spantaleev
diff --git a/‎CHANGELOG.md‎
Lines changed: 19 additions & 11 deletions b/‎CHANGELOG.md‎
Lines changed: 19 additions & 11 deletions
diff --git a/‎docs/configuring-playbook-turn.md‎
Lines changed: 12 additions & 12 deletions b/‎docs/configuring-playbook-turn.md‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎docs/faq.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/faq.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/howto-srv-server-delegation.md‎
Lines changed: 6 additions & 6 deletions b/‎docs/howto-srv-server-delegation.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎docs/self-building.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/self-building.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/hosts‎
Lines changed: 1 addition & 1 deletion b/‎examples/hosts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/vars.yml‎
Lines changed: 4 additions & 4 deletions b/‎examples/vars.yml‎
Lines changed: 4 additions & 4 deletions
@@ -1,5 +1,13 @@
 # 2026-02-11
 
+## (BC Break) coturn role has been relocated and variable names need adjustments
+
+The role for coturn has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_coturn_` prefix on its variable names has been renamed to `coturn_`, so you need to adjust your `vars.yml` configuration.
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
 ## conduwuit has been removed from the playbook
 
 [conduwuit](./docs/configuring-playbook-conduwuit.md) has been removed from the playbook, as it has been abandoned.
@@ -324,7 +332,7 @@ In light of this new information, you have 2 options:
 - Consider closing the STUN/UDP port with the following configuration:
 
   ```yaml
-  matrix_coturn_container_stun_plain_host_bind_port_udp: ""
+  coturn_container_stun_plain_host_bind_port_udp: ""
   ```
 
 - Consider keeping `3478/udp` blocked in your external firewall (if you have one)
@@ -385,11 +393,11 @@ The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by defaul
 If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:
 
 ```yaml
-matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
+coturn_container_stun_plain_host_bind_port_udp: "3478"
 ```
 
 > [!WARNING]
-> People running Coturn directly on the `host` network (using `matrix_coturn_container_network: host`) will still have the STUN port exposed over UDP, as port exposure is done directly via Coturn and not via Docker. In such cases, the playbook cannot prevent `3478/udp` port exposure and you'd need to do it in another way (separate firewall rule, etc).
+> People running Coturn directly on the `host` network (using `coturn_container_network: host`) will still have the STUN port exposed over UDP, as port exposure is done directly via Coturn and not via Docker. In such cases, the playbook cannot prevent `3478/udp` port exposure and you'd need to do it in another way (separate firewall rule, etc).
 
 
 # 2025-02-17
@@ -1732,12 +1740,12 @@ Other roles which aren't strictly related to Matrix are likely to follow this fa
 
 ## coturn can now use host-networking
 
-Large coturn deployments (with a huge range of ports specified via `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow coturn service startup and shutdown.
+Large coturn deployments (with a huge range of ports specified via `coturn_turn_udp_min_port` and `coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow coturn service startup and shutdown.
 
 Such deployments don't need to run coturn within a private container network anymore. coturn can now run with host-networking by using configuration like this:
 
 ```yaml
-matrix_coturn_container_network: host
+coturn_container_network: host
 ```
 
 With such a configuration, **Docker no longer needs to configure thousands of firewall forwarding rules** each time coturn starts and stops. This, however, means that **you will need to ensure these ports are open** in your firewall yourself.
@@ -1746,11 +1754,11 @@ Thanks to us [tightening coturn security](#backward-compatibility-tightening-cot
 
 ## (Backward Compatibility) Tightening coturn security can lead to connectivity issues
 
-**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default coturn blocklists. They may need to override `matrix_coturn_denied_peer_ips` and remove some IP ranges from it.
+**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default coturn blocklists. They may need to override `coturn_denied_peer_ips` and remove some IP ranges from it.
 
 Inspired by [this security article](https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/), we've decided to make use of coturn's `denied-peer-ip` functionality to prevent relaying network traffic to certain private IP subnets. This ensures that your coturn server won't accidentally try to forward traffic to certain services running on your local networks. We run coturn in a container and in a private container network by default, which should prevent such access anyway, but having additional block layers in place is better.
 
-If you access your Matrix server from a local network and need coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `matrix_coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it.
+If you access your Matrix server from a local network and need coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it.
 
 We've also added `no-multicast-peers` to the default coturn configuration, but we don't expect this to cause trouble for most people.
 
@@ -2536,8 +2544,8 @@ To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.co
 If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
 
 ```yaml
-matrix_coturn_tls_v1_enabled: true
-matrix_coturn_tls_v1_1_enabled: true
+coturn_tls_v1_enabled: true
+coturn_tls_v1_1_enabled: true
 ```
 
 
@@ -3816,7 +3824,7 @@ Because people like using the playbook's components independently (outside of th
 With the new changes, **all roles are now only dependent on the minimal `matrix-base` role**. They are no longer dependent among themselves.
 
 In addition, the following components can now be completely disabled (for those who want/need to):
-- `matrix-coturn` by using `matrix_coturn_enabled: false`
+- `matrix-coturn` by using `coturn_enabled: false`
 - `matrix-mailer` by using `matrix_mailer_enabled: false`
 - `matrix-postgres` by using `matrix_postgres_enabled: false`
 
@@ -4036,7 +4044,7 @@ The following playbook variables were renamed:
 - from `matrix_docker_image_mautrix_telegram` to `matrix_mautrix_telegram_docker_image`
 - from `matrix_docker_image_mautrix_whatsapp` to `matrix_mautrix_whatsapp_docker_image`
 - from `matrix_docker_image_mailer` to `matrix_mailer_docker_image`
-- from `matrix_docker_image_coturn` to `matrix_coturn_docker_image`
+- from `matrix_docker_image_coturn` to `coturn_container_image`
 - from `matrix_docker_image_goofys` to `matrix_s3_goofys_docker_image`
 - from `matrix_docker_image_riot` to `matrix_riot_web_docker_image`
 - from `matrix_docker_image_nginx` to `matrix_nginx_proxy_docker_image`
 
@@ -26,19 +26,19 @@ In the `hosts` file we explicitly ask for your server's external IP address when
 If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server.
 
 ```yaml
-matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
+coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
 ```
 
-If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
+If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
 
 >[!NOTE]
 > You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.
 
 If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
 
 ```yaml
-# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address
-matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
+# Note: coturn_turn_external_ip_addresses is different than coturn_turn_external_ip_address
+coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
 ```
 
 ### Change the authentication mechanism (optional)
@@ -48,7 +48,7 @@ The playbook uses the [`auth-secret` authentication method](https://github.com/c
 To do so, add the following configuration to your `vars.yml` file:
 
 ```yaml
-matrix_coturn_authentication_method: lt-cred-mech
+coturn_authentication_method: lt-cred-mech
 ```
 
 Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and coturn.
@@ -62,7 +62,7 @@ By default, Coturn uses the same hostname as your Matrix homeserver (the value o
 If you'd like to use a custom subdomain for Coturn (e.g., `turn.example.com` or `t.matrix.example.com`), add the following configuration to your `vars.yml` file:
 
 ```yaml
-matrix_coturn_hostname: turn.example.com
+coturn_hostname: turn.example.com
 ```
 
 The playbook will automatically:
@@ -78,7 +78,7 @@ If you'd like to use another TURN server (be it coturn or some other one), add t
 
 ```yaml
 # Disable integrated coturn server
-matrix_coturn_enabled: false
+coturn_enabled: false
 
 # Point Synapse to your other coturn server
 matrix_synapse_turn_uris:
@@ -99,30 +99,30 @@ You can put multiple host/port combinations if you'd like to.
 
 ### Edit the reloading schedule (optional)
 
-By default the service is reloaded on 6:30 a.m. every day based on the `matrix_coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar.
+By default the service is reloaded on 6:30 a.m. every day based on the `coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar.
 
 To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):
 
 ```yaml
-matrix_coturn_reload_schedule: "*-*-* 06:30:00"
+coturn_reload_schedule: "*-*-* 06:30:00"
 ```
 
-**Note**: the actual job may run with a delay. See `matrix_coturn_reload_schedule_randomized_delay_sec` for its default value.
+**Note**: the actual job may run with a delay. See `coturn_reload_schedule_randomized_delay_sec` for its default value.
 
 ### Extending the configuration
 
 There are some additional things you may wish to configure about the TURN server.
 
 Take a look at:
 
-- `roles/custom/matrix-coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
 
 ## Disabling coturn
 
 If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:
 
 ```yaml
-matrix_coturn_enabled: false
+coturn_enabled: false
 ```
 
 In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail.
 
@@ -313,7 +313,7 @@ exim_relay_enabled: false
 
 # You can also disable this to save more RAM,
 # at the expense of audio/video calls being unreliable.
-matrix_coturn_enabled: false
+coturn_enabled: false
 
 # This makes Synapse not keep track of who is online/offline.
 #
 
@@ -104,10 +104,10 @@ This should not happen again afterwards as Traefik will renew certificates well
 
 ```yaml
 # Only depend on docker.service, this removes the dependency on the certificate exporter, might imply the need to manually restart coturn on the first installation once the certificates are obtained, afterwards, the reload service should handle things
-matrix_coturn_systemd_required_services_list: ['docker.service']
+coturn_systemd_required_services_list: ['docker.service']
 
 # This changes the path of the loaded certificate, while maintaining the original functionality, we're now loading the wildcard certificate.
-matrix_coturn_container_additional_volumes: |
+coturn_container_additional_volumes: |
   {{
     (
       [
@@ -121,7 +121,7 @@ matrix_coturn_container_additional_volumes: |
          'dst': '/privatekey.key',
          'options': 'ro',
        },
-      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
+      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and coturn_tls_enabled else []
     )
   }}
 ```
@@ -165,10 +165,10 @@ traefik_environment_variables: |
   LEGO_DISABLE_CNAME_SUPPORT=true
 
 # Only depend on docker.service, this removes the dependency on the certificate exporter, might imply the need to manually restart coturn on the first installation once the certificates are obtained, afterwards, the reload service should handle things
-matrix_coturn_systemd_required_services_list: ['docker.service']
+coturn_systemd_required_services_list: ['docker.service']
 
 # This changes the path of the loaded certificate, while maintaining the original functionality, we're now loading the wildcard certificate.
-matrix_coturn_container_additional_volumes: |
+coturn_container_additional_volumes: |
   {{
     (
       [
@@ -182,7 +182,7 @@ matrix_coturn_container_additional_volumes: |
          'dst': '/privatekey.key',
          'options': 'ro',
        },
-      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
+      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and coturn_tls_enabled else []
     )
   }}
 ```
@@ -31,7 +31,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-client-hydrogen`
 - `cinny`
 - `matrix-registration`
-- `matrix-coturn`
+- `coturn`
 - `matrix-corporal`
 - `matrix-dimension`
 - `exim-relay`
 
@@ -1,5 +1,5 @@
 # We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.
-# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
+# If you'd rather use a local IP here, make sure to set up `coturn_turn_external_ip_address`.
 #
 # To connect using a non-root user (and elevate to root with sudo later),
 # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
 
@@ -61,10 +61,10 @@ postgres_connection_password: ''
 # 2. Uncomment and adjust the line below to specify an IP address manually
 #
 # By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
-# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
-# (see `roles/custom/matrix-coturn/defaults/main.yml`).
+# Default values for this are specified in `coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
+# (see `roles/galaxy/coturn/defaults/main.yml`).
 #
 # If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
-# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
+# Example: `coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
 #
-# matrix_coturn_turn_external_ip_address: ''
+# coturn_turn_external_ip_address: ''
Original file line number	Diff line number	Diff line change
`@@ -313,7 +313,7 @@ exim_relay_enabled: false`
`313`	`313`
`314`	`314`	`# You can also disable this to save more RAM,`
`315`	`315`	`# at the expense of audio/video calls being unreliable.`
`316`		`-matrix_coturn_enabled: false`
	`316`	`+coturn_enabled: false`
`317`	`317`
`318`	`318`	`# This makes Synapse not keep track of who is online/offline.`
`319`	`319`	`#`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`# We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.`
`2`		-# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
	`2`	+# If you'd rather use a local IP here, make sure to set up `coturn_turn_external_ip_address`.
`3`	`3`	`#`
`4`	`4`	`# To connect using a non-root user (and elevate to root with sudo later),`
`5`	`5`	# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
Original file line number	Diff line number	Diff line change
`@@ -61,10 +61,10 @@ postgres_connection_password: ''`
`61`	`61`	`# 2. Uncomment and adjust the line below to specify an IP address manually`
`62`	`62`	`#`
`63`	`63`	# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
`64`		-# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
`65`		-# (see `roles/custom/matrix-coturn/defaults/main.yml`).
	`64`	+# Default values for this are specified in `coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
	`65`	+# (see `roles/galaxy/coturn/defaults/main.yml`).
`66`	`66`	`#`
`67`	`67`	`# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.`
`68`		-# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
	`68`	+# Example: `coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
`69`	`69`	`#`
`70`		`-# matrix_coturn_turn_external_ip_address: ''`
	`70`	`+# coturn_turn_external_ip_address: ''`