Enable HTTP/3 by default for web-secure and matrix-federation

HTTP/3 is no longer considered experimental in Traefik v3,
so it's a good time to enable it.

group_vars/matrix_servers

@@ -38,6 +38,9 @@ matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devtur
 # A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}"
 
+# We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled.
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}"
+
 # `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not.
 # `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not,
 # and affects how services configure their public URLs.

roles/custom/matrix-base/defaults/main.yml

@@ -263,7 +263,16 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name: "{{ matrix_federation_traefik_entrypoint_name }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default: |
+  {{
+    ({'http3': {'advertisedPort': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort | int}})
+    if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled
+    else {}
+  }}
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto: {}
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom: {}
 
@@ -271,6 +280,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition:
   name: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name }}"
   port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"
   host_bind_port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port }}"
+  host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp }}"
   config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config }}"
 
 # Controls whether to enable an additional Traefik entrypoint for the purpose of serving the homeserver's Client-Server API internally.