David Mehren
c89c356e53
Add a global config option for Docker network MTU ( #3502 )
...
* Add a global config option for Docker network MTU
* Upgrade systemd_docker_base (v1.2.0-0 -> v1.3.0-0)
The new version includes `devture_systemd_docker_base_container_networks_driver_options`
due to 3cc7d12396
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502
* Switch from passing matrix_playbook_docker_network_mtu to respecting devture_systemd_docker_base_container_networks_driver_options
Related to:
- 3cc7d12396
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502
* Update all roles to versions that respect `devture_systemd_docker_base_container_networks_driver_options`
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2024-09-18 16:20:27 +03:00
Slavi Pantaleev
035b1c3c04
Upgrade Coturn (4.6.2-r10 -> 4.6.2-r11)
2024-07-26 15:15:51 +03:00
Slavi Pantaleev
d6aa98e57d
Upgrade Coturn (4.6.2-r9 -> 4.6.2-r10)
2024-06-21 09:17:23 +03:00
Slavi Pantaleev
9f2eff2ac7
Respect devture_systemd_docker_base_docker_service_name
...
Related to 0241c71a4c
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3270#issuecomment-2143782962
With this change, it should be possible for people to adjust the Docker
dependency from `docker.service` to something else (e.g. `pkg-ContainerManager-dockerd.service`),
or to completely eliminate it by setting `devture_systemd_docker_base_docker_service_name` to an empty string.
This makes it easier for people to use the playbook against a Synology DSM server.
2024-06-04 13:14:34 +03:00
Slavi Pantaleev
3bf488fb16
Upgrade Coturn (4.6.2-r5 -> 4.6.2-r9)
2024-05-24 20:18:56 +03:00
Slavi Pantaleev
e1363c9b9b
Add lt-cred-mech authentication mechanism to Coturn
...
All homeserver implementations have been updated to support this as
well.
It's just Jitsi that possibly doesn't work with anything other than `auth-secret`.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191
2024-02-18 09:52:00 +02:00
Slavi Pantaleev
ad32953e0b
Add additional-networks support to matrix-coturn
...
Not that it seems necessary right now, but it makes it consistent with
all other roles.
2024-01-15 11:18:09 +02:00
Slavi Pantaleev
2511b34a7c
Stop containers gracefully, instead of outright killing them
2023-12-06 11:52:23 +02:00
Slavi Pantaleev
ec3b204541
Merge branch 'master' into renovate-config
2023-10-16 18:15:53 +03:00
Slavi Pantaleev
954634b580
Make ansible-lint happy
2023-10-11 11:12:28 +03:00
Slavi Pantaleev
dc9ff4e01b
Add support for external-IP-address-autodetection to Coturn
2023-10-10 11:10:21 +03:00
Samuel Meenzen
c846ed199b
Annotate version numbers with renovate metadata
2023-10-06 14:14:03 +02:00
Slavi Pantaleev
c8e0f35c94
Upgrade Coturn (4.6.2-r4 -> 4.6.2-r5)
2023-10-05 17:00:59 +03:00
Slavi Pantaleev
ce0eb973b0
Upgrade Coturn (4.6.2-r3 -> 4.6.2-r4)
2023-07-04 16:47:35 +03:00
Aine
df07b8fb7d
Update coturn 4.6.1-r3 -> 4.6.2-r3
2023-06-16 16:13:15 +03:00
Slavi Pantaleev
2649d9d8bb
Fix lint-reported errors
2023-04-08 08:10:22 +03:00
Slavi Pantaleev
fa63785109
Upgrade Coturn (4.6.1-r2 -> 4.6.1-r3)
2023-04-03 15:34:19 +03:00
Slavi Pantaleev
69b2df629b
Enable some recommended Coturn options in an effort to lower DDoS amplification factor
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
2023-03-22 08:04:47 +02:00
Slavi Pantaleev
dddfee16bc
Fix all 300+ ansible-lint-reported errors
2023-03-07 17:28:15 +02:00
Slavi Pantaleev
0b9dc56edf
Add type support to matrix_coturn_container_additional_volumes
...
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
2023-02-15 06:03:55 +02:00
Aine
f6f7bbd2a1
Update coturn 4.6.1-r1 -> 4.6.1-r2
2023-02-13 12:54:55 +00:00
Slavi Pantaleev
d44d4b637f
Allow Coturn to work with SSL certificates extracted from Traefik
2023-02-08 16:06:46 +02:00
Slavi Pantaleev
c7767e9bc8
Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1)
2023-01-31 20:25:59 +02:00
Slavi Pantaleev
aafa8f019c
Allow matrix_coturn_docker_network to be set to 'host' to use host-networking
...
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)
On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.
If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bb0faa6bc3
Block various private network ranges via denied_peer_ips for Coturn by default
...
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
773cb7d37e
Make no-tcp-relay Coturn configuration property configurable
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bf23d63f82
Add matrix_coturn_additional_configuration
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
4c9f96722f
Add no-multicast-peers to Coturn config by default
...
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
6414599079
Upgrade Coturn (4.6.0 -> 4.6.1)
2022-12-05 09:46:11 +02:00
Slavi Pantaleev
707e909b9b
/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew
2022-11-27 09:53:23 +02:00
Slavi Pantaleev
a04f6f4e3d
Optimize uninstall tasks a bit
...
- forego removing Docker images - it's not effective anyway, because it
only removes the last version.. which is a drop in the bucket, usually
- do not reload systemd - it's none of our business. `--tags=start`,
etc., handle this
- combine all uninstall tasks under a single block, which only runs if
we detect traces (a leftover systemd .service file) of the component.
If no such .service is detected, we skip them all. This may lead to
incorect cleanup in rare cases, but is good enough for the most part.
2022-11-25 17:28:57 +02:00
Slavi Pantaleev
61f67d8f0a
Add install-* tags for quicker runs
2022-11-25 16:02:51 +02:00
Slavi Pantaleev
7c2a7a8eb6
Replace most import_tasks calls with include_tasks for improved performance
2022-11-24 11:33:45 +02:00
Slavi Pantaleev
0ea7cb5d18
Remove various init.yml files - initialize systemd services, etc., statically (not at runtime)
2022-11-23 11:45:46 +02:00
Slavi Pantaleev
d3bd1ca024
matrix_*_retries_{count,delay} -> devture_playbook_help_*_retries_{count,delay}
2022-11-04 16:44:29 +02:00
Slavi Pantaleev
4f4c856e43
matrix_host_command_systemctl -> devture_systemd_docker_base_host_command_systemctl (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:41:23 +02:00
Slavi Pantaleev
7086c0ebe3
matrix_host_command_sh -> devture_systemd_docker_base_host_command_sh (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:40:25 +02:00
Slavi Pantaleev
a9a81460ec
matrix_host_command_docker -> devture_systemd_docker_base_host_command_docker (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:39:35 +02:00
Slavi Pantaleev
835d2e9581
matrix_systemd_path -> devture_systemd_docker_base_systemd_path (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:38:38 +02:00
Slavi Pantaleev
f03f716989
matrix_systemd_unit_home_path -> devture_systemd_docker_base_systemd_unit_home_path (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:37:47 +02:00
Slavi Pantaleev
410a915a8a
Move roles/matrix* to roles/custom/matrix*
...
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:
- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy
In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:
- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help
We just need to migrate to those.
2022-11-03 09:11:29 +02:00