iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-20 20:28:07 +03:00
Code Issues Packages Projects Releases Wiki Activity
9,480 Commits 13 Branches 0 Tags
72280bbbb2eb630fa7c50efe3ff2d252c3a9acbf
Commit Graph

28 Commits

Author SHA1 Message Date
Slavi Pantaleev ac26cc1cb0 Allow STUN/TURN exposure over TCP/UDP to be controlled separately & disable STUN over UDP by default 2025-02-19 11:50:49 +02:00
Suguru Hirahara 6531c61c7a Update files for matrix-coturn: make the reloading schedule configurable with variables 
This commit adopts the common format which can be seen for BorgBackup. It should be probably helpful, though I am not quite sure how much.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2025-02-07 01:13:45 +09:00
Suguru Hirahara 107e9d205d Edit YAML files: minor changes (#3955) 
* Update roles/custom/matrix-coturn/defaults/main.yml: edit an instruction for creating a strong password

Follow-up to 6b87d1aa7d

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update examples/vars.yml: add a whitespace character for indenting

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2025-01-17 13:14:41 +02:00
Suguru Hirahara 2773c053d0 Update files for coturn (#3953) 
* Update docs/configuring-playbook-turn.md: add a section for description about installing

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/configuring-playbook-turn.md and a related file

- Edit the introducion based on docs/configuring-playbook-client-element-web.md
- Adopt the commont format by creating the section "Adjusting the playbook configuration"
- Add the section "Extending the configuration"
- Move the section "Disabling Coturn" to the bottom

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Fix capitalization: Coturn → coturn

See: https://github.com/coturn/coturn. Note that "coturn" is not capitalized even on the start of a sentence, except some rare cases like on the releases page: https://github.com/coturn/coturn/releases

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2025-01-17 10:19:17 +02:00
Slavi Pantaleev 035b1c3c04 Upgrade Coturn (4.6.2-r10 -> 4.6.2-r11) 2024-07-26 15:15:51 +03:00
Slavi Pantaleev d6aa98e57d Upgrade Coturn (4.6.2-r9 -> 4.6.2-r10) 2024-06-21 09:17:23 +03:00
Slavi Pantaleev 9f2eff2ac7 Respect devture_systemd_docker_base_docker_service_name 
Related to https://github.com/devture/com.devture.ansible.role.systemd_docker_base/commit/0241c71a4c08ff5e203b55d50a424387e3b077c8

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3270#issuecomment-2143782962

With this change, it should be possible for people to adjust the Docker
dependency from `docker.service` to something else (e.g. `pkg-ContainerManager-dockerd.service`),
or to completely eliminate it by setting `devture_systemd_docker_base_docker_service_name` to an empty string.

This makes it easier for people to use the playbook against a Synology DSM server.
 2024-06-04 13:14:34 +03:00
Slavi Pantaleev 3bf488fb16 Upgrade Coturn (4.6.2-r5 -> 4.6.2-r9) 2024-05-24 20:18:56 +03:00
Slavi Pantaleev e1363c9b9b Add lt-cred-mech authentication mechanism to Coturn 
All homeserver implementations have been updated to support this as
well.

It's just Jitsi that possibly doesn't work with anything other than `auth-secret`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191
 2024-02-18 09:52:00 +02:00
Slavi Pantaleev ad32953e0b Add additional-networks support to matrix-coturn 
Not that it seems necessary right now, but it makes it consistent with
all other roles.
 2024-01-15 11:18:09 +02:00
Slavi Pantaleev ec3b204541 Merge branch 'master' into renovate-config 2023-10-16 18:15:53 +03:00
Slavi Pantaleev dc9ff4e01b Add support for external-IP-address-autodetection to Coturn 2023-10-10 11:10:21 +03:00
Samuel Meenzen c846ed199b Annotate version numbers with renovate metadata 2023-10-06 14:14:03 +02:00
Slavi Pantaleev c8e0f35c94 Upgrade Coturn (4.6.2-r4 -> 4.6.2-r5) 2023-10-05 17:00:59 +03:00
Slavi Pantaleev ce0eb973b0 Upgrade Coturn (4.6.2-r3 -> 4.6.2-r4) 2023-07-04 16:47:35 +03:00
Aine df07b8fb7d Update coturn 4.6.1-r3 -> 4.6.2-r3 2023-06-16 16:13:15 +03:00
Slavi Pantaleev fa63785109 Upgrade Coturn (4.6.1-r2 -> 4.6.1-r3) 2023-04-03 15:34:19 +03:00
Slavi Pantaleev 69b2df629b Enable some recommended Coturn options in an effort to lower DDoS amplification factor 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
 2023-03-22 08:04:47 +02:00
Slavi Pantaleev 0b9dc56edf Add type support to matrix_coturn_container_additional_volumes 
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
 2023-02-15 06:03:55 +02:00
Aine f6f7bbd2a1 Update coturn 4.6.1-r1 -> 4.6.1-r2 2023-02-13 12:54:55 +00:00
Slavi Pantaleev c7767e9bc8 Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1) 2023-01-31 20:25:59 +02:00
Slavi Pantaleev aafa8f019c Allow matrix_coturn_docker_network to be set to 'host' to use host-networking 
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)

On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.

If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev bb0faa6bc3 Block various private network ranges via denied_peer_ips for Coturn by default 
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev 773cb7d37e Make no-tcp-relay Coturn configuration property configurable 2023-01-26 17:35:30 +02:00
Slavi Pantaleev bf23d63f82 Add matrix_coturn_additional_configuration 2023-01-26 17:35:30 +02:00
Slavi Pantaleev 4c9f96722f Add no-multicast-peers to Coturn config by default 
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev 6414599079 Upgrade Coturn (4.6.0 -> 4.6.1) 2022-12-05 09:46:11 +02:00
Slavi Pantaleev 410a915a8a Move roles/matrix* to roles/custom/matrix* 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
 2022-11-03 09:11:29 +02:00