Slavi Pantaleev
69b2df629b
Enable some recommended Coturn options in an effort to lower DDoS amplification factor
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
2023-03-22 08:04:47 +02:00
Slavi Pantaleev
0b9dc56edf
Add type support to matrix_coturn_container_additional_volumes
...
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
2023-02-15 06:03:55 +02:00
Slavi Pantaleev
d44d4b637f
Allow Coturn to work with SSL certificates extracted from Traefik
2023-02-08 16:06:46 +02:00
Slavi Pantaleev
aafa8f019c
Allow matrix_coturn_docker_network to be set to 'host' to use host-networking
...
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)
On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.
If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
773cb7d37e
Make no-tcp-relay Coturn configuration property configurable
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bf23d63f82
Add matrix_coturn_additional_configuration
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
4c9f96722f
Add no-multicast-peers to Coturn config by default
...
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
4f4c856e43
matrix_host_command_systemctl -> devture_systemd_docker_base_host_command_systemctl (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:41:23 +02:00
Slavi Pantaleev
7086c0ebe3
matrix_host_command_sh -> devture_systemd_docker_base_host_command_sh (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:40:25 +02:00
Slavi Pantaleev
a9a81460ec
matrix_host_command_docker -> devture_systemd_docker_base_host_command_docker (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:39:35 +02:00
Slavi Pantaleev
f03f716989
matrix_systemd_unit_home_path -> devture_systemd_docker_base_systemd_unit_home_path (via com.devture.ansible.role.systemd_docker_base)
2022-11-04 16:37:47 +02:00
Slavi Pantaleev
410a915a8a
Move roles/matrix* to roles/custom/matrix*
...
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:
- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy
In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:
- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help
We just need to migrate to those.
2022-11-03 09:11:29 +02:00