finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,197 Commits 3 Branches 0 Tags
62c4e76634d43d173b23c2687b95d229b1db494b
Commit Graph

18 Commits

Author SHA1 Message Date
Slavi Pantaleev
ec3b204541 Merge branch 'master' into renovate-config 2023-10-16 18:15:53 +03:00
Slavi Pantaleev
dc9ff4e01b Add support for external-IP-address-autodetection to Coturn 2023-10-10 11:10:21 +03:00
Samuel Meenzen
c846ed199b Annotate version numbers with renovate metadata 2023-10-06 14:14:03 +02:00
Slavi Pantaleev
c8e0f35c94 Upgrade Coturn (4.6.2-r4 -> 4.6.2-r5) 2023-10-05 17:00:59 +03:00
Slavi Pantaleev
ce0eb973b0 Upgrade Coturn (4.6.2-r3 -> 4.6.2-r4) 2023-07-04 16:47:35 +03:00
Aine
df07b8fb7d Update coturn 4.6.1-r3 -> 4.6.2-r3 2023-06-16 16:13:15 +03:00
Slavi Pantaleev
fa63785109 Upgrade Coturn (4.6.1-r2 -> 4.6.1-r3) 2023-04-03 15:34:19 +03:00
Slavi Pantaleev
69b2df629b Enable some recommended Coturn options in an effort to lower DDoS amplification factor 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
 2023-03-22 08:04:47 +02:00
Slavi Pantaleev
0b9dc56edf Add type support to matrix_coturn_container_additional_volumes 
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
 2023-02-15 06:03:55 +02:00
Aine
f6f7bbd2a1 Update coturn 4.6.1-r1 -> 4.6.1-r2 2023-02-13 12:54:55 +00:00
Slavi Pantaleev
c7767e9bc8 Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1) 2023-01-31 20:25:59 +02:00
Slavi Pantaleev
aafa8f019c Allow matrix_coturn_docker_network to be set to 'host' to use host-networking 
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)

On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.

If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bb0faa6bc3 Block various private network ranges via denied_peer_ips for Coturn by default 
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
773cb7d37e Make no-tcp-relay Coturn configuration property configurable 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bf23d63f82 Add matrix_coturn_additional_configuration 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
4c9f96722f Add no-multicast-peers to Coturn config by default 
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
6414599079 Upgrade Coturn (4.6.0 -> 4.6.1) 2022-12-05 09:46:11 +02:00
Slavi Pantaleev
410a915a8a Move roles/matrix* to roles/custom/matrix* 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
 2022-11-03 09:11:29 +02:00