Remove matrix_playbook_traefik_role_enabled variable and devture-traefik references

The variable was necessary when multiple playbooks could have
potentially tried to manage a shared `devture-traefik.serivce` systemd service
and shared `/devture-traefik` directory.

Since adcc6d9723086f65f1a72, we use our own `/matrix/traefik`
(`matrix-traefik.service`) installation and no conflicts can arise.
It's safe to always enable the role, just like we do with all the other roles.

CHANGELOG.md

@@ -223,9 +223,9 @@ devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
 
 You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
 
-Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/devture-traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
+Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/matrix/traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
 
-**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/devture-traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
+**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/matrix/traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
 
 Treafik directly reverse-proxies to **some** services right now, but for most other services it goes through `matrix-nginx-proxy` (e.g. Traefik -> `matrix-nginx-proxy` -> [Ntfy](docs/configuring-playbook-ntfy.md)). So, even if you opt into Traefik, you'll still see `matrix-nginx-proxy` being installed in local-only mode. This will improve with time.
 

docs/configuring-playbook-ssl-certificates.md

@@ -54,7 +54,7 @@ devture_traefik_ssl_dir_enabled: true
 
 # Tell Traefik to load our custom configuration file (certificates.yml).
 # The file is created below, in `matrix_aux_file_definitions`.
-# The `/config/..` path is an in-container path, not a path on the host (like `/devture-traefik/config`). Do not change it!
+# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
 devture_traefik_configuration_extension_yaml: |
   providers:
     file:
@@ -85,7 +85,7 @@ matrix_aux_file_definitions:
 	#   HERE
 
   # Create the custom Traefik configuration.
-  # The `/ssl/..` paths below are in-container paths, not paths on the host (/`devture-traefik/ssl/..`). Do not change them!
+  # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
   - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
     content: |
       tls:

group_vars/matrix_servers

@@ -19,23 +19,9 @@
 # Also see `devture_docker_sdk_for_python_installation_enabled`.
 matrix_playbook_docker_installation_enabled: true
 
-# Controls whether to run the Traefik role or not
-# See the `com.devture.ansible.role.traefik` section below for role configuration.
-#
-# There's a difference between `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
-# `devture_traefik_enabled` controls what the Traefik role would do - when not enabled, it will run uninstall tasks, etc.
-# `matrix_playbook_traefik_role_enabled` controls if the Traefik role would even run at all.
-#
-# Sometimes, you're installing Traefik via a different (related playbook) which uses the same role.
-# In such cases, you'd like to disable the role in this playbook from bothering with Traefik at all (`matrix_playbook_traefik_role_enabled: false`).
-# If you used `devture_traefik_enabled: false` + `matrix_playbook_traefik_role_enabled: true` instead, you'd see the Treafik role here
-# try to delete Traefik data (`/devture-traefik`) installed by the other playbook.
-matrix_playbook_traefik_role_enabled: "{{ matrix_playbook_reverse_proxy_type != 'other-traefik-container' }}"
-
 # Controls whether to attach Traefik labels to services.
-# This is separate from `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`,
-# because you may wish to disable Traefik installation by the playbook, yet still use Traefik
-# installed in another way.
+# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
+# yet still use Traefik installed in another way.
 matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 
 # Controls the additional network that reverse-proxyable services will be connected to.
@@ -3854,8 +3840,6 @@ devture_container_socket_proxy_api_containers_enabled: true
 #                                                                      #
 ########################################################################
 
-# To completely disable the Traefik role from running, use `matrix_playbook_traefik_role_enabled: false`.
-# See the comment there for more details about why we have both `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
 devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
 
 devture_traefik_identifier: matrix-traefik

playbooks/matrix.yml

@@ -121,8 +121,7 @@
 
     - role: galaxy/com.devture.ansible.role.container_socket_proxy
 
-    - when: matrix_playbook_traefik_role_enabled | bool
-      role: galaxy/com.devture.ansible.role.traefik
+    - role: galaxy/com.devture.ansible.role.traefik
 
     - role: galaxy/com.devture.ansible.role.traefik_certs_dumper
 

roles/custom/matrix-base/defaults/main.yml

@@ -284,7 +284,7 @@ matrix_homeserver_app_service_config_files_auto: []
 # Valid options and a description of their behavior:
 #
 # - `playbook-managed-traefik`
-#     - the playbook will install devture-traefik
+#     - the playbook will run a managed Traefik instance (matrix-traefik)
 #     - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
 #     - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
 #     - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working

roles/custom/matrix_playbook_migration/tasks/main.yml

@@ -12,7 +12,7 @@
     - setup-all
     - install-all
 
-- when: matrix_playbook_traefik_role_enabled | bool
+- when: devture_traefik_enabled | bool
   block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/devture_traefik_to_matrix_traefik.yml"
   tags:

roles/custom/matrix_playbook_migration/tasks/validate_config.yml

@@ -37,6 +37,7 @@
     - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'}
     - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'}
     - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'}
+    - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'}
 
 - name: (Deprecation) Catch and report matrix_postgres variables
   ansible.builtin.fail: