Allow additional volumes to be mounted into matrix-nginx-proxy

Certain use-cases may require that people mount additional files
into the matrix-nginx-proxy container. Similarly to how we do it
for Synapse, we are introducing a new variable that makes this
possible (`matrix_nginx_proxy_container_additional_volumes`).

This makes the htpasswd file for Synapse Metrics (introduced in #86,
Github Pull Request) to also perform mounting using this new mechanism.
Hopefully, for such an "extension", keeping htpasswd file-creation and
volume definition in the same place (the tasks file) is better.

All other major volumes' mounting mechanism remains the same (explicit
mounting).

roles/matrix-nginx-proxy/defaults/main.yml

@@ -14,6 +14,12 @@ matrix_nginx_proxy_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-nginx-proxy.service wants
 matrix_nginx_proxy_systemd_wanted_services_list: []
 
+# A list of additional "volumes" to mount in the container.
+# This list gets populated dynamically at runtime. You can provide a different default value,
+# if you wish to mount your own files into the container.
+# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
+matrix_nginx_proxy_container_additional_volumes: []
+
 # Controls whether proxying the riot domain should be done.
 matrix_nginx_proxy_proxy_riot_enabled: false
 matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -37,6 +37,14 @@
     mode: 0400
   when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
 
+- name: Ensure matrix-synapse-metrics-htpasswd is mounted into the matrix-nginx-proxy container
+  - set_fact:
+    matrix_nginx_proxy_container_additional_volumes: >
+      {{ matrix_nginx_proxy_container_additional_volumes }}
+      +
+      {{ [{'src': '{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd', 'dst': '/etc/nginx/.matrix-synapse-metrics-htpasswd', 'options': 'ro'}] }}
+  when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
+
 - name: Ensure Matrix nginx-proxy configured (generic)
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"

roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2

@@ -26,9 +26,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
 			-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
 			-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
 			-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
-			{% if (matrix_nginx_proxy_proxy_synapse_metrics and matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled) %}
+			{% for volume in matrix_nginx_proxy_container_additional_volumes %}
-			-v {{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd:/etc/nginx/.matrix-synapse-metrics-htpasswd:ro \
+			-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
-			{% endif %}
+			{% endfor %}
 			{{ matrix_nginx_proxy_docker_image }}
 
 ExecStop=-/usr/bin/docker kill matrix-nginx-proxy