From 7716c306f1d9a99fd3302fb04ac535d643be2e60 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 27 Feb 2023 17:26:22 +0200
Subject: [PATCH] Split Traefik rules for Matrix Client and Matrix Federation
 APIs

This helps people who run federation on another domain (etc.).
They should now easily be able to add a custom rule for federation traffic.
---
 roles/custom/matrix-nginx-proxy/defaults/main.yml         | 5 ++++-
 roles/custom/matrix-nginx-proxy/tasks/validate_config.yml | 2 ++
 roles/custom/matrix-nginx-proxy/templates/labels.j2       | 4 ++--
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index f04f19f4..6565e1b9 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -57,7 +57,10 @@ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule: "Host(`{{ ma
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
-matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname }}`)"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname }}`)"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"
 
diff --git a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml
index f7d18c9e..8d63876a 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml
@@ -14,6 +14,8 @@
     - {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
     - {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': '<not configurable anymore>'}
     - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': '<not configurable anymore>'}
+    - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule', 'new': '<split into matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule and matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule>'}
+    - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname', 'new': '<split into matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname and matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname>'}
 
 - name: Fail on unknown matrix_ssl_retrieval_method
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-nginx-proxy/templates/labels.j2 b/roles/custom/matrix-nginx-proxy/templates/labels.j2
index b4c68471..0aff6a05 100644
--- a/roles/custom/matrix-nginx-proxy/templates/labels.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2
@@ -20,7 +20,7 @@ traefik.http.routers.matrix-nginx-proxy-base-domain.entrypoints={{ matrix_nginx_
 
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
 # Matrix Client
-traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
+traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web
 traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
@@ -29,7 +29,7 @@ traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix
 traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
 
 # Matrix Federation
-traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}