Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592

.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482

This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)

On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.

If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.

Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/

Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

**no docker tag yet**, [keep an eye on it](https://hub.docker.com/r/coturn/coturn/tags?page=1&name=4.5.2-r13)

We no longer validate that there's an IP address defined.
Seems like Coturn can start without one as well, so there's no need to
require it.

If people populate `matrix_coturn_turn_external_ip_addresses` directly
to specify multiple addresses, they can leave
`matrix_coturn_turn_external_ip_address` empty.

We use the "select not equal to empty string" thing in the for loop
to avoid `matrix_coturn_turn_external_ip_address` leading to
`matrix_coturn_turn_external_ip_addresses: ['']` leading to
`external-ip=` in the Coturn configuration.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1741

Add support for multiple external turn IP addresses, this allows for better comptability with dualstack ipv4/ipv6 hosts, and is supported as per the documentation (point 6 here: https://matrix-org.github.io/synapse/latest/turn-howto.html#configuration)

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1236

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1158

689dcea773 wasn't enough. The `upstream/..` tags are
just upstream sources, without the alpine-based Dockerfile.
We need to use the `docker/..` tags for that (or `master`)

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1032

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999

Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716

This patch makes us use more fully-qualified container image names
(either prefixed with docker.io/ or with localhost/).

The latter happens when self-building is enabled.

We've recently had issues where if an image was removed manually
and the service was restarted (making `docker run` fetch it from Docker Hub, etc.),
we'd end up with a pulled image, even though we're aiming for a self-built one.
Re-running the playbook would then not do a rebuild, because:
- the image with that name already exists (even though it's something
else)
- we sometimes had conditional logic where we'd build only if the git
repo changed

By explicitly changing the name of the images (prefixing with localhost/),
we avoid such confusion and the possibility that we'd automatically pul something
which is not what we expect.

Also, I've removed that condition where building would happen on git
changes only. We now always build (unless an image with that name
already exists). We just force-build when the git repo changes.

4.5.1.3 fixes a security vulnerability:
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm