finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,615 Commits 3 Branches 0 Tags
8f11e1d5bc9acaa86c7c4fed1da29cc20a197902
Commit Graph

42 Commits

Author SHA1 Message Date
Suguru Hirahara
ba9aeb7c9f Consistent capitalization: NOTE → Note 
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2024-10-15 02:58:40 +09:00
David Mehren
c89c356e53 Add a global config option for Docker network MTU (#3502) 
* Add a global config option for Docker network MTU

* Upgrade systemd_docker_base (v1.2.0-0 -> v1.3.0-0)

The new version includes `devture_systemd_docker_base_container_networks_driver_options`
due to 3cc7d12396

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502

* Switch from passing matrix_playbook_docker_network_mtu to respecting devture_systemd_docker_base_container_networks_driver_options

Related to:
- 3cc7d12396
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502

* Update all roles to versions that respect `devture_systemd_docker_base_container_networks_driver_options`

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2024-09-18 16:20:27 +03:00
Slavi Pantaleev
035b1c3c04 Upgrade Coturn (4.6.2-r10 -> 4.6.2-r11) 2024-07-26 15:15:51 +03:00
Slavi Pantaleev
d6aa98e57d Upgrade Coturn (4.6.2-r9 -> 4.6.2-r10) 2024-06-21 09:17:23 +03:00
Slavi Pantaleev
9f2eff2ac7 Respect devture_systemd_docker_base_docker_service_name 
Related to 0241c71a4c

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3270#issuecomment-2143782962

With this change, it should be possible for people to adjust the Docker
dependency from `docker.service` to something else (e.g. `pkg-ContainerManager-dockerd.service`),
or to completely eliminate it by setting `devture_systemd_docker_base_docker_service_name` to an empty string.

This makes it easier for people to use the playbook against a Synology DSM server.
 2024-06-04 13:14:34 +03:00
Slavi Pantaleev
3bf488fb16 Upgrade Coturn (4.6.2-r5 -> 4.6.2-r9) 2024-05-24 20:18:56 +03:00
Slavi Pantaleev
e1363c9b9b Add lt-cred-mech authentication mechanism to Coturn 
All homeserver implementations have been updated to support this as
well.

It's just Jitsi that possibly doesn't work with anything other than `auth-secret`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191
 2024-02-18 09:52:00 +02:00
Slavi Pantaleev
ad32953e0b Add additional-networks support to matrix-coturn 
Not that it seems necessary right now, but it makes it consistent with
all other roles.
 2024-01-15 11:18:09 +02:00
Slavi Pantaleev
2511b34a7c Stop containers gracefully, instead of outright killing them 2023-12-06 11:52:23 +02:00
Slavi Pantaleev
ec3b204541 Merge branch 'master' into renovate-config 2023-10-16 18:15:53 +03:00
Slavi Pantaleev
954634b580 Make ansible-lint happy 2023-10-11 11:12:28 +03:00
Slavi Pantaleev
dc9ff4e01b Add support for external-IP-address-autodetection to Coturn 2023-10-10 11:10:21 +03:00
Samuel Meenzen
c846ed199b Annotate version numbers with renovate metadata 2023-10-06 14:14:03 +02:00
Slavi Pantaleev
c8e0f35c94 Upgrade Coturn (4.6.2-r4 -> 4.6.2-r5) 2023-10-05 17:00:59 +03:00
Slavi Pantaleev
ce0eb973b0 Upgrade Coturn (4.6.2-r3 -> 4.6.2-r4) 2023-07-04 16:47:35 +03:00
Aine
df07b8fb7d Update coturn 4.6.1-r3 -> 4.6.2-r3 2023-06-16 16:13:15 +03:00
Slavi Pantaleev
2649d9d8bb Fix lint-reported errors 2023-04-08 08:10:22 +03:00
Slavi Pantaleev
fa63785109 Upgrade Coturn (4.6.1-r2 -> 4.6.1-r3) 2023-04-03 15:34:19 +03:00
Slavi Pantaleev
69b2df629b Enable some recommended Coturn options in an effort to lower DDoS amplification factor 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
 2023-03-22 08:04:47 +02:00
Slavi Pantaleev
dddfee16bc Fix all 300+ ansible-lint-reported errors 2023-03-07 17:28:15 +02:00
Slavi Pantaleev
0b9dc56edf Add type support to matrix_coturn_container_additional_volumes 
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
 2023-02-15 06:03:55 +02:00
Aine
f6f7bbd2a1 Update coturn 4.6.1-r1 -> 4.6.1-r2 2023-02-13 12:54:55 +00:00
Slavi Pantaleev
d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev
c7767e9bc8 Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1) 2023-01-31 20:25:59 +02:00
Slavi Pantaleev
aafa8f019c Allow matrix_coturn_docker_network to be set to 'host' to use host-networking 
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)

On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.

If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bb0faa6bc3 Block various private network ranges via denied_peer_ips for Coturn by default 
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
773cb7d37e Make no-tcp-relay Coturn configuration property configurable 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bf23d63f82 Add matrix_coturn_additional_configuration 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
4c9f96722f Add no-multicast-peers to Coturn config by default 
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
 2023-01-26 17:35:30 +02:00
Slavi Pantaleev
6414599079 Upgrade Coturn (4.6.0 -> 4.6.1) 2022-12-05 09:46:11 +02:00
Slavi Pantaleev
707e909b9b /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew 2022-11-27 09:53:23 +02:00
Slavi Pantaleev
a04f6f4e3d Optimize uninstall tasks a bit 
- forego removing Docker images - it's not effective anyway, because it
  only removes the last version.. which is a drop in the bucket, usually

- do not reload systemd - it's none of our business. `--tags=start`,
  etc., handle this

- combine all uninstall tasks under a single block, which only runs if
  we detect traces (a leftover systemd .service file) of the component.
  If no such .service is detected, we skip them all. This may lead to
  incorect cleanup in rare cases, but is good enough for the most part.
 2022-11-25 17:28:57 +02:00
Slavi Pantaleev
61f67d8f0a Add install-* tags for quicker runs 2022-11-25 16:02:51 +02:00
Slavi Pantaleev
7c2a7a8eb6 Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00
Slavi Pantaleev
0ea7cb5d18 Remove various init.yml files - initialize systemd services, etc., statically (not at runtime) 2022-11-23 11:45:46 +02:00
Slavi Pantaleev
d3bd1ca024 matrix_*_retries_{count,delay} -> devture_playbook_help_*_retries_{count,delay} 2022-11-04 16:44:29 +02:00
Slavi Pantaleev
4f4c856e43 matrix_host_command_systemctl -> devture_systemd_docker_base_host_command_systemctl (via com.devture.ansible.role.systemd_docker_base) 2022-11-04 16:41:23 +02:00
Slavi Pantaleev
7086c0ebe3 matrix_host_command_sh -> devture_systemd_docker_base_host_command_sh (via com.devture.ansible.role.systemd_docker_base) 2022-11-04 16:40:25 +02:00
Slavi Pantaleev
a9a81460ec matrix_host_command_docker -> devture_systemd_docker_base_host_command_docker (via com.devture.ansible.role.systemd_docker_base) 2022-11-04 16:39:35 +02:00
Slavi Pantaleev
835d2e9581 matrix_systemd_path -> devture_systemd_docker_base_systemd_path (via com.devture.ansible.role.systemd_docker_base) 2022-11-04 16:38:38 +02:00
Slavi Pantaleev
f03f716989 matrix_systemd_unit_home_path -> devture_systemd_docker_base_systemd_unit_home_path (via com.devture.ansible.role.systemd_docker_base) 2022-11-04 16:37:47 +02:00
Slavi Pantaleev
410a915a8a Move roles/matrix* to roles/custom/matrix* 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
 2022-11-03 09:11:29 +02:00