This also adds labels for Synapse. Support for other homeservers and
components will be added later.

This is an attempt at optimizing service startup.

The effect is most pronounced when many services are restarted one by one.
The systemd service manager role sometimes does this - for example when `just install-service synapse` runs.
In such cases, a 5-second delay for each Synapse worker service
(or other bridge/bot service that waits on the homeserver) quickly adds up to a lot.

When services are all stopped fully and then started, the effect is not so pronounced, because
`matrix-synapse.service` starts first and pulls all worker services (defined as `Wants=` for it).
Later on, when the systemd service manager role "starts" these worker services, they're started already.
Even if they had a 5-second wait each, it would have happened in parallel.

Depending on the `options` that people provide, this may break
compatibility.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2918

Related to https://github.com/matrix-org/synapse/pull/15488

Many of these do depend on the Synapse master process (`matrix-synapse.service`),
so it makes sense to do it.

Furthermore, we're doing it so that one can stop the `matrix-synapse.service`
service and have systemd cascade this into stopping all the workers as well.

This is useful for easily stopping all of Synapse, so that Postgres
upgrades (`--tags=upgrade-postgres`) can happen cleanly.
Postgres upgrades currently stop `devture_postgres_systemd_services_to_stop_for_maintenance_list` which
includes Synapse, but stopping just the master process and leaving workers running is not safe enough and sometimes leads to errors like:

> ERROR:  insert or update on table "event_forward_extremities" violates foreign key constraint "event_forward_extremities_event_id"

With this dependency in place, stopping `matrix-synapse.service` will stop all Synapse processes.

Related to:
- e4f545c452
- 2481b7dfa4

We've prepared for this by adding the `main` process to the `instance_map` a long time ago,
in 49cb8b7b11.

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2698
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2700

This was mostly affecting the stream writer (events) worker, which was
being reported as unhealthy. It wasn't causing any issues, but it just
looked odd and was confusing people.

As an alternative to hitting the regular `/health` healthcheck route (on
the "client" API which this stream writer does not expose),
we may have went for hitting some "replication" API endpoint instead.

This is more complicated and likely unnecessary.

It's the same as `matrix_docker_network` for now, so this practically
doesn't change anything.

* Update homeserver.yaml.j2

* Update configuring-playbook-ldap-auth.md

* Update homeserver.yaml.j2

* Add ability to disable password auth

* Allow disabling password authentication

Larger deployments may wish to run migration more often.

Related to https://docs.docker.com/engine/deprecated/#separator--of---security-opt-flag-on-docker-run

Related to:

- https://github.com/matrix-org/synapse/pull/14551/files
- https://github.com/matrix-org/synapse/pull/14619/files

Related to

- c15e9a0edb
- 01a0527892

It's unnecessary when `pusher_instances` is populated.

Source: 6acb6d772a

It's unnecessary when `federation_sender_instances` is populated.

Source: 6acb6d772a