7d3adc4512
We do use some `:latest` images by default for the following services: - matrix-dimension - Goofys (in the matrix-synapse role) - matrix-bridge-appservice-irc - matrix-bridge-appservice-discord - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-whatsapp It's terribly unfortunate that those software projects don't release anything other than `:latest`, but that's how it is for now. Updating that software requires that users manually do `docker pull` on the server. The playbook didn't force-repull images that it already had. With this patch, it starts doing so. Any image tagged `:latest` will be force re-pulled by the playbook every time it's executed. It should be noted that even though we ask the `docker_image` module to force-pull, it only reports "changed" when it actually pulls something new. This is nice, because it lets people know exactly when something gets updated, as opposed to giving the indication that it's always updating the images (even though it isn't).
52 lines
2.3 KiB
YAML
52 lines
2.3 KiB
YAML
matrix_coturn_enabled: true
|
|
|
|
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.1"
|
|
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
|
|
|
# The Docker network that Coturn would be put into.
|
|
#
|
|
# Because Coturn relays traffic to unvalidated IP addresses,
|
|
# using a dedicated network, isolated from other Docker (and local) services is preferrable.
|
|
#
|
|
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
|
|
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
|
|
matrix_coturn_docker_network: "matrix-coturn"
|
|
|
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
|
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
|
|
|
# List of systemd services that matrix-coturn.service depends on
|
|
matrix_coturn_systemd_required_services_list: ['docker.service']
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically at runtime. You can provide a different default value,
|
|
# if you wish to mount your own files into the container.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_coturn_container_additional_volumes: []
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_coturn_container_extra_arguments: []
|
|
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_coturn_turn_static_auth_secret: ""
|
|
|
|
# UDP port-range to use for TURN
|
|
matrix_coturn_turn_udp_min_port: 49152
|
|
matrix_coturn_turn_udp_max_port: 49172
|
|
|
|
# The external IP address of the machine where Coturn is.
|
|
matrix_coturn_turn_external_ip_address: ''
|
|
|
|
matrix_coturn_allowed_peer_ips: []
|
|
matrix_coturn_denied_peer_ips: []
|
|
matrix_coturn_user_quota: null
|
|
matrix_coturn_total_quota: null
|
|
|
|
# To enable TLS, you need to provide paths to certificates.
|
|
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
|
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
|
matrix_coturn_tls_enabled: false
|
|
matrix_coturn_tls_cert_path: ~
|
|
matrix_coturn_tls_key_path: ~
|