Wiring happens via `group_vars/matrix_servers` now.

Related to 6a52be7987 and 28e7ef9c71f02

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Regression since 3d9aa8387e

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2474

Seems like this affected all "own webserver" deployments, which required
port exposure.

`playbook-managed-traefik` and `playbook-managed-nginx` were not affected.

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472

It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2465

We'd like to auto-enable traefik-certs-dumper for these setups.

`devture_traefik_certs_dumper_ssl_dir_path` will be empty though,
so the role's validation will point people in the right direction.

With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper

Check for empty string instead of Null to verify if an openid_server_name is pinned.

Applying the assumption, that synapse is always managed by this playbook.

This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

This just enables the endpoint, which is somewhat helpful, but not
really enough to scrape them. Ideally, we'd be injecting these targets
into the Prometheus scrape config too.
For now, registering targets with Prometheus is very manual
(`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..).
This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable,
which is dynamically built in `group_vars/matrix_servers`.

Co-Authored-By: Slavi Pantaleev <slavi@devture.com>