Add _metrics_proxying_enabled variables to mautrix bridges

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

`metrics_enabled` should only expose the metrics locally, on the
container network, so that a local Prometheus can consume them.

Exposing them publicly should be done via a separate toggle (`metrics_proxying_enabled`).
This is how all other roles work, so this makes these mautrix roles consistent with the rest.

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -47,8 +47,15 @@ matrix_mautrix_facebook_homeserver_token: ''
 matrix_mautrix_facebook_federate_rooms: true
 
 # Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_facebook_metrics_proxying_enabled`.
 matrix_mautrix_facebook_metrics_enabled: false
 
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-facebook`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_facebook_metrics_proxying_enabled: false
+
 matrix_mautrix_facebook_bridge_permissions: |
   {{
     {matrix_mautrix_facebook_homeserver_domain: 'user'}

roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml

@@ -43,27 +43,27 @@
       You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
   when: "not matrix_nginx_proxy_enabled | default(False) | bool"
 
-- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
-  ansible.builtin.set_fact:
-    matrix_mautrix_facebook_nginx_metrics_configuration_block: |
-      location /metrics/mautrix-facebook {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "matrix-mautrix-facebook:8000";
-          proxy_pass http://$backend/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
-  when: matrix_mautrix_facebook_metrics_enabled | bool
+- when: matrix_mautrix_facebook_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
+      ansible.builtin.set_fact:
+        matrix_mautrix_facebook_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-facebook {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-facebook:8000";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
 
-- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
-  ansible.builtin.set_fact:
-    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-      {{
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-        +
-        [matrix_mautrix_facebook_nginx_metrics_configuration_block]
-      }}
-  when: matrix_mautrix_facebook_metrics_enabled | bool
+    - name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_facebook_nginx_metrics_configuration_block]
+          }}

roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -48,8 +48,15 @@ matrix_mautrix_instagram_homeserver_token: ''
 matrix_mautrix_instagram_federate_rooms: true
 
 # Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_instagram_metrics_proxying_enabled`.
 matrix_mautrix_instagram_metrics_enabled: false
 
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-instagram`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_instagram_metrics_proxying_enabled: false
+
 # Database-related configuration fields.
 #
 # To use Postgres:

roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml

@@ -9,25 +9,27 @@
       so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role.
   when: matrix_nginx_proxy_role_executed | default(False) | bool
 
-- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
-  ansible.builtin.set_fact:
-    matrix_mautrix_instagram_nginx_metrics_configuration_block: |
-      location /metrics/mautrix-instagram {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "matrix-mautrix-instagram:8000";
-          proxy_pass http://$backend/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
+- when: matrix_mautrix_instagram_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
+      ansible.builtin.set_fact:
+        matrix_mautrix_instagram_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-instagram {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-instagram:8000";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
 
-- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
-  ansible.builtin.set_fact:
-    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-      {{
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-        +
-        [matrix_mautrix_instagram_nginx_metrics_configuration_block]
-      }}
+    - name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_instagram_nginx_metrics_configuration_block]
+          }}

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -71,8 +71,15 @@ matrix_mautrix_signal_logging_level: WARNING
 matrix_mautrix_signal_federate_rooms: true
 
 # Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.
 matrix_mautrix_signal_metrics_enabled: false
 
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_signal_metrics_proxying_enabled: false
+
 # Database-related configuration fields
 #
 # This bridge only supports postgres.

roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml

@@ -9,25 +9,27 @@
       so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role.
   when: matrix_nginx_proxy_role_executed | default(False) | bool
 
-- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
-  ansible.builtin.set_fact:
-    matrix_mautrix_signal_nginx_metrics_configuration_block: |
-      location /metrics/mautrix-signal {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "matrix-mautrix-signal:8000";
-          proxy_pass http://$backend/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
+- when: matrix_mautrix_signal_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
+      ansible.builtin.set_fact:
+        matrix_mautrix_signal_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-signal {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-signal:8000";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
 
-- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
-  ansible.builtin.set_fact:
-    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-      {{
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-        +
-        [matrix_mautrix_signal_nginx_metrics_configuration_block]
-      }}
+    - name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_signal_nginx_metrics_configuration_block]
+          }}

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -79,8 +79,15 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot
 matrix_mautrix_twitter_logging_level: WARNING
 
 # Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`.
 matrix_mautrix_twitter_metrics_enabled: false
 
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_twitter_metrics_proxying_enabled: false
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml

@@ -9,25 +9,27 @@
       so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role.
   when: matrix_nginx_proxy_role_executed | default(False) | bool
 
-- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
-  ansible.builtin.set_fact:
-    matrix_mautrix_twitter_nginx_metrics_configuration_block: |
-      location /metrics/mautrix-twitter {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "matrix-mautrix-twitter:8000";
-          proxy_pass http://$backend/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
+- when: matrix_mautrix_twitter_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
+      ansible.builtin.set_fact:
+        matrix_mautrix_twitter_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-twitter {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-twitter:8000";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
 
-- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
-  ansible.builtin.set_fact:
-    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-      {{
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-        +
-        [matrix_mautrix_twitter_nginx_metrics_configuration_block]
-      }}
+    - name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_twitter_nginx_metrics_configuration_block]
+          }}

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -48,8 +48,15 @@ matrix_mautrix_whatsapp_logging_level: 'warn'
 matrix_mautrix_whatsapp_federate_rooms: true
 
 # Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_whatsapp_metrics_proxying_enabled`.
 matrix_mautrix_whatsapp_metrics_enabled: false
 
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-whatsapp`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_whatsapp_metrics_proxying_enabled: false
+
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml

@@ -9,25 +9,27 @@
       so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role.
   when: matrix_nginx_proxy_role_executed | default(False) | bool
 
-- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
-  ansible.builtin.set_fact:
-    matrix_mautrix_whatsapp_nginx_metrics_configuration_block: |
-      location /metrics/mautrix-whatsapp {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "matrix-mautrix-whatsapp:8001";
-          proxy_pass http://$backend/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
+- when: matrix_mautrix_whatsapp_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
+      ansible.builtin.set_fact:
+        matrix_mautrix_whatsapp_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-whatsapp {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-whatsapp:8001";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
 
-- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
-  ansible.builtin.set_fact:
-    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
-      {{
-        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
-        +
-        [matrix_mautrix_whatsapp_nginx_metrics_configuration_block]
-      }}
+    - name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_whatsapp_nginx_metrics_configuration_block]
+          }}