Split playbook into multiple roles

As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.

roles/matrix-coturn/defaults/main.yml

@@ -0,0 +1,14 @@
+matrix_coturn_docker_image: "instrumentisto/coturn:4.5.0.8"
+
+matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
+matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
+
+# A shared secret (between Synapse and Coturn) used for authentication.
+# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
+matrix_coturn_turn_static_auth_secret: ""
+
+# UDP port-range to use for TURN
+matrix_coturn_turn_udp_min_port: 49152
+matrix_coturn_turn_udp_max_port: 49172
+
+matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"

roles/matrix-coturn/tasks/init.yml

@@ -0,0 +1,2 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}"

roles/matrix-coturn/tasks/main.yml

@@ -0,0 +1,9 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup_coturn.yml"
+  when: run_setup
+  tags:
+    - setup-coturn
+    - setup-all

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Fail if Coturn secret is missing
+  fail:
+    msg: "You need to set a secret in the matrix_coturn_turn_static_auth_secret variable"
+  when: "matrix_coturn_turn_static_auth_secret == ''"
+
+- name: Ensure Coturn image is pulled
+  docker_image:
+    name: "{{ matrix_coturn_docker_image }}"
+
+- name: Ensure Coturn configuration path exists
+  file:
+    path: "{{ matrix_coturn_base_path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+
+- name: Ensure turnserver.conf installed
+  template:
+    src: "{{ role_path }}/templates/turnserver.conf.j2"
+    dest: "{{ matrix_coturn_config_path }}"
+    mode: 0644
+
+- name: Ensure matrix-coturn.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
+    dest: "/etc/systemd/system/matrix-coturn.service"
+    mode: 0644
+
+- name: Allow access to Coturn ports in firewalld
+  firewalld:
+    port: "{{ item }}"
+    state: enabled
+    immediate: yes
+    permanent: yes
+  with_items:
+    - '3478/tcp' # STUN
+    - '3478/udp' # STUN
+    - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
+  when: ansible_os_family == 'RedHat'

roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2

@@ -0,0 +1,25 @@
+[Unit]
+Description=Matrix Coturn server
+After=docker.service
+Requires=docker.service
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-coturn
+ExecStartPre=-/usr/bin/docker rm matrix-coturn
+ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			-p 3478:3478 \
+			-p 3478:3478/udp \
+			-p {{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
+			-v {{ matrix_coturn_config_path }}:/turnserver.conf:ro \
+			{{ matrix_coturn_docker_image }} \
+			-c /turnserver.conf
+ExecStop=-/usr/bin/docker kill matrix-coturn
+ExecStop=-/usr/bin/docker rm matrix-coturn
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-coturn/templates/turnserver.conf.j2

@@ -0,0 +1,14 @@
+use-auth-secret
+static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
+realm=turn.{{ hostname_matrix }}
+cert=/matrix-config/{{ hostname_matrix }}.tls.crt
+pkey=/matrix-config/{{ hostname_matrix }}.tls.key
+dh-file=/matrix-config/{{ hostname_matrix }}.tls.dh
+cipher-list="HIGH"
+min-port={{ matrix_coturn_turn_udp_min_port }}
+max-port={{ matrix_coturn_turn_udp_max_port }}
+external-ip={{ matrix_coturn_turn_external_ip_address }}
+log-file=stdout
+pidfile=/var/tmp/turnserver.pid
+userdb=/var/tmp/turnserver.db
+no-cli