mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-01-05 19:10:20 +00:00
5eed874199
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716 This patch makes us use more fully-qualified container image names (either prefixed with docker.io/ or with localhost/). The latter happens when self-building is enabled. We've recently had issues where if an image was removed manually and the service was restarted (making `docker run` fetch it from Docker Hub, etc.), we'd end up with a pulled image, even though we're aiming for a self-built one. Re-running the playbook would then not do a rebuild, because: - the image with that name already exists (even though it's something else) - we sometimes had conditional logic where we'd build only if the git repo changed By explicitly changing the name of the images (prefixing with localhost/), we avoid such confusion and the possibility that we'd automatically pul something which is not what we expect. Also, I've removed that condition where building would happen on git changes only. We now always build (unless an image with that name already exists). We just force-build when the git repo changes.
74 lines
3.5 KiB
YAML
74 lines
3.5 KiB
YAML
matrix_coturn_enabled: true
|
|
|
|
matrix_coturn_container_image_self_build: false
|
|
|
|
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.1.3"
|
|
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}"
|
|
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
|
|
|
# The Docker network that Coturn would be put into.
|
|
#
|
|
# Because Coturn relays traffic to unvalidated IP addresses,
|
|
# using a dedicated network, isolated from other Docker (and local) services is preferrable.
|
|
#
|
|
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
|
|
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
|
|
matrix_coturn_docker_network: "matrix-coturn"
|
|
|
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
|
matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"
|
|
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
|
|
|
# List of systemd services that matrix-coturn.service depends on
|
|
matrix_coturn_systemd_required_services_list: ['docker.service']
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically at runtime. You can provide a different default value,
|
|
# if you wish to mount your own files into the container.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_coturn_container_additional_volumes: []
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_coturn_container_extra_arguments: []
|
|
|
|
# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
|
|
matrix_coturn_container_stun_plain_host_bind_port: '3478'
|
|
|
|
# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
|
|
matrix_coturn_container_stun_tls_host_bind_port: '5349'
|
|
|
|
# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
|
|
#
|
|
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
|
|
# Takes a null/none value (`~`) to prevent listening.
|
|
#
|
|
# The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.
|
|
matrix_coturn_container_turn_range_listen_interface: ''
|
|
|
|
# UDP port-range to use for TURN
|
|
matrix_coturn_turn_udp_min_port: 49152
|
|
matrix_coturn_turn_udp_max_port: 49172
|
|
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_coturn_turn_static_auth_secret: ""
|
|
|
|
# The external IP address of the machine where Coturn is.
|
|
matrix_coturn_turn_external_ip_address: ''
|
|
|
|
matrix_coturn_allowed_peer_ips: []
|
|
matrix_coturn_denied_peer_ips: []
|
|
matrix_coturn_user_quota: null
|
|
matrix_coturn_total_quota: null
|
|
|
|
# To enable TLS, you need to provide paths to certificates.
|
|
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
|
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
|
matrix_coturn_tls_enabled: false
|
|
matrix_coturn_tls_cert_path: ~
|
|
matrix_coturn_tls_key_path: ~
|