diff --git a/.gitlab/issue_templates/Offboarding.md b/.gitlab/issue_templates/Offboarding.md
index 9990467a819c090773086b74bdecb1678a60c7f4..74a38c6167c33d4e0ac6c7a4a0480c766c1c34fa 100644
--- a/.gitlab/issue_templates/Offboarding.md
+++ b/.gitlab/issue_templates/Offboarding.md
@@ -14,24 +14,24 @@ This template should be used for offboarding Arch Linux team members.
 ## All roles checklist
 
 - [ ] Remove user email by reverting instructions from `docs/email.md`.
-  - [ ] Setup forwarding if desired (please add the current date as a comment above the mail address in Postfix's `users` file).
-  - [ ] Inform the user of the conditions for forwarding.
-    - In most cases we only offer forwarding for 6 months.
-    - We will inform the user prior to disabling the forwarding.
-    - The forwarding can be extended if there are good reasons for doing so.
+  - [ ] Remove entry in `group_vars/all/archusers.yml`.
+  - [ ] Remove SSH pubkey from `pubkeys/<username>.pub`.
+  - [ ] Run `ansible-playbook -t archusers  $(git grep -l archusers playbooks/ | grep -v phrik)`.
+  - [ ] Setup forwarding if requested (please add the current date as a comment above the mail address in Postfix's `users` file).
+    - [ ] Inform the user of the conditions for forwarding.
+      - In most cases we only offer forwarding for 6 months.
+      - We will inform the user prior to disabling the forwarding.
+      - The forwarding can be extended if there are good reasons for doing so.
 - [ ] Set user to inactive in archweb: https://www.archlinux.org/admin/auth/user/
-- [ ] Remove member from [staff mailing list](https://lists.archlinux.org/admin/staff/members)
+- [ ] Remove member from [staff mailing list](https://lists.archlinux.org/mailman3/lists/staff.lists.archlinux.org/members/member/)
+- [ ] Moderate email address on [arch-dev-public](https://lists.archlinux.org/mailman3/lists/arch-dev-public.lists.archlinux.org/members/member/) (find member and moderate)
 - [ ] Ask the user to leave `#archlinux-staff` on Libera Chat and forget the password
 - [ ] Remove staff cloak on Libera Chat ([Group contacts](https://wiki.archlinux.org/title/Arch_IRC_channels#Libera_Chat_group_contacts))
+- [ ] Remove the user from relevant staff groups on Keycloak.
 
 ## TU/Developer offboarding checklist
 
-- [ ] Remove entry in `group_vars/all/archusers.yml`.
-- [ ] Remove SSH pubkey from `pubkeys/<username>.pub`.
-- [ ] Run `ansible-playbook -t archusers  $(git grep -l archusers playbooks/ | grep -v phrik)`.
-- [ ] Remove the user from the `Trusted Users`/`Developers` groups on Keycloak.
-- [ ] Moderate email address on [arch-dev-public](https://lists.archlinux.org/admin/arch-dev-public/members) (find member and moderate)
-- [ ] Remove member from [arch-tu](https://lists.archlinux.org/admin/arch-tu/members) and/or [arch-dev](https://lists.archlinux.org/admin/arch-dev/members) mailing lists
+- [ ] Remove member from [arch-tu](https://lists.archlinux.org/mailman3/lists/arch-tu.lists.archlinux.org/members/member/) and/or [arch-dev](https://lists.archlinux.org/mailman3/lists/arch-dev.lists.archlinux.org/members/member/) mailing lists
 - [ ] Create [issue in archlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new) (choose *"Remove Packager Key"* and/or *"Remove Main Key"* template)
 
 ## DevOps offboarding checklist
@@ -39,11 +39,9 @@ This template should be used for offboarding Arch Linux team members.
 - [ ] Remove entries in `group_vars/all/root_access.yml`.
 - [ ] Run `ansible-playbook -t root_ssh playbooks/all-hosts-basic.yml`.
 - [ ] Run `ansible-playbook playbooks/hetzner_storagebox.yml playbooks/rsync.net.yml`.
-- [ ] Remove the user from the `DevOps` group on Keycloak.
-- [ ] Remove member from [arch-devops-private mailing lists](https://lists.archlinux.org/admin/arch-devops-private/members)
+- [ ] Remove member from [arch-devops-private mailing lists](https://lists.archlinux.org/mailman3/lists/arch-devops-private.lists.archlinux.org/members/member/)
 - [ ] Remove pubkey from [Hetzner's key management](https://robot.your-server.de/key/index)
 
 ## Wiki Administrator checklist
 
-- [ ] Remove the user from the `Wiki Admins` group on Keycloak.
-- [ ] Remove member from [arch-wiki-admins mailing list](https://lists.archlinux.org/admin/arch-wiki-admins/members).
+- [ ] Remove member from [arch-wiki-admins mailing list](https://lists.archlinux.org/mailman3/lists/arch-wiki-admins.lists.archlinux.org/members/member/).
diff --git a/.gitlab/issue_templates/Onboarding.md b/.gitlab/issue_templates/Onboarding.md
index bd4c34f714a3e94c92db78bdef04e7d77718aa46..01fba15dfc201072ea8b50d93acb6ce7f23a6c70 100644
--- a/.gitlab/issue_templates/Onboarding.md
+++ b/.gitlab/issue_templates/Onboarding.md
@@ -30,11 +30,17 @@ https://www.gnupg.org/gph/en/manual/x135.html
 -->
 
 ## All roles checklist
-The mailing list password can be found in [`misc/vaults/additional-credentials.vault`](misc/vaults/additional-credentials.vault).
 
-- [ ] Add new user email as per [`docs/email.md`](docs/email.md).
+- [ ] Add user mail if TU or developer, or support staff and **communication e-mail address** is arch.
+  - [ ] Add new user email as per [`docs/email.md`](docs/email.md).
+  - [ ] Add entry in [`group_vars/all/archusers.yml`](group_vars/all/archusers.yml).
+    - If support staff `hosts` should be set to `mail.archlinux.org`.
+    - `homedir.archlinux.org` is also allowed for support staff, but it is opt-in.
+  - [ ] Add SSH pubkey to `pubkeys/<username>.pub`.
+  - [ ] Run `ansible-playbook -t archusers $(git grep -l archusers playbooks/ | grep -v phrik)`.
 - [ ] Create a new user in [archweb](https://www.archlinux.org/devel/newuser/). Select the appropriate group membership and allowed repos (if applicable).
-- [ ] Subscribe **communication e-mail address** to internal [staff mailing list](https://lists.archlinux.org/admin/staff/members/add).
+- [ ] Subscribe **communication e-mail address** to internal [staff mailing list](https://lists.archlinux.org/mailman3/lists/staff.lists.archlinux.org/mass_subscribe/).
+- [ ] Allow sending from **communication e-mail address** on [arch-dev-public](https://lists.archlinux.org/mailman3/lists/arch-dev-public.lists.archlinux.org/members/member/) (subscribe and/or find address and remove moderation).
 - [ ] Give the user access to `#archlinux-staff` on Libera Chat.
 - [ ] Give the user a link to our [staff services page](https://wiki.archlinux.org/title/DeveloperWiki:Staff_Services).
 - [ ] Replace the **Team member username** with the @-prefixed username on Gitlab.
@@ -42,50 +48,33 @@ The mailing list password can be found in [`misc/vaults/additional-credentials.v
   address**, as well as the clearsigned representation of this data), remove
   the description history and make the issue non-confidential.
 - [ ] Request staff cloak on Libera Chat ([Group contacts](https://wiki.archlinux.org/title/Arch_IRC_channels#Libera_Chat_group_contacts))
-- [ ] Go to [Arch Linux group](https://gitlab.archlinux.org/groups/archlinux/-/group_members) -> Enter Admin mode -> go to members -> add username as "minimal access"
-- [ ] Go to [Arch Staff group](https://gitlab.archlinux.org/groups/archlinux/teams/staff/-/group_members) -> Enter Admin mode -> go to members -> add username as "reporter"
-
-## Packager onboarding checklist
-
-<!-- The ticket should be created by a sponsor of the new packager -->
-- [ ] Create [issue in archlinux-keyring using the *"New Packager Key"* template](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new?issuable_template=New%20Packager%20Key).
 
 ## Main key onboarding checklist
 
 - [ ] Add new user email for the `master-key.archlinux.org` subdomain as per [`docs/email.md`](docs/email.md).
-<!-- The ticket should be created by the developer becoming a new main key holder -->
+  <!-- The ticket should be created by the developer becoming a new main key holder -->
 - [ ] Create [issue in archlinux-keyring using the *"New Main Key"* template](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new?issuable_template=New%20Main%20Key).
 
-## Developer onboarding checklist
+## TU/Developer onboarding checklist
 
-- [ ] Add entry in [`group_vars/all/archusers.yml`](group_vars/all/archusers.yml).
-- [ ] Add SSH pubkey to `pubkeys/<username>.pub`.
-- [ ] Run `ansible-playbook -t archusers  $(git grep -l archusers playbooks/ | grep -v phrik)`.
-- [ ] Assign the user to the `Developers` groups on Keycloak.
-- [ ] Assign the user to the `Developers` group on [archlinux.org](https://archlinux.org/admin/auth/user/).
-- [ ] Subscribe **communication e-mail address** to internal [arch-dev](https://lists.archlinux.org/admin/arch-dev/members/add) mailing list.
-- [ ] Allow sending from **communication e-mail address** on [arch-dev-public](https://lists.archlinux.org/admin/arch-dev-public/members) (subscribe and/or find address and remove moderation).
+<!-- The ticket should be created by a sponsor of the new packager -->
+- [ ] Create [issue in archlinux-keyring using the *"New Packager Key"* template](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new?issuable_template=New%20Packager%20Key).
+- [ ] Assign the user to the `Trusted Users` or `Developers` group on Keycloak.
+- [ ] Assign the user to the `Trusted Users` or `Developers` group on [archlinux.org](https://archlinux.org/admin/auth/user/).
+- [ ] Subscribe **communication e-mail address** to internal [arch-tu](https://lists.archlinux.org/mailman3/lists/arch-tu.lists.archlinux.org/mass_subscribe/) or [arch-dev](https://lists.archlinux.org/mailman3/lists/arch-dev.lists.archlinux.org/mass_subscribe/) mailing list.
 
-## TU onboarding checklist
+## Support staff checklist
 
-- [ ] Add entry in [`group_vars/all/archusers.yml`](group_vars/all/archusers.yml).
-- [ ] Add SSH pubkey to `pubkeys/<username>.pub`.
-- [ ] Run `ansible-playbook -t archusers  $(git grep -l archusers playbooks/ | grep -v phrik)`.
-- [ ] Assign the user to the `Trusted Users` groups on Keycloak.
-- [ ] Assign the user to the `Trusted Users` group on [archlinux.org](https://archlinux.org/admin/auth/user/).
-- [ ] Subscribe **communication e-mail address** to internal [arch-tu](https://lists.archlinux.org/admin/arch-tu/members/add) mailing list.
-- [ ] Allow sending from **communication e-mail address** on [arch-dev-public](https://lists.archlinux.org/admin/arch-dev-public/members) (subscribe and/or find address and remove moderation).
+- [ ] Assign the user to the proper support staff group on Keycloak.
 
 ## DevOps onboarding checklist
 
 - [ ] Add entries in [`group_vars/all/root_access.yml`](group_vars/all/root_access.yml).
 - [ ] Run `ansible-playbook -t root_ssh playbooks/all-hosts-basic.yml`.
 - [ ] Run `ansible-playbook playbooks/hetzner_storagebox.yml playbooks/rsync.net.yml`.
-- [ ] Assign the user to the `DevOps` group on Keycloak.
-- [ ] Subscribe **communication e-mail address** to internal [arch-devops-private](https://lists.archlinux.org/admin/arch-devops-private/members/add) mailing list.
+- [ ] Subscribe **communication e-mail address** to internal [arch-devops-private](https://lists.archlinux.org/mailman3/lists/arch-devops-private.lists.archlinux.org/mass_subscribe/) mailing list.
 - [ ] Add pubkey to [Hetzner's key management](https://robot.your-server.de/key/index) for Dedicated server rescue system.
 
 ## Wiki Administrator checklist
 
-- [ ] Assign the user to the `Wiki Admins` group on Keycloak.
-- [ ] Subscribe **communication e-mail address** to the [arch-wiki-admins](https://lists.archlinux.org/admin/arch-wiki-admins/members/add) mailing list.
+- [ ] Subscribe **communication e-mail address** to the [arch-wiki-admins](https://lists.archlinux.org/mailman3/lists/arch-wiki-admins.lists.archlinux.org/mass_subscribe/) mailing list.