Do not run matrix-nginx-proxy config injection tasks unless necessary

These `init.yml` (now `inject_into_nginx_proxy.yml`) tasks do not need to `always` run. They only need to run for `setup-all` and `setup-nginx-proxy`. Unless we're dealing with these 2 tags, we can spare ourselves a lot of work. This patch also moves the `when` statement from `init.yml` into `main.yml` in an effort to further optimize things by potentially avoiding the extra file include.
3 лет назад · 735bacca89
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
 | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |

 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).
 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml).

 The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.

--- a/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
--- a/roles/custom/matrix-bot-maubot/tasks/main.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_bot_maubot_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
@@ -1,48 +0,0 @@
 ---

 - when: matrix_appservice_slack_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_appservice_slack_matrix_nginx_proxy_configuration: |
          location {{ matrix_appservice_slack_public_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
              proxy_pass $backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
          {% endif %}
          }

    - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_appservice_slack_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
      URL endpoint to the matrix-appservice-slack container.
      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
  when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_appservice_slack_matrix_nginx_proxy_configuration: |
      location {{ matrix_appservice_slack_public_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
          proxy_pass $backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
      {% endif %}
      }

 - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_appservice_slack_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
      URL endpoint to the matrix-appservice-slack container.
      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
  when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_appservice_slack_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -1,50 +0,0 @@
 ---

 - when: matrix_appservice_webhooks_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
          {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
            resolver 127.0.0.11 valid=5s;
            set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
            proxy_pass http://$backend/$1;
          }
          {% else %}
          {# Generic configuration for use outside of our container setup #}
          location {{ matrix_appservice_webhooks_public_endpoint }}/ {
            proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
          }
          {% endif %}

    - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
      URL endpoint to the matrix-appservice-webhooks container.
      You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
  when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
      {% if matrix_nginx_proxy_enabled | default(False) %}
      {# Use the embedded DNS resolver in Docker containers to discover the service #}
      location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
        resolver 127.0.0.11 valid=5s;
        set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
        proxy_pass http://$backend/$1;
      }
      {% else %}
      {# Generic configuration for use outside of our container setup #}
      location {{ matrix_appservice_webhooks_public_endpoint }}/ {
        proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
      }
      {% endif %}

 - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
      URL endpoint to the matrix-appservice-webhooks container.
      You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
  when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_appservice_webhooks_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
--- a/roles/custom/matrix-bridge-hookshot/tasks/init.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/init.yml
@@ -1,113 +0,0 @@
 ---

 - when: matrix_hookshot_enabled | bool
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_hookshot_matrix_nginx_proxy_configuration: |
          location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
              proxy_pass http://$backend/$1;
            {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
            {% endif %}
            proxy_set_header Host $host;
          }
          {% if matrix_hookshot_provisioning_enabled %}
          location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
              proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
            {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
            {% endif %}
            proxy_set_header Host $host;
          }
          {% endif %}
          {% if matrix_hookshot_widgets_enabled %}
          location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
              proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
            {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
            {% endif %}
            proxy_set_header Host $host;
          }
          {% endif %}
          location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
              proxy_pass http://$backend/$1$is_args$args;
            {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
            {% endif %}
            proxy_set_header Host $host;
          }

    - name: Register hookshot proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_hookshot_matrix_nginx_proxy_configuration]
          }}

    - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
      ansible.builtin.set_fact:
        matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
          location /metrics/hookshot {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
              proxy_pass http://$backend/metrics;
            {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
            {% endif %}
          }
      when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool

    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
            +
            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
          }}
      when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
      URL endpoint to the matrix-hookshot container.
      You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
  when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,111 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_hookshot_matrix_nginx_proxy_configuration: |
      location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
          proxy_pass http://$backend/$1;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
        {% endif %}
        proxy_set_header Host $host;
      }
      {% if matrix_hookshot_provisioning_enabled %}
      location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
          proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
        {% endif %}
        proxy_set_header Host $host;
      }
      {% endif %}
      {% if matrix_hookshot_widgets_enabled %}
      location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
          proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
        {% endif %}
        proxy_set_header Host $host;
      }
      {% endif %}
      location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
          proxy_pass http://$backend/$1$is_args$args;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
        {% endif %}
        proxy_set_header Host $host;
      }

 - name: Register hookshot proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_hookshot_matrix_nginx_proxy_configuration]
      }}

 - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
  ansible.builtin.set_fact:
    matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
      location /metrics/hookshot {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
          proxy_pass http://$backend/metrics;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
        {% endif %}
      }
  when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool

 - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
        +
        [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
      }}
  when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
      URL endpoint to the matrix-hookshot container.
      You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_hookshot_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_hookshot_enabled | bool"
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
@@ -1,48 +0,0 @@
 ---

 - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
          location {{ matrix_mautrix_facebook_public_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-mautrix-facebook:29319";
              proxy_pass http://$backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:9008;
          {% endif %}
          }

    - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
          }}

    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
      ansible.builtin.debug:
        msg: >-
          NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
          reverse proxy.
          Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
          URL endpoint to the matrix-mautrix-facebook container.
          You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
      location {{ matrix_mautrix_facebook_public_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-mautrix-facebook:29319";
          proxy_pass http://$backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:9008;
      {% endif %}
      }

 - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
      URL endpoint to the matrix-mautrix-facebook container.
      You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
@@ -1,47 +0,0 @@
 ---

 - when: matrix_mautrix_googlechat_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
          location {{ matrix_mautrix_googlechat_public_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-mautrix-googlechat:8080";
              proxy_pass http://$backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:9007;
          {% endif %}
          }
    - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
      URL endpoint to the matrix-mautrix-googlechat container.
      You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
  when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,43 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
      location {{ matrix_mautrix_googlechat_public_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-mautrix-googlechat:8080";
          proxy_pass http://$backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:9007;
      {% endif %}
      }
 - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
      URL endpoint to the matrix-mautrix-googlechat container.
      You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
  when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_mautrix_googlechat_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -1,47 +0,0 @@
 ---

 - when: matrix_mautrix_hangouts_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
          location {{ matrix_mautrix_hangouts_public_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-mautrix-hangouts:8080";
              proxy_pass http://$backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:9007;
          {% endif %}
          }
    - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
      URL endpoint to the matrix-mautrix-hangouts container.
      You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
  when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
      location {{ matrix_mautrix_hangouts_public_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-mautrix-hangouts:8080";
          proxy_pass http://$backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:9007;
      {% endif %}
      }

 - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
      URL endpoint to the matrix-mautrix-hangouts container.
      You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
  when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_mautrix_hangouts_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -1,47 +0,0 @@
 ---

 - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
          location {{ matrix_mautrix_telegram_public_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-mautrix-telegram:8080";
              proxy_pass http://$backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:9006;
          {% endif %}
          }

    - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
          }}
    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
      ansible.builtin.debug:
        msg: >-
          NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
          reverse proxy.
          Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
          URL endpoint to the matrix-mautrix-telegram container.
          You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
      location {{ matrix_mautrix_telegram_public_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-mautrix-telegram:8080";
          proxy_pass http://$backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:9006;
      {% endif %}
      }

 - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
      URL endpoint to the matrix-mautrix-telegram container.
      You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
@@ -1,7 +1,10 @@
 ---
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"

 - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
@@ -1,48 +0,0 @@
 ---

 - when: matrix_mx_puppet_slack_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
          location {{ matrix_mx_puppet_slack_redirect_path }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
              proxy_pass $backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
          {% endif %}
          }

    - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
      URL endpoint to the matrix-mx-puppet-slack container.
      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
  when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
      location {{ matrix_mx_puppet_slack_redirect_path }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
          proxy_pass $backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
      {% endif %}
      }

 - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
      URL endpoint to the matrix-mx-puppet-slack container.
      You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_mx_puppet_slack_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -1,48 +0,0 @@
 ---

 - when: matrix_mx_puppet_twitter_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
          location {{ matrix_mx_puppet_twitter_webhook_path }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
              proxy_pass $backend;
          {% else %}
              {# Generic configuration for use outside of our container setup #}
              proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
          {% endif %}
          }

    - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
      URL endpoint to the matrix-mx-puppet-twitter container.
      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
  when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
      location {{ matrix_mx_puppet_twitter_webhook_path }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
          proxy_pass $backend;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
      {% endif %}
      }

 - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
      URL endpoint to the matrix-mx-puppet-twitter container.
      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
+++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_mx_puppet_twitter_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool"
--- a/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
@@ -1,9 +1,6 @@
 ---

 - when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
  tags:
    - always
  block:
 - block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
--- a/roles/custom/matrix-cactus-comments/tasks/main.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_cactus_comments_enabled | bool"
--- a/roles/custom/matrix-etherpad/tasks/init.yml
+++ b/roles/custom/matrix-etherpad/tasks/init.yml
@@ -1,50 +0,0 @@
 ---

 - when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Etherpad proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_etherpad_matrix_nginx_proxy_configuration: |
          rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;

          location {{ matrix_etherpad_public_endpoint }}/ {
          {% if matrix_nginx_proxy_enabled | default(False) %}
            {# Use the embedded DNS resolver in Docker containers to discover the service #}
            resolver 127.0.0.11 valid=5s;
            proxy_pass http://matrix-etherpad:9001/;
            {# These are proxy directives needed specifically by Etherpad #}
            proxy_buffering off;
            proxy_http_version 1.1;  # recommended with keepalive connections
            proxy_pass_header Server;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
            # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
          {% else %}
            {# Generic configuration for use outside of our container setup #}
            # A good guide for setting up your Etherpad behind nginx:
            # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
            proxy_pass http://127.0.0.1:9001/;
          {% endif %}
          }

    - name: Register Etherpad proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
            +
            [matrix_etherpad_matrix_nginx_proxy_configuration]
          }}
--- a/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Etherpad proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_etherpad_matrix_nginx_proxy_configuration: |
      rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;

      location {{ matrix_etherpad_public_endpoint }}/ {
      {% if matrix_nginx_proxy_enabled | default(False) %}
        {# Use the embedded DNS resolver in Docker containers to discover the service #}
        resolver 127.0.0.11 valid=5s;
        proxy_pass http://matrix-etherpad:9001/;
        {# These are proxy directives needed specifically by Etherpad #}
        proxy_buffering off;
        proxy_http_version 1.1;  # recommended with keepalive connections
        proxy_pass_header Server;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
        # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
      {% else %}
        {# Generic configuration for use outside of our container setup #}
        # A good guide for setting up your Etherpad behind nginx:
        # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
        proxy_pass http://127.0.0.1:9001/;
      {% endif %}
      }

 - name: Register Etherpad proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
        +
        [matrix_etherpad_matrix_nginx_proxy_configuration]
      }}
--- a/roles/custom/matrix-etherpad/tasks/main.yml
+++ b/roles/custom/matrix-etherpad/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: run_setup | bool and matrix_etherpad_enabled | bool
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
@@ -1,47 +0,0 @@
 ---

 - when: matrix_ldap_registration_proxy_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
          location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
          {% if matrix_nginx_proxy_enabled | default(False) %}
             {# Use the embedded DNS resolver in Docker containers to discover the service #}
             resolver 127.0.0.11 valid=5s;
             set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
             proxy_pass http://$backend/register;
          {% else %}
             {# Generic configuration for use outside of our container setup #}
             proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
          {% endif %}
          }

    - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
          }}
    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
      ansible.builtin.debug:
        msg: >-
          NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
          reverse proxy.
          Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
          URL endpoint to the matrix-ldap-proxy container.
          You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
      when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,44 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
      location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
      {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
          proxy_pass http://$backend/register;
      {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
      {% endif %}
      }

 - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
      URL endpoint to the matrix-ldap-proxy container.
      You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
+++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_ldap_registration_proxy_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool"
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
@@ -1,37 +0,0 @@
 ---

 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
      ansible.builtin.set_fact:
        matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
          location /metrics/node-exporter {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-prometheus-node-exporter:9100";
              proxy_pass http://$backend/metrics;
            {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
              proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
            {% else %}
              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
            {% endif %}
          }

    - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
            +
            [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
          }}
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,35 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
  ansible.builtin.set_fact:
    matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
      location /metrics/node-exporter {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-prometheus-node-exporter:9100";
          proxy_pass http://$backend/metrics;
        {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
          proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
        {% else %}
          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
        {% endif %}
      }

 - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
        +
        [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
      }}
--- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
  tags:
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
@@ -1,37 +0,0 @@
 ---

 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
      ansible.builtin.set_fact:
        matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
          location /metrics/postgres-exporter {
            {% if matrix_nginx_proxy_enabled | default(False) %}
              {# Use the embedded DNS resolver in Docker containers to discover the service #}
              resolver 127.0.0.11 valid=5s;
              set $backend "matrix-prometheus-postgres-exporter:9187";
              proxy_pass http://$backend/metrics;
            {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
              proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
            {% else %}
              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
            {% endif %}
          }

    - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
            +
            [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
          }}
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,35 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
  ansible.builtin.set_fact:
    matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
      location /metrics/postgres-exporter {
        {% if matrix_nginx_proxy_enabled | default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          set $backend "matrix-prometheus-postgres-exporter:9187";
          proxy_pass http://$backend/metrics;
        {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
          proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
        {% else %}
          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
        {% endif %}
      }

 - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
        +
        [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
      }}
--- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
  tags:
--- a/roles/custom/matrix-registration/tasks/init.yml
+++ b/roles/custom/matrix-registration/tasks/init.yml
@@ -1,59 +0,0 @@
 ---

 - when: matrix_registration_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-registration role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_registration_matrix_nginx_proxy_configuration: |
          rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
          rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;

          location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
          {% if matrix_nginx_proxy_enabled | default(False) %}
            {# Use the embedded DNS resolver in Docker containers to discover the service #}
            resolver 127.0.0.11 valid=5s;
            set $backend "matrix-registration:5000";
            proxy_pass http://$backend/$1;
          {% else %}
            {# Generic configuration for use outside of our container setup #}
            proxy_pass http://127.0.0.1:8767/$1;
          {% endif %}

            {#
              Workaround matrix-registration serving the background image at /static
              (see https://github.com/ZerataX/matrix-registration/issues/47)
            #}
            sub_filter_once off;
            sub_filter_types text/css;
            sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
          }

    - name: Register matrix-registration proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_registration_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
      URL endpoint to the matrix-registration container.
      You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
  when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,55 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-registration role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_registration_matrix_nginx_proxy_configuration: |
      rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
      rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;

      location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
      {% if matrix_nginx_proxy_enabled | default(False) %}
        {# Use the embedded DNS resolver in Docker containers to discover the service #}
        resolver 127.0.0.11 valid=5s;
        set $backend "matrix-registration:5000";
        proxy_pass http://$backend/$1;
      {% else %}
        {# Generic configuration for use outside of our container setup #}
        proxy_pass http://127.0.0.1:8767/$1;
      {% endif %}

        {#
          Workaround matrix-registration serving the background image at /static
          (see https://github.com/ZerataX/matrix-registration/issues/47)
        #}
        sub_filter_once off;
        sub_filter_types text/css;
        sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
      }

 - name: Register matrix-registration proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_registration_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
      URL endpoint to the matrix-registration container.
      You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-registration/tasks/main.yml
+++ b/roles/custom/matrix-registration/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_registration_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_registration_enabled | bool"
--- a/roles/custom/matrix-synapse-admin/tasks/init.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/init.yml
@@ -1,50 +0,0 @@
 ---

 - when: matrix_synapse_admin_enabled | bool
  tags:
    - always
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
        msg: >-
          Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
          but it's pointless since the matrix-nginx-proxy role had already executed.
          To fix this, please change the order of roles in your playbook,
          so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
      when: matrix_nginx_proxy_role_executed | default(False) | bool

    - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_synapse_admin_matrix_nginx_proxy_configuration: |
          rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;

          location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
          {% if matrix_nginx_proxy_enabled | default(False) %}
            {# Use the embedded DNS resolver in Docker containers to discover the service #}
            resolver 127.0.0.11 valid=5s;
            set $backend "matrix-synapse-admin:80";
            proxy_pass http://$backend/$1;
          {% else %}
            {# Generic configuration for use outside of our container setup #}
            proxy_pass http://127.0.0.1:8766/$1;
          {% endif %}
          }

    - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
      ansible.builtin.set_fact:
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
          {{
            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
            +
            [matrix_synapse_admin_matrix_nginx_proxy_configuration]
          }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
      URL endpoint to the matrix-synapse-admin container.
      You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
  when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,46 @@
 ---

 - name: Fail if matrix-nginx-proxy role already executed
  ansible.builtin.fail:
    msg: >-
      Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
      but it's pointless since the matrix-nginx-proxy role had already executed.
      To fix this, please change the order of roles in your playbook,
      so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
  when: matrix_nginx_proxy_role_executed | default(False) | bool

 - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_synapse_admin_matrix_nginx_proxy_configuration: |
      rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;

      location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
      {% if matrix_nginx_proxy_enabled | default(False) %}
        {# Use the embedded DNS resolver in Docker containers to discover the service #}
        resolver 127.0.0.11 valid=5s;
        set $backend "matrix-synapse-admin:80";
        proxy_pass http://$backend/$1;
      {% else %}
        {# Generic configuration for use outside of our container setup #}
        proxy_pass http://127.0.0.1:8766/$1;
      {% endif %}
      }

 - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
  ansible.builtin.set_fact:
    matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
      {{
        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
        +
        [matrix_synapse_admin_matrix_nginx_proxy_configuration]
      }}

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  ansible.builtin.debug:
    msg: >-
      NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
      URL endpoint to the matrix-synapse-admin container.
      You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
  when: "not matrix_nginx_proxy_enabled | default(False) | bool"
--- a/roles/custom/matrix-synapse-admin/tasks/main.yml
+++ b/roles/custom/matrix-synapse-admin/tasks/main.yml
@@ -1,8 +1,10 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_synapse_admin_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-nginx-proxy

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: run_setup | bool
--- a/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
@@ -2,17 +2,17 @@

 # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
 # we'll generate it dynamically.
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
  when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0"
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/inject_into_nginx_proxy.yml"
  when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0"

 - name: Ensure workers are injected into various places
  ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml"
  with_items: "{{ matrix_synapse_workers_enabled_list }}"
  loop_control:
    loop_var: matrix_synapse_worker_details
  when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool
  when: matrix_synapse_workers_enabled | bool

 - when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
 - when: matrix_synapse_metrics_proxying_enabled | bool
  block:
    - name: Fail if matrix-nginx-proxy role already executed
      ansible.builtin.fail:
--- a/roles/custom/matrix-synapse/tasks/main.yml
+++ b/roles/custom/matrix-synapse/tasks/main.yml
@@ -1,8 +1,19 @@
 ---

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
 - when: matrix_synapse_enabled | bool
  ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
  tags:
    - always
    - setup-all
    - setup-synapse
    - start
    - start-all
    - start-group
    - restart
    - restart-all
    - restart-group
    - stop
    - stop-all
    - stop-group

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: run_setup | bool and matrix_synapse_enabled | bool
--- a/roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml
+++ b/roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml