Add matrix_playbook_reverse_proxy_type variable which influences all other services

roles/custom/matrix-base/defaults/main.yml

@@ -265,6 +265,48 @@ matrix_well_known_matrix_support_enabled: false
 matrix_homeserver_container_extra_arguments_auto: []
 matrix_homeserver_app_service_config_files_auto: []
 
+# Specifies the type of reverse-proxy used by the playbook.
+#
+# Changing this has an effect on whether a reverse-proxy is installed at all and what its type is,
+# as well as how all other services are configured.
+#
+# Valid options and a description of their behavior:
+#
+# - `playbook-installed-traefik`
+#     - the playbook will install devture-traefik for SSL termination
+#     - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working
+#
+# - `playbook-installed-nginx`
+#     - the playbook will install matrix-nginx-proxy and do SSL termination with Certbot
+#
+# - `other-traefik-container`
+#     - Traefik will be used, but it's not installed by this playbook.
+#     - you should make sure it's compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
+#     - you may wish to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
+#     - you may wish to enable `devture_traefik_certs_dumper_enabled` and point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`)
+#
+# - `other-nginx-non-container`
+#     - the playbook will not install matrix-nginx-proxy
+#     - however, it will still dump some nginx configuration in /matrix/nginx/conf.d
+#     - these configs are meant to be included into a locally-installed (without a container) nginx server
+#     - all container services are exposed locally (e.g. `-p 127.0.0.1:8080:8080`)
+#
+# - `other-on-same-host`
+#     - like other-nginx-non-container, but supposedly won't generate useless configuration in /matrix/nginx/conf.d in the future
+#
+# - `other-on-another-host`
+#     - like other-on-same-host, but services are exposed on all interfaces (e.g. `-p 0.0.0.0:8080:8080`)
+#     - configurable via `matrix_playbook_service_host_bind_interface_prefix`
+#
+# - `none`
+#     - no reverse-proxy will be installed
+#     - no nginx configuration will be dumped in /matrix/nginx/conf.d
+#     - no port exposure will be done for any of the container services
+#     - it's up to you to expose the ports you want, etc.
+matrix_playbook_reverse_proxy_type: playbook-installed-nginx
+
+matrix_playbook_service_host_bind_interface_prefix: "{{ '' if matrix_playbook_reverse_proxy_type not in ['other-nginx-non-container', 'other-on-same-host', 'other-on-another-host'] else ('0.0.0.0:' if matrix_playbook_reverse_proxy_type == 'other-on-another-host' else '127.0.0.1:') }}"
+
 # Variables to Control which parts of our roles run.
 run_postgres_import: true
 run_postgres_upgrade: true

roles/custom/matrix-base/tasks/validate_config.yml

@@ -51,6 +51,11 @@
     msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
   when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
 
+- name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly
+  ansible.builtin.fail:
+    msg: "Detected that variable matrix_playbook_reverse_proxy_type (current value: `{{ matrix_playbook_reverse_proxy_type }}`) appears to be set incorrectly. See roles/custom/matrix-base/defaults/main.yml for valid choices."
+  when: matrix_playbook_reverse_proxy_type not in ['playbook-installed-traefik', 'playbook-installed-nginx', 'other-traefik-container', 'other-nginx-non-container', 'other-on-same-host', 'other-on-another-host', 'none']
+
 - name: Fail if uppercase domain used
   ansible.builtin.fail:
     msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"