Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`, similar to how it's done in: - https://github.com/spantaleev/gitea-docker-ansible-deploy - https://github.com/spantaleev/nextcloud-docker-ansible-deploy In the near future, we'll be removing a lot of the shared role code from here and using upstream roles for it. Some of the core `matrix-*` roles have already been extracted out into other reusable roles: - https://github.com/devture/com.devture.ansible.role.postgres - https://github.com/devture/com.devture.ansible.role.systemd_docker_base - https://github.com/devture/com.devture.ansible.role.timesync - https://github.com/devture/com.devture.ansible.role.vars_preserver - https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages - https://github.com/devture/com.devture.ansible.role.playbook_help We just need to migrate to those.
2025-10-31 15:27:56 +01:00 · 2022-11-03 09:11:29 +02:00
parent 6c131138ad
commit 410a915a8a
722 changed files with 148 additions and 145 deletions
--- a/roles/custom/matrix-coturn/defaults/main.yml
+++ b/roles/custom/matrix-coturn/defaults/main.yml
@@ -0,0 +1,84 @@
+---
+# Project source code URL: https://github.com/coturn/coturn
+
+matrix_coturn_enabled: true
+
+matrix_coturn_container_image_self_build: false
+matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
+matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
+matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
+
+matrix_coturn_version: 4.6.0-r0
+matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
+matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
+
+# The Docker network that Coturn would be put into.
+#
+# Because Coturn relays traffic to unvalidated IP addresses,
+# using a dedicated network, isolated from other Docker (and local) services is preferrable.
+#
+# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
+# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
+matrix_coturn_docker_network: "matrix-coturn"
+
+matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
+matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"
+matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
+
+# List of systemd services that matrix-coturn.service depends on
+matrix_coturn_systemd_required_services_list: ['docker.service']
+
+# A list of additional "volumes" to mount in the container.
+# This list gets populated dynamically at runtime. You can provide a different default value,
+# if you wish to mount your own files into the container.
+# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
+matrix_coturn_container_additional_volumes: []
+
+# A list of extra arguments to pass to the container
+matrix_coturn_container_extra_arguments: []
+
+# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
+matrix_coturn_container_stun_plain_host_bind_port: '3478'
+
+# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
+matrix_coturn_container_stun_tls_host_bind_port: '5349'
+
+# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
+#
+# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
+# Takes a null/none value (`~`) to prevent listening.
+#
+# The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.
+matrix_coturn_container_turn_range_listen_interface: ''
+
+# UDP port-range to use for TURN
+matrix_coturn_turn_udp_min_port: 49152
+matrix_coturn_turn_udp_max_port: 49172
+
+# A shared secret (between Synapse and Coturn) used for authentication.
+# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
+matrix_coturn_turn_static_auth_secret: ""
+
+# The external IP address of the machine where Coturn is.
+matrix_coturn_turn_external_ip_address: ''
+matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]
+
+matrix_coturn_allowed_peer_ips: []
+matrix_coturn_denied_peer_ips: []
+matrix_coturn_user_quota: null
+matrix_coturn_total_quota: null
+
+# To enable TLS, you need to provide paths to certificates.
+# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
+# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
+matrix_coturn_tls_enabled: false
+matrix_coturn_tls_cert_path: ~
+matrix_coturn_tls_key_path: ~
+
+matrix_coturn_tls_v1_enabled: false
+matrix_coturn_tls_v1_1_enabled: false