 @@ for snippet in hsts 301-to-https; do
 done
 
 # Install vhost.
-require="$install_reqs" __directory "$NGINX_SITEDIR"
-require="__directory/$NGINX_SITEDIR" __file "$NGINX_SITEDIR/$__object_id.conf" \
+require="$install_reqs" __file "$NGINX_SITEDIR/$__object_id.conf" \
 	--source "$vhost_conf" \
 	--mode 0644
diff --git a/type/__opendkim/files/opendkim.conf.sh b/type/__opendkim/files/opendkim.conf.sh
index 468b262..a21eecc 100755
--- a/type/__opendkim/files/opendkim.conf.sh
+++ b/type/__opendkim/files/opendkim.conf.sh
@@ -1,7 +1,6 @@
 #!/bin/sh -e
 # Generate an opendkim.conf(5) file for opendkim(8).
 
-echo "# Managed remotely, manual changes will be lost."
 
 # Optional chdir(2)
 if [ "$BASEDIR" ];
@@ -34,8 +33,8 @@ then
 fi
 
 # Key and Domain tables
-echo "KeyTable ${CFG_DIR}/KeyTable"
-echo "SigningTable ${CFG_DIR}/SigningTable"
+echo 'KeyTable /etc/opendkim/KeyTable'
+echo 'SigningTable /etc/opendkim/SigningTable'
 
 # Required socket to listen on
 printf "Socket %s\n" "${SOCKET:?}"
diff --git a/type/__opendkim/man.rst b/type/__opendkim/man.rst
index 996f16d..205ca65 100644
--- a/type/__opendkim/man.rst
+++ b/type/__opendkim/man.rst
@@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
 Note that this type does not generate or ensure that a key is present: use
 `cdist-type__opendkim-genkey(7)` for that.
 
-Note that this type is currently only implemented for Alpine Linux and FreeBSD.
-Please contribute an implementation if you can.
+Note that this type is currently only implemented for Alpine Linux. Please
+contribute an implementation if you can.
 
 
 REQUIRED PARAMETERS
@@ -41,25 +41,20 @@ subdomains
 umask
   Set the umask for the socket and PID file.
 
+userid
+  Change the user the opendkim program is to run as. By default, Alpine Linux's
+  OpenRC service will set this to `opendkim` on the command-line.
+
 custom-config
   The string following this parameter is appended as-is in the configuration, to
   enable more complex configurations.
 
-
 BOOLEAN PARAMETERS
 ------------------
 syslog
   Log to syslog.
 
 
-DEPRECATED PARAMETERS
----------------------
-userid
-  Change the user the opendkim program is to run as.
-  By default, Alpine Linux's OpenRC service will set this to `opendkim` on the
-  command-line and FreeBSD's rc will set it to `mailnull`.
-
-
 EXAMPLES
 --------
 
@@ -91,12 +86,11 @@ SEE ALSO
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
-Evilham <contact@evilham.com>
 
 
 COPYING
 -------
-Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
+Copyright \(C) 2021 Joachim Desroches. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
diff --git a/type/__opendkim/manifest b/type/__opendkim/manifest
index 28dd808..e3325b4 100755
--- a/type/__opendkim/manifest
+++ b/type/__opendkim/manifest
@@ -20,24 +20,16 @@
 
 os=$(cat "${__global:?}/explorer/os")
 
-CFG_DIR="/etc/opendkim"
-service="opendkim"
 case "$os" in
 'alpine')
 	:
 	;;
-'freebsd')
-	CFG_DIR="/usr/local/etc/mail"
-	service="milter-opendkim"
-	start_service="milteropendkim"
-	;;
 *)
 	printf "__opendkim does not yet support %s.\n" "$os" >&2
 	printf "Please contribute an implementation if you can.\n" >&2
 	exit 1
 	;;
 esac
-export CFG_DIR
 
 __package opendkim
 
@@ -76,7 +68,7 @@ fi
 
 # Generate and deploy configuration file.
 source_file="${__object:?}/files/opendkim.conf"
-target_file="${CFG_DIR}/opendkim.conf"
+target_file="/etc/opendkim/opendkim.conf"
 
 mkdir -p "${__object:?}/files"
 
@@ -91,26 +83,9 @@ fi
 require="__package/opendkim" __file "$target_file" \
 	--source "$source_file" --mode 0644
 
-# Due to the way rc.conf works on *BSD, we find ourselves in the awkward
-# situation, where a service's name can contain a '-' symbol, but the
-# rc.conf setting to enable a service at boot cannot.
-# Unless start_service has been defined before, these two match.
-require="__package/opendkim" __start_on_boot "${start_service:-${service}}"
+require="__package/opendkim" __start_on_boot opendkim
 
-# Ensure Key and Signing tables exist and have proper permissions
-key_table="${CFG_DIR}/KeyTable"
-signing_table="${CFG_DIR}/SigningTable"
-
-require="__package/opendkim" \
-	__file "${key_table}" \
-	--mode 444
-
-require="__package/opendkim" \
-	__file "${signing_table}" \
-	--mode 444
-
-require="__file${target_file} __file${key_table}
-		__file${signing_table} __start_on_boot/${start_service:-${service}}" \
+require="__file${target_file}" \
 	__check_messages opendkim \
 		--pattern "^__file${target_file}" \
-		--execute "service ${service} restart"
+		--execute "service opendkim restart"
diff --git a/type/__opendkim/parameter/deprecated/userid b/type/__opendkim/parameter/deprecated/userid
deleted file mode 100644
index 1815a0a..0000000
--- a/type/__opendkim/parameter/deprecated/userid
+++ /dev/null
@@ -1,2 +0,0 @@
-This can cause inconsistencies with permissions and will stop being supported.
-If you still need this, you can use --custom-config 'UserId $USERID'.
diff --git a/type/__opendkim_genkey/explorer/key-state b/type/__opendkim_genkey/explorer/key-state
deleted file mode 100755
index 75998f9..0000000
--- a/type/__opendkim_genkey/explorer/key-state
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh -e
-DIRECTORY="/var/db/dkim/"
-if [ -f "${__object:?}/parameter/directory" ];
-then
-	# Be forgiving about a lack of trailing slash
-	DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
-fi
-
-
-KEY_ID="$(echo "${__object_id:?)}" | tr '/' '_')"
-DEFAULT_PATH="${DIRECTORY:?}${KEY_ID:?}.private"
-if [ -s "${DEFAULT_PATH}" ]; then
-	# This is the main location for the key
-	FOUND_PATH="${DEFAULT_PATH}"
-else
-	# This is a backwards-compatible location for the key
-	# Keys generated post March 2022 should not land here
-	if [ -f "${__object:?}/parameter/selector" ]; then
-		SELECTOR="$(cat "${__object:?}/parameter/selector")"
-		if [ -s "${DIRECTORY}${SELECTOR:?}.private" ]; then
-			FOUND_PATH="${DIRECTORY}${SELECTOR:?}.private"
-		fi
-	fi
-fi
-
-if [ -n "${FOUND_PATH}" ]; then
-	printf "present\t%s" "${FOUND_PATH}"
-else
-	# We didn't find the key
-	# We pass the default path here, to easen logic in the rest of the type
-	printf "absent\t%s" "${DEFAULT_PATH}"
-fi
diff --git a/type/__opendkim_genkey/gencode-remote b/type/__opendkim_genkey/gencode-remote
index d2bea50..65ce934 100755
--- a/type/__opendkim_genkey/gencode-remote
+++ b/type/__opendkim_genkey/gencode-remote
@@ -19,8 +19,8 @@
 #
 
 # Required parameters
-DOMAIN="$(cat "${__object:?}/domain")"
-SELECTOR="$(cat "${__object:?}/selector")"
+DOMAIN="$(cat "${__object:?}/parameter/domain")"
+SELECTOR="$(cat "${__object:?}/parameter/selector")"
 
 # Optional parameters
 BITS=
@@ -28,6 +28,11 @@ if [ -f "${__object:?}/parameter/bits" ]; then
 	BITS="-b $(cat "${__object:?}/parameter/bits")"
 fi
 
+DIRECTORY="/var/db/dkim/"
+if [ -f "${__object:?}/parameter/directory" ]; then
+	DIRECTORY="$(cat "${__object:?}/parameter/directory")"
+fi
+
 # Boolean parameters
 SUBDOMAINS=
 if [ -f "${__object:?}/parameter/no-subdomains" ]; then
@@ -39,27 +44,7 @@ if [ -f "${__object:?}/parameters/unrestricted" ]; then
 	RESTRICTED=
 fi
 
-user="$(cat "${__object:?}/user")"
-group="$(cat "${__object:?}/group")"
-
-KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
-KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
-
-if [ "${KEY_STATE:?}" = "absent" ]; then
-	# opendkim-genkey(8) does not allow specifying the file name.
-	# To err on the safe side (and avoid potentially killing other keys)
-	# we operate on a temporary directory first, then move the resulting key
-	cat <<-EOF
-	tmp_dir="\$(mktemp -d cdist-dkim.XXXXXXXXXXX)"
-	opendkim-genkey $BITS --domain=${DOMAIN:?} --directory=\${tmp_dir:?} $RESTRICTED --selector=${SELECTOR:?} $SUBDOMAINS
-	# Relocate and ensure permissions
-	mv "\${tmp_dir:?}/${SELECTOR:?}.private" '${KEY_LOCATION:?}'
-	chown ${user}:${group} '${KEY_LOCATION}'
-	chmod 0600 '${KEY_LOCATION}'
-	# This is usually generated, if it weren't we do not want to fail
-	mv "\${tmp_dir:?}/${SELECTOR:?}.txt" '${KEY_LOCATION%.private}.txt' || true
-	chown ${user}:${group} '${KEY_LOCATION%.private}.txt' || true
-	# Cleanup after ourselves
-	rmdir "\${tmp_dir:?}" || true
-	EOF
+if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
+	echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
+	echo "chown opendkim:opendkim ${DIRECTORY}${SELECTOR}.private"
 fi
diff --git a/type/__opendkim_genkey/man.rst b/type/__opendkim_genkey/man.rst
index 0d52ca3..46e6505 100644
--- a/type/__opendkim_genkey/man.rst
+++ b/type/__opendkim_genkey/man.rst
@@ -10,27 +10,23 @@ DESCRIPTION
 -----------
 
 This type uses the `opendkim-genkey(8)` to generate signing keys suitable for
-usage by `opendkim(8)` to sign outgoing emails.
+usage by `opendkim(8)` to sign outgoing emails. Then, a line with the domain,
+selector and keyname in the `$selector._domainkey.$domain` format will be added
+to the OpenDKIM key table located at `/etc/opendkim/KeyTable`. Finally, a line
+will be added to the OpenDKIM signing table, using either the domain or the
+provided key for the `domain:selector:keyfile` value in the table. An existing
+key will not be overwritten.
 
-It also manages the key, identified by its `$__object_id` in OpenDKIM's
-KeyTable and sets its `s=` and `d=` parameters (see: `--selector` and
-`--sigdomain` respectively).
+Currently, this type is only implemented for Alpine Linux. Please contribute an
+implementation if you can.
 
-This type will also manage the entries in the OpenDKIM's SigningTable by
-associating any given `sigkey` values to this key.
+REQUIRED PARAMETERS
+-------------------
+domain
+  The domain to generate the key for.
 
-Take into account that if you use this type without the `--domain` and
-`--selector` parameters, the `$__object_id` must be in form `$domain/$selector`.
-
-Currently, this type is only implemented for Alpine Linux and FreeBSD.
-Please contribute an implementation if you can.
-
-NOTE: the name of the key file under `--directory` will default to
-`$__object_id.private`, but if that fails and `--selector` is used,
-`SELECTOR.private` will be considered.
-Take care when using unrelated keys that might collide this way.
-For more information see:
-https://code.ungleich.ch/ungleich-public/cdist-contrib/issues/20
+selector
+  The DKIM selector to generate the key for.
 
 
 OPTIONAL PARAMETERS
@@ -42,36 +38,10 @@ bits
 directory
   The directory in which to generate the key, `/var/db/dkim/` by default.
 
-domain
-  The domain to generate the key for.
-  If omitted, `--selector` must be omitted as well and `$__object_id` must be
-  in form: `$domain/$selector`.
-
-selector
-  The DKIM selector to generate the key for.
-  If omitted, `--domain` must be omitted as well and `$__object_id` must be
-  in form: `$domain/$selector`.
-
-sigdomain
-  Specified in the KeyTable, the domain to use in the signature's "d=" value.
-  Defaults to the specified domain. If `%`, it will be replaced by the apparent
-  domain of the sender when generating a signature.
-  Note you probably don't want to set both `--sigdomain` and `--sigkey` to `%`.
-  See `KeyTable` in `opendkim.conf(5)` for more information.
-
-
-OPTIONAL MULTIPLE PARAMETERS
-----------------------------
 sigkey
-  The key used in the `SigningTable` for this signing key. Defaults to the
+  The key used in the SigningTable for this signing key. Defaults to the
   specified domain. If `%`, OpenDKIM will replace it with the domain found
   in the `From:` header. See `opendkim.conf(5)` for more options.
-  Note you probably don't want to set both `--sigdomain` and `--sigkey` to `%`.
-  This can be passed multiple times, resulting in multiple lines in the
-  SigningTable, which can be used to support signing of subdomains or multiple
-  domains with the same key; in that case, you probably want to set
-  `--sigdomain` to `%`, else the domains will not be aligned.
-
 
 BOOLEAN PARAMETERS
 ------------------
@@ -87,7 +57,6 @@ EXAMPLES
 
 .. code-block:: sh
 
-    # Setup the OpenDKIM service
     __opendkim \
         --socket inet:8891@localhost \
         --basedir /var/lib/opendkim \
@@ -96,24 +65,14 @@ EXAMPLES
         --umask 002 \
         --syslog
 
-    # Continue only after the service has been set up
-    export require="__opendkim"
+    require='__opendkim' \
+        __opendkim_genkey default \
+                --domain example.com \
+                --selector default
 
-    # Generate a key for 'example.com' with selector 'default'
-    __opendkim_genkey default \
-        --domain example.com \
-        --selector default
-
-    # Generate a key for 'foo.com' with selector 'backup'
-    __opendkim_genkey 'foo.com/backup'
-
-    # Generate a key for 'example.org' with selector 'main'
-    # that can also sign 'cdi.st' and subdomains of 'example.org'
-    __opendkim_genkey 'example.org/main' \
-        --sigdomain '%' \
-        --sigkey 'example.org' \
-        --sigkey '.example.org' \
-        --sigkey 'cdi.st'
+        __opendkim_genkey myfoo \
+                --domain foo.com \
+                --selector backup
 
 
 SEE ALSO
@@ -126,12 +85,11 @@ SEE ALSO
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
-Evilham <contact@evilham.com>
 
 
 COPYING
 -------
-Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
+Copyright \(C) 2021 Joachim Desroches. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
diff --git a/type/__opendkim_genkey/manifest b/type/__opendkim_genkey/manifest
index 58e9b06..7c506e9 100755
--- a/type/__opendkim_genkey/manifest
+++ b/type/__opendkim_genkey/manifest
@@ -21,68 +21,25 @@
 
 os=$(cat "${__global:?}/explorer/os")
 
-CFG_DIR="/etc/opendkim"
-user="opendkim"
-group="opendkim"
 case "$os" in
 'alpine')
 	:
 ;;
-'freebsd')
-	CFG_DIR="/usr/local/etc/mail"
-	user="mailnull"
-	group="mailnull"
-;;
 *)
 	cat <<- EOF >&2
-	__opendkim_genkey currently only supports Alpine Linux and FreeBSD.
-	Please contribute an implementation for $os if you can.
+	__opendkim_genkey currently only supports Alpine Linux. Please
+	contribute an implementation for $os if you can.
 	EOF
-	exit 1
 ;;
 esac
 
-# Logic to simplify the type as documented in
-# https://code.ungleich.ch/ungleich-public/cdist-contrib/issues/20#issuecomment-14711
-DOMAIN="$(cat "${__object:?}/parameter/domain" 2>/dev/null || true)"
-SELECTOR="$(cat "${__object:?}/parameter/selector" 2>/dev/null || true)"
-if [ -z "${DOMAIN}${SELECTOR}" ]; then
-	# Neither SELECTOR nor DOMAIN were passed, try to use __object_id
-	if echo "${__object_id:?}" | \
-			grep -qE '^[^/[:space:]]+/[^/[:space:]]+$'; then
-		# __object_id matches, let's get the data
-		DOMAIN="$(echo "${__object_id:?}" | cut -d '/' -f 1)"
-		SELECTOR="$(echo "${__object_id:?}" | cut -d '/' -f 2)"
-	else
-		# It doesn't match the pattern, this is sad
-		cat <<- EOF >&2
-		The arguments --domain and --selector were not used.
-		So __object_id must match DOMAIN/SELECTOR.
-		But instead the type got: ${__object_id:?}
-		EOF
-		exit 1
-	fi
-elif [ -z "${DOMAIN}" ] || [ -z "${SELECTOR}" ]; then
-	# Only one was passed, this is sad :-(
-	cat <<- EOF >&2
-	You must pass either both --selector and --domain or none of them.
-	If these arguments are absent, __object_id must match: DOMAIN/SELECTOR.
-	EOF
-	exit 1
-# else: both were passed
-fi
-
-# Persist data for gencode-remote
-printf '%s' "${user:?}" > "${__object:?}/user"
-printf '%s' "${group:?}" > "${__object:?}/group"
-printf '%s' "${DOMAIN:?}" > "${__object:?}/domain"
-printf '%s' "${SELECTOR:?}" > "${__object:?}/selector"
+SELECTOR="$(cat "${__object:?}/parameter/selector")"
+DOMAIN="$(cat "${__object:?}/parameter/domain")"
 
 DIRECTORY="/var/db/dkim/"
 if [ -f "${__object:?}/parameter/directory" ];
 then
-	# Be forgiving about a lack of trailing slash
-	DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
+	DIRECTORY="$(cat "${__object:?}/parameter/directory")"
 fi
 
 SIGKEY="${DOMAIN:?}"
@@ -90,50 +47,20 @@ if [ -f "${__object:?}/parameter/sigkey" ];
 then
 	SIGKEY="$(cat "${__object:?}/parameter/sigkey")"
 fi
-SIGDOMAIN="${DOMAIN:?}"
-if [ -f "${__object:?}/parameter/sigdomain" ];
-then
-	SIGDOMAIN="$(cat "${__object:?}/parameter/sigdomain")"
-fi
 
-# Ensure the key-container directory exists with the proper permissions
-__directory "${DIRECTORY}" \
-	--mode 0750 \
-	--owner "${user}" --group "${group}"
+__package opendkim-utils
 
-# OS-specific code
-case "$os" in
-'alpine')
-	# This is needed for opendkim-genkey
-	__package opendkim-utils
-;;
-esac
+require='__package/opendkim-utils' \
+	__file /etc/opendkim/KeyTable
+require='__package/opendkim-utils' \
+	__file /etc/opendkim/SigningTable
 
-key_table="${CFG_DIR}/KeyTable"
-signing_table="${CFG_DIR}/SigningTable"
+require='__file/etc/opendkim/KeyTable' \
+	__line "line-key-${__object_id:?}" \
+		--file /etc/opendkim/KeyTable \
+		--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
 
-KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
-KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
-
-__line "__opendkim_genkey/${__object_id:?}" \
-	--file "${key_table}" \
-	--line "${__object_id:?} ${SIGDOMAIN:?}:${SELECTOR:?}:${KEY_LOCATION:?}" \
-	--regex "^${__object_id:?}[[:space:]]" \
-	--state 'replace'
-
-sigtable_block() {
-	for sigkey in ${SIGKEY:?}; do
-		echo "${sigkey:?} ${__object_id:?}"
-	done
-}
-__block "__opendkim_genkey/${__object_id:?}" \
-	--file "${signing_table}" \
-	--text "$(sigtable_block)"
-
-if [ "${KEY_STATE:?}" = "present" ]; then
-	# Ensure proper permissions for the key file
-	__file "${KEY_LOCATION}" \
-		--owner "${user}" \
-		--group "${group}" \
-		--mode 0600
-fi
+require='__file/etc/opendkim/SigningTable' \
+	__line "line-sig-${__object_id:?}" \
+		--file /etc/opendkim/SigningTable \
+		--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"
diff --git a/type/__opendkim_genkey/parameter/optional b/type/__opendkim_genkey/parameter/optional
index 9d9b6d1..e44793f 100644
--- a/type/__opendkim_genkey/parameter/optional
+++ b/type/__opendkim_genkey/parameter/optional
@@ -1,6 +1,4 @@
 bits
 directory
-domain
 unrestricted
-selector
-sigdomain
+sigkey
diff --git a/type/__opendkim_genkey/parameter/optional_multiple b/type/__opendkim_genkey/parameter/optional_multiple
deleted file mode 100644
index 35978a9..0000000
--- a/type/__opendkim_genkey/parameter/optional_multiple
+++ /dev/null
@@ -1 +0,0 @@
-sigkey
diff --git a/type/__opendkim_genkey/parameter/required b/type/__opendkim_genkey/parameter/required
new file mode 100644
index 0000000..4dacb77
--- /dev/null
+++ b/type/__opendkim_genkey/parameter/required
@@ -0,0 +1,2 @@
+domain
+selector
diff --git a/type/__php_fpm/files/php.ini.sh b/type/__php_fpm/files/php.ini.sh
deleted file mode 100755
index ec7e446..0000000
--- a/type/__php_fpm/files/php.ini.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-
-cat <<EOF
-; This file is managed by cdist, and has been shortened for readability.
-; The fine manual is at http://php.net/configuration.file.
-
-[PHP]
-
-; Production recommended defaults
-display_errors = Off
-display_startup_errors = Off
-enable_dl = Off
-error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
-log_errors = On
-output_buffering = 4096
-register_argc_argv = Off
-request_order = "GP"
-short_open_tag = Off
-variables_order = "GPCS"
-zend.assertions = -1
-
-; Local custom variations
-include_path = ".:${PHP_INCLUDEDIR}"
-memory_limit = ${MEMORY_LIMIT:?}
-post_max_size = ${UPLOAD_MAX_FILESIZE:?}
-upload_max_filesize = ${UPLOAD_MAX_FILESIZE:?}
-
-EOF
-
-if [ -f "${__object:?}/parameter/enable-opcache" ]; then
-	cat <<-EOF
-		; opcache enabled by type flag
-		opcache.enable=1
-		opcache.enable_cli=1
-	EOF
-fi
-
-if [ -f "${__object:?}/parameter/enable-apcu" ]; then
-	cat <<-EOF
-		; acpu enabled by type flag
-		apc.enabled=1
-		apc.enable_cli=1
-		apc.shm_size=512M
-	EOF
-fi
diff --git a/type/__php_fpm/man.rst b/type/__php_fpm/man.rst
deleted file mode 100644
index 4306687..0000000
--- a/type/__php_fpm/man.rst
+++ /dev/null
@@ -1,74 +0,0 @@
-cdist-type__php_fpm(7)
-======================
-
-NAME
-----
-cdist-type__php_fpm - Setup and configure PHP-FPM
-
-
-DESCRIPTION
------------
-This type installs and configures PHP-FPM for a given version of PHP. It is
-expected to be used in combination with cdist-type__php_fpm_pool, which
-configures specific pools.
-
-This type supports Debian, Ubuntu and Alpine Linux.
-
-REQUIRED PARAMETERS
--------------------
-php-version
-        The PHP version for which the type is working. Will impact installed
-        packages, configuration files, &c
-
-
-OPTIONAL PARAMETERS
--------------------
-memory-limit
-        The system-wide memory limit for PHP-FPM. Can be overriden per-pool.
-        Default is 512M.
-
-upload-max-filesize
-        The maximum filesize accepted by PHP-FPM for file uploads. Default is
-        2M.
-
-BOOLEAN PARAMETERS
-------------------
-enable-opcache
-        Enable PHP opcache.
-
-enable-apcu
-        Enable PHP APCu.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # Dead simple setup
-    __php_fpm --php-version 8.1
-
-    # Custom setup
-    __php_fpm \
-        --php-version 8.1 \
-        --memory-limit 768M \
-        --upload-max-filesize 200M \
-        --enable-opcache \
-        --enable-apcu
-
-SEE ALSO
---------
-cdist-type__php_fpm_pool(7)
-
-
-AUTHORS
--------
-Joachim Desroches <joachim.desroches@epfl.ch>
-
-
-COPYING
--------
-Copyright \(C) 2022 Joachim Desroches. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/type/__php_fpm/manifest b/type/__php_fpm/manifest
deleted file mode 100644
index 9c32716..0000000
--- a/type/__php_fpm/manifest
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-
-os=$(cat "${__global:?}/explorer/os")
-
-PHPVER=$(cat "${__object:?}/parameter/php-version")
-export PHPVER
-
-case "$os" in
-	'alpine')
-		# Alpine packages looks like php81-fpm - we make sure to remove dots from user
-		# input.
-		PHPVER=$(echo "$PHPVER" | tr -d '.')
-
-		package="php${PHPVER}-fpm"
-		opcache_package="php${PHPVER}-opcache"
-		apcu_package="php${PHPVER}-pecl-apcu"
-
-		service="php-fpm${PHPVER}"
-		php_confdir="/etc/php${PHPVER}"
-		php_ini="${php_confdir:?}/php.ini"
-
-		PHP_INCLUDEDIR="/usr/share/php${PHPVER:?}"
-		export PHP_INCLUDEDIR
-	;;
-	'debian'|'ubuntu')
-		package="php${PHPVER}-fpm"
-		opcache_package="php${PHPVER}-opcache"
-		apcu_package="php${PHPVER}-apcu"
-
-		service="php${PHPVER}-fpm"
-		php_confdir="/etc/php/${PHPVER}"
-		php_ini="${php_confdir:?}/fpm/php.ini"
-
-		PHP_INCLUDEDIR="/usr/share/php/${PHPVER:?}"
-		export PHP_INCLUDEDIR
-	;;
-	*)
-		printf "Your operating system is currently not supported by this type\n" >&2
-		printf "Please contribute an implementation for it if you can.\n" >&2
-		exit 1
-		;;
-esac
-
-__package "$package"
-require="__package/$package" __start_on_boot "$service"
-
-if [ -f "${__object:?}/parameter/enable-opcache" ]; then
-	__package "$opcache_package"
-fi
-
-if [ -f "${__object:?}/parameter/enable-apcu" ]; then
-	__package "$apcu_package"
-fi
-
-MEMORY_LIMIT=$(cat "${__object:?}/parameter/memory-limit")
-export MEMORY_LIMIT
-
-UPLOAD_MAX_FILESIZE=$(cat "${__object:?}/parameter/upload-max-filesize")
-export UPLOAD_MAX_FILESIZE
-
-mkdir -p "${__object:?}/files"
-"${__type:?}/files/php.ini.sh" >"${__object:?}/files/php.ini"
-
-require="__package/$package" __file "${php_ini:?}" \
-	--mode 644 --source "${__object:?}/files/php.ini" \
-	--onchange "service $service restart"
-
-require="__file/${php_ini:?}" __service "$service" --action start
diff --git a/type/__php_fpm/parameter/boolean b/type/__php_fpm/parameter/boolean
deleted file mode 100644
index 9964486..0000000
--- a/type/__php_fpm/parameter/boolean
+++ /dev/null
@@ -1,2 +0,0 @@
-enable-opcache
-enable-apcu
diff --git a/type/__php_fpm/parameter/default/memory-limit b/type/__php_fpm/parameter/default/memory-limit
deleted file mode 100644
index d95fe12..0000000
--- a/type/__php_fpm/parameter/default/memory-limit
+++ /dev/null
@@ -1 +0,0 @@
-512M
diff --git a/type/__php_fpm/parameter/default/upload-max-filesize b/type/__php_fpm/parameter/default/upload-max-filesize
deleted file mode 100644
index 5fbcf1c..0000000
--- a/type/__php_fpm/parameter/default/upload-max-filesize
+++ /dev/null
@@ -1 +0,0 @@
-2M
diff --git a/type/__php_fpm/parameter/optional b/type/__php_fpm/parameter/optional
deleted file mode 100644
index a41a87c..0000000
--- a/type/__php_fpm/parameter/optional
+++ /dev/null
@@ -1,2 +0,0 @@
-upload-max-filesize
-memory-limit
diff --git a/type/__php_fpm/parameter/required b/type/__php_fpm/parameter/required
deleted file mode 100644
index 173609d..0000000
--- a/type/__php_fpm/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-php-version
diff --git a/type/__php_fpm_pool/files/www.conf.sh b/type/__php_fpm_pool/files/www.conf.sh
deleted file mode 100755
index aa8fa7c..0000000
--- a/type/__php_fpm_pool/files/www.conf.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-cat <<EOF
-; PHP-FPM configuration file for $POOL_NAME, PHP version $PHPVER.
-; This file is managed by cdist, do not edit by hand!
-[$POOL_NAME]
-
-; Local non-default configuration
-user = $POOL_USER
-group = $POOL_GROUP
-listen = $POOL_LISTEN_ADDR
-listen.owner = $POOL_LISTEN_OWNER
-
-; Mandatory configuration options with default production values
-pm = dynamic
-pm.max_children = 10
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
-
-env[HOSTNAME] = \$HOSTNAME
-env[PATH] = /usr/local/bin:/usr/bin:/bin
-env[TMP] = /tmp
-env[TMPDIR] = /tmp
-env[TEMP] = /tmp
-
-EOF
-
-if [ -f "${__object:?}/parameter/memory-limit" ]; then
-	echo "php_admin_value[memory_limit] = $(cat "$__object/parameter/memory-limit")"
-fi
-
-if [ -f "${__object:?}/parameter/open-basedir" ]; then
-	echo "php_admin_value[open_basedir] = $(cat "${__object:?}/parameter/open-basedir")"
-fi
diff --git a/type/__php_fpm_pool/man.rst b/type/__php_fpm_pool/man.rst
deleted file mode 100644
index da6dd3a..0000000
--- a/type/__php_fpm_pool/man.rst
+++ /dev/null
@@ -1,79 +0,0 @@
-cdist-type__php_fpm_pool(7)
-===========================
-
-NAME
-----
-cdist-type__php_fpm_pool - Setup and configure a PHP-FPM pool
-
-
-DESCRIPTION
------------
-
-This type configures a pool named after the `__object_id` for a specified PHP
-version. Note that this types expects a same-version cdist-type__php_fpm type
-to have been run first: the user is responsible for doing so.
-
-This type supports Debian, Ubuntu and Alpine Linux.
-
-
-REQUIRED PARAMETERS
--------------------
-php-version
-        The PHP version for which the type is working. Will impact installed
-        packages, configuration files, &c
-
-pool-user
-        The local user under which the pool processes should run.
-
-pool-group
-        The local group under which the pool processes should run.
-
-pool-listen-addr
-        The socket or address to which the pool should bind for listening.
-
-pool-listen-owner
-        The owner of the socket if a socket is used.
-
-OPTIONAL PARAMETERS
--------------------
-memory-limit
-        The pool memory limit for PHP-FPM. Will default to the setting in the
-        system-wide php.ini file.
-
-openbasedir
-        Limit the files that can be accessed by PHP to the specified
-        directory-tree, including the file itself.
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # Setup PHP-FPM
-    __php_fpm --php-version 8
-
-    # Setup the pool
-    __php_fpm_pool www \
-        --php-version 8 \
-        --pool-user nextcloud \
-        --pool-group www-data \
-        --pool-listen-addr "/run/php8/php-fpm.sock" \
-        --pool-listen-owner nginx \
-        --memory-limit 1G
-
-SEE ALSO
---------
-cdist-type__php_fpm(7)
-
-
-AUTHORS
--------
-Joachim Desroches <joachim.desroches@epfl.ch>
-
-
-COPYING
--------
-Copyright \(C) 2022 Joachim Desroches. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/type/__php_fpm_pool/manifest b/type/__php_fpm_pool/manifest
deleted file mode 100644
index 3c8491a..0000000
--- a/type/__php_fpm_pool/manifest
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-os=$(cat "${__global:?}/explorer/os")
-name=${__object_id:?}
-
-PHPVER=$(cat "${__object:?}/parameter/php-version")
-export PHPVER
-
-case "$os" in
-	'alpine')
-		PHPVER=$(echo "$PHP_VERSION" | tr -d '.')
-		service="php-fpm${PHPVER}"
-		php_confdir="/etc/php${PHPVER}"
-		php_pooldir="${php_confdir:?}/php-fpm.d"
-	;;
-	'debian'|'ubuntu')
-		service="php${PHPVER}-fpm"
-		php_confdir="/etc/php/${PHPVER}"
-		php_pooldir="${php_confdir:?}/fpm/pool.d"
-	;;
-	*)
-		printf "Your operating system is currently not supported by this type\n" >&2
-		printf "Please contribute an implementation for it if you can.\n" >&2
-		exit 1
-		;;
-esac
-
-POOL_NAME="$name"
-POOL_USER=$(cat "${__object:?}/parameter/pool-user")
-POOL_GROUP=$(cat "${__object:?}/parameter/pool-group")
-POOL_LISTEN_ADDR=$(cat "${__object:?}/parameter/pool-listen-addr")
-POOL_LISTEN_OWNER=$(cat "${__object:?}/parameter/pool-listen-owner")
-export POOL_USER POOL_GROUP POOL_LISTEN_ADDR POOL_LISTEN_OWNER POOL_NAME
-
-mkdir -p "${__object:?}/files"
-"${__type:?}/files/www.conf.sh" >"${__object:?}/files/www.conf"
-
-__file "${php_pooldir:?}/${name}.conf" \
-	--mode 644 --source "${__object:?}/files/www.conf" \
-	--onchange "service $service reload"
diff --git a/type/__php_fpm_pool/parameter/optional b/type/__php_fpm_pool/parameter/optional
deleted file mode 100644
index 7adc0a3..0000000
--- a/type/__php_fpm_pool/parameter/optional
+++ /dev/null
@@ -1,2 +0,0 @@
-memory-limit
-open-basedir
diff --git a/type/__php_fpm_pool/parameter/required b/type/__php_fpm_pool/parameter/required
deleted file mode 100644
index d247290..0000000
--- a/type/__php_fpm_pool/parameter/required
+++ /dev/null
@@ -1,5 +0,0 @@
-php-version
-pool-user
-pool-group
-pool-listen-addr
-pool-listen-owner
diff --git a/type/__runit/manifest b/type/__runit/manifest
index 6e5feca..6ba174c 100755
--- a/type/__runit/manifest
+++ b/type/__runit/manifest
@@ -6,14 +6,7 @@ os="$(cat "${__global}/explorer/os")"
 case "${os}" in
 	debian|devuan)
 		# zero-config sysvinit and systemd compatibility
-		os_version="$(cat "${__global}/explorer/os_version")"
-		debian_package="runit-run"
-		case "${os_version}" in
-			beowulf)
-				debian_package="runit"
-			;;
-		esac
-		__package "${debian_package}"
+		__package runit-run
 	;;
 	freebsd)
 		__key_value \
diff --git a/type/__runit_service/manifest b/type/__runit_service/manifest
index 548a1de..83114fd 100755
--- a/type/__runit_service/manifest
+++ b/type/__runit_service/manifest
@@ -33,25 +33,18 @@ if [ "${state}" != "present" ]; then
 	exit
 fi
 
-# Setup run file
-__file --state "${state}" --mode 0550 --source "${source}" \
-	--onchange "sv restart '${sv}' || true" \
-	"${run_file}"
-export require="${require} __file${run_file}"
-
 if [ -f "${__object}/parameter/log" ]; then
 	# Setup logger if requested
-	logdir="/var/log/runit"
-	__directory --parents "${svdir}/${sv}/log"
-	__directory --state absent "${svdir}/${sv}/log/main"  # Remove lingering old fashioned log
-	__directory --parents "${logdir}/${sv}"
-	export require="${require} __directory${svdir}/${sv}/log __directory${logdir}/${sv}"
+	__directory --parents "${svdir}/${sv}/log/main"
+	export require="${require} __directory${svdir}/${sv}/log/main"
 	__file "${svdir}/${sv}/log/run" \
 		--state "${state}" \
 		--mode 0755 \
-		--onchange "sv restart '${sv}/log' || true" \
 		--source "-" <<EOF
 #!/bin/sh
-exec svlogd -tt '${logdir}/${sv}'
+exec svlogd -tt ./main
 EOF
 fi
+
+# Setup run file
+__file --state "${state}" --mode 0755 --source "${source}" "${run_file}"
diff --git a/type/__single_binary_service/explorer/explorer-version b/type/__single_binary_service/explorer/explorer-version
deleted file mode 100755
index 690cc5f..0000000
--- a/type/__single_binary_service/explorer/explorer-version
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh -e
-
-BIN_PREFIX="/usr/local/bin"
-SERVICE_NAME="${__object_id}"
-
-VERSION_FILE="${BIN_PREFIX}/.${SERVICE_NAME}.cdist.version"
-
-if [ -f "${VERSION_FILE}" ]; then
-	cat "${VERSION_FILE}"
-fi
diff --git a/type/__single_binary_service/man.rst b/type/__single_binary_service/man.rst
deleted file mode 100644
index 1f94cd9..0000000
--- a/type/__single_binary_service/man.rst
+++ /dev/null
@@ -1,207 +0,0 @@
-cdist-type__single_binary_service(7)
-====================================
-
-NAME
-----
-cdist-type__single_binary_service - Setup a single-binary service
-
-
-DESCRIPTION
------------
-This type is designed to easily deploy and configure a single-binary service
-named `${__object_id}`.
-
-A good example of this are Prometheus exporters.
-
-This type makes certain assumptions that might not be correct on your system.
-If you need more flexibility, please get in touch and provide a use-case
-(and hopefully a backwards-compatible patch).
-
-This type will place the downloaded binary and, if requested, other extra
-binaries in `/usr/local/bin`.
-
-If a `--config-file-source` is provided, it will be placed under:
-`/etc/${__object_id}.conf`.
-
-This type supports services managed by `__runit(7)` when `systemd` is not
-the init system being used.
-
-
-BOOLEAN PARAMETERS
-------------------
-unpack
-    If present, the contents of `--url` will be treated as an archive to be
-    unpacked with `__unpack(7)`.
-    See also `--unpack-args` and `--extra-binary`.
-
-do-not-manage-user
-    Always considered present when `--user` is `root`.
-    If present, the user in `--user` will not be managed by this type with
-    `__user`, this means it *must* exist beforehand when installing the service
-    and it will not be removed by this type.
-
-
-OPTIONAL PARAMETERS
--------------------
-version
-    Required when installing a service.
-    This type will use a thumbstone file with a "version" number to track
-    whether or not a service must be updated.
-    This thumbstone file is placed under
-    `/usr/local/bin/.${__object_id}.cdist.version`.
-
-checksum
-    This will be passed verbatim to `__download(7)`.
-    Use something like `sha256:...`.
-    Required if using `--url`.
-
-config-file-destination
-    The remote path in which to locate the service's configuration.
-    Defaults to `ETC_DIR/${__object_id}.conf`.
-
-config-file-source
-    If present, this file's contents will be placed under
-    `/etc/${__object_id}.conf` with permissions `0440` and ownership assigned to
-    `--user` and `--group`.
-    If `-` is passed, this type's `stdin` will be used.
-
-local-source
-    A file on the cdist controller that will be used instead of downloading
-    the binary.
-
-url
-    This will be passed verbatim to `__download(7)`.
-    When used, you must specify `--checksum` as well.
-
-user
-    The user under which the service will run. Defaults to `root`.
-    If this user is not `root` and `--do-not-manage-user` is not present,
-    this user will be created or removed as per the `--state` parameter.
-
-user-home-dir
-    Does not have an effect if `--do-not-manage-user` is used or `--user` is
-    `root`.
-    The home directory of the service user. It will be created.
-    Defaults to `/nonexistent`, in this case the home directory will not be
-    created.
-
-group
-    The group under which the service will run. Defaults to `--user`.
-
-state
-    Whether the service is to be `present` (default) or `absent`.
-    When `absent`, this type will clean any binaries listed in `--extra-binary`
-    and also the config file as described in `--config-file-source`.
-
-binary
-    This will be the binary name. Defaults to `${__object_id}`.
-    If `--unpack` is used, a binary with this name must be unpacked.
-    Otherwise, the contents of `--url` will be placed under this binary name.
-
-env
-    An `env` file consiting of `ENVIRONMENT_VARIABLE=VALUE`, one variable per
-    line.
-    Empty lines and those starting with `#` are ignored.
-
-service-args
-    Any extra arguments to pass along with `--service-exec`. Beware that any
-    service-args having the format `--config=/etc/foo.cfg` should be
-    represented in the following way `--service-exec='--config=/etc/foo.cfg'`
-
-service-exec
-    The executable to use for this service.
-    Defaults to `/usr/local/bin/BINARY_NAME` where `BINARY_NAME` is the
-    resulting value of `--binary`.
-
-service-definition
-    The service definition to be used as an override.
-    Note that this type decides dinammically between runit and systemd, and
-    you can currently only define either a systemd unit or a runit script here.
-    Use this parameter only for testing and get in touch to discuss how your
-    particular use-case can be supported by the type.
-
-service-description
-    The service description to be used in, e.g. the systemd unit file.
-    Defaults to `cdist-managed '${__object_id}' service`.
-
-unpack-args
-    Only has an effect if `--unpack` is used.
-    These arguments will be passed verbatim to `__unpack(7)`.
-    Very useful as this type assumes the archive does not have the binaries in
-    subdirectories; that can be worked around with
-    `--unpack-args '--tar-strip 1'`.
-
-unpack-extension
-    Only has an effect if `--unpack` is used.
-    The file extension of the file to unpack, defaults to `.tar.gz`.
-
-working-directory
-    If set, the working directory with which the service will be started.
-
-working-directory-permissions
-    The permissions that will be set for the working directory.
-    Defaults to `0750`.
-
-
-OPTIONAL MULTIPLE PARAMETERS
-----------------------------
-extra-binary
-    Only useful with `--unpack`.
-    If passed, these binaries will also be installed when `--state` is `present`
-    and removed when `--state` is `absent`.
-    Handle with care :-).
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-	# Install and enable the ipmi_exporter service
-	#   The variables are defined in the manifest previously
-	__single_binary_service ipmi_exporter \
-		--user "${USER}" \
-		--service-args ' --config.file=/etc/ipmi_exporter.conf' \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "present" \
-		--unpack \
-		--unpack-args "--tar-strip 1" \
-		--config-file-source '-' <<-EOF
-	# Remotely managed, changes will be lost
-	# [...] config contents goes here
-	EOF
-
-	# Remove the ipmi_exporter service along with the user and its config
-	__single_binary_service ipmi_exporter \
-		--user "${USER}" \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "absent"
-
-	# Same, but the service was using my user! Let's not delete that!
-	__single_binary_service ipmi_exporter \
-		--user "evilham" \
-		--do-not-manage-user \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "absent"
-
-
-SEE ALSO
---------
-- `__download(7)`
-- `__unpack(7)`
-
-
-AUTHORS
--------
-Evilham <contact@evilham.com>
-
-
-COPYING
--------
-Copyright \(C) 2022 Evilham.
diff --git a/type/__single_binary_service/manifest b/type/__single_binary_service/manifest
deleted file mode 100755
index f46d62e..0000000
--- a/type/__single_binary_service/manifest
+++ /dev/null
@@ -1,358 +0,0 @@
-#!/bin/sh -eu
-SERVICE_NAME="${__object_id}"
-
-OS="$(cat "${__global}/explorer/os")"
-
-case "${OS}" in
-	debian|devuan)
-		SUPER_USER_GROUP=root
-		ETC_DIR="/etc"
-	;;
-	*bsd)
-		SUPER_USER_GROUP=wheel
-		ETC_DIR="/usr/local/etc"
-	;;
-	*)
-		echo "Your OS '${OS}' is currently not supported." >&2
-		exit 1
-	;;
-esac
-INIT="$(cat "${__global}/explorer/init")"
-
-case "${INIT}" in
-	systemd)
-		service_definition_require="__systemd_unit/${SERVICE_NAME}.service"
-		service_command="service ${SERVICE_NAME} %s"
-	;;
-	runit|sysvinit)
-		# We will use runit to manage these services
-		__runit
-		export require="__runit"
-		service_definition_require="__runit_service/${SERVICE_NAME}"
-		service_command="sv %s ${SERVICE_NAME}"
-	;;
-	*)
-		echo "Init system '${INIT}' is currently not supported." >&2
-		exit 1
-	;;
-esac
-
-BIN_DIR="/usr/local/bin"
-
-# Ensure the target bin dir exists
-#   Care, we never want to remove it :-D
-__directory "${BIN_DIR}" \
-	--state "exists" \
-	--mode 0755
-export require="${require:-} __directory${BIN_DIR}"
-
-STATE="$(cat "${__object}/parameter/state")"
-USER="$(cat "${__object}/parameter/user")"
-GROUP="$(cat "${__object}/parameter/group" 2>/dev/null || true)"
-if [ -z "${GROUP}" ]; then
-	if [ "${USER}" != "root" ]; then
-		GROUP="${USER}"
-	else
-		GROUP="${SUPER_USER_GROUP}"
-	fi
-fi
-
-
-BINARY="$(cat "${__object}/parameter/binary" 2>/dev/null || true)"
-if [ -z "${BINARY}" ]; then
-	BINARY="${SERVICE_NAME}"
-fi
-EXTRA_BINARIES="$(cat "${__object}/parameter/extra-binary" 2>/dev/null || true)"
-# This only makes sense for file archives
-if [ -n "${EXTRA_BINARIES}" ] && [ -f "${__object}/parameter/unpack" ]; then
-	cat >&2 <<-EOF
-	You cannot specify extra binaries without the --unpack argument.
-	Make sure that the --url argument points to a file archive.
-EOF
-fi
-
-SERVICE_EXEC="$(cat "${__object}/parameter/service-exec" 2>/dev/null || true)"
-if [ -z "${SERVICE_EXEC}" ]; then
-	SERVICE_EXEC="${BIN_DIR}/${BINARY}"
-fi
-SERVICE_ARGS="$(cat "${__object}/parameter/service-args")"
-SERVICE_EXEC="${SERVICE_EXEC} ${SERVICE_ARGS}"
-
-SERVICE_DESCRIPTION="$(cat "${__object}/parameter/service-description" \
-	2>/dev/null || true)"
-if [ -z "${SERVICE_DESCRIPTION}" ]; then
-	SERVICE_DESCRIPTION="cdist-managed '${SERVICE_NAME}' service"
-fi
-
-SERVICE_DEFINITION="$(cat "${__object}/parameter/service-definition" 2>/dev/null || true)"
-
-CHECKSUM="$(cat "${__object}/parameter/checksum")"
-SHOULD_VERSION="$(cat "${__object}/parameter/version" 2>/dev/null || true)"
-DOWNLOAD_URL="$(cat "${__object}/parameter/url")"
-LOCAL_SOURCE="$(cat "${__object}/parameter/local-source")"
-if [ "${STATE}" = "present" ] && [ -z "${SHOULD_VERSION}" ]; then
-	cat >&1 <<-EOM
-	When installing a service, --version must be specified.
-	EOM
-	exit 1
-fi
-if [ "${STATE}" = "present" ] && [ -z "${DOWNLOAD_URL}${LOCAL_SOURCE}" ]; then
-	cat >&1 <<-EOM
-	Exactly one of --url or --local-source must be specified.
-	EOM
-	exit 1
-fi
-if [ -n "${DOWNLOAD_URL}" ] && [ -z "${CHECKSUM}" ]; then
-	cat >&1 <<-EOM
-	You must specify --checksum when using --url.
-	EOM
-	exit 1
-fi
-if [ "${LOCAL_SOURCE}" = "-" ]; then
-	LOCAL_SOURCE="${__object}/stdin"
-fi
-
-# Create a user for the service if it is not root
-USER_HOME_DIR="/root"
-require_user_created=""
-service_require=""
-if [ "${USER}" != "root" ] && \
-		[ ! -f "${__object}/parameter/do-not-manage-user" ]; then
-	if [ "${STATE}" = "absent" ]; then
-		# When removing, ensure user is not being used
-		user_require="${service_definition_require}"
-	fi
-	USER_HOME_DIR="$(cat "${__object}/parameter/user-home-dir")"
-	if [ "${USER_HOME_DIR}" != "/nonexistent" ]; then
-		USER_CREATE_HOME="--create-home"
-	fi
-	require="${require} ${user_require:-}" __user "${USER}" \
-		--system \
-		--state "${STATE}" \
-		--home "${USER_HOME_DIR}" \
-		--comment "cdist-managed service user" \
-		${USER_CREATE_HOME}
-	require_user_created="__user/${USER}"
-	# Track dependencies
-	service_require="${service_require} ${require_user_created}"
-fi
-
-# Adapt directory permissions when necessary
-WORKING_DIRECTORY_PERMISSIONS="$(cat "${__object}/parameter/working-directory-permissions")"
-WORKING_DIRECTORY_PATH="$(cat "${__object}/parameter/working-directory" 2>/dev/null || true)"
-if [ -n "${WORKING_DIRECTORY_PATH}" ]; then
-	WORKING_DIRECTORY_SYSTEMD="WorkingDirectory=${WORKING_DIRECTORY_PATH}"
-	WORKING_DIRECTORY_RUNIT="cd '${WORKING_DIRECTORY_PATH}'"
-	require="${require_user_created}" __directory \
-		"${WORKING_DIRECTORY_PATH}" --state present \
-		--mode "${WORKING_DIRECTORY_PERMISSIONS}" \
-		--owner "${USER}" --group "${GROUP}"
-fi
-
-# Place config file if necessary
-CONFIG_FILE_DEST="$(cat "${__object}/parameter/config-file-destination" 2>/dev/null || true)"
-if [ -z "${CONFIG_FILE_DEST}" ]; then
-	CONFIG_FILE_DEST="${ETC_DIR}/${SERVICE_NAME}.conf"
-else
-	require="${require_user_created}" __directory \
-		"$(dirname "${WORKING_DIRECTORY_PATH}")" --state present \
-		--mode "${WORKING_DIRECTORY_PERMISSIONS}" \
-		--owner "${USER}" --group "${GROUP}"
-fi
-CONFIG_FILE_SOURCE="$(cat "${__object}/parameter/config-file-source" 2>/dev/null || true)"
-if [ "${CONFIG_FILE_SOURCE}" = "-" ]; then
-	CONFIG_FILE_SOURCE="${__object}/stdin"
-fi
-if [ -n "${CONFIG_FILE_SOURCE}" ] && [ "${STATE}" = "present" ]; then
-	require="${require} ${require_user_created}" __file \
-		"${CONFIG_FILE_DEST}" \
-		--owner "${USER}" \
-		--group "${GROUP}" \
-		--mode "0440" \
-		--source "${CONFIG_FILE_SOURCE}"
-	service_require="${service_require} __file${CONFIG_FILE_DEST}"
-fi
-
-
-
-# These messages will trigger a service restart (overridden for systemd)
-service_config_reload_pattern="^__file${CONFIG_FILE_DEST}"
-
-# This should setup the object in $service_definition_require
-# See above.
-case "${INIT}" in
-	systemd)
-		if [ -z "${SERVICE_DEFINITION}" ]; then
-			SYSTEMD_ENV_FILE="/etc/systemd/system/${SERVICE_NAME}.env"
-			__file "${SYSTEMD_ENV_FILE}" \
-				--mode 0400 \
-				--source "${__object}/parameter/env"
-			# We need to take into account the envionment file for systemd too
-			service_config_reload_pattern="(${service_config_reload_pattern}|^__file${SYSTEMD_ENV_FILE})"
-
-			SERVICE_DEFINITION="$(cat <<EOF
-[Unit]
-Description=${SERVICE_DESCRIPTION}
-After=network.target
-
-[Service]
-Type=simple
-
-User=${USER}
-Group=${GROUP}
-ExecStart=${SERVICE_EXEC}
-Restart=always
-EnvironmentFile=${SYSTEMD_ENV_FILE}
-${WORKING_DIRECTORY_SYSTEMD:-}
-
-[Install]
-WantedBy=multi-user.target
-EOF
-)"
-		fi
-		__systemd_unit "${SERVICE_NAME}.service" \
-			--source "-" \
-			--state "${STATE}" \
-			--enablement-state "enabled" <<EOF
-${SERVICE_DEFINITION}
-EOF
-	;;
-	runit|sysvinit)
-		if [ -z "${SERVICE_DEFINITION}" ]; then
-			RUNIT_ENV="$(sed -Ee 's!^([[:alnum:]_]+)=(.*)$!export \1=\2!' "${__object}/parameter/env")"
-			SERVICE_DEFINITION="$(cat <<EOF
-#!/bin/sh -e
-${WORKING_DIRECTORY_RUNIT}
-# User-provided environment
-${RUNIT_ENV}
-# System vars
-export HOME="\$(getent passwd '${USER}' | cut -d: -f6)"
-export USER="${USER}"
-export GROUP="${GROUP}"
-
-exec 2>&1
-exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC}
-EOF
-)"
-		fi
-		__runit_service "${SERVICE_NAME}" \
-			--state "${STATE}" \
-			--log \
-			--source - <<EOF
-${SERVICE_DEFINITION}
-EOF
-	;;
-esac
-service_require="${service_require} ${service_definition_require}"
-
-# Proceed after user and service description have been prepared
-export require="${require} ${service_require}"
-
-VERSION_FILE="${BIN_DIR}/.${SERVICE_NAME}.cdist.version"
-IS_VERSION="$(cat "${__object}/explorer/explorer-version")"
-
-
-if [ "${STATE}" = "absent" ]; then
-	# Perform cleanup of generated files
-	for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
-		__file "${BIN_DIR}/${bin_file}" --state "absent"
-	done
-	__file "${VERSION_FILE}" --state "absent"
-	__file "${CONFIG_FILE_DEST}" --state "absent"
-fi
-
-if [ "${STATE}" != "present" ]; then
-	exit
-fi
-
-sv_cmd() {
-	# This is intentional
-	# shellcheck disable=SC2059
-	printf "${service_command}" "$1"
-}
-
-if [ "${SHOULD_VERSION}" != "${IS_VERSION}" ]; then
-	# We are installing the service and there has been a version change
-	# (or it is first-time install)
-	TMP_PATH="/tmp/${SERVICE_NAME}-${SHOULD_VERSION}"
-
-	# This is what will stop the service, replace the binaries and
-	# start the service again
-	perform_service_upgrade="$(cat <<EOF
-$(sv_cmd stop) || true
-if [ -f '${TMP_PATH}' ]; then
-	chown root:${SUPER_USER_GROUP} '${TMP_PATH}'
-	chmod 0555 '${TMP_PATH}'
-	cp -af '${TMP_PATH}' '${BIN_DIR}/${BINARY}'
-else
-	for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
-		bin_path="${TMP_PATH}/\${bin_file}"
-		chown root:${SUPER_USER_GROUP} "\${bin_path}"
-		chmod 0555 "\${bin_path}"
-		cp -af "\${bin_path}" "${BIN_DIR}/\${bin_file}"
-	done
-fi
-$(sv_cmd start) || true
-EOF
-)"
-
-	if [ -f "${__object}/parameter/unpack" ]; then
-		UNPACK_EXTENSION="$(cat "${__object}/parameter/unpack-extension")"
-		UNPACK_ARGS="$(cat "${__object}/parameter/unpack-args" \
-			2>/dev/null || true)"
-		# Place packed file
-		if [ -n "${DOWNLOAD_URL}" ]; then
-			__download "${TMP_PATH}${UNPACK_EXTENSION}" \
-				--url "${DOWNLOAD_URL}" \
-				--download remote \
-				--sum "${CHECKSUM}"
-			require_place_file="__download${TMP_PATH}${UNPACK_EXTENSION}"
-		else
-			# TODO: this doesn't use CHECKSUM
-			__file "${TMP_PATH}${UNPACK_EXTENSION}" \
-				--source "${LOCAL_SOURCE}"
-			require_place_file="__file${TMP_PATH}${UNPACK_EXTENSION}"
-		fi
-
-		# Unpack file and also perform service upgrade
-		# shellcheck disable=SC2086
-		require="${require_place_file}" \
-			__unpack "${TMP_PATH}${UNPACK_EXTENSION}" \
-			${UNPACK_ARGS} \
-			--destination "${TMP_PATH}"
-		version_bump_require="__unpack${TMP_PATH}${UNPACK_EXTENSION}"
-	else
-		# Create temp directory
-		__directory "${TMP_PATH}"
-		# Place in temp directory with the specified binary name
-		if [ -n "${DOWNLOAD_URL}" ]; then
-			require="__directory${TMP_PATH}" __download \
-				"${TMP_PATH}/${BINARY}" \
-				--url "${DOWNLOAD_URL}" \
-				--download remote \
-				--sum "${CHECKSUM}"
-			version_bump_require="__download${TMP_PATH}/${BINARY}"
-		else
-			require="__directory${TMP_PATH}" __file \
-				"${TMP_PATH}/${BINARY}" \
-				--source "${LOCAL_SOURCE}"
-			version_bump_require="__file${TMP_PATH}/${BINARY}"
-		fi
-	fi
-
-	# Perform update of cdist-managed version file
-	# And also perform service upgrade
-	# This is a bug if service_upgrade fails >,<
-	printf "%s" "${SHOULD_VERSION}" | \
-		require="${version_bump_require}" __file \
-			"${VERSION_FILE}" \
-			--onchange "${perform_service_upgrade}" \
-			--source "-"
-else
-	# We only restart here if there was a config or env change
-	# but there was not a version change
-	require="${service_require}" __check_messages \
-		"single_binary_service_${__object_id}" \
-		--pattern "${service_config_reload_pattern}" \
-		--execute "$(sv_cmd restart)"
-fi
diff --git a/type/__single_binary_service/parameter/boolean b/type/__single_binary_service/parameter/boolean
deleted file mode 100644
index a779fd5..0000000
--- a/type/__single_binary_service/parameter/boolean
+++ /dev/null
@@ -1,2 +0,0 @@
-do-not-manage-user
-unpack
diff --git a/type/__single_binary_service/parameter/default/checksum b/type/__single_binary_service/parameter/default/checksum
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__single_binary_service/parameter/default/env b/type/__single_binary_service/parameter/default/env
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__single_binary_service/parameter/default/local-source b/type/__single_binary_service/parameter/default/local-source
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__single_binary_service/parameter/default/service-args b/type/__single_binary_service/parameter/default/service-args
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__single_binary_service/parameter/default/state b/type/__single_binary_service/parameter/default/state
deleted file mode 100644
index e7f6134..0000000
--- a/type/__single_binary_service/parameter/default/state
+++ /dev/null
@@ -1 +0,0 @@
-present
diff --git a/type/__single_binary_service/parameter/default/unpack-extension b/type/__single_binary_service/parameter/default/unpack-extension
deleted file mode 100644
index c95e2e9..0000000
--- a/type/__single_binary_service/parameter/default/unpack-extension
+++ /dev/null
@@ -1 +0,0 @@
-.tar.gz
\ No newline at end of file
diff --git a/type/__single_binary_service/parameter/default/url b/type/__single_binary_service/parameter/default/url
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__single_binary_service/parameter/default/user b/type/__single_binary_service/parameter/default/user
deleted file mode 100644
index d8649da..0000000
--- a/type/__single_binary_service/parameter/default/user
+++ /dev/null
@@ -1 +0,0 @@
-root
diff --git a/type/__single_binary_service/parameter/default/user-home-dir b/type/__single_binary_service/parameter/default/user-home-dir
deleted file mode 100644
index 4d21ca6..0000000
--- a/type/__single_binary_service/parameter/default/user-home-dir
+++ /dev/null
@@ -1 +0,0 @@
-/nonexistent
diff --git a/type/__single_binary_service/parameter/default/working-directory-permissions b/type/__single_binary_service/parameter/default/working-directory-permissions
deleted file mode 100644
index 4cd9d53..0000000
--- a/type/__single_binary_service/parameter/default/working-directory-permissions
+++ /dev/null
@@ -1 +0,0 @@
-0750
diff --git a/type/__single_binary_service/parameter/optional b/type/__single_binary_service/parameter/optional
deleted file mode 100644
index aaed0ac..0000000
--- a/type/__single_binary_service/parameter/optional
+++ /dev/null
@@ -1,20 +0,0 @@
-checksum
-config-file-source
-config-file-destination
-env
-user
-group
-state
-binary
-local-source
-service-args
-service-exec
-service-description
-service-definition
-unpack-extension
-unpack-args
-url
-user-home-dir
-version
-working-directory
-working-directory-permissions
diff --git a/type/__single_binary_service/parameter/optional_multiple b/type/__single_binary_service/parameter/optional_multiple
deleted file mode 100644
index e1ca562..0000000
--- a/type/__single_binary_service/parameter/optional_multiple
+++ /dev/null
@@ -1 +0,0 @@
-extra-binary
diff --git a/type/__systemd_network/gencode-remote b/type/__systemd_network/gencode-remote
deleted file mode 100755
index 13c16c9..0000000
--- a/type/__systemd_network/gencode-remote
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh -e
-#
-# 2022 Joachim Desroches (joachim.desroches@epfl.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-
-echo "systemctl enable systemd-networkd"
diff --git a/type/__systemd_network/man.rst b/type/__systemd_network/man.rst
deleted file mode 100644
index 1b7b7a6..0000000
--- a/type/__systemd_network/man.rst
+++ /dev/null
@@ -1,68 +0,0 @@
-cdist-type__systemd-network(7)
-==============================
-
-NAME
-----
-cdist-type__systemd-network - Configure systemd.network(5) file.
-
-
-DESCRIPTION
------------
-
-This type allows you to configure network interfaces by generating a
-systemd.network(5) file. It will enable systemd-networkd, so be sure to remove
-any conflicting network configuration tool if appropriate!
-
-Note that the systemd.network(5) system is very complete, and this type does
-not aim at providing every possible option. Are currently available only the
-most common options: feel free to add anything you need to this type which
-hopefully will grow over time.
-
-
-REQUIRED PARAMETERS
--------------------
-None.
-
-
-OPTIONAL PARAMETERS
--------------------
-description
-  A text field used when displaying details about this network.
-
-OPTIONAL MULTIPLE PARAMETERS
-----------------------------
-match-name
-  A text field that will be set in the `Name` option of the `[Match]` section.
-
-
-BOOLEAN PARAMETERS
-------------------
-ipv6ra-usedomains
-  Set the `UseDomains` option of the `[IPv6AcceptRA]` section to `True`.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # TODO
-    __systemd-network
-
-
-SEE ALSO
---------
-`cdist-type_systemd-resolved`\ (7)
-`systemd.network`\ (5)
-
-AUTHORS
--------
-Joachim Desroches <joachim.desroches@epfl.ch>
-
-
-COPYING
--------
-Copyright \(C) 2022 Joachim Desroches. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/type/__systemd_network/manifest b/type/__systemd_network/manifest
deleted file mode 100755
index 49eb792..0000000
--- a/type/__systemd_network/manifest
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/bin/sh -e
-#
-# 2022 Joachim Desroches (joachim.desroches@epfl.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-os=$(cat "${__global:?}/explorer/os")
-
-case "$os" in
-'debian' | 'ubuntu' | 'archlinux')
-	:
-	;;
-*)
-	printf "Your operating system (%s) is currently not supported by systemd-network\n" "$os" >&2
-	printf "Please contribute an implementation for it if you can.\n" >&2
-	exit 1
-	;;
-esac
-
-# XXX: Please keep the option parsing organized in order per-section, with
-# sections in the same order as they are in the manpage. This will make hacking
-# and maintaining this type much easier.
-
-mkdir "${__object:?}/files"
-output_file="${__object:?}/files/${__object_id:?}.network"
-
-cat << EOF > "$output_file"
-# This file is managed by cdist. Do not edit by hand!
-EOF
-
-# Match section
-# Ensure section is needed, OR existence of optional params.
-if [ -f "${__object:?}/parameter/match-name" ];
-then
-	printf "\n[Match]\n" >> "$output_file"
-
-	if [ -f "${__object:?}/parameter/match-name" ];
-	then
-		sed -e 's/^/Name=/' \
-			"${__object:?}/parameter/match-name" >> "$output_file"
-	fi
-fi
-
-# Network section
-# Ensure section is needed, OR existence of optional params.
-if [ -f "${__object:?}/parameter/description" ];
-then
-	printf "\n[Network]\n" >> "$output_file"
-
-	if [ -f "${__object:?}/parameter/description" ];
-	then
-		sed -e 's/^/Description=/' \
-			"${__object:?}/parameter/description" >> "$output_file"
-	fi
-fi
-
-# IPv6AcceptRA section
-# Ensure section is needed, OR existence of optional params.
-if [ -f "${__object:?}/parameter/ipv6ra-usedomains" ];
-then
-	printf "\n[IPv6AcceptRA]\n" >> "$output_file"
-
-	if [ -f "${__object:?}/parameter/ipv6ra-usedomains" ];
-	then
-		printf "UseDomains=True\n" >> "$output_file"
-	fi
-	
-fi
-
-__file "/etc/systemd/network/${__object_id:?}.network" \
-	--source "$output_file" \
-	--mode 0644
diff --git a/type/__systemd_network/parameter/boolean b/type/__systemd_network/parameter/boolean
deleted file mode 100644
index b23dcdc..0000000
--- a/type/__systemd_network/parameter/boolean
+++ /dev/null
@@ -1 +0,0 @@
-ipv6ra-usedomains
diff --git a/type/__systemd_network/parameter/optional b/type/__systemd_network/parameter/optional
deleted file mode 100644
index e1b39b0..0000000
--- a/type/__systemd_network/parameter/optional
+++ /dev/null
@@ -1 +0,0 @@
-description
diff --git a/type/__systemd_network/parameter/optional_multiple b/type/__systemd_network/parameter/optional_multiple
deleted file mode 100644
index c97c387..0000000
--- a/type/__systemd_network/parameter/optional_multiple
+++ /dev/null
@@ -1 +0,0 @@
-match-name
diff --git a/type/__systemd_resolved/gencode-remote b/type/__systemd_resolved/gencode-remote
deleted file mode 100755
index 115b99b..0000000
--- a/type/__systemd_resolved/gencode-remote
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh -e
-#
-# 2022 Joachim Desroches (joachim.desroches@epfl.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-echo "systemctl enable systemd-resolved"
diff --git a/type/__systemd_resolved/man.rst b/type/__systemd_resolved/man.rst
deleted file mode 100644
index 213c725..0000000
--- a/type/__systemd_resolved/man.rst
+++ /dev/null
@@ -1,47 +0,0 @@
-cdist-type__systemd_resolved(7)
-===============================
-
-NAME
-----
-cdist-type__systemd_resolved - Configure system to use systemd-resolved.
-
-
-DESCRIPTION
------------
-*systemd-resolved* is a systemd service that provides network name resolution
-to local applications via a D-Bus interface, the resolve NSS service
-(nss-resolve(8)), and a local DNS stub listener on 127.0.0.53.
-
-This type enables and starts this type, and helps with some minimal
-configuration. In particular, systemd-resolved has four modes of handling the
-`/etc/resolv.conf` file: stub, static, uplink and foreign. See the
-systemd-resolved(8) manpage for details. By default, this type uses stub mode:
-if you need another one, please provide an implementation in this type!
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    __systemd_resolved
-
-
-SEE ALSO
---------
-`systemd.network`\ (5)
-`systemd-resolved`\ (8)
-`nss-resolve`\ (8)
-
-
-AUTHORS
--------
-Joachim Desroches <joachim.desroches@epfl.ch>
-
-
-COPYING
--------
-Copyright \(C) 2022 Joachim Desroches. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/type/__systemd_resolved/manifest b/type/__systemd_resolved/manifest
deleted file mode 100755
index 3b99592..0000000
--- a/type/__systemd_resolved/manifest
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh -e
-#
-# 2022 Joachim Desroches (joachim.desroches@epfl.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-os=$(cat "${__global:?}/explorer/os")
-
-case "$os" in
-'debian')
-	:
-	;;
-*)
-	printf "Your operating system (%s) is currently not supported by __systemd_resolved\n" "$os" >&2
-	printf "Please contribute an implementation for it if you can.\n" >&2
-	exit 1
-	;;
-esac
-
-__link /etc/resolv.conf \
-	--type symbolic \
-	--source ../run/systemd/resolve/stub-resolv.conf
-
-require=__link/etc/resolv.conf \
-	__systemd_service systemd-resolved \
-		--state running \
-		--action restart \
-		--if-required
diff --git a/type/__systemd_resolved/singleton b/type/__systemd_resolved/singleton
deleted file mode 100644
index e69de29..0000000
diff --git a/type/__uacme_account/gencode-remote b/type/__uacme_account/gencode-remote
index b75d2d7..e1d9551 100644
--- a/type/__uacme_account/gencode-remote
+++ b/type/__uacme_account/gencode-remote
@@ -18,21 +18,6 @@ then
 	admin_mail="$(cat "${__object:?}/parameter/admin-mail")";
 fi
 
-# Autoaccept ACME server terms (if any) upon new account creation.
-uacme_opts="--yes"
-
-# Non-default ACMEv2 server directory object URL.
-if [ -f "${__object:?}/parameter/acme-url" ]; then
-	custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
-	uacme_opts="$uacme_opts --acme-url $custom_acme_url"
-fi
-
-# Specify RFC8555 External Account Binding credentials.
-if [ -f "${__object:?}/parameter/eab-credentials" ]; then
-	eab_credentials=$(cat "${__object:?}/parameter/eab-credentials")
-	uacme_opts="$uacme_opts --eab $eab_credentials"
-fi
-
 confdir="${default_confdir:?}"
 if [ -f "${__object:?}/parameter/confdir" ];
 then
@@ -42,6 +27,6 @@ fi
 cat << EOF
 if ! [ -f "${confdir}/private/key.pem" ];
 then
-	uacme $uacme_opts new ${admin_mail}
+	uacme -y new ${admin_mail}
 fi
 EOF
diff --git a/type/__uacme_account/man.rst b/type/__uacme_account/man.rst
index c18bb40..be5efc6 100644
--- a/type/__uacme_account/man.rst
+++ b/type/__uacme_account/man.rst
@@ -23,16 +23,6 @@ confdir
 admin-mail
     Administrative contact email to register the account with.
 
-acme-url
-   ACMEv2 server directory object URL. Lets'Encrypt is used by default.
-
-eab-credentials
-   Specify RFC8555 External Account Binding credentials according to
-   https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new
-   ACME account with an existing account in a non-ACME system such as a CA
-   customer database. KEYID must be an ASCII string. KEY must be
-   base64url-encoded. This is parameter is not supported by uacme < 1.6.
-
 EXAMPLES
 --------
 
@@ -53,7 +43,6 @@ SEE ALSO
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
-Timothée Floure <timothee.floure@posteo.net>
 
 COPYING
 -------
diff --git a/type/__uacme_account/parameter/optional b/type/__uacme_account/parameter/optional
index dff247c..0eaba67 100644
--- a/type/__uacme_account/parameter/optional
+++ b/type/__uacme_account/parameter/optional
@@ -1,4 +1,2 @@
 confdir
 admin-mail
-acme-url
-eab-credentials
diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh
index dc82fd9..18bf061 100755
--- a/type/__uacme_obtain/files/renew.sh.sh
+++ b/type/__uacme_obtain/files/renew.sh.sh
@@ -7,8 +7,8 @@ UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
 export UACME_CHALLENGE_PATH
 
 # Issue certificate.
-uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\
-	${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?}
+uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\
+	issue -- ${DOMAIN:?}
 
 # Note: exit code 0 means that certificate was issued.
 # Note: exit code 1 means that certificate was still valid, hence not renewed.
diff --git a/type/__uacme_obtain/man.rst b/type/__uacme_obtain/man.rst
index 16ebe87..f1db899 100644
--- a/type/__uacme_obtain/man.rst
+++ b/type/__uacme_obtain/man.rst
@@ -38,8 +38,7 @@ install-key-to
   Installation path of the certificate's private key.
 
 renew-hook
-  Renew hook executed on certificate renewal (e.g. `service nginx reload`, `-`
-  for the standard input).
+  Renew hook executed on certificate renewal (e.g. `service nginx reload`).
 
 force-cert-ownership-to
   Override default ownership for TLS certificate, passed as argument to chown.
diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest
index a40119b..f41e881 100644
--- a/type/__uacme_obtain/manifest
+++ b/type/__uacme_obtain/manifest
@@ -69,22 +69,6 @@ then
 fi
 export MUST_STAPLE
 
-# Non-default ACMEv2 server directory object URL.
-ACME_URL=
-if [ -f "${__object:?}/parameter/acme-url" ]; then
-	custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
-	ACME_URL="--acme-url $custom_acme_url"
-fi
-export ACME_URL
-
-# Specify RFC8555 External Account Binding credentials.
-EAB_CREDENTIALS=
-if [ -f "${__object:?}/parameter/eab-credentials" ]; then
-	eab_credentials_param=$(cat "${__object:?}/parameter/eab-credentials")
-	EAB_CREDENTIALS="--eab $eab_credentials_param"
-fi
-export EAB_CREDENTIALS
-
 OWNER=root
 if [ -f "${__object:?}/parameter/owner" ];
 then
@@ -109,11 +93,7 @@ export CERT_TARGET
 RENEW_HOOK=
 if [ -f "${__object:?}/parameter/renew-hook" ];
 then
-	if [ "$(cat "${__object:?}/parameter/renew-hook")" = "-" ]; then
-		RENEW_HOOK="$(cat ${__object:?}/stdin)"
-	else
-		RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
-	fi
+	RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
 fi
 export RENEW_HOOK
 
diff --git a/type/__uacme_obtain/parameter/optional b/type/__uacme_obtain/parameter/optional
index 9fa9846..fd721af 100644
--- a/type/__uacme_obtain/parameter/optional
+++ b/type/__uacme_obtain/parameter/optional
@@ -5,5 +5,3 @@ owner
 install-cert-to
 install-key-to
 renew-hook
-acme-url
-eab-credentials