matrix: Avoid using maps of maps with free keys

Prefer using lists of maps with consistent keys.

roles/matrix/defaults/main.yml

 ---
 
 matrix_nginx_config:
-  federation_reader:
+  - name: federation_reader
     port: 8011
     locations:
       - "~ ^/_matrix/federation/v1/event/"
@@ -26,7 +26,7 @@ matrix_nginx_config:
       - "~ ^/_matrix/federation/v1/get_groups_publicised$"
       - "~ ^/_matrix/key/v2/query"
       - "~ ^/_matrix/federation/v1/send/"  # Don't load balance
-  media_repository:
+  - name: media_repository
     port: 8013
     locations:
       - "~ ^/_matrix/media/"
@@ -35,7 +35,7 @@ matrix_nginx_config:
       - "~ ^/_synapse/admin/v1/user/.*/media.*$"
       - "~ ^/_synapse/admin/v1/media/.*$"
       - "~ ^/_synapse/admin/v1/quarantine_media/.*$"
-  homeserver:
+  - name: homeserver
     port: 8008
     locations:
       - "/_matrix"

roles/matrix/templates/appservice-registration-irc.yaml.j2

@@ -4,20 +4,20 @@ as_token: {{ vault_matrix_secrets.irc_as_token }}
 namespaces:
 
   users:
-{% for network in vault_matrix_secrets.irc_networks.values() %}
+{% for network in vault_matrix_secrets.irc_networks %}
     - exclusive: true
       regex: '@{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
       group_id: '+{{ network.name }}:{{ matrix_server_name }}'
 {% endfor %}
 
   aliases:
-{% for network in vault_matrix_secrets.irc_networks.values() %}
+{% for network in vault_matrix_secrets.irc_networks %}
     - exclusive: true
       regex: '#{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
 {% endfor %}
 
   rooms:
-{% for room in vault_matrix_secrets | json_query("irc_networks.*[].mappings.*[].room") %}
+{% for room in vault_matrix_secrets | json_query("irc_networks[].mappings[].room") %}
     - exclusive: false
       regex: '{{ room | regex_escape() }}'
 {% endfor %}

roles/matrix/templates/irc-bridge.yaml.j2

@@ -43,9 +43,9 @@ homeserver:
 # Configuration specific to the IRC service
 ircService:
   servers:
-{% for address, network in vault_matrix_secrets.irc_networks.items() %}
+{% for network in vault_matrix_secrets.irc_networks %}
     # The address of the server to connect to.
-    "{{ address }}":
+    "{{ network.address }}":
       # A human-readable short name. This is used to label IRC status rooms
       # where matrix users control their connections.
       # E.g. 'ExampleNet IRC Bridge status'.
@@ -270,8 +270,8 @@ ircService:
         # 1:many mappings from IRC channels to room IDs on this IRC server.
         # The matrix room must already exist. Your matrix client should expose
         # the room ID in a "settings" page for the room.
-{% for channel, mapping in network.mappings.items() %}
-        "{{ channel }}":
+{% for mapping in network.mappings %}
+        "{{ mapping.channel }}":
           roomIds: ["{{ mapping.room }}"]
           key: "{{ mapping.key }}"
 {% endfor %}

roles/matrix/templates/nginx.d.conf.j2

-{% for name, config in matrix_nginx_config.items() %}
-upstream matrix_{{ name }} {
+{% for config in matrix_nginx_config %}
+upstream matrix_{{ config.name }} {
     server 127.0.0.1:{{ config.port }};
 }
 
@@ -32,12 +32,12 @@ server {
     ssl_certificate_key  /etc/letsencrypt/live/{{ matrix_domain }}/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/{{ matrix_domain }}/chain.pem;
 
-{% for name, config in matrix_nginx_config.items() %}
-    # {{ name }}
+{% for config in matrix_nginx_config %}
+    # {{ config.name }}
 {% for location in config.locations %}
     location {{ location }} {
         access_log   /var/log/nginx/{{ matrix_domain }}/access.log main;
-        proxy_pass http://matrix_{{ name }};
+        proxy_pass http://matrix_{{ config.name }};
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_read_timeout 900s;
     }