overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Matrix Docker Ansible eploy
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
5887 коммитов
14 Ветки
491 MiB
 
 
Дерево: 606c1907bb
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '606c1907bb'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-coturn/defaults/main.yml

137 строки
6.6 KiB
Исходник Вина История 

  1. ---

  2. # Project source code URL: https://github.com/coturn/coturn

  3. 

  4. matrix_coturn_enabled: true

  5. 

  6. matrix_coturn_container_image_self_build: false

  7. matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"

  8. matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"

  9. matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"

  10. 

  11. matrix_coturn_version: 4.6.1-r2

  12. matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"

  13. matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"

  14. matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

  15. 

  16. # The Docker network that Coturn would be put into.

  17. #

  18. # Because Coturn relays traffic to unvalidated IP addresses,

  19. # using a dedicated network, isolated from other Docker (and local) services is preferrable.

  20. #

  21. # Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also

  22. # possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.

  23. #

  24. # Setting `matrix_coturn_docker_network` to 'host' will run the container with host networking,

  25. # which will drastically improve performance when thousands of ports are opened due to Docker not having to set up forwarding rules for each port.

  26. # Running with host networking can be dangerous, as it potentially exposes your local network and its services to Coturn peers.

  27. # Regardless of the networking mode, we apply a deny list which via `matrix_coturn_denied_peer_ips`,

  28. # which hopefully prevents access to such private network ranges.

  29. # When running in host-networking mode, you need to adjust the firewall yourself, so that ports are opened.

  30. matrix_coturn_docker_network: "matrix-coturn"

  31. 

  32. matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"

  33. matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"

  34. matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"

  35. 

  36. # List of systemd services that matrix-coturn.service depends on

  37. matrix_coturn_systemd_required_services_list: ['docker.service']

  38. 

  39. # A list of additional "volumes" to mount in the container.

  40. # This list gets populated dynamically at runtime. You can provide a different default value,

  41. # if you wish to mount your own files into the container.

  42. # Contains definition objects like this: `{"type": "bind", "src": "/outside", "dst": "/inside", "options": "readonly"}.

  43. # See the `--mount` documentation for the `docker run` command.

  44. matrix_coturn_container_additional_volumes: []

  45. 

  46. # A list of extra arguments to pass to the container

  47. matrix_coturn_container_extra_arguments: []

  48. 

  49. # Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).

  50. #

  51. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.

  52. matrix_coturn_container_stun_plain_host_bind_port: "{{ '3478' if matrix_coturn_docker_network != 'host' else '' }}"

  53. 

  54. # Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).

  55. #

  56. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.

  57. matrix_coturn_container_stun_tls_host_bind_port: "{{ '5349' if matrix_coturn_docker_network != 'host' else '' }}"

  58. 

  59. # Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.

  60. #

  61. # Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.

  62. # Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.

  63. #

  64. # The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.

  65. matrix_coturn_container_turn_range_listen_interface: "{{ '' if matrix_coturn_docker_network != 'host' else 'none' }}"

  66. 

  67. # UDP port-range to use for TURN

  68. matrix_coturn_turn_udp_min_port: 49152

  69. matrix_coturn_turn_udp_max_port: 49172

  70. 

  71. # A shared secret (between Synapse and Coturn) used for authentication.

  72. # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).

  73. matrix_coturn_turn_static_auth_secret: ""

  74. 

  75. # The external IP address of the machine where Coturn is.

  76. matrix_coturn_turn_external_ip_address: ''

  77. matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]

  78. 

  79. matrix_coturn_allowed_peer_ips: []

  80. 

  81. # We block loopback interfaces and private networks by default to prevent private resources from being accessible.

  82. # This is especially important when Coturn does not run within a container network (e.g. `matrix_coturn_docker_network: host`).

  83. #

  84. # Learn more: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/

  85. #

  86. # If you're running Coturn for local network peers, you may wish to override these rules.

  87. matrix_coturn_denied_peer_ips:

  88.   - 0.0.0.0-0.255.255.255

  89.   - 10.0.0.0-10.255.255.255

  90.   - 100.64.0.0-100.127.255.255

  91.   - 127.0.0.0-127.255.255.255

  92.   - 169.254.0.0-169.254.255.255

  93.   - 172.16.0.0-172.31.255.255

  94.   - 192.0.0.0-192.0.0.255

  95.   - 192.0.2.0-192.0.2.255

  96.   - 192.88.99.0-192.88.99.255

  97.   - 192.168.0.0-192.168.255.255

  98.   - 198.18.0.0-198.19.255.255

  99.   - 198.51.100.0-198.51.100.255

  100.   - 203.0.113.0-203.0.113.255

  101.   - 240.0.0.0-255.255.255.255

  102.   - ::1

  103.   - 64:ff9b::-64:ff9b::ffff:ffff

  104.   - ::ffff:0.0.0.0-::ffff:255.255.255.255

  105.   - 100::-100::ffff:ffff:ffff:ffff

  106.   - 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff

  107.   - 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff

  108.   - fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

  109.   - fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff

  110. 

  111. matrix_coturn_user_quota: null

  112. matrix_coturn_total_quota: null

  113. 

  114. # Controls whether `no-tcp-relay` is added to the configuration

  115. matrix_coturn_no_tcp_relay_enabled: true

  116. 

  117. # Controls whether `no-multicast-peers` is added to the configuration

  118. matrix_coturn_no_multicast_peers_enabled: true

  119. 

  120. # Additional configuration to be passed to turnserver.conf

  121. # Example:

  122. # matrix_coturn_additional_configuration: |

  123. #   simple-log

  124. #   aux-server=1.2.3.4

  125. #   relay-ip=4.3.2.1

  126. matrix_coturn_additional_configuration: ''

  127. 

  128. # To enable TLS, you need to provide paths to certificates.

  129. # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.

  130. # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.

  131. matrix_coturn_tls_enabled: false

  132. matrix_coturn_tls_cert_path: ~

  133. matrix_coturn_tls_key_path: ~

  134. 

  135. matrix_coturn_tls_v1_enabled: false

  136. matrix_coturn_tls_v1_1_enabled: false